By Arvin Wilderink ·

By Arvin Wilderink · Updated 25 April 2026

UK vs EU Sanctions: A Compliance Officer's Guide to Post-Brexit Divergence

If your business sits between the UK and the EU (UK-incorporated with EU customers, EU-incorporated with UK trade flows, or running USD/GBP/EUR clearing across both), you are now living with two sanctions regimes that overlap heavily but are not the same instrument. Treating them as one is the most common compliance failure I see at UK SMEs, and it is a strict-liability problem on the UK side.

This guide is the practitioner brief I wish I had had when SanctScan started screening the UK list. What changed at Brexit, where the UK and EU regimes diverge in practice, what enforcement looks like on each side of the Channel, and what UK-incorporated firms now have to screen.

The legal split: SAMLA replaced direct EU regulation

Before Brexit, EU sanctions applied in the UK directly via the European Communities Act 1972. Council Regulations were enforceable instruments in UK law without further domestic legislation.

Brexit changed the plumbing. The Sanctions and Anti-Money Laundering Act 2018 (SAMLA) gave the UK the legal vehicle to make its own autonomous sanctions regulations. Regulations made under SAMLA (Russia, Iran, Belarus, Cyber, Chemical Weapons, Global Human Rights, Anti-Corruption) became the operative legal basis at the end of the transition period (31 December 2020). The UK Sanctions List itself was first published by the Foreign, Commonwealth & Development Office on 6 July 2020.

The big 2026 housekeeping change: on 28 January 2026, the older OFSI Consolidated List of Asset Freeze Targets was retired. The UK Sanctions List, published by the FCDO, is now the single authoritative source for all UK designations.

Russia: same target, different toolkits

Both the UK and the EU have been adding to their Russia regimes continuously since February 2022, but they are running on separate legal tracks.

The UK regime sits in the Russia (Sanctions) (EU Exit) Regulations 2019 (SI 2019/855), made under SAMLA. The current regime aims to "encourage Russia to cease actions destabilising Ukraine" and to promote compensation for damage caused after 24 February 2022.

The EU regime is a stack of Council Regulations and Decisions, 20 packages of restrictive measures since 2014, with the bulk added since the 2022 invasion.

A few practical divergences worth knowing:

The UK Maritime Services Ban prohibits the transportation by ship of Russian oil and oil products, with an Oil Price Cap exception that permits supply, delivery and associated services only when the price paid is at or below the cap. The EU runs a parallel cap with similar mechanics but its own legal text and its own list of regulated parties.

UK Russia loan/credit prohibitions (regulation 19A and Schedule 2 of SI 2019/855) catch loans and credit with maturity exceeding 30 days to a defined set of Russian entities, their non-UK subsidiaries, their UK subsidiaries (on or after 1 March 2022), and "persons connected with Russia". The EU has equivalent restrictions but a different list of in-scope entities.

UK Part 8 reporting goes wider than asset-freeze reporting. Relevant firms must report to OFSI any funds or economic resources held for the Central Bank of Russia, the Russian Ministry of Finance, the Russian National Wealth Fund, and persons owned/controlled by them, even where those entities are not themselves designated.

And the lists move fast. The FCDO's UK Sanctions List update log shows multiple Russia variations, amendments and revocations most weeks. EU Council updates land on a different cadence. A snapshot taken on Monday is stale by Friday.

Magnitsky and human rights

The UK and EU created their autonomous human-rights sanctions regimes within months of each other.

The Global Human Rights Sanctions Regulations 2020 (SI 2020/680) is the UK's Magnitsky-style instrument. The first UK designations under it landed on 6 July 2020, the same day the UK Sanctions List was published. Designations are made by the Foreign Secretary.

The EU adopted its Global Human Rights Sanctions Regime on 7 December 2020 by Council Decision and Regulation. The framework targets "genocide, crimes against humanity and other serious human rights violations or abuses (e.g. torture, slavery, extrajudicial killings, arbitrary arrests or detentions)." Listings are decided by the Council on a proposal from a member state or the High Representative, a different decision-making process from the UK's executive designation power.

Practically, the regimes overlap on egregious cases (Belarus officials post-2020, Myanmar military, Iranian human-rights abuses) but diverge on borderline cases. The EU regime as adopted in 2020 also does not cover serious corruption. The UK closed that gap with a separate Global Anti-Corruption Sanctions Regulations 2021 (SI 2021/488) the following year. As of 2026, the EU has not adopted a horizontal anti-corruption regime equivalent.

