Sign in Subscribe
By Zahn Alimbay in Regulatory Insights

Revisiting Sanctions Compliance

Revisiting Sanctions Compliance

The 14th EU Sanctions package is expected to focus heavily on enforcement and combating sanctions evasion. It's time for businesses trading internationally to revisit their sanctions compliance.

These are the key issues dominating compliance teams' agendas.

Banks

With a recent Russia sanctions enforcement push, banks increasingly find themselves between a rock and a hard place. The risk of US secondary sanctions under Executive Order 14114 and the ECB's pressure to speed up withdrawal plans by those banks that still have some operations in the country are just two examples.

Last week, Secretary Yellen warned European banks of tougher sanctions on non-US, primarily European banks, which are still doing business with Russia. Earlier this year, US officials visited some of the critical destinations for Russian money, namely Turkey, China, and UAE. Bigger players in those markets got the message and started suspending Russian-related transactions.

Recently reported plans by G-7 countries to target third-country lenders is another push in the same direction (https://news.bloomberglaw.com/international-trade/g-7-to-target-banks-helping-russia-evade-ukraine-war-sanctions).

The direction of travel is clear. All of this puts banks in a tough place.

None of the regimes mentioned above contain outright prohibitions on doing business with Russian counterparts (except for designated parties, of course). Instead, they significantly restrict the ability to transact, effectively requiring financial institutions to police the sanction landscape.

While financial institutions' AML/CTF and sanction screening allow them to identify sanctioned persons, the situation with monitoring restricted trade is more complex.

Effectively, banks need to run a multi-faceted sanctions analysis for their clients' transactions: Are those restricted or dual-use items? What are the ECCN/classification and HS codes? What is the end use and end destination of the products associated with the financial transactions?

Banks have no means of doing it. Instead, they rely on the same old, same old—asking customers to provide more paperwork proving that transactions comply with the sanctions laws. Considering that most businesses are not very sanctions and export control savvy, this so-called "control" is unlikely to be very effective. Financial institutions' compliance teams understand this very well, too. What to expect?

Considering the banking industry's low-risk appetite, we will most likely see increased bureaucracy, discretional de-banking, refusal to run transactions, or simply exit from the market.

Industry

If you think banks, with their ability to access the best legal resources anywhere in the world, find themselves in a hard place, think of small and medium-sized businesses.

They have very limited abilities to navigate the regulatory landscape, especially when we are talking about situations involving more than one national regulatory regime (e.g., re-export of controlled/ dual-use items or dealings with sensitive technologies), product classification, anti-evasion controls, and even such basic things as counterpart sanctions screening to identify whether their actual business associate (e.g., end user or UBO) is a designated entity with which dealings are prohibited. The recent enforcement stories show that this is the path often used by criminals to evade sanctions, whether these businesses and their owners know it and facilitate or just fail to apply basic controls.

But even for bigger traders, the effort is significant: from limiting the export of sensitive technologies to identifying ultimate beneficial ownership and determining control, dual-use licensing, and identifying end-users/ end-destinations of sold products. And this is just the tip of the iceberg.

The challenge is amplified by continuously evolving sanctions regulations (to remind you, we are on the 14th EU package now), the complexity and often ambiguity of rules, the lack of guidance, and different enforcement patterns across countries. This is especially noticeable in the EU, both in terms of rule-making and rule implementation. Regulators have a special place in this story, too.

In the past, many companies believed that if they didn't deal with sanctioned jurisdictions, they need not worry about sanction exposure. The war in Russia changed all that.

The current-day nature of trade means that the risk is still present even if your business is not importing or exporting anything. Think of the recent car industry incidents in the US involving components produced in China allegedly using forced labour. (https://www.wsj.com/articles/bmw-jaguar-and-vw-parts-may-have-been-made-with-forced-labor-senate-report-says-5d63c156). Often, issues are hidden deep in supply chains.

Unfortunately, there are no simple solutions. It really is one of those areas where organisations need to take this risk seriously and start investing in compliance.

The steps are known:

  • Start with risk assessment and map your sanctions exposure in terms of products you produce or acquire, services rendered or technology involved.
  • Third parties: Screen your counterparts, their owners, directors and senior executives against sanction designations and lists of blocked persons. Track UBOs and understand the control element. Ask your business associate who is the ultimate recipient of the sale and where it will be used. If you are dealing with the re-seller or intermediary, asking them to provide an end-user declaration is a good idea.
    • NB: While many regulators (e.g., US OFAC and UK OFSI) publish lists of sanctioned entities, these might not necessarily be sufficient for effective third party due diligence. Paid resources such as Dow Jones, Refinitv, and many others fill information gaps but are costly.
  • Transaction: What are you supplying or buying? Are any of those products and services controlled or restricted? Do you need a licence or export permit? What is the transaction currency? Check against end-use, end-user and end-destination. This is an area where investment in competencies is warranted. Both OFAC and US BIS provide some very useful guidance and free training on this subject (OFAC Information for Industry Groups | Office of Foreign Assets Control (treasury.gov), Training | Bureau of Industry and Security (bis.gov)).  
  • Geographical footprint: Where are you based, and where are your counterparts based? Identify Jurisdictional Reach – the US, UK, and EU are all extra-territorial regimes, and if you fall within their reach – compliance with those laws is mandatory. They have long arms.
  • Know your supply chain: Do you know the source of origin of your products or raw materials? Supply chain due diligence is not only about product quality but also about who, where, and how the product in question was produced. This needs to be part of your due diligence.

A few words about regulators

While more experienced regulators like US OFAC and BIS have plenty of resources, training, and FAQs publicly available on their websites to help businesses, others are struggling. The UK is a great example here. For them, the era of sanctions enforcement effectively started on February 24, 2022. They are learning on the job and making mistakes, too.

It is fair to say that businesses need to be mindful of this and should not relinquish their due diligence obligations just because governments are not policing them hard enough. This will come, and businesses need to be ready for it.

 

See you next Saturday!

If you are embarking on your own compliance transformational journey and need help designing and enhancing your compliance program, get in touch with us. We are here to help!

Comhla Intelligent Compliance

At Comhla, we are driven by a mission to revolutionise the way organisations approach compliance and misconduct prevention. By leveraging our in-depth governance, compliance and internal control expertise, actionable data insights and cutting-edge applied research in organisational science, we help our customers build effective regulatory and compliance management to safeguard their license to operate, protect the bottom line and enhance reputation as responsible businesses.

Follow us on LinkedIn: https://www.linkedin.com/company/comhlaic 

Learn More https://comhla.co

We aim to publish weekly. The information provided in this newsletter is not intended to and does not render legal, accounting, tax, or other professional advice or services.

Subscribe to Breaking the Mould

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe