By Arvin Wilderink ·

By Arvin Wilderink · Updated 25 April 2026

The Complete 2026 Guide to UK Financial Sanctions

UK financial sanctions are the asset-freezing and prohibited-transaction measures the UK government imposes on individuals, entities, and ships designated under regulations made under the Sanctions and Anti-Money Laundering Act 2018 (SAMLA). They are one of three families of UK sanctions (alongside trade sanctions, administered separately, and immigration sanctions). They apply with strict liability, change weekly, and are enforced by three different bodies depending on which type of breach you are dealing with.

This is the practitioner-level guide I wish someone had handed me when I started building SanctScan. What financial sanctions actually cover, who is on the UK Sanctions List, who has to comply, how the screening and reporting obligations work in practice, and where small compliance teams quietly cut corners. Finishes with a checklist you can paste into your sanctions policy.

What "financial sanctions" mean in UK law

UK sanctions split into several categories under SAMLA. Section 3 defines financial sanctions: prohibitions on dealing with funds and economic resources owned, held or controlled by a designated person; prohibitions on making funds or economic resources available to a designated person; restrictions on certain financial transactions (loans, securities, insurance) with named entities or sectors. Sections 4 (immigration), 5 (trade), 6 (aircraft), and 7 (shipping) cover the other categories.

When a compliance team talks about "the UK Sanctions List" they almost always mean the financial sanctions list. The trade controls list, immigration sanctions list, and transport sanctions designations sit alongside it but are administered by different bodies (Department for Business and Trade for trade; the Home Office for immigration; the Department for Transport for transport).

The big 2026 housekeeping change: on 28 January 2026, OFSI's older Consolidated List of Asset Freeze Targets was retired. The single source of truth for all UK designations is now the UK Sanctions List published by the FCDO, available in CSV, ODS, ODT, XML, HTML, PDF and TXT formats.

Who has to comply

UK financial sanctions apply to all UK persons (anywhere in the world) and to any person or activity within UK territory or UK territorial waters. A "UK person" includes:

  • British citizens, regardless of where they live
  • Any entity incorporated or constituted under the law of any part of the UK, including its overseas branches and subsidiaries
  • Anyone physically located in the UK at the time of the relevant act, regardless of nationality

That coverage is why non-UK businesses get pulled in surprisingly often. Sterling-clearing exposure pulls in non-UK banks. UK financial institutions handling correspondent flows for foreign banks routinely expect their counterparties to be screening to UK standards. And if any UK person is a director, employee, or settlor in the transaction chain, UK sanctions apply.

If your business does any of the following and isn't already screening, you are almost certainly in scope:

  • Onboard customers, vendors, suppliers or counterparties
  • Process cross-border payments (especially in GBP)
  • Sell software or services to customers outside the UK
  • Ship goods internationally
  • Hold or manage funds for someone else
  • Provide professional services regulated under the Money Laundering Regulations 2017

The active UK sanctions regimes

The UK regimes collection on gov.uk lists every regime made under SAMLA. As of April 2026 there are around 35 active country and thematic regimes. The big ones any compliance team will encounter:

Country regimes — Russia (the largest by activity), Belarus, Iran, North Korea, Myanmar (Burma), Syria, Libya, Yemen, Venezuela, Zimbabwe, Sudan, South Sudan, Somalia, Iraq, Lebanon, Mali, Central African Republic, Democratic Republic of the Congo, Guinea, Guinea-Bissau, Nicaragua, ISIL (Da'esh) and Al-Qaida, Counter-Terrorism (Domestic and International), Counter-Terrorism (United Nations).

Thematic regimes — Global Human Rights (the UK Magnitsky regime, SI 2020/680), Global Anti-Corruption (SI 2021/488), Cyber (SI 2020/597), Chemical Weapons (SI 2019/618), Counter-Proliferation, and the Global Irregular Migration and Trafficking in Persons regime added in July 2025.

You don't have to memorise the SI numbers. What matters operationally is that all of these regimes converge on a single list (the UK Sanctions List), with the regime-specific rules sitting in each SI. Your screening tool returns the matched designation, the regime, and the SI reference; your compliance team then applies the regime-specific rules.

How the screening and adjudication workflow runs in practice

The textbook workflow:

  1. Collect entity data (legal name, date of birth for individuals, country, government identifiers).
  2. Screen against the UK Sanctions List using fuzzy matching that handles transliteration variants and aliases.
  3. Adjudicate hits. A name match alone is not a confirmed sanctions hit.
  4. Document the decision, with timestamps and the secondary identifiers you used to clear or escalate.
  5. Take action. Block transactions, freeze funds, file reports where required, seek licences if you need to deal with a designated party.
  6. Rescreen the existing book on every list update, not on a calendar schedule.

Each step has failure modes that a regulator will pick up if your audit trail is thin.

Names and fuzzy matching

The UK Sanctions List contains names in dozens of source scripts (Arabic, Cyrillic, Chinese, Persian, Burmese), transliterated into English in inconsistent ways. The Libyan leader's surname appears as Gaddafi, Qaddafi, Kadafi, Qadhafi and other variants across regimes. Exact-match screening misses real hits. Production-grade fuzzy matching uses phonetic algorithms (Soundex, Metaphone), edit-distance scoring, n-gram overlap, and an alias table that reflects known transliteration patterns.

