Since 2014, the European Union (“EU”) has progressively imposed restrictive measures against Russia in response to the illegal annexation of Crimea. As a result, the EU imposed a range of economic measures which included targeted economic sanctions (asset freezes and lending restrictions) as well as travel bans on certain listed entities and individuals, in addition to restrictions on economic relations with Crimea, Sevastopol and the separatist controlled areas of Donetsk and Luhansk oblasts. These included import ban on goods from the two regions, restrictions on trade and investments related to certain economic sectors, a prohibition to supply tourism services, and an export ban for certain goods and technologies.
One year after the annexation of Crimea, Russia began increasing its military presence in Ukraine. In December 2021, the Russian Federation started assembling troops along its border with Ukraine, building up to the existing conflict. In February 2022, Russia ordered troops into the Donetsk and Luhansk regions of Ukraine, after recognising them as independent and disregarding the Minsk peace agreements. In response to continuing hostile activity by Russia and to encourage Russia to cease actions destabilising Ukraine, or undermining or threatening the territorial integrity, sovereignty or independence of the country, the EU published new restrictive measures. In the days following the Russian invasion of Ukraine on 24 February 2022, the Bloc responded with a raft of sanctions of unforeseen severity which far exceed the measures previously in place.
The EU has restricted the supply of dual-use items to any person/ entity in Russia or Belarus or for use in Russia or Belarus. The restrictions also include standard prohibitions on providing technical assistance, brokering and other services related to dual-use items. The new measures also prohibit the export of a wide variety of items beyond the Dual-Use List, including a wide variety of electronics, computers, telecoms, information security, sensors and lasers, navigation and avionics, marine, and aerospace items. The EU also prohibited mass market encryption items for supply to Russian persons or for use in Russia.
Apart from the existing restrictions, increased scrutiny will be expected by parties dealing with or doing business in Russia, Belarus, and Eastern Ukraine (e.g., increased due diligence on end-to-end supply chains, end users, ownership structures, entities and individuals with connections to Russian oligarchs and other elites).
Corporates should assess their end-to-end supply chain to evaluate how the new restrictions impact their business activities. Also, corporates should make sure their compliance programme is effective and comprehensive to response timely to the latest restrictions and due diligence requirement. A few examples of how companies could achieve this are:
1. Understand the sactions exposure
Companies should prioritise understanding the size and nature of their existing exposure to Russia and Belarus and, conversely, their sanctions risk. Considering their location and proximities (whether geographic or cultural) to Russia and Belarus could be a good starting point. It is highly likely that efforts to evade sanctions will shift activity to neighbouring areas. The ability to detect and evaluate such efforts will be a critical component of compliance programmes for financial institutions. Whilst all companies will have sanctions programmes in place, it is important that they are commensurate with the nature, size and complexity of the companies.
Companies should establish the impact of current restrictive measures (both primary and secondary) on their current business activities and customer base, and what this means in the context of their overall risk appetite, as well as business wide risk assessment.
To fully understand their sanctions exposure, companies should consider proactively reviewing their books of business and analysing their transaction volumes along with distribution channels – including by leveraging data science to understand both primary and secondary exposure to sanctioned geographies/parties. Companies should also assess their end-to-end supply chain to understand if their suppliers are able to keep producing and/ or delivering their products.
Likewise, products and services should be included in the assessment, to identify whether they are subject to the heightened sanctions risk – e.g., foreign correspondent accounts, trade related products, the export control classifications of the products.
2. Consider the extraterritoriality of sanctions regulations
EU sanctions apply within the EU territory, to all EU nationals in any jurisdiction, and to all companies incorporated in an EU state, including their branches in third countries1. This means that EU incorporated companies with branches outside of the EU, will need to comply with the current sanctions measures across all operations.
Companies should consider tackling the challenges related to extraterritoriality by adopting a centralized decision-making approach which promotes greater uniformity within organisations. However, whilst Head Offices should drive the implementation of current sanctions requirements across branches and/or subsidiaries, they should also cooperate with these entities to ensure that the local teams can also respond quickly to any changes in local sanctions. Tailored sanctions trainings, workshops and regular updates from the companies’ Head Offices are of paramount importance to ensure that organisations are aligned to the new sanction requirements and that the knowledge and skills are widely shared across branches and teams.
3. Revamp existing systems and controls
Regulators expect companies to have good systems and controls in place to counter the risk of being used for financial crime, which includes compliance with sanctions obligations. Failings in the financial crime systems and controls space can lead to regulators imposing restrictions and/or taking enforcement action against companies.
Companies will not only need to re-evaluate their sanction compliance frameworks, to ensure alignment with current regulations, but also ensure they have in place mechanisms that allow them to quickly respond and adjust their controls in case of potential future changes. As previously noted, companies should assess their sanction exposure and focus on identifying areas of potential concerns, making appropriate compliant risk decisions, and mitigating potential risks.
At the core of sanction compliance frameworks, sit the screening tools, which enable companies to detect, prevent and manage sanctions risk. Most companies adopt two main screening controls to achieve their sanctions objectives: transaction/payment screening and customer name list screening, both of which will require significant attention.
In-depth due diligence is critical at this time, especially as some Russian companies are attempting to ‘sanction-proof’ by changing beneficial owners and access to certain corporate and ownership registries is being restricted. Changes in clients’ management, shareholders and beneficial owners should automatically trigger event driven reviews and potential business exits. However, companies should also consider conducting business partner reviews on their existing clients with known Russian and Belarusian affiliations, to understand and mitigate any potential sanctions risks. Particular attention should also be given to the clients’ sources of funds and wealth, to ensure that their provenance is not from sanctioned individuals, organisations or jurisdictions. Depending on the firm’s exposure review exercises could be quite laborious and will require resources with appropriate skills and sanctions experience to enable thorough analysis and accurate outcomes.
Sanctions name list screening may also present its challenges. Firstly, companies will be faced with an increased number of alerts generated by their internal screening systems, moreover, most organisations place reliance on their third-party providers to update their sanctions lists feeding into their screening engines. Companies should ensure that, particularly at this time of increased list volatility, any new sanctions lists are rigorously reviewed internally. This will ensure data and feed integrity, help companies to minimise the number of low quality/false-positive alerts and help safeguard against incomplete screening.
Companies should document their rationale for any risk-based decisions, risk acceptance and/or remediation exercises in relation to recent changes in their governance framework.
4. Horizon Scanning – being prepared for further restrictive measures
The EU has continued to adopt further restrictive measures against Russia which will continue to include further sanctions on individuals and entities based on the Union’s further investigations into Russian organisations (i.e., umbrella/shell companies). In addition, new and/or further restrictions are also possible against regimes seen as actively abetting Russian actions. The compliance landscape continues to evolve at an unaltered pace, with the onus being the companies involved to interpret and apply the ever changing regulations.
If you have any questions about WTS Global or our global services, please get in touch.
We will respond to you as soon as possible.