Lessons from Bank of Scotland fine for sanctions screening failure
OFSI, the Office of Financial Sanctions Implementation, forms part of HM Treasury and is tasked with ensuring financial sanctions are properly understood, implemented and enforced in the United Kingdom. 2025 saw a marked increase in enforcement actions across a range of sectors and is currently pursuing reform which will see an increase in the maximum fine available to it, among several other proposals.
In January 2026, OFSI fined Bank of Scotland PLC (“BoS”), a subsidiary of the Lloyds Banking Group (“LBG”) £160,000 for breaches of the Russia (Sanctions) (EU Exit) Regulations 2019. A penalty of £320,000 would have been imposed were it not for the voluntary disclosure discount.
Between 8 February and 24 February 2023, BoS processed 24 payments, totalling £77,383.39, to or from a personal current account held by an individual designated under those Regulations. The real detail here is the system failure and procedural delay in identifying that a new account was opened by a designated person on 6 February 2023.
The designated person, a British citizen, used a UK passport for identification when opening the Account. This passport contained a spelling variation of the account holder’s name. Specifically, the variation within the UK passport to that within the OFSI Consolidated List was a changed character and an additional character in the forename, a missing middle name and a changed character in the surname. The character changes are common equivalents in Russian to English translations.
The screening system did not reconcile the character changes between the spelling variations, and as such a sanctions alert was not triggered against the Account at the account-opening stage, nor at any stage between 6 and 24 February 2023, during which time access to the Account was unrestricted.
It was only through the Group’s automatic Politically Exposed Person (“PEP”) screening that an alert was generated on 7 February 2023, where the variation of the designated person’s name was matched. From there a process of investigation and escalation eventually led to linking the sanction match and the eventual notification, although OFSI were critical of the time this took.
While the expectations and capability of the UK’s biggest banks are set at a different threshold, the learning here is clear. Be wary of translated names and make use of Fuzzy search functionality to consider close name matches, not just exact matches.
The FCA’s focus on areas such as AML, fraud and sanctions through 2025 does not appear to be easing, so ensuring your financial crime controls are appropriate and screening capabilities meet the necessary standards should be on your to-do list.
For asset managers, this could include risk-based ongoing periodic screening of clients, investors and portfolio companies, not just at the point of AML/KYC reviews.
If you have any questions on the above, please contact ComplyCraft Consulting.