Legal development

Risk Advisory Insights: Sanctions Systems and Controls

Insight Hero Image

    We understand clients need more than legal advice – they need holistic solutions to navigate the complexities of conducting businesses globally, to help reduce risk and promote business performance and success. The Ashurst Risk Advisory team can support you to implement legal and regulatory requirements within your organisation across an end-to-end sanctions compliance framework. In a world where challenges are increasingly complex, the "what does it mean for us?" element is key to any legal guidance, and the "how-to" element is a key component of maintaining a compliance program that is proportionate, sustainable, and defensible.

    Below we outline the Risk Advisory team's operational insights into best practices for sanctions compliance programs.

    Risk Screening & Tools

    • Enhanced risk assessments and scenario planning allows firms to cope with an increase in sanctions regulatory complexity.
    • Firms should have processes in place to periodically assess their sanctions screening components with respect to data inputs, screening, and alerts.
    • Sanctions screening tools should be calibrated to maintain false positives volumes to a minimum with ongoing control mechanisms to measure the efficiency and effectiveness.
    • At any point in time, are you in a position to measure how effective and efficient your system is? Are you able to test "what-if?" scenarios and are you quick to confidently adjust to any emerging legislation?

    Management Information, Policy, and Governance

    • Senior management should be provided with sufficient information about sanctions issues to discharge their responsibilities. Such information should include designation changes, impacts on the business portfolio, and elements of horizon scanning.
    • UK firm policies, including Customer Due Diligence procedures, should be up-to-date and aligned to UK sanctions, to ensure the legislation is fully captured.
    • Can you stand by your management information, policy, and governance? Are they thorough enough so you can comfortably respond to the fast pacing sanctions landscape, accurately and timely respond to regulator enquires, have minimal backlogs and be agile in this space?

    Regulatory Engagement

    • A proactive approach will require continuing to engage with the FCA's testing of regulated firms' sanctions screening systems and controls.
    • Where a breach has resulted from a significant systems and controls failure, the FCA or OFSI should be notified, where appropriate. Firms should have a breach reporting process in place, with a clear process of internal escalation for relevant staff.
    • Following any FCA or OFSI adverse findings in respect of systems and controls, firms must evaluate existing processes and consider engaging independent, expert support.
    • Do you have a complete view of the regulatory expectations around your systems, controls and reporting obligations? Are your teams trained to rapidly and accurately engage with them?

    By combining market-leading legal, risk advisory and technology capabilities, Ashurst is uniquely positioned to support clients in navigating sanctions compliance challenges. Our team can supplement robust legal advice with proportionate operational insights. Please contact any of the individuals below to find out how Ashurst's unique legal-led Risk Advisory team can help you with your sanctions systems and controls.

    To keep track of all the latest Russian sanctions legal developments, access Ashurst's Russia Sanctions Tracker here.

    This is a joint publication from Ashurst LLP and Ashurst Risk Advisory LLP, which are part of the Ashurst Group.

    The Ashurst Group comprises Ashurst LLP, Ashurst Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst" or describe themselves as being affiliated with Ashurst. Some members of the Ashurst Group are limited liability entities.

    Ashurst Risk Advisory LLP is a limited liability partnership registered in England and Wales under number OC442883 and is part of the Ashurst Group. Ashurst Risk Advisory LLP services do not constitute legal services or legal advice, and are not provided by qualified legal practitioners acting in that capacity. Ashurst Risk Advisory LLP is not regulated by the Solicitors Regulation Authority of England and Wales. The laws and regulations which govern the provision of legal services in other jurisdictions do not apply to the provision of risk advisory services. For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit

    Key Contacts


    Stay ahead with our business insights, updates and podcasts

    Sign-up to select your areas of interest