Australian court rules companies are on the hook for any sanctions violations

Australia’s landmark sanctions judgement: what businesses need to know

In response to concerns over Russian sanctions evasion, countries worldwide are intensifying enforcement of trade and financial restrictions. Australia’s recent case, Alumina and Bauxite Company Ltd v Queensland Alumina Ltd [2024], illustrates just how complex these enforcement measures have become, especially regarding indirect benefits that could arise from seemingly compliant transactions.

The evolving sanctions landscape and Australia’s unique interpretation

In the Alumina case, the Federal Court tackled a crucial issue: can a company’s transactions with non-sanctioned countries still violate sanctions if they indirectly benefit a sanctioned nation? Queensland Alumina Ltd (QAL), a joint venture partly owned by mining giant Rio Tinto and Rusal, a Russian conglomerate, was ordered to halt alumina supplies to Rusal’s subsidiary due to its shareholders, Oleg Deripaska and Viktor Vekselberg, being under Australian sanctions.

The initial judgement argued that by providing resources to Rusal’s subsidiaries, QAL effectively financially benefited these sanctioned individuals. This interpretation went further to state that even if materials like alumina were transferred to third countries (e.g., China), they might indirectly benefit Russia. By broadening the definition of “benefit” to include any economic advantage, the ruling underscores an incredibly expansive view of ‘benefits’ under sanctions restrictions.

Key impacts of the judgement on export sanctions

One aspect of the judgement focuses on export sanctions, specifically that a supply of goods could initially be compliant but later become non-compliant if rerouted to a sanctioned country. In other words, if QAL’s alumina ended up in Russia it could constitute a violation, unless QAL could prove it took “reasonable precautions” to prevent this outcome. For businesses, this broad interpretation introduces a new level of complexity, especially since the court emphasised the need for careful due diligence.

Second-order benefits, expansive liability and ownership control

A striking part of the judgement is the consideration of “second-order benefits.” The court suggested that alumina sold to China might reduce domestic supply there, creating an economic environment where Chinese companies might opt to export their surplus to Russia. According to the court, this indirect benefit to Russia could, under Australian law, constitute a sanctions violation.

Another radical departure from international standards in this judgement is around levels of control of sanctioned entities. The US applies a specific threshold of 50% ownership (more stringent than just control), meaning Rusal was able to be removed from US sanctions lists once the sanctioned Deripaska reduced his shareholding to below 50%.

The UK has a more complex formula, using a test of control, with the exact meaning being interpreted by the courts. The Court of Appeal in London in Mints & Ors vs PJSC National Bank Trust & Anor [2023] suggested that all Russian companies were controlled by a sanctioned person—namely Vladimir Putin. Although this was rolled back by the Supreme Court, Mints is still on appeal. Australia’s approach however could signal a significant shift. It suggests that sanctions compliance may increasingly hinge on the broader economic effects of transactions, even when direct violations are absent.

Practical tips for businesses: navigating complex sanctions compliance

For companies looking to stay compliant, especially in jurisdictions with expansive sanctions laws, these tips are crucial:

  1. Strengthen your supply chain transparency: Ensure you understand where your goods might end up, even after they leave your direct control. Supply chain mapping tools and stringent contracts can help prevent indirect violations.
  2. Implement due diligence protocols: Document and maintain rigorous due diligence practices. If a breach occurs, being able to demonstrate proactive measures—such as monitoring end-use and avoiding high-risk intermediaries—can provide legal protection.
  3. Stay updated on global sanctions policies: With each country adopting its own sanctions standards, global companies should track and adapt to jurisdictional nuances, ensuring their policies align with the strictest applicable rules.
  4. Consider expert legal and compliance support: Given the complexity of the Alumina case, legal and compliance experts can help assess risks, especially when indirect economic benefits could violate sanctions.
How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.