This is OFSI’s first circumvention enforcement case, reflecting OFSI’s stated priority of seeking to disrupt attempts to circumvent UK financial sanctions.1
The case highlights three key points: digital services can be an economic resource, attempted payment rerouting can amount to circumvention, and UK-specific sanctions controls need to be properly designed and tested. In light of this case, international businesses, particularly those providing technology or digital services, should review and test the robustness of their existing sanctions compliance programmes to ensure they appropriately identify, escalate and resolve UK financial sanctions red flags on a timely basis.
Background
SGTL supplies a “global distribution system” (GDS) service, essentially a technology platform giving travel industry entities access to travel content from airlines and other suppliers. SGTL earns booking fees from travel suppliers for distributing their content. SGTL entered into a contract with JSC Ural Airlines (Ural Airlines) in September 2007, granting access to its GDS and other services. The contract had been extended multiple times and was due to expire on November 30, 2022. SGTL decided not to renew the contract at this time.
Ural Airlines was designated as a UK asset freeze target on May 19, 2022. SGTL was informed by its legal representatives on the same day. Despite this, SGTL continued providing Ural Airlines access to its GDS until December 6, 2022, over six months after designation.
In April, May and June 2022, SGTL invoiced Ural Airlines and instructed that funds be paid into its UK bank account. Between June and September 2022, Ural Airlines made three payments to SGTL, all of which were frozen by SGTL’s UK bank. The UK bank notified SGTL of sanctions concerns.
Critically, in July and August 2022, SGTL explored alternative routes for receiving payment. It engaged with its U.S. bank about receiving payment, explicitly referencing prior sanctions problems with its UK bank. Internal emails contemplated that, if a “test payment” succeeded, Ural Airlines would pay the full outstanding fees through that route. On September 21, 2022, Ural Airlines sent a USD200 test payment to SGTL’s US bank account. SGTL’s U.S. bank flagged the September payment for review by its compliance team. These funds were inadvertently transferred to SGTL’s UK bank on February 8, 2023 and at SGTL’s request were subsequently frozen by the UK bank.
OFSI’s findings
OFSI found three distinct breaches:
- Making funds available for the benefit of a designated person: By invoicing Ural Airlines and instructing payment, OFSI assessed that SGTL made funds available to its bank for the benefit of Ural Airlines. OFSI’s reasoning appears to have been that the payments were to discharge Ural Airlines’ debt obligation to SGTL and that this provided Ural Airlines with a significant financial benefit.
- Making economic resources available to a designated person: By continuing to provide Ural Airlines access to its GDS, SGTL made an economic resource directly available to a designated person.
- Circumvention: The test payment, used to explore an alternative non-UK bank account route specifically to avoid UK sanctions blocks, had the object or effect of circumventing UK sanctions.
OFSI assessed the total breach value at USD3,222,379.89 (GBP2,634,001.54), comprising the combined value of funds and economic resources made available in breach of sanctions. The case was assessed as “most serious” rather than merely “serious”, citing particularly poor conduct through circumvention, negligent conduct including continued service provision for months after identifying potential breaches, and direct undermining of the sanctions regime by providing economic resources directly to a designated person.
After calculating a baseline penalty of GBP1,251,150.73, OFSI applied a 20% discount reflecting voluntary disclosure and settlement, arriving at the final penalty of GBP1,000,920.59.
Most interesting aspects for in-house counsel
Circumvention is treated with extreme seriousness
The test payment was only USD200, but it was part of the reason the case was elevated from “serious” to “most serious.” Actively seeking alternative payment routes after a bank has flagged sanctions concerns is precisely the type of conduct that OFSI views as circumvention. The lesson: once a bank raises a sanctions flag, any attempt to find a workaround may constitute circumvention.
Digital services are economic resources
OFSI treated continued access to a software platform (the GDS) as making an economic resource available. This confirms that intangible or digital services, including software, data services and digital tools, can constitute economic resources where they enable a designated person to generate revenue, maintain operations or gain economic advantage. Financial sanctions do not just apply to money; they apply to a much broader range of economic resources, i.e. assets that may be used to obtain funds, goods or services. In a previous enforcement case, OFSI assessed that publicity can be considered an intangible economic resource.
Russia and its strategically significant sectors are enforcement priorities
Sanctions against Russia are a strategic priority for the UK, and the Russian transport sector is a strategically significant sector that supports the Russian Government. The fact that these two features are mentioned as aggravating factors in this case shows a laser focus by OFSI on Russian sanctions enforcement.
