EU Sanctions Developments on Russia/Ukraine
Since 2014, the European Union (“EU”) has progressively imposed restrictive measures against Russia in response to the illegal annexation of Crimea. As a result, the EU imposed a range of economic measures that included targeted economic sanctions (asset freezes and lending restrictions) as well as travel bans on certain listed entities and individuals, in addition to restrictions on economic relations with Crimea, Sevastopol, and the separatist-controlled areas of Donetsk and Luhansk oblasts. These included import bans on goods from the two regions, restrictions on trade and investments related to certain economic sectors, a prohibition on supplying tourism services, and an export ban for certain goods and technologies.
One year after the annexation of Crimea, Russia began increasing its military presence in Ukraine. In December 2021, the Russian Federation started assembling troops along its border with Ukraine, building up to the existing conflict. In February 2022, Russia ordered troops into the Donetsk and Luhansk regions of Ukraine, after recognising them as independent and disregarding the Minsk peace agreements. In response to continuing hostile activity by Russia and to encourage Russia to cease actions destabilising Ukraine and undermining or threatening the territorial integrity, sovereignty or independence of the country, the EU published new restrictive measures. In the days following the Russian invasion of Ukraine on 24 February 2022, the Bloc responded with a raft of sanctions of unforeseen severity that far exceed the measures previously in place.
The international and security situation remains dynamic, with new measures possible in the coming days and week. The EU sanctions and restrictions related to Russia include:
In addition, for abetting Russia, the EU is considering significantly broadening the current sanctions regime against Belarus. The new measures are likely to mirror Russian sanctions and to include:
Challenges for Corporates
The EU has restricted the supply of dual-use items to any person/entity in Russia or Belarus or for use in Russia or Belarus. The restrictions also include standard prohibitions on providing technical assistance, brokering and other services related to dual-use items. The new measures also prohibit the export of a wide variety of items beyond the dual-use list, including a wide variety of electronics, computers, telecoms, information security, sensors and lasers, navigation and avionics, and marine and aerospace items. The EU also prohibited mass market encryption items for supply to Russian persons or for use in Russia.
Apart from the existing restrictions, increased scrutiny will be expected by parties dealing with or doing business in Russia, Belarus and Eastern Ukraine (e.g. increased due diligence on end-to-end supply chains, end users, ownership structures, entities and individuals with connections to Russian oligarchs, politically exposed persons, etc.).
Corporates should assess their end-to-end supply chain to evaluate how the new restrictions impact their business activities. Also, corporates should make sure their compliance programme is effective and comprehensive in order to respond timely to the latest restrictions and due diligence requirement. Firms could achieve this in the following ways, among others:
- Firms should conduct an overall health check on their export controls and sanctions compliance programmes in order to test and assess performance and identify any potential gaps.
- When conducting due diligence and reassessing existing clients, firms should aim to take their research further and perform additional investigation by examining Russian-language databases to ensure that complex corporate networks of entities are understood and ultimate beneficial owners are identified.
- As part of enhancing and aligning their existing compliance programme to current regulatory requirements, firms should consider developing their own internal programmes to help identify red flags that may indicate avoidance attempts such as diversion to or transactions with sanctioned or restricted parties or locations.
Challenges for Financial Institutions
Given the fluid sanctions regulatory environment, firms should evaluate their existing sanction risks and ensure both that their compliance programmes are prepared to rapidly implement new controls and their operations teams are ready to enact those controls. Understanding the sanctions exposure and factoring in the extraterritorial aspects of sanctions regulations are key to ensuring all necessary steps are being taken when updating existing systems and controls.
How to Approach the Current Sanctions Climate
Understand the Sanctions Exposure
Firms should prioritise understanding the size and nature of their existing exposure to Russia and Belarus and, conversely, their sanctions risk. Considering their location and proximities (whether geographic or cultural) to Russia and Belarus could be a good starting point. It is highly likely that efforts to evade sanctions will shift activity to neighbouring areas. The ability to detect and evaluate such efforts will be a critical component of compliance programmes for financial institutions. Whilst all firms will have sanctions programmes in place, it is important that the programmes are commensurate with the nature, size and complexity of the firms.
Firms should establish the impact of current restrictive measures (both primary and secondary) on their current business activities and customer base, and what this means in the context of their overall risk appetite as well as their business-wide risk assessment.
To fully understand their sanctions exposure, firms should consider proactively reviewing their books of business and analysing their transaction volumes along with their distribution channels — including by leveraging data science to understand both primary and secondary exposure to sanctioned geographies/parties. Firms should also assess their end-to-end supply chain to determine whether their suppliers are able to keep producing and/or delivering their products.
Likewise, products and services — e.g. foreign correspondent accounts, trade-related products and the export control classifications of the products — should be included in the assessment so firms can identify whether they are subject to heightened risk from sanctions the heightened sanctions risk.
Consider the Extraterritoriality of Sanctions Regulations
EU sanctions apply within the EU territory, to all EU nationals in any jurisdiction, and to all firms incorporated in an EU state, including their branches in third countries1. This means that EU-incorporated firms with branches outside the EU will need to comply with the current sanctions measures across all operations.
