OFSI: Update to Enforcement Guidance on Ownership and Control

On 16 March 2023, the Office of Financial Sanctions Implementation (OFSI), the UK’s financial sanctions body, published an updated version of their Monetary Penalties and Enforcement Guidance (MPE Guidance).

The update relates to OFSI’s approach towards assessing breaches of financial sanctions, where an incorrect assessment of ownership and control of an entity is relevant to the commission of a breach.
 
This MPE Guidance is timely given the recent UK designations of swathes of senior executives at several high profile Russian companies including Gazprom, as well as the designation of the Chief Executive Officer of Nord Stream 2, on 23 and 24 February 2023. 

The MPE Guidance provides useful direction on the factors that one should consider when dealing with counterparties whose structures of ownership and control are somewhat opaque.  Whilst it does not expressly set out what OFSI expects in terms of appropriate due diligence measures, the MPE Guidance does explain how OFSI will take due diligence measures into consideration in the event of an inadvertent sanctions breach. 

Potentially mitigating factors

Provided they were made in good faith and the conclusions drawn were reasonable, the following list of non-exhaustive measures may be considered as potentially mitigating:

• An examination of the formal ownership and control mechanisms of an entity to establish whether there is available evidence of ownership and control by a designated person
• An examination of actual, or the potential for, influence or de facto control over an entity by a designated person
• Open-source research on an entity and any persons with ownership of, or the ability to exercise control over, the entity, together with an examination of whether such persons are, or have links to, designated persons such that further investigation may be warranted
• Direct contact with the entity and/or other relevant entities to probe into indirect or de facto control, including, where appropriate, seeking commitments by UK persons as to the role of any designated person or person with links to a designated person
• Regular checks and/or ongoing monitoring of the above where appropriate

In relation to the first two points, OFSI provides examples of areas of enquiry that may be appropriate:

A.    Formal ownership and/or control 

• The percentage of shares and/or voting power of shareholders 
• The ownership and distribution of other shares in a company 
• Whether ownership / shareholding has recently been altered or divested, including in possible anticipation or response to the imposition of financial sanctions. If so, consideration of whether this warrants further investigation into the possibility of joint arrangements or indirect or de facto control 
• The composition of shares, and whether shares have been split into different classes, or other structural changes made 
• Whether changes to ownership and/or control were part of a pre-planned or wider business/financial strategy 
• Corporate constitutional documents, including articles of association or constitution 
• Any commercial justifications for complex ownership and control structures 
• Agreements between shareholders or between any shareholders and the entity (e.g. shareholders’, joint venture, operating, or guarantee agreements)
   

B.    Indirect or de facto control 

• Indications of continued influence (or the potential for it) by a designated person, including through personal connections and financial relationships 
• The presence or involvement of proxies, including persons holding assets on behalf of a designated person 
• Ownership, holdings of shares, or control by trusts associated with a designated person 
• If shares or other ownership interests of a designated person have been divested, the nature of any relationships and prior involvement of the person benefitting 
• If applicable, how recent transfers of shares were funded and whether this was done at an accurate and true valuation 
• Any operational steps taken to ensure that the designated person cannot exercise control over the entity and/or that the designated person cannot benefit from, or use, corporate assets 
• Information relating to the circumstances of board and/or management appointments, including the backgrounds, relevant experience, and relationships with designated persons 
• The running of board meetings and governance processes, including board or shareholders’ meeting minutes concerning recent changes in the entity’s ownership and control relating to the designated person
• Ongoing financial liabilities directly related to a designated person, e.g., personal loans, loan guarantees, property holdings, equipment etc. 
• Other shareholder agreements, voting agreements, put or call options or other coordination agreements in place between the entity and the designated person or controlled entities 
• Whether there are any benefits conferred to the designated person by the entity or transactions between the entity and the designated person

Conversely, a failure to carry out appropriate due diligence or carrying out such due diligence in bad faith, will potentially be an aggravating factor.

Other considerations

Having listed a host of potentially appropriate measures, the MPE Guidance makes clear that the extent of checks required in any given case will depend on the facts of the case.  This includes factors such as the:

• Degree of sanctions risk of the relevant entities 
• Nature of the transaction
• Nature of a person’s contractual or commercial relationship with the entity (where relationships or activity are ongoing, there should be an appropriate regularity of checks, and/or ongoing monitoring)

Finally, the MPE Guidance notes that the onus for demonstrating that reasonable and appropriate due diligence into ownership and control has been undertaken rests with the entity against whom OFSI is considering taking enforcement action.

To that end, OFSI would expect:

-    To see evidence of a decision making process which took into  account the sanctions risk and considered what would be an appropriate level of due diligence in light of that risk
-    Decisions made by reference to an internal framework or policy, but recognising that there is no one-size fits all approach
-    Careful scrutiny of information obtained as part of any ownership and control assessments, particularly where efforts appear to have been made by designated persons to avoid relevant thresholds