Updates to UK sanctions regime on Russia for lawyers

Unintended consequences of Russian sanctions order had created a mess for lawyers

The Russia (Sanctions) (EU Exit) (Amendment) (No.3) Regulations 2023, which came into force on 30 June and prevented UK lawyers from advising Russian companies had been criticised for “creating a problem for the UK legal services industry in the UK and beyond”, including for non-Russian companies seeking advice from UK lawyers, according to the City of London Law Society. 

This had made it harder for firms to provide sanctions advice to clients, and had forced some international businesses to turn elsewhere or proceed with no sanctions advice at all. 

To counteract these measures, the UK has since issued a new general licence to address some of the unintended consequences from the new restrictions. 

The Regulations of 30 June had prohibited the direct or indirect provision of “legal advisory services” to any non UK person in relation to, or in connection with, any activity which would be prohibited by the UK Regulations, if done by a UK person or carried out within the UK. There was only an exemption for advice on whether an act or proposed act complied with the UK regulations. 

But the consequences meant that UK lawyers and firms were restricted from advising on compliance with EU or US sanctions, or from assisting an EU client on complying with EU sanctions.

To absolve some of these issues, the UK has issued a general licence which took effect on 11 August. It allows for advice:

  • On whether an act or proposed act complies with, or could trigger punitive measures in relation to, restrictive measures imposed on Russia by any jurisdiction
  • In relation to or in connection with compliance with, or addressing the risk of punitive measures in relation to, such restrictive measures, Russian “counter-sanctions” or any criminal law imposed by any jurisdiction
  • In relation to the discharge of or compliance with UK statutory or regulatory obligations

However, any lawyer or firm relying on this general licence must register through the SPIRE system within 30 calendar days of their first use. Failure to do so is a criminal offence. Records must be kept for four years and must permit them to be inspected and copied by an authorised person. 

Until there is a legislative update to the regulations to fix the unintended consequences of the Russia (Sanctions) (EU Exit) (Amendment) (No.3) Regulations 2023, the general licence through the SPIRE system remains the best option. However the general licence only covers specific types of advice. Those who have pre-sanctions relationships with Russian parties will often need to give broader advice which may not fall under the general licence. In-house lawyers may need to to seek additional advice if they are unable to use the general licence.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.