Wise Payments: OFSI uses disclosure power for first time against
On 31 August, OFSI used its new Disclosure enforcement power for the first time, issuing a Disclosure Notice against Wise Payments Ltd. In summary, this power allows OFSI to publish details of financial sanctions breaches rather than imposing a financial penalty where it decides that a disclosure notice is the most proportionate enforcement response.
It's very important to note that while the firm wasn’t fined, the costs of the breach are material and will have had an enormous impact on Wise’s business.
The value of the breach was low (£250), and it was identified quickly. It was self-reported by Wise and there was no evidence that sanctions were deliberately evaded. The Firm was cooperative and took several remedial actions following the breach, including exiting the Designated Person, changing its policy around the use of debit cards, recruiting additional staff, and introducing weekend working for the specialist sanctions team. Nevertheless, OFSI assessed the breach as moderately severe, resulting in the disclosure.
To get on the front foot and avoid a similar disclosure we’d encourage you to ask yourself these questions:
Do your sanctions policies and procedures meet current legal and regulatory requirements and current industry best practice? Have you undertaken a self-assessment against HMT’s UK Financial Sanctions guidance? Have you had an independent opinion on any of the above?
How insightful is your sanctions risk assessment? Do you have a genuine insight into what could go wrong and what the consequences might be?
Is your staff training on sanctions adequate? Do staff really understand how screening controls operate and the consequences of getting it wrong?
How frequently are you testing your system(s) and how robust is this testing? Is this frequent enough?
Do you understand your key data sources that are utilised in payment and customer screening? How do you make sure the sources are accurate and up to date?
Is your mechanism for evaluating possible sanctions exposure, breaches and attempted evasion good enough?
How we can help
We have undertaken many independent assurance reviews, including assessments of the design and effectiveness of firms’ screening tools, and we have extensive experience in drafting and updating policies and procedures in line with regulatory expectations and best practice, while keeping in mind each firm’s risk appetite and tolerances. In the last year we’ve also delivered sanctions-related training to a number of clients, including best practice on alert adjudication. We can also test how you’ve calibrated your fuzzy logic both in terms of design and operation to help assess whether the system produces the expected outputs.
If you’d like to chat, please get in touch.
Helen
