Sanctions enforcement is moving fast, and the latest OFAC settlement with FTI Consulting is another reminder that sanctions risk is rarely limited to a simple name match on a screening system.
On 1 June 2026, the US Office of Foreign Assets Control announced a $1.05 million settlement with FTI Consulting over apparent violations of US sanctions targeting Russia’s financial sector. According to OFAC, FTI indirectly dealt in prohibited debt of VTB Bank, a Russian state-owned bank subject to sectoral sanctions, through a law firm engagement relating to litigation work.
This was not a case of a company simply paying a sanctioned party directly: OFAC’s concern was the structure and practical reality of the arrangement. FTI was engaged by a law firm, but the work was for the benefit of VTB, and the invoices were ultimately dependent on VTB paying the law firm. When payments were delayed well beyond the permitted period, OFAC concluded that FTI had indirectly extended prohibited debt to VTB.
Sanctions risk is becoming harder to spot
The FTI settlement sits alongside a growing number of recent enforcement actions involving different industries, jurisdictions and sanctions risks. Recent OFAC and OFSI actions have involved Adani Enterprises, Apple Distribution International and Deutsche Bank AG London Branch.
The common thread is not one specific sector or one specific type of transaction. It is the expectation that organisations understand sanctions risk in context.
That means looking at:
- indirect dealings with sanctioned parties
- ownership and control structures
- payment arrangements and delayed invoices
- supply chains and intermediaries
- sectoral sanctions and partial restrictions
- the real commercial purpose of the transaction
This is particularly important for professional services firms, law firms, consultants, financial institutions and any organisation operating across multiple jurisdictions. A transaction may look low risk at first glance because the direct client or counterparty is not sanctioned. But if the work, payment or economic benefit ultimately connects to a sanctioned entity, the risk profile changes.
The problem with “training” as a remedial action
One of the most interesting parts of the FTI settlement is OFAC’s reference to remedial action. FTI’s compliance enhancements included training on sectoral sanctions and additional awareness within its legal department around law firm engagements.
That raises an important question for compliance teams: what kind of training is actually useful in a case like this?
A PDF policy followed by a short multiple-choice quiz may show that training was assigned. It may even show that employees completed it. But would it have helped staff identify the problem in this case?
The risk in the FTI matter was not obvious in the way sanctions training is often presented. It was not simply: “Is this person on a sanctions list?” The issue involved sectoral sanctions, invoice maturity, indirect payment structures, the role of a law firm, the ultimate beneficiary of the work, and the warning signs created by repeated late payments.
That is exactly the kind of scenario where staff need more than awareness. They need to practise judgement.
Sanctions training needs to build decision-making skills
Effective sanctions training should help people recognise the practical situations where sanctions risk arises. That means moving beyond generic explanations of sanctions lists and blocked parties.
Staff need to recognise how sanctions risk can emerge in everyday situations. This could involve a client requesting work that ultimately benefits a restricted entity, or payment and invoicing arrangements that mask the true beneficiary. The key is to spot risk in context, not just on paper.
Training should also be role-specific. Legal, finance, sales, procurement and senior management will not all encounter the same risks. A finance team may need to recognise payment and invoicing issues. A legal team may need to understand risks in client engagements and matter structures. A sales team may need to identify red flags in customer relationships, intermediaries and beneficial ownership. Senior leaders need to understand when commercial pressure should trigger escalation rather than improvisation.
The key is not simply whether staff know the rules. It is whether they can apply them under pressure.
What should organisations take from the FTI settlement?
The FTI case reinforces several practical points for sanctions compliance programmes.
First, indirect dealings matter. Organisations cannot assume that using an intermediary, adviser, law firm or other third party removes sanctions risk. If the transaction benefits a sanctioned or restricted party, or creates an indirect route to prohibited activity, regulators may still take action.
Second, partial or sectoral sanctions still require careful analysis. A party may not be fully blocked, but certain dealings may still be prohibited. That makes the compliance assessment more nuanced and more dependent on the facts.
Third, payment terms and invoicing arrangements can create sanctions risk. In the FTI case, unpaid invoices and delayed payments were central to the alleged breach. Sanctions teams should not treat payment mechanics as an administrative detail.
Fourth, escalation needs to happen early. Where a transaction involves a restricted entity, unusual payment arrangements or repeated delays, staff need clear routes to raise concerns before the organisation continues work or issues further invoices.
Finally, training should be tested against real scenarios. If the training would not help someone spot the risk in a matter like FTI, it is probably not doing enough.
Compliance programmes need evidence, not assumptions
Regulators are not only looking for written policies. They are looking at how organisations actually manage sanctions risk in practice.
Organisations need to keep risk assessments up to date and ensure their screening systems can spot ownership and control issues. Staff should understand how indirect dealings create risk, and high-risk matters must be escalated appropriately. Clear documentation of decisions is also essential to show that the organisation is managing sanctions risk in practice.
For organisations operating internationally, this is becoming more important as OFAC, OFSI and other sanctions authorities continue to scrutinise complex commercial arrangements. Sanctions compliance is no longer just a back-office screening exercise. It is a live operational risk that can sit inside contracts, payments, supply chains, professional services engagements and customer relationships.
The message from the FTI settlement is simple: if a transaction is structured to look compliant, compliance teams still need to ask whether it is compliant in substance.
That requires better controls, stronger escalation and training that helps people make the right call when the risk is not obvious.