Going too loose creates a different problem: alert fatigue. When every search produces fifty fuzzy hits, the compliance analyst stops reading them carefully, and the real match slips through the noise.

Adjudication

A name hit becomes a confirmed sanctions hit when secondary identifiers line up: date of birth, country, government ID, known aliases. A "Mohammed Khan" born in 1971 in Karachi is not the same person as a "Mohammed Khan" born in 1992 in Birmingham, but the documentation has to make that case explicitly.

This is where spreadsheet-based compliance falls apart. An email thread between two analysts saying "obviously not the same person" is not an audit trail. OFSI examiners and external auditors want to see what the analyst checked, when they checked it, and what they concluded.

Rescreening

Sanctions list updates land on the UK Sanctions List several times per week. Existing customers who were clean at onboarding get sanctioned later, sometimes with no warning. Onboarding-only screening is a snapshot that ages out within weeks. The OFSI General Guidance makes this expectation explicit. Daily rescreening is the gold standard for higher-risk programmes; weekly is defensible for SMB compliance.

Ownership and control: the UK 50%-style test

A counterparty isn't on the UK Sanctions List, but its parent or beneficial owner is. Under the OFSI ownership-and-control test, that counterparty is also blocked.

The test sits in regulation 7 of each major SI (e.g. SI 2019/855 for Russia) and is detailed in OFSI's General Guidance. The test asks two questions: does a designated person hold (directly or indirectly) more than 50% of the shares or voting rights, OR does a designated person have the ability to control the entity by other means (board appointments, contractual rights, dominant influence, etc.)?

A counterparty owned 60% by an SDN, even through a layered offshore structure, is blocked. A counterparty whose CEO is a sanctioned person who can direct corporate actions is potentially blocked under the control limb, even at low ownership percentages.

A practical caveat: the UK test is currently under reform. HM Treasury opened a call for evidence on the Ownership and Control Test in UK Financial Sanctions Regulations, which closed on 13 April 2026. The aggregation question (do you sum ownership across multiple sanctioned persons, the way OFAC does for SDNs?) is one of the consultation themes. UK firms screening today should track the outcome and update their internal logic when reform lands.

Reporting obligations and timelines

Section 5 of the OFSI General Guidance defines the reporting obligation. If you are a "relevant firm" you must report to OFSI as soon as practicable when:

  • You know or suspect that a person is a designated person and you hold or have held funds or economic resources for them, or you have engaged in a relevant transaction with them; or
  • You know or suspect that a person has committed a sanctions offence under the regulations.

"Relevant firm" covers the FCA-regulated sector, money service businesses, accountants, auditors, tax advisers, legal professionals, trust and company service providers, estate agents, casinos, art-market participants, and crypto-asset service providers (added in 2022). The full list sits in section 5 of the General Guidance.

"As soon as practicable" is interpreted strictly. There is no fixed numeric deadline, but for clear-cut hits the practical expectation is same-day or next-business-day reporting. Late reporting is itself a breach.

For the Russia regime specifically, Part 8 of SI 2019/855 extends reporting to funds or economic resources held for the Central Bank of Russia, the Russian Ministry of Finance, the Russian National Wealth Fund, and persons owned/controlled by them, even where those entities aren't themselves designated. That obligation catches relationships your standard sanctions-list screen would miss.

Licensing: dealing with designated parties when you have to

OFSI has the power to grant licences that authorise specific dealings with a designated party. Licences come in two forms.

General licences cover defined common scenarios where the policy case for permitting the dealing is broad: legal fees up to a cap, humanitarian aid, basic needs payments, certain energy-related Russian transactions, ongoing payments under pre-existing contracts. The list of general licences is published on gov.uk and updated regularly. Operating under a general licence still requires you to meet its conditions and report use as required.

Specific licences are case-by-case authorisations for a single firm and a single set of transactions. The application process is documented on gov.uk; turnaround times vary by regime. Russia and Belarus applications are generally the slowest given the volume of demand since 2022. For complex applications (e.g. anything involving CBR-owned entities, oil-price-cap structures, or designated-person settlements) build in weeks not days.

Enforcement: strict liability and three UK bodies

UK enforcement now splits across three bodies:

OFSI (Office of Financial Sanctions Implementation), part of HM Treasury, handles financial sanctions: asset freezes, prohibited payments, reporting failures. OFSI assesses suspected breaches, imposes civil monetary penalties, and refers cases for criminal investigation. Breach of the main financial prohibitions is a criminal offence triable either way, with a maximum sentence on indictment of 7 years' imprisonment, a fine, or both. Reporting offences are summary-only with a 6-month maximum.

OTSI (Office of Trade Sanctions Implementation), part of the Department for Business and Trade, took over civil enforcement of certain trade sanctions in October 2024. OTSI imposes civil monetary penalties and refers cases to HMRC for criminal investigation.

The Department for Transport handles transport sanctions (aircraft and shipping under SAMLA sections 6 and 7).

