Financial firms have improved their sanctions controls but persistent weaknesses in due diligence, screening, and asset-freezing controls continue to drive compliance violations, the U.K. Financial Conduct Authority (FCA) said in a multi-firm review published Thursday.

Assets reported as frozen in the U.K. rose to £37 billion in 2024-25, up from £24.4 billion the prior year, reflecting an expansion in the country’s sanctions regimes since 2022, the FCA said. The agency said it has assessed the sanctions systems and controls of more than 150 firms across a range of financial services sectors since February 2022.

The most common root causes of reported sanctions breaches were weaknesses in due diligence, alert management, transaction and name screening, and the management of frozen assets and license compliance, the FCA said. Firms face particular challenges in detecting and preventing trade sanctions compliance violations, and trade compliance efforts remain less mature than those for financial sanctions, according to the review.

Most breach reports came from firms in payments, retail banking and wholesale financial markets, with comparatively limited reporting from insurance and digital assets, the FCA said. Given continued sanctions-evasion attempts linked to Russia’s shadow fleet and the reported use of cryptocurrencies to circumvent sanctions, the regulator said it would expect more reporting from those two sectors.

In sanctions screening testing across firms, 90 percent of alerts correctly identified the relevant sanctioned party when names matched exactly, but only 75 percent did so when names appeared in variant forms, the FCA said. Simple changes to a name, such as the inclusion of a title or honorific, can mean designated individual goes undetected, while one-word names or lengthy names that exceed character limits can vetted without prompting an alert. 

The FCA also said Thursday it had signed a memorandum of understanding with the Office of Trade Sanctions Implementation setting out cooperation and intelligence-sharing arrangements between the two bodies. The regulator already has a similar agreement in place with the Office of Financial Sanctions Implementation (OFSI), the FCA said.

The review included case studies of recent breaches at unnamed firms, including a retail bank whose external screening system became unavailable and queued thousands of payments unscreened, and a wholesale bank where analysts under pressure to hit internal targets bypassed mandatory sanctions escalation procedures on salary payments tied to vessels owned by a designated person, according to the FCA.