UK regimes with no direct EU equivalent

Beyond anti-corruption, the UK has built out a few regimes the EU does not mirror exactly:

The Cyber (Sanctions) (EU Exit) Regulations 2020 (SI 2020/597) is the UK's autonomous cyber regime. The EU has a horizontal cyber regime adopted in 2019. The two are conceptually similar but operate on separate designation lists. The UK Chemical Weapons (Sanctions) (EU Exit) Regulations 2019 (SI 2019/618) sits alongside the EU's chemical weapons regime in the same way.

The UK Anti-Corruption regime has no direct EU horizontal equivalent at the time of writing.

The Global Irregular Migration and Trafficking in Persons sanctions regime, added to the gov.uk regimes collection in July 2025, is also UK-only.

For UK firms with EU exposure, the practical implication is unavoidable: the UK list captures designations that don't exist on the EU side, and vice versa. Screening only one will miss real hits.

Enforcement: strict liability, three UK bodies, 27 EU regimes

UK enforcement now splits across three bodies:

OFSI (Office of Financial Sanctions Implementation), part of HM Treasury, handles financial sanctions: asset freezes, prohibited payments, reporting failures. OFSI assesses suspected breaches, imposes civil monetary penalties, and refers cases for criminal investigation. Breach of the main financial prohibitions is a criminal offence triable either way, with a maximum sentence on indictment of 7 years' imprisonment, a fine, or both. Reporting offences are summary-only with a 6-month maximum.

OTSI (Office of Trade Sanctions Implementation), part of the Department for Business and Trade, took over civil enforcement of certain trade sanctions in October 2024. OTSI can impose civil monetary penalties and refer cases to HMRC for criminal investigation.

The Department for Transport handles transport sanctions (aircraft and shipping under SAMLA sections 6 and 7).

The most significant enforcement change in recent years is strict civil liability. Under the Economic Crime (Transparency and Enforcement) Act 2022, OFSI can impose civil monetary penalties without proving that the firm knew or had reasonable cause to suspect the breach. The "ignorance defence" is gone. This took effect in June 2022 and is now the default standard for OFSI civil cases.

OFSI publishes detailed enforcement actions. The most recent named penalty as of writing is Apple Distribution International, fined £390,000 on 30 March 2026 for "Making funds available to a designated person without a licence" under regulation 12 of the Russia Regulations. Other recent cases include Bank of Scotland, Colorcon, Vanquis Bank, Markom Management, Svarog Shipping, Herbert Smith Freehills CIS LLP, Integral Concierge Services, Wise Payments, Tracerco, Clear Junction, TransferGo, Standard Chartered, Telia Carrier UK, Travelex UK, and Raphael & Sons.

OFSI publishes annual reviews. The most recent is "OFSI Annual Review 2024 to 2025: Effective Sanctions" (2 April 2026). A new three-year "OFSI Strategy: 2026 - 2029" landed on 15 April 2026. Read it as the enforcement-led posture continuing rather than easing.

EU enforcement: 27 regimes, not one

EU sanctions are imposed centrally. The Council adopts a Regulation, and that Regulation is binding across all 27 member states. Enforcement, however, is not centralised. Each member state's competent authority handles penalties and prosecutions: France's Direction Générale du Trésor (DGT), Germany's Deutsche Bundesbank (financial freezes) and BAFA (trade), the Netherlands' Belastingdienst Douane and AFM, and so on across the bloc.

The result is wide variation in how aggressively breaches are pursued, what penalties look like, and how quickly cases move. The EU adopted Directive (EU) 2024/1226 in 2024 to harmonise the criminal-offence definitions and minimum penalty levels across member states, but transposition is still in progress in several jurisdictions.

For a UK firm screening a customer who is also active in the EU, that means living with two enforcement risks at once: a UK strict-liability civil penalty on one side, and whichever EU member state's regime the relevant transaction touches on the other.

Reporting obligations: who reports, and when

UK sanctions regulations place reporting obligations on "relevant firms": banks, money service businesses, accountants, auditors, tax advisers, legal professionals, trust and company service providers, estate agents, casinos, art-market participants, crypto-asset service providers, and a few others. The trigger is knowledge or suspicion that a person is a designated person, or that a breach has occurred. The standard is "as soon as practicable". There is no fixed numeric deadline, but in practice this means same-day or next-business-day for clear-cut hits.

