The world was a turbulent place in 2022, with many eyes on Ukraine. Still, many issues remain across the planet. In Asia, internal repression and severe human rights violations exist in places like Myanmar, which has been ruled by a military junta since February 2021. In North Korea, there has been renewed ballistic and nuclear activity, while there have been escalating tensions involving China’s maneuvers around Taiwan.
In Africa, terrorist groups continued to bear conflicts and instability in the Sahel region or in Somalia, and several crises emerged or persisted in Ethiopia and South Sudan, while many other countries remain under international sanctions to contain security and humanitarian issues. The Middle East also continued to pose concerns with the ongoing war in Syria and social unrest in Iran.
The magnitude of sanctions against Russia has triggered abundant commentaries. Russia-related sanctions were unprecedented given their sheer size, pace, and complexity. However, sanctioning Russia will also have long-term consequences on multilateral sanctions and the United Nations’ (UN) international order.
Now that the sanctions storm seems behind us, it seems like a good time to take a step back and reflect on the compliance lessons learned in preparation for the next crisis.
Recap on the landscape of measures
Sanctions implemented against Russia provide a textbook example of what economic sanctions look like, as countries leveraged all available typologies of measures in a matter of months—although to a diverse extent.
Targeted sanctions are probably the most tangible form of sanctions. We have seen regulators adding thousands of entries to their lists of blocked persons.[1] In 2022, Russia-related designations in the European Union (EU) and United Kingdom (UK) lists alone resulted in those lists roughly doubling in size. These new records included Russia’s most senior politicians and wealthiest businesspeople, along with strategic, sovereign entities and large financial institutions and corporations.
The complex set of restrictions on goods in and out of Russia introduced massive challenges on corporations from virtually every sector, as they applied to a variety of commodities such as wood, aluminum, and, of course, energy products. These far-reaching sanctions are largely fueling global inflation and international supply chain challenges. Restrictions also extended to the transport or travel of Russia-related vessels, aircraft, and Russian nationals, as several sanctioning countries closed access to their airspace, ports, and territories.
Regulators also restricted highly strategic services. The financial services industry, for instance, essentially cut Russia’s access to Western capital markets, credit rating services, legal advisory, and auditing.
Lastly, regulators applied complex and severe territorial prohibitions to certain geographies within Eastern Ukraine, which fell out of the control of the Ukrainian government.
First immediate challenge: Lack of sanctions homogeneity
The UN did not impose any of the above sanctions. Despite official condemnation of Russian actions in Ukraine by the General Assembly, Russia’s veto at the Security Council has forced like-minded countries to seek alternative channels to cooperate and develop multilateral sanctions.[2] Whereas divergences within the Security Council have hindered the UN’s ability to implement sanctions for quite some time, the war in Ukraine is a major, long-term blow to the UN system.
We cannot overstate the consequences: UN sanctions form a baseline of universally applicable sanctions under the UN Charter. This is crucially important both for the effectiveness of sanctions and for the ease of implementation by the private sector. The absence of international consensus leaves companies with a fragmented landscape of regulations having local reach, nuanced restrictions, and divergent technical implementation.
Western countries and their allies have committed great efforts to align on their sanctions against Russia, using existing forums such as the G7 or developing new mechanisms such as the Russian Elites, Proxies and Oligarchs (REPO) Taskforce.[3] However, despite shared intentions, the devil lies in the details, and misalignments have been a major compliance challenge, including within the EU.
Growing fragmentation in the sanctions landscape raises the need for more granular, thorough, and dynamic sanctions risk assessments. Staff with sanctions expertise have become a scarce asset for international companies.
Second immediate challenge: Coping with operational burden
The hard, arithmetic reality faced by most international financial institutions and corporations is that a surge in the size of a sanctions list results in larger numbers of alerts to review. While this is a statistical trend observed everywhere, the challenge might compound either because of an institution’s particular risk exposure or because of the actual names being added to the sanctions list:
-
Russian-sounding names now represent a significant portion of the sanctions issued by the United States, EU, and UK. For businesses located or servicing in places like Eastern Europe, where significant portions of the customer base will typically have Eastern European-inspired names as well, these newly sanctioned persons have triggered a massive number of alerts to review, as customers with names similar to sanctions targets will trigger hits.
-
Some Russian businesses in the sanctions lists have very generic names, such as “International Investment Bank” or “Business–Finance.” From a screening perspective, such terms pose challenges as they are likely to generate large amounts of hits, making it hard for businesses to know if they are dealing with the actual sanctions target. We could expect Russian businesses to use such common terms for renaming existing businesses or incorporating new entities attempting to hide in plain sight.