The most significant enforcement change in recent years is strict civil liability. Under the Economic Crime (Transparency and Enforcement) Act 2022, OFSI can impose civil monetary penalties without proving that the firm knew or had reasonable cause to suspect the breach. The "ignorance defence" was removed in June 2022 and is now history.

OFSI publishes detailed enforcement actions. The most recent named penalty as of writing is Apple Distribution International, fined £390,000 on 30 March 2026 for "Making funds available to a designated person without a licence" under regulation 12 of the Russia Regulations. Other recent cases include Bank of Scotland, Colorcon, Vanquis Bank, Markom Management, Svarog Shipping, Herbert Smith Freehills CIS LLP, Integral Concierge Services, Wise Payments, Tracerco, Clear Junction, TransferGo, Standard Chartered, Telia Carrier UK, Travelex UK, and Raphael & Sons.

OFSI's annual reviews are the closest thing to public guidance on what penalties look like in practice. The most recent is "OFSI Annual Review 2024 to 2025: Effective Sanctions" (2 April 2026). The new "OFSI Strategy: 2026 - 2029" was published on 15 April 2026.

Common pitfalls

Where I see UK compliance programmes fall over, in rough order of frequency:

  1. Onboarding-only screening with no rescreen. Customer was clean on day one, designated six months later, transactions continued. Strict-liability fact pattern.
  2. Ownership-and-control depth. Screening the entity name but not the disclosed beneficial owners. The 50%-style test is not optional, and the hit is real even when the entity itself isn't on the list.
  3. Late reporting. "As soon as practicable" interpreted as "when convenient." OFSI annual reviews call this out repeatedly as a contributing factor in penalty cases.
  4. Russia Part 8 reporting missed. Firms screening only against the named designated persons, not against the CBR / Russian Ministry of Finance / National Wealth Fund extension obligation.
  5. Out-of-date data sources. Pipelines still pulling the retired OFSI Consolidated List rather than the FCDO UK Sanctions List. Switch the source today.
  6. Threshold-tuning failures in fuzzy matching. Either too tight (real hits missed) or too loose (alert fatigue, real hits dismissed in noise).
  7. No licence application strategy. Firms holding designated-party funds without an application in flight, racking up reporting obligations and exposure with no exit path.

Compliance officer checklist

Paste this into your sanctions policy review. Each line is independently defensible and traceable to OFSI guidance.

Programme design

  • Sanctions screening defined as a documented control with a named owner
  • Risk assessment refreshed annually, covering customer, geographic, product, and transaction risk
  • Policy explicitly covers UK Sanctions List + EU Consolidated List + UN Security Council list at a minimum

Onboarding

  • Every new customer screened against the UK Sanctions List before account opening or contract execution
  • Screening includes legal name + date of birth (if individual) + country + government IDs
  • Beneficial owners disclosed and screened separately for the ownership-and-control test
  • All screening events logged with timestamp, query, result, analyst decision

Ongoing operations

  • Monitored entities rescreened on every list update, not on a fixed calendar
  • Alerts triaged within 24 hours by a named analyst
  • False positives documented with the secondary identifiers used to clear them
  • Quarterly QA review of cleared alerts

Russia Part 8

  • Standing screening against CBR, Russian Ministry of Finance, Russian National Wealth Fund, and entities owned/controlled by them
  • Reporting workflow tested for the Part 8 extension specifically

Reporting

  • OFSI reporting workflow defined and tested, with a documented sub-24-hour turnaround on confirmed hits
  • Reporting form template stored in compliance toolkit
  • Backup reporter named for analyst absence

Licensing

  • General licence inventory maintained per regime
  • Specific licence applications tracked with case manager and target dates
  • Licence-condition reporting calendared

Audit trail

  • All screening, adjudication, and reporting decisions captured in durable storage with at least 6-year retention
  • Decisions reviewable by name, date, customer, and outcome
  • External auditor and OFSI examiner access controls documented

Update cadence

  • Subscribe to the joint UK sanctions email alert service (FCDO + OFSI + OTSI)
  • Monitor OFSI strategy and annual review for shifts in enforcement priorities
  • Track the ownership-and-control reform process and update internal logic if the test changes

Bottom line

UK financial sanctions compliance is an operational control, run under strict liability. The UK Sanctions List changes most weeks. The reporting standard is stricter than people remember. The 50%-style ownership test catches teams who screen only the entity. The OFSI Strategy 2026-2029 and the Apple Distribution International penalty in March both point in the same direction: enforcement, not education.

If you want a tool that handles the screening and continuous-monitoring side, SanctScan covers the UK Sanctions List on every plan, with daily continuous monitoring from the Solo plan ($19/month). API access and webhook delivery unlock from Starter ($39/month).

Want the comparative view against EU sanctions? Read our UK vs EU sanctions guide. Want the practitioner brief on OFAC for US-exposed flows? See our OFAC screening guide.

Cookie Voorkeuren

We gebruiken cookies om websiteverkeer te analyseren en uw ervaring te verbeteren. U kunt kiezen om niet-essentiële cookies te accepteren of te weigeren.