OFSI sanctions enforcement in 2026: three penalties and one settlement scheme

OFSI sanctions enforcement 2026 header, Bratby Law Payments Regulation

In short: OFSI sanctions enforcement now carries real cost for the banks and payment intermediaries that process a transaction, not just the customers that instruct it. Between 19 March and 26 May 2026, OFSI fined Apple Distribution International £390,000, Deutsche Bank AG London Branch £165,000 and Sabre Global Technologies £1,000,920.59 for Russia sanctions breaches, all resolved under OFSI’s new settlement scheme. Its Strategy 2026-29 signals more of this, sooner.

By Rob Bratby, Managing Partner, Bratby Law. 30+ years in regulated industries, including current Fractional General Counsel to UKPI. Chambers UK Band 2, Legal 500 Leading Partner.

Three penalties in ten weeks put a number on what OFSI’s strict liability sanctions regime costs a bank or payment firm that gets ownership screening wrong. Apple’s Irish payments subsidiary, Deutsche Bank’s London branch and a UK travel technology firm were all fined for Russia sanctions breaches between March and May 2026, and none of them knew, or had reason to suspect, that they were in breach. For payment and e-money firms, the lesson is not about intent. It is about whether screening catches a change of ownership before the money moves.

Key findings: OFSI sanctions enforcement in 2026

  • OFSI imposed three monetary penalties between 19 March and 26 May 2026, all resolved under the settlement scheme introduced on 9 February 2026. Source: OFSI penalty notices, gov.uk.
  • Two of the three penalties, against Apple Distribution International and Deutsche Bank AG London Branch, arose from the same two payments: a non-UK Apple subsidiary instructed its UK bank to pay a Russian streaming platform that had, by the time of payment, become owned by a designated person. Source: OFSI penalty notices.
  • The third, against Sabre Global Technologies Limited, is OFSI’s first circumvention penalty and its largest financial sanctions fine since Russia’s 2022 invasion of Ukraine. Source: HM Treasury press notice, 17 June 2026.
  • The FCA’s parallel review of firms’ sanctions systems and controls, published on 28 May 2026, found the same root causes across more than 150 supervised firms: weak due diligence, poor alert management and gaps in transaction screening. Source: FCA, Sanctions systems and controls: our findings.
  • In its Strategy 2026-29, published 15 April 2026, OFSI commits to deciding 90% of new enforcement investigations within 18 months and to pursuing more intelligence-led cases from the 2027-28 financial year. Source: OFSI Strategy 2026-29.
SubjectImposedRussia Regulations breachedAssessmentBaselinePenalty
Apple Distribution International Limited19 March 2026Regulation 12 (asset freeze, ownership and control)Serious£600,000£390,000
Deutsche Bank AG London Branch30 April 2026Regulation 12 (asset freeze, ownership and control)Serious£300,000£165,000
Sabre Global Technologies Limited26 May 2026Regulations 13, 14 and 19 (funds, economic resource, circumvention)Most serious£1,251,150.73£1,000,920.59

The strict liability regime behind OFSI sanctions enforcement

OFSI’s power to fine sanctions breaches sits in section 146 of the Policing and Crime Act 2017 (PACA), which lets HM Treasury impose a civil monetary penalty of up to £1 million, or half the value of the funds or economic resources involved if higher, on the balance of probabilities. Since 15 June 2022, section 146(1A) has removed any need to show the person knew or suspected they were in breach: liability is strict. Regulation 12 of the Russia (Sanctions) (EU Exit) Regulations 2019 prohibits making funds available, directly or indirectly, to a person owned or controlled by a designated person, and regulation 7 sets the ownership and control test. Regulations 13, 14 and 19 of the same instrument separately prohibit making funds or an economic resource available for a designated person’s benefit, and circumventing those prohibitions.

On 9 February 2026, OFSI introduced a settlement scheme under its revised Financial sanctions enforcement and monetary penalties guidance. A subject agrees to pay the penalty as set and waives its rights to a ministerial review and an Upper Tribunal appeal; in return it gets a discount on top of any voluntary disclosure credit, and a say in the published case summary, provided it settles within roughly 30 business days of the offer. The same reforms added the Early Account Scheme, under which a company under investigation can earn a discount of up to 20% for a complete factual account given early, and a revised Voluntary Disclosure and Co-operation discount of up to 30%.

Three cases, two failure patterns

Two of the three 2026 penalties trace to the same underlying payments. Apple Distribution International (ADI), the Irish entity that processes App Store payments to developers, instructed its UK bank, Deutsche Bank AG London Branch, to pay £635,618.75 to Okko LLC, a Russian streaming platform, in June and July 2022. Okko had been sold by the already-designated PJSC Sberbank to JSC New Opportunities in May 2022; when JSC New Opportunities was itself designated on 29 June 2022, Okko fell back inside the asset freeze by virtue of that ownership. Neither ADI’s nor Deutsche Bank’s sanctions screening caught the change, because the ownership data supplied by their respective third-party screening vendors did not include it. OFSI fined ADI £390,000 (a 35% discount off a £600,000 baseline) and Deutsche Bank £165,000 (a 45% discount off £300,000), both assessed as serious rather than most serious and both without any finding of intent, knowledge or suspicion.