The challenge does not end there. With most regulators applying ownership and control rules to extend sanctions to entities owned or even controlled by a sanctioned party, a group of effectively sanctioned entities are nowhere to be found in official lists. This is especially true with the designation of large conglomerates or wealthy oligarchs. A single record in the official list might equate to dozens—if not hundreds—of implicitly sanctioned entities.
Hence, detecting all sanctioned parties has never been more complicated. With strict liability for violating sanctions and the potential for administrative or criminal enforcement in case of breaches, this is high-stakes compliance for international businesses.
Effective sanctions screening systems and quality sanctions data are a must-have. Russian sanctions have resonated as a black swan event for sanctions compliance programs, leaving unprepared institutions with either an unsustainable compliance workload or a sword of Damocles hanging above them.
Third immediate challenge: Avoid facilitation/detect sanctions evasion
The current priority for regulators is to make their broad sanctions as effective as possible. Conversely, Russian sanctions targets could seek to exploit potential sanctions loopholes to procure vital goods for the Russian defense industry and continue generating resources for fueling the war in Ukraine. Sanctions evasion is becoming increasingly complex and sophisticated, with professional enablers helping Russian targets work around Western financial and trade sanctions.
Common techniques involve using family members or other proxies to officially hold assets or own funds effectively controlled by sanctioned oligarchs. Several reports and news articles have called out complacent third countries for serving either as transshipment points for trade in restricted items ultimately destined for Russia or as safe havens for Russian oligarchs’ funds and other assets.[4]
Beyond sanctions screening, organizations should carefully execute due diligence and anti-money laundering (AML)/countering the financing of terrorism (CFT) transaction monitoring to identify potential risks of sanctions evasion. This requires deepened cooperation among sanctions compliance teams and their AML/CFT counterparts. Businesses should develop sanctions evasion scenarios in their transaction monitoring tools and investigate changes in customers’ transactional activities from a sanctions perspective.
Fourth immediate challenge: Face regulatory scrutiny
Organizations around the world have felt the high political momentum around preventing financial crime in general and Russian sanctions. As sanctions are now in force, Western regulators are tightening their scrutiny—especially on financial institutions and businesses operating in sensitive sectors. Sanctions effectiveness is front of mind for many agencies: several thematic reviews and guidance documents around sanctions screening were published recently in various places like the United Arab Emirates, Singapore, the UK, and France.
At the same time, regulators have sharpened their enforcement powers. The U.S. deputy attorney general recently announced that “sanctions are the new FCPA,”[5] while the UK introduced new enforcement powers for the Office of Financial Sanctions Implementation.[6] The EU is following the same path with a criminalization of sanctions evasion across the EU and a proposal to make sanctions enforcement more effective throughout the EU.[7]
Be prepared to demonstrate your adherence to sanctions regulations. Keep detailed records and a clear audit trail of your due diligence, as screening controls and decisions have never been more important. A formal, current set of policies, procedures, and controls must be in place, backed by a comprehensive set of records that can prove their effective implementation.
Fifth immediate challenge: Foster a sanctions compliance culture
The breadth of new sanctions regulation has taken many international organizations by storm, leaving few business processes untouched. With regulatory scrutiny around sanctions compliance extending to all economic sectors, ignoring sanctions compliance requirements is no longer an option.
Office of Foreign Assets Control (OFAC) enforcement actions are frequently directed against non-financial institutions, and 2023 already saw OFAC’s largest settlement recorded with a corporation.[8] At the same time, exceedingly cautious approaches, such as derisking entire geographies or classes of customers, may prove both unsustainable from a business perspective and unnecessary from a compliance perspective. International companies must find the right balance between strict sanctions compliance and healthy business operations.
An organization should embed sanctions compliance into its culture. It is the senior management’s responsibility to draw a clear line of what is off-limits while enabling staff to do the right thing. It takes clear and formal commitment, including through internal communications and a set of policies and procedures. Training is a key component to cementing an organization’s culture for sanctions compliance so that everyone throughout the organization knows how to react when facing a risky situation.
Takeaways
-
Growing fragmentation in the sanctions landscape raises the need for more granular, thorough, and dynamic sanctions risk assessments.
-
Effective sanctions screening systems and quality sanctions data are a must-have.
-
Beyond sanctions screening, organizations should carefully execute due diligence and anti-money laundering/countering the financing of terrorism transaction monitoring to identify potential risks of sanctions evasion.
-
Keep detailed records and a clear audit trail of your due diligence, as screening controls and decisions have never been more important.
-
An organization should embed sanctions compliance into its culture.