The UK and EU have long prohibited the circumvention of their sanctions regimes. It means that companies cannot simply develop clever supply chains or elaborate corporate services structures to avoid their obligation to abide by the sanctions regimes in place. This has traditionally meant that an organisation could be found to breach sanctions where it 'knows or intends' to circumvent those sanctions. However, new guidance from the UK and EU suggest the regulators will start to take a more robust approach to potential circumvention and to expect more of companies to ensure they are compliant with sanctions. It is no longer likely to be enough simply to say: "we did not know."
The European Commission has published new guidance on the due diligence expected of businesses to prevent the circumvention of Russia sanctions. The UK government published similar guidance in May and the UK Financial Conduct Authority (FCA) has recently issued a review of the sanctions controls in financial services firms with recommendations for improvements.
This flurry of advice comes in the context of growing evidence of the circumvention of sanctions on Russia. For example, the US Financial Crimes Enforcement Network (FinCEN) has reported numerous instances of the supply of US sanctioned goods to Russian end-users by companies in intermediary countries, mainly in China and Hong Kong, but also in Belgium, Cyprus, Germany, Singapore, Turkey, UAE, UK, the Caucasus and Central Asia. The UK guidance describes how ‘front’ companies acting on behalf of Russians are sourcing sanctioned goods through third country intermediary companies.
If a sanctioned item exported to a third country is re-exported to Russia, the regulators may consider the exporter's failure to conduct sufficient due diligence to be a violation of sanctions. With regulators stepping-up their efforts to crackdown on such circumvention, we have drawn out some practical steps for businesses to help make their processes as robust and effective as possible.
Strategic risk assessment
The EU guidance recommends the following steps:
- Identify risks: be alert to techniques used to circumvent sanctions and map out goods, services and activities at risk, particularly those in high demand in Russia and if exports to third countries with trade links with Russia are growing faster than might be expected;
- Analyse risks: assess how those risks can be mitigated e.g. by trained staff monitoring contractual arrangements for customers and the end-use of the product;
- Implement mitigating measures: proactively incorporate the results of the risk analysis into internal procedures and test their effectiveness; and
- Regular updates: as sanctions measures and circumvention techniques evolve rapidly, update key information and staff training regularly. The FCA found that horizon scanning, scenario planning and conducting ‘lessons learned’ exercises help firms to improve their readiness.
- rigorous screening for onboarding and continuing relationships with all business partners, particularly those located in or with links to sanctioned countries, checking not only the counterparties but also their major shareholders, directors and senior managers to determine whether the counterparty is owned or controlled by a designated person; and
- determining whether other financial or trade sanctions apply to a proposed transaction, such as granting new loans, dealing in securities, making new investments, or exporting, importing, supplying and delivering, or making available sanctioned goods and services.
The EU and UK guidance list a number of indicators in respect of customers, goods and third countries that should trigger enhanced due diligence.
- physically located in or adjacent to countries of diversion concern;
- previously or currently have dealings or links with designated persons;
- use complex structures - layered letters of credit, front companies, intermediaries, brokers - whose complexity is not justified by the business profile of the customer or the transactions;
- share addresses with multiple companies, or personnel, address or telephone numbers match or are similar to any in the sanctions lists;
- resistant to providing details, especially on the end user and end use certification;
- lack a proven business record or business rationale for the products concerned;
- lack their own sanctions internal control systems; and
- recently established or have had recent changes in ownership or control, or transfers of shares from sanctioned to non-sanctioned persons.
- subject to any sanctions or export or import controls;
- contain components liable to be extracted and diverted;
- the details provided on trade documents are non-specific, misleading or suspicious;
- the price of the goods has risen since the imposition of sanctions; and
- proposed shipments are inconsistent with normal trade patterns, for example where a country does not normally export or import such goods in such volumes.
- the country of the stated end-user is different from the country where the order was placed;
- the stated destination is a country that does not apply restrictions on exports of sensitive goods to Russia and Belarus, or with weak export control laws or enforcement;
- the shipment route is inconsistent with normal patterns or is unusually complex; and
- payments or transfers will be made to traders or agents located near the borders of sanctioned countries.
Having conducted a strategic risk assessment and established robust procedures to identify and resolve any red flags, there are a number of recommended steps that exporters and financial services providers are advised to take to mitigate the risk of transactions circumventing sanctions.
- ensure that any risk indicators set out above are identified and resolved before proceeding. In particular, check on any third-party intermediaries and transhipment points for Russia and Belarus (e.g., China, Armenia, Turkey, Central Asia);
- in dealings with high-risk third countries, require signed end-user certificates stating a credible, legitimate intended end-use in the third country concerned and certifying that the goods will not be supplied, sold, exported or transferred to any person connected with Russia or Belarus, nor to any other person that does make the same commitment; and
- include contractual clauses with third-country business partners prohibiting further re-exports of the goods to Russia and Belarus and their resale to any third party business partner that does make the same commitment, as well as possible ex-post verification of these commitments.
Drawing on the findings of the recent UK FCA report on areas that need improvement:
- provide senior management with sufficient management information to enable them to discharge their responsibilities e.g. for the effective oversight and identification of risk;
- align global sanctions policies with the UK sanctions regime: they should not be unduly or exclusively focused on US sanctions;
- calibrate sanctions screening tools so that they do not produce high numbers of false positives or, conversely, fail to detect sanctioned persons. Use fuzzy logic to help identify name variations. Routinely test the effectiveness of processes through sample testing. Set up alerts in case certain names are added to the sanctions lists. Conduct regular testing and have agreed service-level agreements for the time taken for lists to be updated following a designation;
- conduct contingency planning, to be prepared in the event of new sanctions measures being adopted, to be able e.g. to rapidly review high-risk and prohibited country lists, and escalation policies and procedures;
- ensure proportionate skilled resources are assigned to sanctions procedures, to be able to promptly identify and manage exposures;
- ensure the quality of Customer Due Diligence (CDD) and Know your Customer (KYC) assessments, including the analysis of the full ownership and control structures of entities, particularly those where the beneficial ownership is obscure; and
- report to OFSI and the FCA as required, including if a person you are dealing with, directly or indirectly, is a designated person; you hold any frozen assets; you discover or suspect any breach, including whether the breach resulted from a significant failure in your systems.
In the event that goods or services supplied to an unsanctioned person or country are diverted to, or are used for the benefit of, a sanctioned person or country, failure by the supplier to have conducted adequate due diligence may in itself be a violation of sanctions. This means that traders and financial service firms are in effect obliged to have effective compliance systems in place. As the regulators step-up their efforts to stop sanctions circumvention, businesses need to do the same or risk facing substantial penalties as well as reputational damage.
* The contents of this article do not constitute legal advice and are provided for general information purposes only.
Andrew Hood is a partner and Richard Tauwhare is an adviser at Fieldfisher. Mr Hood can be contacted on +44 (0)330 460 6968 or by email: firstname.lastname@example.org. Mr Tauwhare can be contacted on +44 (0)770 311 0880 or by email: email@example.com.
Sign up to our email digest