On 26 May 2026, the UK’s Office of Financial Sanctions Implementation (OFSI) imposed a civil monetary penalty of £1,000,920.59 on Sabre Global Technologies Limited (SGTL), a UK-registered technology company, for breaches of UK financial sanctions.

This is the UK’s largest sanctions breach penalty since Standard Chartered was fined £20 million in 2020, and the first penalty that deals with sanctions circumvention under OFSI’s new settlement framework.

One week later, HMRC publicly named Petrofac Facilities Management Limited (PFML), following a £569,157 compound settlement, for breaches of the Russia sanctions regime, although no further details were released. Together, these cases indicate an increasingly assertive UK sanctions enforcement landscape, with penalties appearing to be on an upward trajectory.

The OFSI decision regarding SGTL confirms that software, data services and digital tools constitute “economic resources” under UK sanctions law which must not be made available to designated persons.

The decision also sets out detailed expectations on screening, escalation, self-reporting and senior accountability – and should be read as required reading for sanctions professionals across the technology sector.

Background

SGTL operates a global distribution system (GDS), providing entities within the travel industry with access to travel content from a broad range of travel suppliers. SGTL receives a booking fee from travel suppliers in exchange for distribution of their content via the GDS.

On 14 September 2007, SGTL entered into a contract with Ural Airlines, granting the airline access to its GDS and other related services. The agreement was extended multiple times, with the most recent contract update on 1 December 2021 and an amendment agreement on 1 September 2022. The contract was due to expire on 30 November 2022, though access to the GDS in fact continued until 6 December 2022. This contractual framework is a significant element of the case, as OFSI found that SGTL’s invoicing of Ural Airlines and instruction that funds be paid into its account constituted making funds available for the benefit of a designated person.

On 19 May 2022, Ural Airlines was designated under the Russia (Sanctions) (EU Exit) Regulations 2019 (Russia Regulations). SGTL’s legal representatives notified SGTL of the designation on the same day.

Notwithstanding the designation, SGTL continued to provide services to and receive funds from Ural Airlines for a period thereafter. SGTL was repeatedly notified by its UK bank of sanctions concerns in relation to payments received from Ural Airlines. The bank flagged and held payments on 6 June, 27 June, and 5 July 2022, and SGTL’s US bank subsequently flagged a further payment in September 2022. Despite these repeated red flags, SGTL continued to explore alternative payment routes, including testing whether payments from Ural Airlines could be received via its US bank account. SGTL ultimately decided not to renew the contract when it expired on 30 November 2022.

OFSI identified three breaches of the Russia Regulations:

  • Making funds available for the benefit of a designated person.
  • Making economic resources available to a designated person.
  • Circumventing the prohibitions.

The total value of the breaches was assessed as £2,634,001.54 ($3,222,379.89), covering funds and economic resources in breach of regulations 13, 14 and 19 of the Russia Regulations.

Why this decision matters

1. Invoicing, instructing and receiving payment from a sanctioned party can constitute ‘making funds available’

SGTL’s contract with Ural Airlines created a debt obligation. OFSI found that by invoicing Ural Airlines and instructing that funds be paid into its bank account, SGTL made funds available to its bank for the benefit of a designated person.

OFSI found that Ural Airlines received a significant financial benefit because the payments served to discharge its financial obligations to SGTL.

This is an interesting, and perhaps surprising, interpretation of the asset freeze restrictions, since OFSI’s position is that making available funds to a third party for the benefit of the designated person can occur even though the payment is made by the designated person and relates to a debt addressed to the designated person. Unfortunately, no further detail is provided in the penalty notice of why OFSI has taken this approach or how it will seek to interpret this in other situations.

2. Digital services and software as a service (SaaS) products are within scope of ‘economic resources’

OFSI considered that, by enabling Ural Airlines to access and use the GDS platform, SGTL made an economic resource available. Platform operators should take note that providing access to a digital platform or service may itself give rise to sanctions risk.

OFSI explicitly confirms that intangible services – including software platforms, data services and digital tools – can constitute an “economic resource” for the purposes of UK sanctions regulations.

