Financial Services – European Sanctions Enforcement

January 27, 2026January 27, 2026 by Mark Handley

United Kingdom – OFSI fines bank £160,000 for Russian sanctions breaches

The UK’s Office of Financial Sanctions Implementation (“OFSI”) has issued a Penalty Notice to the Bank of Scotland fining the bank £160,000.

The bank opened an account for a designated person in February 2023 and then allowed 24 transactions to and from that account to take place between 8 and 24 February totalling over £77,000.

The bank’s screening system missed the fact that the person was designated, using the spelling in the person’s passport that had a different transliteration from cyrillic than used in the UK’s Consolidated List. One of OFSI’s complaints in the Penalty Notice is that the screening tool was insufficiently able to create a “match” despite the spelling variations.

The designation was first identified because the person was identified as a PEP and adverse media searches then revealed the designation. This was not then escalated to be resolved.

OFSI also noted that the in-house training to the Bank’s staff “was out of date and did not reflect risks associated with the contemporary sanctions landscape, such as the heightened risk posed by Russia sanctions post-2022”.

After an investigation into a different account, the Bank identified this particular account as belonging t a designated person and reported a suspected breach to OFSI on 10 March 2023 and an actual breach to OFSI on 16 March 2023.

The fine was first set at £175,000, including a 50% discount for prompt self-reporting, but this was reduced by OFSI, after further representations from the bank, to £160,000.

In the Penalty Notice’s “Notes on Compliance” attention is drawn to the failure to use a sufficiently robust screening tool, the lack of a clear escalation procedure, and the poor training.

The Penalty Notice does not name the designated person, but similarities indicate that this notice relates to the UK’s conviction of Dmitri Ovsiannikov (see our earlier post).

January 22, 2026January 22, 2026 by Mark Handley

Cyprus – Securities and Exchange Commission refers sanctions cases to police and Attorney General

As part of a press conference setting out the various strands of work conducted by the Cyprus Securities and Exchange Commission, information has been provided on sanctions enforcement:

“What is more, enhanced monitoring was conducted on entities with current or past exposure to persons subject to EU restrictive measures against Russia.

Cases involving potential breaches of sanctions were forwarded to the police and the attorney general for further investigation, with relevant information also shared with the National Sanctions Implementation Unit established under the new sanctions framework that entered into force in July 2025“.

It was also stated that CySEC had imposed total fines and penalties of €2.3m during 2025 but no information is given to indicate that any of this sum related to sanctions fines. The CySEC website itself does not include the details of any fines in 2025.

January 8, 2026January 8, 2026 by Mark Handley

Luxembourg – CSSF fines bank €185,000 including for sanctions compliance failings

Luxembourg’s financial services regulator, the CSSF, has issued a fine against Rakuten Bank SA for various compliance failings including sanctions and AML.

One of the failings identified was “accumulated significant and recurring delays in processing alerts relating to customer screening against list of persons subject to restrictive measures in financial matters”. The Notice identified a particular example of a customer subject to anti-terrorism sanctions where the review of the alert took more than six months.

Another failing identified was a failure to “apply ‘without delay’ potential restrictive measures in financial matters”.

November 28, 2025November 28, 2025 by Mark Handley

Finland – regulator’s audit findings on Nordea Bank’s sanctions compliance

Finland’s Financial Supervisory Authority has published the results of an “audit” on Nordea Bank in relation to the bank’s compliance with the asset freeze and export prohibition aspects of the EU’s Russian sanctions.

The result of the audit was a finding of a “very significant lack of information obtained and retained by the bank”, with a lack of updating on the information that was obtained. In addition, “shortcomings of great significance” were found in relation to customer due diligence, and a lack of adequate assessment of the risk of sanctions circumvention including payments that involved “a high risk country from the perspective of sanctions evasion”.

The announcement from the FIN-FSA does not indicate whether any further regulatory action will be taken.

My thanks to Louis Vargas of the Network for Financial Crime Prevention for informing on this published audit.

November 14, 2025November 14, 2025 by Mark Handley

Finland – €540,000 fine for sanctions compliance failings by online retailer

The Regional State Administrative Agency for Southern Finland has issued a €540,000 fine to online retailer Verkkokauppa.com for failings under the Anti-Money Laundering Act. As one of the compliance requirements under the act is compliance with EU and UN sanctions, some of the compliance failings identified included a lack of sanctions screening for customers, including high risk customers seeking to pay cash.

The full Decision is here.

My thanks to Aleksi Pursiainen for mentioning this case on the most recent monthly sanctions webinar hosted by the Network for Financial Crime Prevention.

