Regulatory gap analysis: Deutsche Bank fined £165,000 by OFSI for sanctions violations

OFSI’s DB_Penalty_Notice.pdf against Deutsche Bank AG London Branch is a clear reminder that sanctions compliance cannot rely on name screening alone.

The case involved two payments to Okko LLC, an entity that was not itself designated but was wholly owned by a designated person. Although screening was carried out, no alert was generated because the relevant ownership information was not captured by the third-party screening data being used.

The key lesson for firms is that ownership and control risk must be actively understood, particularly where payments involve higher-risk jurisdictions, sectors or counterparties. Firms remain responsible for sanctions compliance even where they rely on group systems, customer information or third-party data providers.

The notice also highlights the importance of strong customer sanctions risk management, effective vendor oversight, supplementary checks where screening may not be enough, and complete voluntary disclosure where a potential breach is identified.

To support firms, we have developed a practical Regulatory Gap Analysis aligned to the key lessons from the OFSI penalty notice. It helps firms assess whether their sanctions controls are capable of identifying ownership and control risk, managing third-party reliance and demonstrating effective oversight in practice.

Avyse Partners are an official content partner of the International Compliance Association. The ICA is the leading professional body for the global regulatory and financial crime compliance community.  ICA Members can gain access to Member-only content developed in partnership with Avyse that shares insights and best practice to help you meet the challenges of today and tomorrow.  Not yet an ICA Member? Join here