Getting sanctions compliance right

Keeping track of sanctions on Russia

Since Russia launched its invasion of Ukraine at the end of February, the West has imposed significant sanctions on Russia, Belarus, and Vladimir Putin’s oligarchs who fund his war. The conflict has also marked unprecedented international cooperation between Western allies unseen since the days of the Cold War.

The rapidly evolving nature of the situation has made sanctions compliance an increasing challenge for businesses, but also one that is vital to understand. New laws such as the Economic Crime Act in the UK have ramped up sanctions compliance and increased penalties on businesses – any businesses – who get things wrong.

The Economic Crime Act has made sanctions breaches a strict liability offence, meaning whether or not a person or a company intended to breach sanctions is now irrelevant. Plus, the UK’s Office of Financial Sanctions Implementation can now name and shame companies even suspected of sanctions breaches, before a fine has even been imposed. 

In short, sanctions compliance has become infinitely more complicated in the last few months, with the penalties for getting this wrong increasingly harsh.

What are sanctions?

Sanctions are a diplomatic tool used to promote international peace and security and to combat violations of international law and terrorism. They do this by applying economic pressure on a country or regime by restricting dealings with the regime, as well as certain individuals and entities. The goal of using sanctions is to pressure a regime to change its behaviour regarding certain political, military, or social issues. 

Sanctions are legal limitations put in place by individual countries like the United Kingdom or the United States, or by international institutions, such as the United Nations (UN) and the European Union (EU). They may include various forms of trade barriers, from tariffs and restrictions on financial transactions to broad embargoes. 

In their most extreme examples, such as the sanctions against Russia following its invasion of Ukraine, sanctions can cripple a country’s economy, weaken its currency, isolate it from international travel, and freeze the assets of its key political players. 

By complying with sanctions requirements, companies help promote peace and justice in the world by pressuring rogue actors and preventing them from accessing the resources they need to commit further injustices. 

There are different types of sanctions, such as:

  • Financial sanctions – asset freezes on companies or individuals
  • Arms embargoes
  • Export and import controls
  • Trade sanctions
  • Travel bans 

Sanctions on Russia are mainly financial sanctions, with some travel bans, but generally sanctions are targeted at those wealthy individuals who fund Putin’s regime. One of the most visible effects of these financial sanctions is against Roman Abramovich, owner of Chelsea Football Club. The oligarch has owned the club since 2003, and wanted to sell it but the process has been caught up in sanctions. Chelsea cannot be sold, but the club has been given a special licence to pay players and staff. The club can spend £500,000 on staging matches, but merchandise cannot be sold and ticket sales are frozen. Chelsea may be unable to pay its wages and could face going into administration. 

How to undertake a sanctions check

New customers must be screened for sanctions as part of the onboarding process. Existing customers and third parties should also be screened on a regular basis in order to comply with the changing landscape. You can use a third party solution which tracks the different sanctions lists, or you can do a check yourself, everything is published and available online. 

If the name of an individual or entity you are dealing with matches an entry on the sanctions list, this is known as a name match. If there is a name match, but you are satisfied that the individual does not match the description, you do not need to take further action. For instance the names are the same but the dates of birth or countries of residence are different.

If the individual or entity you are dealing with matches all the information on the sanctions list, this is likely a target match.

If a client or potential client appears as a target match, or if you are unsure, it must be reported immediately. Relevant firms must have a clearly-defined senior management responsibility for sanctions compliance. That function will be required to evaluate the match and determine the next steps. 

Next steps for business on sanctions compliance

  • Ensure there is an updated sanctions policy, alongside a sanctions risk assessment
  • Put staff through sanctions training so they understand sanctions risks, who is at risk, and how to make a check
  • Put in place an onboarding system such as Omnitrack or make sure your own client onboarding system has the functionality to ensure sanctions checks have been done.
  • Communicate to staff who the responsible individual for sanctions compliance is
How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.