Updated UK sanctions compliance guidance following OFSI enforcement action

In March 2025, the Office of Financial Sanctions Implementation (OFSI) issued a £465,000 penalty to a UK law firm for breaching financial sanctions relating to Russia. This enforcement action marks a significant moment for the legal sector, highlighting the growing regulatory focus on sanctions compliance.

In response, OFSI has reinforced its expectations around identifying sanctions risks, applying internal procedures and thoroughly assessing ownership and control structures.

This blog sets out the key updates in sanctions compliance guidance, what law firms must now prioritise, and how Gherson can assist in strengthening your compliance framework to minimise risk and ensure regulatory alignment.

Last year, we wrote an article titled “How does your law firm comply with UK sanctions obligations?”. 

In light of the recent OFSI enforcement action, we shall now look at the updated steps to ensure sanctions compliance.

Previous Solicitors Regulation Authority UK sanctions compliance guidance

Last year, we noted that following a survey of over 3,000 law firms by the Solicitors Regulation Authority (SRA), the regulator wrote to more than 1,000 firms in order to address concerns related to poor sanctions compliance in the legal sector.

The SRA survey revealed that:

• Nearly 1,700 firms did not do or were unsure if they did one or more of the following:
• identify their clients
  • verify their clients’ identities
  • check source of funds
  • check if a client was subject to sanctions

• More than 1,000 firms have a greater risk of having a designated person client because of their areas of work, or they (or their clients) have a connection to a sanctioned country.
• Twenty-six firms had dealt with a matter involving a designated person.

We concluded the article with the following takeaways:

Key takeaways

The SRA’s findings shed light on specific issues which firms are expected to remediate and pay close attention to, with particular focus on:

• Identification and verification: Ensuring robust processes are in place to identify and verify clients and other relevant parties, including checking for potential sanctions on both new and existing clients.
• Source of funds: Scrutinising the source of funds thoroughly to prevent inadvertent association with designated persons.
• Risk assessments: Developing and documenting a firm-wide risk assessment, including processes for identifying ultimate beneficial owners.
• Utilisation of tools: Leveraging online tools, such as the free screening tool from OFSI, to enhance the client screening processes.
• Staying informed: Keeping abreast of sanctions updates and requirements, understanding the potential impact on your firm’s areas of work.

Updated compliance message in light of OFSI enforcement action

On 20 March 2025, OFSI announced a monetary penalty of £465,000 against Herbert Smith Freehills CIS LLP for breach of financial sanctions on Russia.

OFSI have subsequently highlighted three key messages for businesses:

Understand your exposure to sanctions risks

• It is essential for firms to understand their exposure to sanctions risks and take appropriate action.
• Firms should engage with OFSI’s published guidance.
• Parent companies should ensure that they are providing suitable advice to their subsidiaries.

Properly adhere to any sanctions policies and procedures in place in your organisation

• Firms should have in place relevant sanctions screening and due diligence measures, which apply to everyone in the organisation.
• Failing to comply with sanctions policies is likely to negate the mitigating factor of having them in place.
• There are significant risks when payments are made in haste and procedures not adequately followed.

Fully consider ownership and control

• Firms need to carefully consider ownership and control beyond the entity directly subject to sanctions.
• OFSI considers failure to properly consider and identify clear ownership worse than an incorrect but good faith assessment of control.
• Firms should take sufficient time and care to properly establish the applicability of sanctions to specific legal entities.

Engaging external experts

A robust sanctions compliance framework entails a multi-faceted mechanism which addresses the different layers of an adequate compliance practice.

An important part of ensuring compliance includes encouraging a firm-wide compliance culture by providing training and maintaining open channels of communication.

Alongside any internal audit processes, by engaging external experts to conduct an external review, your firm will more effectively ensure that the evaluation is fully independent and thereby significantly minimise any chances of a breach of the regulations and subsequent criminal liability.

At Gherson, we have the expertise to help you create and implement a fresh sanctions compliance framework or conduct a thorough evaluation of your already-existing policies and procedures. 

Based on our findings, we can provide tailored training programmes and continue to be your compliance partner by reviewing and updating your compliance framework in a way that is most suitable to your firm’s size and culture.

Updated: 8 April 2025

How Gherson can assist

Gherson’s regulatory, white-collar and investigations team are highly experienced in providing assistance, advice and guidance on how you can successfully navigate and adhere to legal requirements regarding corporate compliance. This includes providing a comprehensive and unparalleled range of regulatory and compliance services to prospective customers.

Specifically, Gherson’s white-collar crime and regulatory team are able to provide advice and assistance with AML and sanctions compliance, including in situations involving cryptoassets. 

Finally, the team have recently started a series on the regulation of crypto, with the aim of advising those who work in the compliance of this sector.  In addition, for those who would like advice on relevant issues, including those who have had issues with the FCA registration process, our specialist regulatory and compliance team can guide individuals and companies through the process.

Please do not hesitate to contact us for further advice, send us an e-mail, or, alternatively, follow us on Twitter, Facebook, or LinkedIn to stay up-to-date.

The information in this blog is for general information purposes only and does not purport to be comprehensive or to provide legal advice. Whilst every effort is made to ensure the information and law is current as of the date of publication it should be stressed that, due to the passage of time, this does not necessarily reflect the present legal position. Gherson accepts no responsibility for loss which may arise from accessing or reliance on information contained in this blog. For formal advice on the current law please do not hesitate to contact Gherson. Legal advice is only provided pursuant to a written agreement, identified as such, and signed by the client and by or on behalf of Gherson.

©Gherson 2025

View all news & Insights