0
Log In
Contact Us
Back to News

Sanctions Breaches and Fines

Bank of Scotland, Logo from exterior building on George Street. It is a commercial and clearing bank based in Edinburgh, Scotland.

Summary

This article explains the sanctions enforcement action against Bank of Scotland, where OFSI imposed a £160,000 fine on 10 November 2025 for processing payments linked to a UK-designated individual between February 8 and 24, 2023. The breach occurred due to gaps in sanctions screening and escalation processes. In its response, the bank acknowledged the issue, voluntarily reported it, and has since strengthened controls. The case highlights important lessons for sanctions compliance programs around screening accuracy, escalation routes, and the value of voluntary disclosure.

The Bank of Scotland OFSI Penalty and Compliance Lessons

On 10 November 2025, the Office of Financial Sanctions Implementation imposed a £160,000 monetary penalty on Bank of Scotland for breaching the United Kingdom’s Russia financial sanctions regime. The penalty was published by OFSI on 26 January 2026 and highlights key sanctions screening and escalation failures within the bank’s controls.

This enforcement action reinforces the importance of robust sanctions compliance systems, effective screening logic, and timely escalation processes. It also illustrates how even seemingly minor errors can lead to prohibited transactions and regulatory action.

What Happened

OFSI found that between 8 February and 24 February 2023, Bank of Scotland processed 24 payments totalling approximately £77,383 to and from a personal current account held by an individual designated under UK Russia sanctions.

The breach arose because the individual opened an account using a UK passport with a spelling variation of their name compared with the UK sanctions list, allowing the bank’s automated sanctions screening system to miss the match. The discrepancies included character changes typical of transliteration differences and a missing middle name, preventing the system from flagging a potential sanctions hit.

The account was eventually recognised as belonging to a designated person through a politically exposed person (PEP) alert and adverse media review, but this identification did not immediately stop the account’s activity until 24 February 2023.

Regulatory Findings and Legal Basis

OFSI concluded that the bank breached the Russia (Sanctions) (EU Exit) Regulations 2019, including prohibitions on “dealing with funds” and “making funds available” to a designated person. The penalty notice detailed that the bank’s sanctions screening capabilities and escalation frameworks did not adequately identify and address the risk presented by the account and related transactions.

Voluntary Disclosure and Penalty Calculation

Bank of Scotland’s parent, Lloyds Banking Group, voluntarily disclosed the breach to OFSI in March 2023, shortly after discovering it. This voluntary disclosure made the bank eligible for a 50% discount on the penalty under OFSI’s guidance. As a result, the final penalty was reduced from an initial £175,000 to £160,000.

Bank of Scotland’s Response

In response to the enforcement action, a spokesperson for Lloyds Banking Group stated that the group “takes its regulatory responsibilities extremely seriously.” The bank emphasised that:

• It acted swiftly and transparently, voluntarily reporting the isolated breach to OFSI.
• It worked closely with the regulator throughout the process.
• It has since strengthened its sanctions screening and compliance controls to reduce the likelihood of similar breaches going undetected.

These comments reflect a broader trend in enforcement where institutions publicly commit to remediation and control enhancements following sanctions breaches.

Compliance Program Lessons

This case reinforces practical sanctions compliance imperatives:

Sanctions Screening Effectiveness
Ensure screening systems can reconcile transliteration and name variation issues, especially for high-risk jurisdictions and individuals.

Escalation Processes
Clear escalation pathways must exist so that alerts generated by PEP or adverse media screening are promptly evaluated for sanctions relevance.

Training and Awareness
Frontline staff and compliance teams need up-to-date training that reflects current geopolitical risks and sanctions landscapes. OFSI noted that some training at the time of the breach was outdated and did not consider contemporary Russia sanctions risk.

Voluntary Self-Reporting
Prompt voluntary disclosure can materially reduce penalties and demonstrates a proactive compliance culture.

Latest Posts

Whistleblowing, Escalation, and Governance: The Deutsche Bank Compliance Case

China’s Revised Cybersecurity Law Strengthens Penalties and Expands Extraterritorial Reach

SEC Signals New Enforcement Direction Under Margaret Ryan

Country Updates from the FATF Plenary on 13 February 2026

Meta and WhatsApp Face EU Antitrust Scrutiny Over AI Integration

Higher AML Risks in Small and Medium Sized Institutions

Smarter Training. Stronger Compliance. Real Transformation.

Country-specific, expert-led compliance training that changes behaviour and strengthens organisational culture.

COMPANY

  • 300 Delaware Ave, Ste 210 #304, Wilmington, Delaware 19808
  • contact@studyaml.com

COMPANY

NEWSLETTER

Subscribe to our exclusive newsletter for expert insights, tips, and updates—delivered straight to your inbox. It’s free for StudyAML subscribers and packed with practical guidance to keep your compliance game strong.

By submitting this form, you are consenting to receive marketing emails from: marketing@studyaml.com You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact.

Secure payments powered by: 

American_expressDiscoverMastercardVisa

SSL Secured • PCI Compliant

Copyright © 2023 VYKN LLC. All Rights Reserved. Powered by QualIT