Across the world, penalties for sanctions violations are increasing

As global instability has increased from Russia to Iran, the resulting sanctions response has often been swift and intense. Throughout the invasion of Ukraine, countries worldwide have implemented rapid and swift sanctions on businesses and individuals alike. Governments are leveraging economic sanctions as a key tool for exerting pressure on foreign entities, enforcing compliance, and punishing those who circumvent restrictions.

Penalties for breaching these sanctions regimes are also escalating, with governments imposing harsher fines and lengthier prison sentences. Many countries are not only introducing stricter domestic measures but also aligning their policies with international frameworks to ensure effective enforcement.

 

EU Directive 2024/1226: Harmonising sanctions enforcement

The European Union recently adopted Directive 2024/1226, aimed at establishing uniform rules across member states for defining criminal offenses and penalties related to the violation of EU sanctions. This directive ensures that actions such as failing to freeze assets, breaching travel bans, and providing prohibited financial services are uniformly criminalised across the bloc. Penalties would include imprisonment with a minimum maximum term of five years for intentional violations, and fines that can reach up to 5% of a company’s worldwide turnover or €40 million, whichever is higher. Countries must implement these provisions into national law by May 2025.

Some EU countries have already made significant strides in implementing stricter sanctions penalties. Denmark has proposed legislation to enhance penalties for breaches of EU sanctions against Russia. The proposed law aims to increase the maximum prison sentence for such violations from four months to five years, with aggravated offenses potentially leading to up to eight years of imprisonment. Justice Minister Peter Hummelgaard emphasized the government’s intent to eliminate financial gains derived from violating sanctions, stating, “It is absolutely unacceptable for Danish companies to violate EU sanctions against Russia and Belarus for financial gain.”

Sanctions penalties in the United States

The United States continues to rigorously enforce sanctions, imposing substantial penalties on entities that violate regulations. In October 2024, TD Bank agreed to pay a staggering $3 billion in penalties to US authorities for insufficient monitoring of money laundering activities, highlighting the serious consequences of non-compliance. Other significant sanctions cases include Binance’s $4.3 billion settlement in 2023 over anti-money laundering violations and Danske Bank’s $2 billion settlement for similar failures.

Under the Trump Administration, sanctions compliance is becoming ever more complicated. As foreign policy priorities rapidly shift, with the potential for increased sanctions on Iran and ongoing complexity around Russia and Ukraine, companies face increasing risk for potential violations of US sanctions.

Sanctions penalties in the United Kingdom

In the UK, the Office of Financial Sanctions Implementation (OFSI) has reported an increase in self-reported breaches of sanctions against Russia. As of last year, 161 British companies had admitted to potential violations since Russia’s invasion of Ukraine in February 2022. Penalties for such breaches can be severe, including fines of £1 million or 50% of the breach’s value, and potential criminal prosecution. The largest civil penalty to date is £20.5 million for breaches between 2015 and 2018. It’s vital to remember that in the UK, sanctions breaches are a strict liability offence, meaning any breach of sanctions, even accidental, is a criminal offence.

 

Download your guide to sanctions compliance today.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.