Watch Out for These ‘Hidden’ Sanctions Traps
October 27, 2023
The ever-growing catalog of sanctions from federal agencies can trip up any organization. Even the most diligent companies can go astray.
As the conflict in Ukraine rages well into its second year, the Biden administration continues to isolate Russia from the world economy. The administration’s efforts include ramping up enforcement of U.S. economic and trade sanctions, and the Office of Foreign Assets Control (OFAC) continues to issue new designations at a steady pace.1,2
In October 2022, the Bureau of Industry and Security (BIS) also tightened restrictions on exporting artificial intelligence and advanced semiconductor technologies to China.3 In October of this year, BIS said it will begin rewarding investigators “who pursue cases with important implications for national security.”4 And last March, the U.S. Department of Justice (DOJ) — as part of its effort to combat criminal violations of trade laws — announced its plan to add more than 25 new prosecutors to “investigate and prosecute sanctions evasion and export control violations.”5
These developments are indicative of an evolving landscape of sanctions, export controls and related compliance standards the U.S. government has established to achieve its foreign policy and national security objectives. According to the U.S. Department of the Treasury, which imposes sanctions via OFAC, more than 300 sanctions have been levied against Russia alone that target the country’s ability to wage war on Ukraine.6
Keeping up with developments in this landscape is an ongoing challenge for compliance officers and legal counsel in both financial and nonfinancial institutions. At the same time, companies may face revenue pressures that can lead them to “act now and beg forgiveness later,” a risky practice that can lead to significant financial and reputational costs down the line.
In the past, some companies may have considered an OFAC penalty for violating trade and economic sanctions part of the cost of doing business. Today, the U.S. government is moving toward greater vigilance and enforcement.7 Companies that violate sanctions could face an OFAC settlement or penalty based on several hundred thousand dollars per transaction, as well as penalties issued by BIS, DOJ, federal and state banking regulators, and even local prosecutors, such as the Manhattan District Attorney’s Office.8
As these trends gain momentum, it becomes imperative for compliance officers and legal counsel to be aware of seemingly arcane regulatory details that can trip up even the most diligent companies. Here are four potential traps to consider:
- Mysterious Ownership: Organizational leaders looking to transact with a foreign person must know if their counterparty is named on OFAC’s Specially Designated Nationals (“SDNs”) and Blocked Persons List or is a subsidiary of an SDN.9 In addition to performing sanctions screenings, regularly reviewing press releases and guidance from OFAC will sensitize you to areas of risk associated with certain jurisdictions and industries. In addition, when performing diligence, it is essential to understand who the ultimate beneficial owners are of entities with whom you are transacting.
- A specific challenge here involves OFAC’s “50 Percent Rule,” which prohibits transactions with any entities in which one or more SDNs have an aggregate interest of 50% or more.10 Knowing who these entities are is critical, but identifying them can be extremely difficult. In fact, they likely will not be found on the SDN List.
- Recordkeeping Demands: OFAC requires organizations to maintain records of all transactions and accounts for five years from the date of the transaction or account closure.11 In addition, general and specific licenses issued by OFAC typically have recordkeeping requirements associated with all transactions conducted pursuant to the license.12
- Compliance issues can arise for companies that fail to preserve records when OFAC comes calling. For example, failing to maintain appropriate documentation of due diligence and transaction records can deprive a company of the evidence needed to demonstrate good-faith compliance measures or applicability of a general or specific license to authorize a transaction.13 By itself, failure to properly maintain required records can result in violations and lead to penalties.14
- Cross-Border Data: Gaining insights into foreign entities to assess whether they are potential sanctions targets is crucial for U.S. firms. However, when cross-border data collection is involved, remaining compliant with stringent regional and local data privacy laws (e.g., the EU’s GDPR) can stretch time and money resources. In some cases, accessing information from outside a particular jurisdiction is nearly impossible or outright prohibited.15 The information obtained may even be unreliable or fake.16 As firms rely on data for due diligence, competitive pressures to “act now” may be intense.
- Evolving ESG Regulations: In 2022, the SEC’s Enforcement Division collected a record $4.2 billion in penalties through its enforcement actions, nearly three times as much as in 2021.17 A portion of these penalties were related to ESG issues.18 As corporate ESG reporting faces growing scrutiny, companies must be mindful of the behavior and responsible social practices of the parties with whom they engage. There is significant potential for ESG compliance to become linked to sanctions compliance, particularly regarding targets involved in controversial activity associated with sanctions.
- This conduct may pertain to, among others, sourcing of natural resources or forced labor, supporting actions or persons who undermine democratic processes and institutions, or working with regimes engaged in unprovoked military aggression.