Compliance weaknesses at the time of breach are likely to be an aggravating factor
SGTL’s third party sanctions screening software did not automatically flag the Ural Airlines designation to compliance; sanctions documentation focused on general procedures and U.S. requirements, not UK specific regimes; and there were gaps in senior legal and compliance staffing due to a restructuring and short staffing. SGTL’s lack of knowledge of sanctions and compliance systems was treated as further aggravating factors. Post-breach remediation—including the strengthening of SGTL’s compliance function by onboarding additional senior and expert resource and undertaking external reviews of key functions—did not mitigate the compliance weaknesses identified by OFSI at the time of the breach.
Full and prompt cooperation later in an investigation can still lead to a penalty discount
SGTL submitted a voluntary breach report on October 31, 2022 but provided limited information and did not proactively submit further details until a formal information request by OFSI in June 2023. OFSI treated the initial disclosure as neither aggravating nor mitigating. SGTL’s later cooperation was, however, treated as a mitigating feature—it subsequently provided significant detail regarding the underlying causes of the breaches, conducted internal investigations and provided full and timely responses to all further questions. SGTL’s comprehensive remediation programme was “constructive and relevant” in terms of reducing the risk of recurrence but OFSI’s view was that it addressed deficiencies that should not have existed in the first place.
Settlement under OFSI’s new framework
This is the third penalty resolved under transitional arrangements in OFSI’s new settlement framework (introduced February 9, 2026). Settlement requires the subject to pay the penalty and waive rights to ministerial review and Upper Tribunal appeal, in exchange for input into the published summary and a discount. In-house teams should factor settlement strategy into their enforcement response planning from the outset.
Implications for tech companies
This case has resonance for technology businesses. OFSI’s analysis confirms that providing a designated person with continued access to a digital platform, even passively (by not disconnecting them), can constitute making an economic resource available. This would apply equally to SaaS providers, cloud services, data analytics platforms, and any business providing technology-enabled services.
More broadly, the decision is a reminder that technology companies are now firmly in the crosshairs of financial crime enforcement authorities. Platforms that intermediate access, data, bookings, payments or customer relationships can create financial crime exposure—including sanctions, money laundering and terrorist financing.
How businesses should manage the risk
There are practical takeaways from this decision for all sectors:
- Never test, reroute or restructure payment pathways to avoid UK sanctions. If a bank flags a transaction, treat that as a hard stop. Escalate immediately and take legal advice, including on whether to proactively report to OFSI. Do not explore alternative routes, including staging payments through third countries.
- Understand that the meaning of ‘economic resources’ is extremely broad. Companies should not assume that software, data services, or digital tools fall outside the scope of financial sanctions. If a company’s services enable a designated person to generate revenue or maintain operations, continued access may constitute a breach. Businesses should build immediate disconnection protocols into their sanctions response playbooks.
- Ensure UK-specific sanctions compliance. Policies, procedures, training and screening systems must address UK sanctions regimes specifically. Reliance on US OFAC-focused programmes is insufficient.
- Escalate bank red flags without delay. When a bank holds or declines a payment on sanctions grounds, this must reach senior compliance and legal immediately. Do not treat it as a banking operational issue.
- Report early and comprehensively. If full details are not available immediately, companies should make an early initial disclosure to OFSI with a clear timeline for further updates.
Consider OFSI licences promptly. Where there is uncertainty about whether continued activity constitutes a breach, consider applying for an OFSI licence. SGTL’s failure to apply for a licence or to seek advice was treated as an aggravating factor.
- Invest in compliance infrastructure. Automated screening must be configured to flag UK designations in real time. Senior compliance roles must be filled without gaps. Remediation after the event may mitigate, but it will not prevent a penalty.
Sanctions, and other geopolitical issues were identified as one of the key challenges for in-house counsel in the A&O Shearman Cross-border White Collar Crime and Investigations Review 2026.
Footnote
1. For example, see OFSI Annual Review 2024 to 2025: Effective Sanctions, HM Treasury, available at: https://www.gov.uk/government/publications/ofsi-annual-review-2024-25-effective-sanctions/ofsi-annual-review-2024-25-effective-sanctions; and OFSI Strategy 2026-2029, HM Treasury, available at: https://assets.publishing.service.gov.uk/media/69df6b6d53469bbcdf408e9f/OFSI_Strategy_2026-29.pdf
