Anti-Financial Crime & Financial Crime Compliance
Regulatory Intelligence Leadership | Insight | Network

Financial Services, UK

INSIGHT: Countdown to a sanctions breach – how £250 cash withdrawl landed Wise Payments in trouble with OFSI

By ALISHA HOULIHAN for AMLi

Payments company Wise breached the country’s Russia sanctions regime by allowing a £250 cash withdrawl by a designated person, it was revealed today.

The government’s Office of Financial Sanctions Implementation (OFSI) said Wise had reported a suspected breach, a withdrawal of Stg£250 ($317) in cash, which took place the day after the person had been designated.

The firm permitted the withdrawal in June last year, shortly after the unidentified customer had been added to the Russian sanctions regime, the Office of Financial Sanctions Implementation said in a statement Thursday .

OFSI said the incident wasn’t serious enough to impose a fine.

It’s the first time the agency has weighed in on a Russian sanctions breach since the start of the invasion of Ukraine. Shares in Wise briefly fell as much as 5.6% on the news before recovering.

Wise’s screening process flagged the customer’s name and their account was suspended, but the firm did not restrict activity on the debit card associated with the account, according to OFSI.

“OFSI does not assess the breach as sufficiently serious to impose a monetary penalty on Wise,” it said in a statement.”

How sanctions breach unfolded:

  • At 00:59 AM on 30 June 2022, Wise’s third-party sanctions data provider added the Designated Person to its sanctions list in response to OFSI updating the consolidated list.
  • At 04:20 AM that same day, when Wise’s customer base was screened following the update, Wise’s systems raised an alert due to a possible name match with the Designated Person. Wise followed its policy in place at the time, so the account associated with the Designated Person was suspended following a name match alert. This prevented transfers into and out of the account but did not restrict activity on the debit card associated with the account while the potential match was being investigated.
  • At 07:25 AM on 30 June 2022, an employee of the Designated Person’s company successfully withdrew £250 in cash using the debit card. By permitting the withdrawal, Wise made funds available to an entity owned or controlled by a designated person and subject to an asset freeze in breach of regulation 12 of the Russia Regulations.
  • On Friday 01 July 2022 at 05:24 AM a Wise agent reviewed the previously generated alert and determined that it was a likely true name match and, in accordance with Wise’s escalation policy, further escalated this matter to Wise’s sanctions specialist team. However, the escalation was not reviewed that day and at the time of the breach the sanctions specialist team did not operate weekend working.
  • As a result, it was not until 11:02 AM on Monday 04 July 2022 that a Wise agent further reviewed this transaction and then blocked the Wise-issued debit card (preventing it being used to purchase items or withdraw funds).
  • Following full suspension of the account and debit card associated with the Designated Person Wise exited the customer on 04 July 2022.
  • OFSI gave Wise notice of its intention to publish a Disclosure in relation to its breach of financial sanctions and offered Wise the opportunity to make representations. OFSI reviewed these representations and determined that they did not alter its assessment of the breach or the nature of the appropriate enforcement action.

Despite the low breach value, OFSI considered that Wise’s systems and controls,
specifically its policy surrounding debit card payments, were inappropriate. This factor made the case moderately severe overall and enabled funds to be made available to a company owned or controlled by the Designated Person.

OFSI recognised the mitigating factors in favour of Wise in this case, including the low value of the breach, the presence of voluntary disclosure, complete disclosures made to OFSI by Wise in response to requests for information and a lack of evidence of deliberate sanctions evasion.

The remedial actions taken by Wise following the breach included exiting the Designated Person as a customer – along with recruiting additional staff and introducing weekend working for the specialist sanctions team.

Wise also changed its policy with respect to debit cards, such that both a customer’s account and any associated cards are immediately blocked pending review by the specialist sanctions team where there is a possible name match with a designated person

Share this on:

Follow us on:

AML Intelligence
We hope you enjoyed reading this article

If you would like unlimited access to AML Intelligence premium articles, newsletter delivered twice a week, access to our Global Bank Fines and Penalties database, free access to Boardroom Series events and much more, select one of our subscription options and become a subscriber!