For the Russia regime specifically, Part 8 of SI 2019/855 extends reporting to funds or economic resources held for the Central Bank of Russia, the Russian Ministry of Finance, and the Russian National Wealth Fund, even where those entities aren't themselves designated.

EU member-state reporting regimes vary. Most are time-bound (typically within a few business days), but the trigger conditions, the receiving authority, and the form of report differ jurisdiction by jurisdiction. A multinational compliance team running on a single "report to OFSI" workflow will miss EU-side obligations.

Ownership and control: the UK 50% test is currently under review

The UK's ownership-and-control test is conceptually similar to OFAC's 50 Percent Rule: an entity is treated as designated when one or more designated persons hold, directly or indirectly, more than 50% of the shares or voting rights, or are otherwise able to control the entity. The OFSI General Guidance sets out the operational details.

Two important caveats. First, OFAC explicitly aggregates ownership across multiple SDNs (so two SDNs each holding 30% means the entity is blocked); UK guidance has historically taken a more case-by-case view of joint control. Second, the UK test is currently under review. HM Treasury opened a call for evidence on the Ownership and Control Test in UK Financial Sanctions Regulations, which closed on 13 April 2026. Reform is on the cards. UK firms screening today should track the outcome.

The EU operates a 50% threshold by Council guidance ("EU Best Practices for the effective implementation of restrictive measures"). UK and EU thresholds are similar but the surrounding interpretive guidance differs.

What this means for UK firms with cross-border exposure

A few operational points that matter in practice:

You have to screen both lists. The UK list has UK-only designations (especially under the Anti-Corruption and Migration regimes). The EU list has EU-only designations. A single match-by-name screen against one list will miss the other.

The single source of UK truth is now the UK Sanctions List published by the FCDO. The OFSI Consolidated List, retired in January 2026, no longer exists. Any pipeline still pointing at the legacy CSV needs updating.

Subscribe to the joint UK sanctions email alert service, launched in March 2025, which delivers updates from FCDO, OFSI and OTSI in a single feed. Mirror that with the EU Council CFSP feed for EU updates.

Watch the OFSI ownership-and-control review. If the test changes, your beneficial-ownership screening logic will need to follow.

For relevant firms, document the reporting workflow per regime, both UK (OFSI) and any EU member states where you have exposure. "We had a process" is much harder to defend than "Here is the documented process, here is the audit trail."

2024–2026 watch-list

A short timeline of what's shifted recently. Each of these is the kind of update that ought to land on a compliance team's radar:

  • October 2024: OTSI launches inside DBT, taking over civil enforcement of certain trade sanctions that previously sat with HMRC.
  • March 2025: the joint FCDO + OFSI + OTSI email alert service goes live — one subscription instead of three.
  • July 2025: the UK adds the Global Irregular Migration and Trafficking in Persons regime, with no direct EU equivalent.
  • 28 January 2026: OFSI Consolidated List retired. The FCDO's UK Sanctions List is now the single authoritative source.
  • April 2026: OFSI Annual Review 2024 to 2025 published, alongside the new OFSI Strategy 2026–2029.
  • 13 April 2026: HM Treasury's call for evidence on the Ownership and Control Test closes — reform of the UK 50%-style test is on the table.
  • Ongoing: the EU's Russia sanctions programme is at 20 packages and counting; Directive (EU) 2024/1226 is harmonising criminal sanctions for breaches across member states, with transposition still in progress.

Practical checklist

If you only do five things after reading this:

  • Screen against both the UK Sanctions List and the EU Consolidated Financial Sanctions List. Do not rely on either alone.
  • Subscribe to the joint UK alert service (FCDO + OFSI + OTSI) and the EU Council CFSP feed. Set up rescreening triggered by list updates, not a calendar schedule.
  • Document your ownership-and-control screening logic. Track the UK call-for-evidence outcome and update when reform lands.
  • Wire your OFSI reporting workflow into your incident process. "As soon as practicable" is interpreted strictly.
  • If your UK pipeline still points at the OFSI Consolidated List, switch it to the FCDO UK Sanctions List today.

If you want a tool that handles the screening side, SanctScan covers the UK list and the EU Consolidated list on every plan, with continuous monitoring from the Solo plan ($19/month). API access and webhook delivery unlock from Starter ($39/month).

Cookie Voorkeuren

We gebruiken cookies om websiteverkeer te analyseren en uw ervaring te verbeteren. U kunt kiezen om niet-essentiële cookies te accepteren of te weigeren.