OFSI has fined Herbert Smith Freehills’ Moscow office for breaching Russia sanctions. Law firms should train staff on sanctions risks and red flags, and report breaches to the relevant authority.
Shutterstock.com/vchal
On 20 March 2025, the UK Office of Financial Sanctions Implementation (OFSI) levied a £465,000 (US$603,445) fine against Herbert Smith Freehills’ Russian branch – HSF Moscow – for breaching financial sanctions.
According to OFSI, HSF Moscow facilitated payments to a group of sanctioned Russian banks.
The payments were made during the closing down period of HSF’s operations in Moscow. The firm’s Moscow office shut on 31 May 2022 in the wake of Russia’s invasion of Ukraine which prompted the firm to terminate “any work associated with the Russian state, in line with our legal and professional responsibilities.”
A string of other law firms made similar exits from Russia around the same time, including Latham & Watkins and Freshfields, among others.
OFSI has come under fire for its lack of enforcement action surrounding Russia-related sanctions violations. The recent fine against HSF Moscow marks only the second time the authority issued a penalty for Russia sanctions failures. On 29 August 2024, it levied a £15,000 (US$19,419) fine against a London-based concierge company for providing services to a sanctioned Russian individual.
HSF Moscow is the first law firm targeted by OFSI.
Lexology PRO examines HSF Moscow’s sanctions failures and outlines the key considerations for UK law firms to navigate sanctions risk.
A “pattern of failings”
OFSI alleges that HSF Moscow facilitated six payments totalling £3.9 million (US$5.5 million) to a group of sanctioned Russian banks, including JSC, PJSC Sovcombank, and PJSC Sberbank, between 25 and 31 May 2022.
The actions by HSF Moscow violate section 146 of the Policing and Crime Act 2017 (PACA). PACA allows OFSI to hand down monetary penalties for financial sanctions breaches.
OFSI attributes HSF Moscow’s offences to a series of failures. The firm neglected to conduct proper due diligence and sanctions screening, and made errors during the hasty closure of its Russian offices.
The fine against HSF Moscow mirrors the increase in scrutiny of financial institutions with ties to Russia, aiming to prevent Russians from using the European banking system to transfer money out of Russia. The UK’s most recent sanctions package, introduced on 24 February 2025, integrates “new powers to target foreign financial institutions supporting Russia’s war machine.” The EU’s latest wave of sanctions also affects banks with Russian connections.
Key considerations for UK law firms
Law firms can be especially vulnerable to sanctions violations because they are often involved in international transactions and have multiple operations and clients in high-risk jurisdictions. Businesses may also face similar vulnerabilities.
Law firms and businesses should consider the following steps to avoid and manage sanctions breaches.
Report suspected sanctions breaches to the relevant authority
HSF London reported the sanctions breaches to OFSI on behalf of HSF Moscow. The firm’s voluntary disclosure resulted in a 50% reduction of the proposed £930,000 (US$1.2 million) penalty.
The report was “voluntary, prompt, and contained significant detail” according to OFSI’s penalty notice. Law firms should be aware of disclosure obligations and choose to report breaches voluntarily to demonstrate cooperation with regulators and minimise reputational damage. Law firms and businesses may refer to this compliance reporting form for filing disclosures.
According to OFSI, organisations are required to report suspected sanctions breaches as soon as it knows, or has probable cause to suspect, that it “holds funds or economic resources” for sanctioned or prohibited individuals or entities.
OFSI expanded its sanctions reporting obligations on 14 November 2024 to require companies with ties to sanctioned individuals or entities to submit annual reports to HM Treasury with the details of their holdings.
Firms should also report to the relevant authority. HSF London reported to OFSI, which deals with financial sanctions. Trade sanctions should be disclosed to Office of Trade Sanctions Implementation (OTSI), the first UK entity focused solely on trade related sanctions offences.
Penalties for non-compliance with OFSI’s reporting obligations are significant, and could be up to £1 million (US$1.29 million) or 50% of the total value of each violation. OFSI may also choose to refer the case to law enforcement for further investigation and potential prosecution. Anyone convicted of violating UK financial sanctions risks imprisonment for up to seven years and a monetary fine.
Train staff on sanctions risks and compliance procedures
In an emailed statement given to Lexology PRO’s sister platform Global Investigations Review, key failings by HSF Moscow were the result of “human error, in the final week of the winding up of our former Moscow office’s operations,” the firm wrote.
Law firms should deliver training on sanctions risks and related internal compliance systems. Training should include guidance on the red flags to be aware of for attempted circumvention of sanctions, such as unusual transactions or unverified third-party actors.
Law firms should train staff to identify designated individuals. This may involve checking clients, transactions, and third parties against sanctions lists.
Training is essential for law firms with operations in high-risk jurisdictions, such as Russia. Since the outbreak of the war in Ukraine in February 2022, 87% of suspected sanctions breaches reported to OFSI have involved Russian sanctions restrictions.
Law firms may structure their training programmes around the three lines of defence model for sanctions training, targeting business operations (first line), risk and compliance functions (second line), and internal audits (third line). By delivering training on each line, companies demonstrate a holistic and comprehensive approach to managing sanctions risks.
Sanctions are a moving target. Staff may choose to subscribe to alerts from OFSI for updates on sanctions regimes and restrictions.
Screen clients and transactions for sanctions red flags
OFSI attributes the failings by HSF Moscow in part to poor due diligence and sanctions screening procedures.
Law firms with multiple operations and clients spread across multiple jurisdictions face heightened sanctions risks. Firms should understand what sanctions regimes they must comply with and ensure that employees working with international clients understand what qualifies as misconduct.
A failure to carry out effective due diligence factors into the severity of OFSI’s enforcement action. Law firms should conduct sound due diligence to identify designated individuals and risky interactions.
Due diligence cannot be used as a defence for breach of sanctions charges, but it can decrease the risk of inadvertently violating restrictions.
Organisations should consult the OFSI’s screening platform to support due diligence and sanctions screening procedures.
Manage reputational fallout from sanctions breaches
Voluntary disclosure of sanctions breaches may result in softer enforcement action and less reputational fallout. Law firms and businesses that transparently disclose their shortcomings are more likely to retain clients in times of crisis.
The reputational consequences of violating sanctions could be severe. Law firms should appoint a dedicated crisis management team to help protect brand image and minimise reputational damage. They may also hire an external public relations agency to help manage the crisis fallout. These teams should develop a crisis communication plan to ensure an effective and timely response, and craft media strategies to handle public reactions.
Law firms should maintain regular contact with clients and external stakeholders during a crisis to address concerns and rebuild trust. This should include responding to comments on social media and fielding press enquiries.
Preventative strategies may reduce the risk and impact of reputational damage. Law firms should promote positive achievements to build goodwill with clients and buffer against crises, and educate employees on confidentiality and privacy to protect the organisation’s reputation.