October 21, 2025October 21, 2025 by Mark Handley

Latvia – State Security Service seeks two prosecutions of individuals for alleged Russian sanctions breaches

Latvia’s State Security Service (VDD) has issued two press releases relating to investigations in which they have asked the Prosecution Service to initiate a criminal prosecution.

The first, relates to a Russian national with Latvian residency who is alleged to have held positions of Advisor to the General Director, Director of Finance and Chief Economist for three different Russian companies. The VDD allege that holding these offices amounts to a breach of the prohibition against providing economic and governance consultancy services to Russian companies.

The second, relates to the investigation against two individuals who managed the so-called “Moscow House” in Riga. The individuals are alleged to have “dealt” with the economic resources of Moscow House by renting out its facilities, including asking such customers to pay bills on behalf of Moscow House.

The prosecution is premised on the basis that Moscow House is owned or controlled by the Moscow City Property Department, which is owned or controlled by Moscow’s Mayor Sergey Sobyanin, who is a designated person under the EU’s sanctions, or owned or controlled by President Putin in his official capacity.

October 20, 2025October 20, 2025 by Mark Handley

Germany – hearing begins for confiscation of €720m from sanctioned Russian bank

Further to our earlier post, it is being reported that the confiscation proceedings are now ongoing in the Frankfurt Higher Regional Court seeking to confiscate €720 million as the proceeds of crime from a sanctioned Russian bank.

According to reports the Russian bank sought to transfer these funds out of Germany in the immediate wake of being designated by the EU in June 2022, but the banks asked to process the payments refused to proceed.

As funds transferred in breach of the asset freeze imposed on the bank, these funds have been characterized by the prosecution as the proceeds of crime and so subject to confiscation under applicable anti-money laundering laws.

The case is being heard before a five judge bench.

October 6, 2025 by Mark Handley

Latvia – State Security Service seeks prosecution for providing project management services

Latvia’s State Security Service (the VDD) is seeking the prosecution of two Latvian nationals accused of providing project management services to Russian companies.

This is one of few known prosecutions for breaching the EU’s professional services prohibitions. It is alleged that the individuals were co-owners of a company through which the services were provided.

The investigation started in January of this year.

September 8, 2025September 8, 2025 by Mark Handley

United Kingdom – OFSI issues Disclosure Notice for bank that allowed designated person to use funds

The Office of Financial Sanctions Implementation (“OFSI”) has today issued a Disclosure Notice against Vanquis Bank Limited.

Vanquis failed to react quickly enough to the designation of one of its customers under the UK’s anti-terrorism sanctions permitting a withdrawal (of £200) a day after the designation, and a purchase (of £8.99) five days after designation.

OFSI had written to Vanquis in advance of the designation to warn it that an unnamed customer of the bank was about to the designated. A day after the designation the Bank had flagged the possible match with a customer, but it took 8 days to confirm the match.

Just 5 days after the match was confirmed Vanquis reported the breach to OFSI.

In the overall circumstances, including the low value of the breaches, OFS declined to impose a fine.

It is worth noting that OFSI describes the breaches as VBL itself “made funds available to a designated person”, rather than facilitating or some other categorisation.

September 8, 2025September 8, 2025 by Mark Handley

Netherlands – fine for failure to provide regulator with sanctions compliance information reduced on appeal

The Rotterdam District Court has issued a judgment reducing a fine of €500,000 imposed by the AFM (Autoriteit Financiele Markten) on Tradition Securities and Futures S.A. to €100,000.

The AFM had issued questionnaires in 2020, 2021, and 2022 in relation to TSAF’s compliance with Dutch AML and sanctions laws. The questionnaires were not completed.

In June 2023 the AFM notified TSAF of the intention to impose a fine of €500,000 for the failings. This was imposed in October 2023, and the judgment is the result of an appeal against both any fine and the amount of the fine.

The appeal against the fine itself was dismissed.

In relation to the size of the fine the Court ruled that the AFM failed to take note of a range of factors in its own fines guidance, namely that there was no damage to third parties, no unlawfully obtained gain, no (major) social impact, no significant scale, and no market disruption. Further it was noted that this request for information was a generic annual questionnaire and not in the context of a particular investigation or alleged breaches of sanctions. The Court was of the view that TSAF should have benefitted from a 50% reduction upon the proper application of the fining guidance but then further reduced the fine from €250,000 on the basis that such a fine was “disproportionate “not in reasonable proportion to the nature and seriousness of the violation”.