Under the UK sanctions framework, economic resources are defined broadly as assets of every kind, whether tangible or intangible, movable or immovable, which are not funds but which can be used to obtain funds, goods or services. OFSI confirmed that a service which enables a designated person or entity to generate revenue, maintain operations or otherwise obtain an economic advantage may amount to making an economic resource available – regardless of whether that service is intangible or provided entirely digitally.

The decision is a useful reminder for technology companies, including SaaS providers, that deliver software platforms, data feeds, API access or other digital services to customers that the provision of their services can fall squarely within sanctions restrictions.

3. Circumvention will be treated as aggravating

During July and August 2022, SGTL explored alternative routes to receive funds. It engaged with its US bank to scope receiving payments from Ural Airlines into its US account in light of sanctions issues with its UK account. Internal emails show that, if a test payment succeeded, SGTL expected full outstanding GDS fees to be paid via this route.

On 21 September 2022, Ural Airlines sent a £176.48 ($200) test payment to SGTL’s US account.

OFSI’s decision confirms that attempts to restructure or reroute payment pathways to avoid the effect of UK sanctions – including by staging payments through third countries – will be treated as circumvention and may constitute a breach in their own right. Such conduct will be treated as an aggravating factor and will significantly increase the seriousness of any enforcement outcome.

4. UK-specific policies and procedures are required

SGTL’s sanctions documentation at the time focused on general procedures and US requirements, with limited coverage of UK-specific regimes. In addition, its third-party screening tool did not automatically flag the relevant designation to the compliance team, contributing to a delay in identifying and addressing the issue.

OFSI has emphasised that sanctions compliance frameworks must be specifically tailored to the UK sanctions regime. Thus, reliance on groupwide policies designed primarily for other jurisdictions (such as the US Office of Foreign Assets Control regime or EU sanctions) is not sufficient. For a comparison of US and UK economic sanctions authorities, see the joint OFAC-OFSI comparative overview published on 23 June 2026, produced under the OFAC-OFSI Enhanced Partnership established in October 2022, which outlines key similarities and differences between the regimes.

The SGTL penalty notice specifies that firms must ensure that:

  • Policies and procedures are current and address UK-specific requirements.
  • Sanctions screening systems are tested and verified to be working as intended.
  • There are robust escalation protocols for red flags, including blocked payments or notifications of concerns from banking partners.
  • Clear senior accountability exists at board and executive level for sanctions compliance.

5. Early and comprehensive self-reporting is essential

SGTL voluntarily self-reported the breach without prompting but provided only limited detail and continued servicing a designated person. It later cooperated fully with OFSI when prompted, and overall, this factor was treated as neutral (neither mitigating nor aggravating) by the OFSI when determining how seriously to view this case.

OFSI has reiterated the importance of prompt, comprehensive and detailed self-reporting of suspected breaches, as soon as reasonably practicable. Delays and incomplete submissions are likely to undermine any mitigation argument. In practice:

  • Firms should contact OFSI early, even where the full picture is not yet clear.
  • Where full disclosure is not immediately possible, firms should make an early partial disclosure, clearly stating that a further and fuller disclosure will follow.
  • Firms should provide a timeline for full disclosure and keep OFSI updated if that timeline is likely to slip.
  • Firms should not allow the process of taking legal advice – while important – to cause unnecessary delay in making initial contact with OFSI.

Key compliance actions

In light of this decision, we recommend that technology and digital services companies take the following steps:

  1. Audit your customer base and product suite. Regularly review whether any existing or prospective customers are designated persons or entities under UK financial sanctions.
  1. Review and update your UK sanctions compliance framework. Ensure your policies, procedures and training materials are specifically tailored to the UK sanctions regime.
  1. Establish clear escalation protocols. Ensure that there are well-understood, documented escalation routes for any potential sanctions, and that these protocols survive personnel changes.
  1. Assess your self-reporting readiness. Ensure your compliance and legal teams have a clear plan for engaging with OFSI promptly in the event of a suspected breach.
  1. Take legal advice where uncertainty exists.

This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as "Cooley"). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction, and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. When advising companies, our attorney-client relationship is with the company, not with any individual. This content may have been generated with the assistance of artificial intelligence (Al) in accordance with our Al Principles, may be considered Attorney Advertising and is subject to our legal notices.