Breaching financial sanctions

Charities will be aware that it is illegal to breach the UK financial sanctions and terrorist financing regulations. Equally you probably consider that the risk to your charity in doing so is pretty remote. But is it really? Do you understand the risks? Do you have the necessary controls? And are you aware of what to do should you suspect there may have been a breach?

We are aware of a couple of recent examples which have demonstrated that this is a very real risk. This includes the example of Norwegian People’s Aid who recently settled with the US government for USD2m for alleged breaches of US sanctions. The full ruling can be read here and NPA’s perspective is here.

The NPA case offers an interesting lesson. Their ‘crime’ appears to be that when contracting with USAID for funding for a project in South Sudan they failed to declare to USAID that their training activities in Occupied Palestinian Territories may have been attended by members of proscribed organisations – activities that were not funded by the US government. That has proved to be a very expensive oversight.

Operating in areas like Gaza – where a proscribed organisation is in power – clearly poses a high risk in this regard. But experience has shown that it is perfectly possible to fall foul of sanctions legislation through the general course of NGO business in significantly lower risk regions.

How can you protect your charity from these risks? The basic control is thorough due diligence checks on all partners and suppliers. These checks involve screening potential suppliers and partners against both the financial sanctions list and the terrorist financing list. This does require gaining a proper understanding of these organisations including their ownership structures. The lists are now easier to navigate than they used to be but if the scale of the risk or the volume of transactions warrant it then you can purchase specialised software to scan these lists. The added benefits of the software is that they can also screen against other relevant lists such as OFAC in US, the EU and UN lists and they keep up to date with new entries to the lists. Finscan and LexisNexis are two such software suppliers.

But in addition to due diligence controls there is much more that charities can do to raise awareness internally of this risk. To raise awareness, use the publicly available examples of where charities have breached either financial sanctions or terrorist financing regimes. For example Save the Children in Somalia back in 2012 (see here) and keep an eye on the compliance reports published by the Charity Commission. Increased awareness will make the due diligence controls much more effective.

Should you suspect you may have breached the sanctions regime you should seek immediate advice. There is a very helpful guide produced by the UK government specifically for charities. You will need to make a Serious Incident Report to the Charity Commission. You will also have reporting responsibilities to OFSI – part of HM Treasury and potentially to the National Crime Agency in the case of terrorism.

This is a complex area and does pose a real challenge to UK charities. The best advice is to understand your responsibilities, do the right level of due diligence and report to the necessary authorities should you have any reason to suspect there may have been a breach.