Last March, Deputy Attorney General Lisa Monaco reiterated earlier remarks she’d made emphasizing the DOJ’s “commitment to finding the right incentives to promote a culture of corporate compliance.”19 That commitment, and the tone set by and involvement of senior management, is one of the five essential pillars of a sanctions compliance program according to OFAC’s guidance.20 As such, this is a key element for every organization to consider when identifying ways to mitigate sanctions risk and demonstrate good-faith efforts at compliance.
Every company has a corporate culture — even if it is not actively managed — that dictates how people think, behave and make decisions within the organization. A culture of compliance, designed to get everyone to understand the importance of, and the role they play in, identifying and mitigating compliance risks, is critical. This culture must permeate the entire enterprise, not just the compliance and legal teams, because sanctions compliance inherently requires collaboration across many different functions and roles.
The first step to creating this culture is education. Senior management must understand what is required and appreciate the importance of sanctions compliance. This is where a comprehensive sanctions risk and program assessment can help. By assessing where risk exists and the state of a compliance program, leadership can set the standards — and tone — that guide the enterprise through enhancements or remediation to ensure that the program can weather the shifting landscape.
Indicators of a strong culture of compliance include:
- Clear statements and tangible examples of management’s commitment to compliance
- Clear sanctions policy and procedures for processes related to sanctions compliance
- Responsibilities for identifying and escalating potential issues by role that are reinforced by appropriate training
- Readily available information on how and where escalations of sanctions concerns should be directed
- Cross-functional collaboration on how data is leveraged to streamline compliance diligence and screening
- Recurring assessment of sanctions risk associated with products, services, geography, customers and other relationships to ensure appropriate internal controls are in place to mitigate those risks
Creating a culture of compliance is critical to foster enterprise-wide awareness around the importance of sanctions compliance. It creates a sense of responsibility throughout the organization that is key to providing information and support that compliance officers and legal counsel need to identify and manage the company’s sanctions risk and potential concerns. This collaborative effort across functions empowers companies to be proactive and prevent compliance issues rather than reacting to violations after they occur.
1: Goudsward, Andrew, “US Staffs Up for Sanctions Crackdown as Companies Face Fresh Scrutiny,” Reuters, (May 15, 2023) .
2: “Recent Actions,” Office of Foreign Assets Control, (Accessed October 13, 2023)
3: “Commerce Implements New Export Controls on Advanced Computing and Semiconductor Manufacturing Items to the People’s Republic of China (PRC),” Bureau of Industry and Security, (October 27, 2022)
4: Le Dem, Gaspard. “BIS Will Push Agents to Pursue ‘Bigger’ Enforcement Cases,” Global Investigations Review, (October 12, 2023),
5: “Deputy Attorney General Lisa Monaco Delivers Remarks at American Bar Association National Institute on White Collar Crime,” Office of Public Affairs: U.S. Department of Justice, (March 2, 2023),
6: “With Over 300 Sanctions, U.S. Targets Russia’s Circumvention and Evasion, Military-Industrial Supply Chains, and Future Energy Reserves,” U.S. Department of the Treasury, (May 23, 2023)
7: Wright, Ralph, and Beatrice Rincón Young, “As OFAC Sanctions Multiply, Risk Management is Crucial, Forbes, (December 1, 2022)
8: Mortlock, David, and Britt Mosman, et al., “US Sanctions Enforcement by OFAC and the DOJ,” Global Investigations Review, (July 8, 2022)
9: “Specially Designated Nationals and Blocked Persons List (SDN) Human Readable Lists,” Office of Foreign Assets Control, (October 12, 2023)
10: “Entities Owned by Blocked Persons (50% Rule),” Office of Foreign Assets Control, (Accessed: October 13, 2023)
11: “Bank Secrecy Act/Anti-Money Laundering Examination Manual,” Office of Foreign Assets Control, (Accessed October 17, 2023)
13: “Appendix A to Part 501 – Economic Enforcement Guidelines,” Cornell Law School, (Accessed October 17, 2023)
15: Cassin, Richard L., “Has China Outlawed Due Diligence?” The FCPA Blog, (August 23, 2023)
16: Romandash, Anna, “Russia’s Handbook for Evading Sanctions,” Inkstickmedia, (July 11, 2023)
17: Bandy, Anita B., and Raquel Fox, et al. “This SEC Press Release Is a Compliance Checklist for Corporations,” Skadden, Arps, Slate, Meagher & Flom, (December 13, 2022)
19: “Deputy Attorney General Lisa Monaco Delivers Remarks at American Bar Association National Institute on White Collar Crime.”
About The Journal
The FTI Journal publication offers deep and engaging insights to contextualize the issues that matter, and explores topics that will impact the risks your business faces and its reputation.