Regulatory and compliance

OTSI: new UK trade sanctions enforcement body adds compliance burden for regulated firms

Published on 4th Dec 2024

The establishment of OTSI will affect all UK firms exporting goods internationally, as well as financial services and legal firms

Business planning meeting, photo of people's hands holding pens and going over papers

The UK National Crime Agency (NCA) published a "Red Alert" in December 2023 about sanctions-evasion techniques for exporting high-risk goods to Russia. Shortly afterwards, the government announced plans to create the Office of Trade Sanctions Implementation (OTSI) to "crack down on firms dodging Russian sanctions." The announcement was received with anticipation that this indicated a streamlining of the approach to trade sanctions, with several UK government bodies already responsible for certain aspects, including export restrictions. 

OTSI was formally launched in September 2024, with new enforcement powers granted by the snappily titled Trade, Aircraft and Shipping Sanctions (Civil Enforcement) Regulations 2024 from 10 October 2024. It now seems this new body will significantly increase the regulatory burden across multiple sectors, and those responsible for compliance must understand the implications of these changes and take proactive steps to ensure their firms are not caught off-guard. 

OTSI's new role

OTSI will supplement the existing framework of sanctions enforcement in specific areas, with its primary role being to investigate and take enforcement action in relation to: 

  • The provision and procurement of sanctioned services (for example, legal services, accountancy services and IT services) to embargoed countries. 
  • The transfer of sanctioned technologies to embargoed countries. 
  • The supply of sanctioned goods to embargoed countries from outside the UK. 

Targeting the supply of restricted items to sanctioned countries from outside the UK requires some explanation. It does not cover direct exports from the UK to embargoed countries. Firms wishing to export goods directly to countries such as Russia still need to obtain an export licence from the Export Control Joint Unit (ECJU), with enforcement oversight by HM Revenue & Customs (HMRC).

OTSI will only be involved in scenarios where goods are exported from the UK to a country not subject to UK sanctions (for example, South Africa) and then re-exported to a UK-sanctioned country (for example, Russia). In isolation, it is legal both for the UK firm to export to South Africa and for the South African firm to export to Russia. It is where this re-export is merely a front to circumvent the direct UK-Russia embargo that the offence arises: that is the scenario OTSI will address.

OTSI enforcement powers

Where a breach is identified, OTSI has the authority to impose financial penalties of up to £1 million or 50% of the value of the breach, whichever is higher. The key problem for UK firms is that OTSI may act on a strict liability basis — so a firm could be held liable if a third party in another country supplies Russia, even unintentionally and unknowingly.

The implications are significant, not least because the trade restrictions on Russia are now exceptionally broad, encompassing not just military- and energy-related items but even luxury goods, from crystal tableware to high-end clothing and electrical devices. Removing the knowledge requirement from the offence of "indirectly supplying or delivering luxury goods" to Russia could, in principle, leave firms liable for common export items if they are onward-supplied to Russia. 

This means UK exporters must now be vigilant about downstream supply chains. They must ensure their direct customers are not re-exporting goods to embargoed territories, even where it would be legal for those customers to do so. Standard contractual terms requiring purchasers to "comply with all applicable laws" are unlikely to be sufficient. Firms should consider due diligence and/or audits on customer activities to avoid potential enforcement action by OTSI.  

Whether OTSI will choose to enforce minor infractions remains to be seen. Its sister body, the Office of Financial Sanctions Implementation (OFSI), has sanctioned financial firms for breaches valued as low as £250.  

Reporting obligations 

This all raised the question of how OTSI could become aware of such activity, especially given the international element and third-country actors outside its jurisdiction. There is no self-reporting obligation under the regulations.

However, relevant persons (that is, those in the financial services or legal industries) must report to OTSI if they know or have reasonable cause to suspect that a trade sanction has been breached.

Such firms are already subject to numerous regulatory and reporting obligations, including financial sanctions and anti-money laundering regulations. They are once again expected to act as gatekeepers for compliance by other firms.

The specific offences subject to reporting under the regulations are distinct from those for which firms already have an obligation.

Financial services and legal firms need to update their policies and procedures and carry out internal training to ensure that relevant staff know these new obligations. Automated transaction monitoring or similar processes should be calibrated to recognise suspicious activity. 

OTSI's investigation powers 

OTSI is expected to collaborate with other sanctions enforcers, such as HMRC, ECJU and OFSI. These bodies will likely share evidence as it is identified. HMRC will retain responsibility for oversight of direct exports and military and dual-use goods subject to strategic export controls, while ECJU will continue licensing such exports. OFSI will oversee financial sanctions enforcement. Each of these entities may obtain information relevant to OTSI during their activities. International cooperation is also anticipated. 

On 24 September 2024, the national sanctions enforcement bodies for the Group of Seven largest economies (the G7) issued joint guidance to industry on preventing evasion of export controls and sanctions imposed on Russia. This guidance specifically identified items under dual-use classifications as a high priority for "illicit diversion" to Russia, falling under HMRC's remit rather than OTSI's. How this will work in practice remains to be seen. 

OTSI also has the power to request information from any person if it "believes that the person may be able to provide the information" and OTSI reasonably requires it to exercise its functions. The person must take reasonable steps to obtain the documents and/or keep the documents under their possession or control. Failure to comply is potentially a criminal offence, and these information powers can be compelled by a court order (with contempt sanctions). 

The main takeaway for firms is that they must be much more diligent, not only about their documentation of due diligence activities and efforts to mitigate circumvention but also in imposing clear contractual rights to require their customers to provide information and documents promptly if requested. That is likely to represent a new challenge for firms unaccustomed to responding to such regulatory requests. 

Best practices

The establishment of OTSI is a significant development that will affect all UK firms exporting goods internationally, as well as financial services and legal firms. Compliance professionals should take the following steps to prepare:

  • Conduct thorough due diligence. Ensure the firm understands its downstream supply chain and take steps to verify that direct customers are not re-exporting goods to embargoed territories.
  • Review contractual protections. Standard terms requiring compliance with applicable laws may be insufficient. Include specific clauses that address the risk of re-exportation to embargoed countries and require customers to provide relevant documentation promptly if requested. 
  • Review and refresh all regulatory and compliance processes and procedures to ensure they are fit for purpose under the new regime. 
  • Implement training for relevant staff on the new regulations and ensure that any manual procedures or automated processes designed to identify suspicious activity are calibrated to capture these new threats. 
  • Financial and legal institutions should implement adequate escalation procedures to ensure reports are made to OTSI promptly when required.

This Insight was first published by Thomson Reuters Regulatory Intelligence.

Share
Related articles
UK government lays regulations and publishes guidance on HFSS advertising restrictions
05/12/2024 2 mins
Are you prepared for the forthcoming changes on prompt payment terms for public tendering in the UK?
19/11/2024 2 mins
What can UK business expect from regulators in future?
07/11/2024 9 mins
Modern Slavery Act 2015: UK select committee calls for urgent reforms
29/10/2024 5 mins
Interested in hearing more from Osborne Clarke?

Register now for more insights, news and events from across Osborne Clarke

Sign up

* This article is current as of the date of its publication and does not necessarily reflect the present state of the law or relevant regulation.

Connect with one of our experts

Interested in hearing more from Osborne Clarke?

Register now for more insights, news and events from across Osborne Clarke

Sign up