The Sabre Global Technologies case is a different failure pattern. Sabre Global Technologies Limited (company number 03017786) kept a Russian airline, Ural Airlines, connected to its booking distribution system for seven months after the airline’s designation on 19 May 2022, and, once its UK bank froze incoming payments, tested an alternative overseas account to keep the money moving. OFSI treated the continued service as an economic resource made available to a designated person, and the test payment as circumvention. It assessed the case as most serious, the highest severity band, and imposed a fine of £1,000,920.59 on 26 May 2026, a 20% discount off a £1,251,150.73 baseline and the largest UK financial sanctions penalty since the 2022 invasion of Ukraine. The case also confirms that software and platform access, not only funds, can be an economic resource for sanctions purposes.

OFSI applied one strict liability standard across all three cases. It reserved its most serious finding, and its smallest discount, for the firm that tried to work around a freeze rather than the two that simply failed to catch one.

What this means for payment and e-money firms

Exposure rarely comes from a firm’s own customer relationship. A payment service provider or e-money institution does not need a direct relationship with a sanctions target to be exposed at all. Deutsche Bank had no relationship with Okko; its customer did. UK financial sanctions apply to any conduct in the UK and to all UK persons wherever they act, and OFSI has confirmed it will also pursue a non-UK person whose only UK nexus is a UK-based account it controls. That reach sits alongside the FCA’s own supervisory work: its review of FCA sanctions systems and controls, published 28 May 2026, found the value of frozen assets reported in the UK rising from £24.4bn in 2023-24 to £37bn in 2024-25, and identified weaknesses in ownership and control due diligence as one of the most common root causes of reported breaches across the sectors it supervises, payment service provider sanctions compliance and e-money institution sanctions risk included.

The compliance point in both the ADI and Deutsche Bank notices is the same: firms relied on third-party screening vendors whose ownership and control data had not caught up with a designation. OFSI’s notes on compliance call for onboarding and ongoing monitoring that can identify a change in ownership or control, not only a name match against the sanctions list, and for firms to understand the limits of the lists their vendors supply rather than treat a clean screening result as the end of the enquiry.

Viewpoint

The settlement scheme is working exactly as OFSI designed it: resolution within months of the Notice of Intention rather than a contested process that can run for years. Discounts of 35% and 45% in the two serious cases are a real incentive to settle early rather than contest a strict liability finding that is, by definition, hard to escape once the facts are established. What the published notices do not resolve is how a firm should treat a third-party screening vendor commercially once that vendor’s data gap has caused a breach: OFSI holds the firm responsible regardless of delegation, but says little about what recourse it should expect from the vendor itself. That gap sits in the contract, not the sanctions regime.

Frequently asked questions

Do UK financial sanctions apply to a non-UK company that only uses a UK bank account?

Yes. OFSI’s penalty against Apple Distribution International, an Irish-incorporated entity, confirmed that instructing payments through a UK-based account it controlled amounted to conduct in the UK, giving OFSI jurisdiction regardless of where the company is managed or incorporated.

Does OFSI need to prove a firm knew it was breaching sanctions?

No. Since 15 June 2022, section 146(1A) of the Policing and Crime Act 2017 has made financial sanctions penalties strict liability. OFSI can fine a firm even where it finds no intent, knowledge or reasonable cause to suspect a breach, as it did in both the Apple Distribution International and Deutsche Bank cases.

What is OFSI’s settlement scheme?

Introduced on 9 February 2026, the settlement scheme lets a subject resolve a monetary penalty case through a time-limited negotiation. The subject pays the penalty and waives its rights to a ministerial review and an Upper Tribunal appeal, and in return receives a discount on top of any voluntary disclosure credit and input into the published case summary.

Can software or platform access count as sanctions exposure, not just payments?

Yes. In the Sabre Global Technologies case, OFSI treated continued access to a booking distribution system as an economic resource made available to a designated person under regulation 14 of the Russia Regulations, separately from the funds involved. Firms providing digital services or platform access should assess that exposure alongside payment screening.

If a screening gap or a designation has already surfaced a live sanctions question in your business, our investigations and enforcement support page covers how we help payment and e-money firms respond to an OFSI notice or a live exposure. For advice on sanctions screening and ownership due diligence before a problem reaches that stage, contact Rob Bratby at Bratby Law.

Select topics of interest

Similar Posts