Firms should consider tackling the challenges related to extraterritoriality by adopting a centralised decision-making approach that promotes greater uniformity within organisations. However, whilst Head Offices should drive the implementation of current sanctions requirements across branches and/or subsidiaries, they should also cooperate with these entities to ensure that the local teams can also respond quickly to any changes in local sanctions. Tailored sanctions trainings, workshops and regular updates from the firms’ Head Offices are of paramount importance to ensure that organisations are aligned to the new sanction requirements and that the knowledge and skills are widely shared across branches and teams.
Revamp Existing Systems and Controls
Regulators expect firms to have good systems and controls in place to counter the risk of being used for financial crime, and this includes compliance with sanctions obligations. Failings in the financial crime systems and controls space can lead to regulators imposing restrictions and/or taking enforcement action against firms.
Firms will not only need to re-evaluate their sanction compliance frameworks to ensure alignment with current regulations, but also to ensure they have mechanisms in place that allow them to quickly respond and adjust their controls in case of potential future changes. As previously noted, firms should assess their sanction exposure and focus on identifying areas of potential concerns, making appropriate compliant risk decisions and mitigating potential risks.
At the core of sanction compliance frameworks sit the screening tools, which enable firms to detect, prevent and manage sanctions risk. Most firms adopt two main screening controls to achieve their sanctions objectives — transaction/payment screening and customer name list screening — both of which will require significant attention.
Enhanced Due Diligence:
In-depth due diligence is critical at this time, especially as some Russian companies are attempting to ‘sanction-proof’ by changing beneficial owners, and access to certain corporate and ownership registries is being restricted. Changes in clients’ management, shareholders and beneficial owners should automatically trigger event-driven reviews and potential business exits. However, firms should also consider conducting Know Your Client (‘KYC’) reviews on their existing clients with known Russian and Belarusian affiliations in order to understand and mitigate any potential sanctions risks. Particular attention should also be given to the clients’ sources of funds and wealth, to ensure that their provenance is not from sanctioned individuals, organisations or jurisdictions. Depending on the firm’s exposure, review exercises could be quite laborious and will require resources with appropriate skills and sanctions experience to enable thorough analysis and accurate outcomes.
Sanctions name list screening may also present its challenges. First, firms will be faced with an increased number of alerts generated by their internal screening systems; and second, most organisations place reliance on their third-party providers to update their sanctions lists feeding into their screening engines. Firms should ensure that, particularly at this time of increased list volatility, any new sanctions lists are rigorously reviewed internally. This will help firms minimise the number of low-quality/false-positive alerts and help safeguard against incomplete screening.
Firms should document their rationale for any risk-based decisions, risk acceptance and/or remediation exercises in relation to recent changes in their governance framework.
Transaction due diligence and monitoring:
For firms offering trade finance products, the increasingly complex sanctions landscape means more stringent counterparty and transaction due diligence checks. Given the extensive export bans and changes to the dual-use goods licensing, particular focus should be paid to transactions involving such bans and dual-use goods, as well as to transactions for which it may be difficult to verify the origin and/or destination of shipments — such as for materials transported via road freight or involving obscure/difficult-to-verify intermediaries.
To fully understand their potential exposure to the Russian and Belarusian financial systems, firms should also review their correspondent banking relationships. Many direct correspondent arrangements involving those countries’ banks will cease due to their disconnection from the SWIFT international payments system (rendering RMA key exchange impossible) as well as to broader transaction restrictions. However, downstream correspondent activity within the firms’ remaining network represents a sanctions risk.
To safeguard against inadvertently facilitating payments for designated entities, firms may consider triggering KYC reviews of their partner banks, particularly where they are known to hold nested accounts on behalf of other institutions, or even consider forbidding down streaming. Furthermore, firms should review and, where required, recalibrate their transaction monitoring rules to ensure they can effectively identify and stop suspected sanction breaches, including within the pass-through traffic.
As previously noted, the newly adopted EU sanction regime includes extensive provisions for asset freezes affecting certain Russian and Belarusian individuals, entities and financial institutions. When managing these funds, firms should ensure that they have controls in place that adequately safeguard these assets from being accessed and used by anyone.
They should also consider what is and is not permissible with regards to possible changes of the character and location of frozen funds that they hold, and what activities would require prior authorisation from their National Competent Authorities. This is of particular importance to EU investment funds that may be seeking to liquidate shares they hold on behalf of designated persons through EU-based custodians or to firms needing to rebook (I i.e. move) a frozen account to a different entity or branch within their structure.
Horizon Scanning — Being Prepared for Further Restrictive Measures
Depending on the evolution of the conflict in Ukraine, the EU may adopt further restrictive measures against Russia, which will most likely include increased sanctions on individuals and entities based on the EU’s further investigations into Russian organisations (i.e. umbrella/shell companies). In addition, new and/or further restrictions are also possible against regimes seen as actively abetting Russian actions.
Some Western news outlets have speculated that shipping to/from Russia may also be suspended in the near future, as EU container lines have already started cancelling their bookings to and from the country.
Article by Anna Kostus, Managing Director and Irina Petrila, Senior Director
1: A country that is not a member of the European Union as well as a country or territory whose citizens do not enjoy the European Union right to free movement, as defined in Art. 2(5) of the Regulation (EU) 2016/399 (Schengen Borders Code).
2: Prohibitions also apply on holding accounts of Russian clients by the EU Central Securities Depositories, as well as on the selling of euro-denominated securities to Russian clients.
April 21, 2022
Senior Managing Director, Head of EMEA Regulatory Risk Management
Senior Managing Director
Senior Managing Director, Head of EMEA Financial Crime Compliance