The global cost of ignoring sanctions: How one UK case exposes a broader risk

Sanctions enforcement in the UK is ramping up, and compliance lapses, even historic ones, come with a price.

The recent £300,000 fine issued to Markom Management Limited (MML) by the UK’s Office of Financial Sanctions Implementation (OFSI) is a wake-up call to all firms, not just banks. In today’s regulatory climate, ignorance is no excuse, and even seemingly minor administrative payments can trigger major penalties.

The Markom case: What happened

A returned overpayment counts as a breach

On 20 February 2018, MML instructed a payment of £416,590.92 to a sanctioned individual linked to Gazprombank, a sanctioned Russian bank. Even though the funds were a return of overpayment, this action broke the UK’s Russia-related financial sanctions under the Sanctions and Anti-Money Laundering Act 2018.

Inadequate controls and wilful ignorance

OFSI found that MML either knew or should have suspected that the recipient was a sanctioned individual. MML improved its compliance framework later, but OFSI deemed the existing controls insufficient. They initially proposed a £400,000 penalty, later reduced to £300,000 after review.

Notably, no discount was given for voluntary disclosure, as OFSI ruled that MML's submission did not meet the criteria for being “truly voluntary” or timely.

FATF standards and the UK’s global role

The MML case showcases the UK’s role in enforcing FATF standards, particularly Recommendations 6 and 7. These require member states to take strong actions against financial sanctions breaches, like freezing assets or blocking funds to designated individuals. The UK’s sanctions regime, enforced by OFSI, fits this framework and shows the UK’s commitment to FATF standards. This case also shows that enforcement isn’t just for large firms; smaller companies and non-financial institutions must also grasp their sanctions risks and implement necessary procedures.

In today’s interconnected financial world, sanctions breaches can lead to regulatory actions, even if payments start overseas, as long as there’s a UK link. This principle, highlighted by the MML case, emphasizes the UK’s key role in global compliance.

Lessons for compliance officers

1. Voluntary Disclosure Must Be Genuine and Timely

A key takeaway from this case is how OFSI viewed the disclosure. Although MML reported the breach, the regulator decided the disclosure wasn’t voluntary enough for a penalty discount.

For firms thinking about self-reporting future breaches, this sets a high standard: disclosures must be timely, not prompted by outside pressure, and must be thorough, and importantly, disclosure alone is not enough. Proceeding with a questionable transaction and then reporting it afterwards will not protect a firm from consequences.

2. Sanctions Exposure Is Not Always Obvious

The original payment seemed administrative, related to an overpayment. But OFSI was clear: context doesn’t matter. If the counterparty is sanctioned, even a refund can be a breach.

This stresses the need for ongoing counterparty screening, even after relationships are established. Firms can’t assume that a party remains clear after initial due diligence.

3. Even Historic Breaches Are Fair Game

The original breach happened in 2018, but the final penalty came in 2025. This seven-year gap shows that OFSI’s enforcement isn’t limited by time. Firms shouldn’t expect regulatory inaction just because an incident happened years ago.

For compliance officers, this highlights the need for clear audit trails, thorough record-keeping, and processes for identifying and escalating past concerns, especially when new sanctions arise. This includes revisiting customer due diligence and updating risk assessments when new sanctioned individuals or other risk factors come into play. 

4. UK Links Expand Enforcement Reach

Although much of the transaction happened outside the UK, OFSI acted due to a strong UK connection. This is important in today’s decentralized global operations. International firms with limited UK ties, like a UK bank account or transactions through the UK, must prepare for OFSI scrutiny.

Broader context: Sanctions and the global landscape

Sanctions enforcement is increasing worldwide, with authorities in the EU, US, Australia, and Canada ramping up investigations and penalties for sanctions evasion. The Russia sanctions framework has become more complex, exposing firms that don’t update their processes.

For example, in 2024 OFAC imposed multimillion dollar penalties on US companies for indirect dealings with sanctioned Russian entities, reinforcing the same lesson: ignorance or outdated systems are no longer a defence. 

The FATF’s 2024 report on proliferation financing and sanctions evasion notes a trend of sanctioned individuals using intermediaries and complex payment chains to bypass controls. This places the responsibility on firms to invest in tools, workflows, and training to spot suspicious patterns before transactions are completed.

Simply screening name lists during onboarding isn’t enough anymore. Firms need real-time alerts, strong escalation processes, and integrated systems that connect onboarding, transaction approvals, and ongoing monitoring.

What "good" looks like

While the MML case shows what can go wrong, it also sets a standard for effective compliance. Best practices in sanctions compliance now include:

• Daily ongoing sanctions screening, integrated across all areas (onboarding, payments, remediation).
• Systematic and documented checks before making or receiving funds, even in low-risk situations.
• Strong governance, with senior management oversight and clear escalation lines.
• Periodic training, tailored to the specific sanctions regimes relevant to your business.
• Proactive record keeping, with timestamped logs and decision-making trails for audits.

Final thoughts

The OFSI penalty against MML warns firms that UK authorities are serious about enforcement, even years after a breach.

In today’s complex landscape, sanctions compliance cannot be treated as a box-ticking exercise. Firms that fail to invest in proactive systems, training , and oversight risk becoming the next high-profile cautionary tale.