Sanctions are becoming the first resort for breaches of certain international norms, and their types and range of targets is increasing rapidly. This article analyses the current and future sanctions trends that businesses need to be aware of, and the associated risks. This article was first published on Complinet on 7 April 2016.

Overview

Sanctions compliance has never been as much in focus as it is right now. High–profile enforcement actions, resulting in major penalties being given to financial institutions and companies, are becoming more frequent. Enforcement is increasingly in the context of mainstream commercial activity, rather than for ‘weapons of mass destruction’ (WMD) and military activity. Wary banks are causing transactions carrying any sanctions risk at all to become extremely difficult, even if technically legal.

As one indicator of the increased regulatory focus on sanctions compliance, HM Treasury has created a new Office of Financial Sanctions Implementation (OFSI) to ensure that sanctions are properly implemented and enforced. The Policing and Crime Bill (the bill) proposes legislating for new monetary and criminal penalties and providing the enforcement community with a broader and more flexible array of powers.

Politically and diplomatically, the implementation and easing of sanctions is of increasing importance to supranational organisations and governments as a foreign policy and national security tool. Sanctions are becoming the first resort for breaches of certain international norms, and their types and range of targets is increasing rapidly.

This article looks at these trends and other current and future sanctions trends that businesses need to be aware of, and the associated risks.

Trends - policy

Economic sanctions remain a popular foreign policy tool for Western governments. They bridge the gap between diplomacy and military intervention and are used by governments to make the fullest possible contributions to foreign policy and national security goals.

In recognition of this, the United States and EU are coordinating more closely to further their foreign policy objectives. The most striking recent example has been in response to the conflict in Ukraine, where US and EU measures were very closely coordinated, with almost identical measures, targeting very similar lists of persons and entities, introduced at the same time.

This has been particularly effective for the Russian sectoral sanctions which restrict access to Western financing for strategically important Russian companies in the energy, finance and defence sectors, and which would have been undermined by differences in the EU and US approaches.

The Russia/Ukraine sanctions also highlight a shift in the reach of sanctions regimes. The United States and EU sanctioning a major power within the global economy is unprecedented. The sectoral sanctions also target companies for their strategic importance rather than any allegation of facilitating the conflict.

The result is that Western companies that have previously avoided sanctions by focussing on low–risk counterparties, stable geographies, and non–contentious sectors (steering clear of nuclear and defence), now need to think much more closely about whether their activities will engage sanctions.

Trends - rules

Although US/EU coordination slightly reduces compliance complexity, we are seeing the rules themselves become more complex with multiple layers of statutes and executive orders, and regulators applying novel and inventive types of sanctions.

The crisis in Ukraine led to a raft of new and untested types of sanctions including prohibitions on dealing with the money market instruments and transferable securities of important Russian companies, and restrictions on investment in strategic Crimean industries (such as energy, transport and telecommunication).

Iran sanctions have also been fiendishly complex with restrictions around insurance and shipping to choke off Iran’s practical ability to access sensitive technology.

Another trend is regulators’ willingness to partially relax the rules in response to positive developments. This is most evident at present in Iran. On 16 January 2016, Iran received far–reaching economic and financial sanctions relief from the UN, United States and EU after meeting key nuclear commitments set out in the Joint Comprehensive Plan of Action (JCPOA) reached between the P5 +1 (China, France, Germany, Russia, the UK and United States), the EU and Iran on 14 July 2015.

However, there is limited relief under US sanctions on Iran, with all primary sanctions applicable to US persons remaining. Significant EU sanctions also remain in force, and the JCPOA includes a threat of ‘snap back’ if Iran breaches its commitments. Understanding what is and is not permitted during this state of flux takes up a great deal more compliance resource than simply avoiding the jurisdiction altogether.

Businesses are also facing challenges keeping up with the multi–faceted relaxation of US sanctions targeting Cuba. The US President has announced periodic cumulative easing of executive sanctions, but Congressional sanctions remain in place, and EU continues to ‘block’ the sanctions by imposing penalties on EU persons that comply with the US sanctions.

Trends - enforcement

Enforcement is becoming more of a concern for businesses. The range of types of cases that regulators, particularly in the United States, will follow is broader, and the possibility of major penalties is more real. The days of authorities focusing only on arms traffickers and WMD proliferation have long passed.

There has been a great deal of press around the enormous ‘wire–stripping’ fines from US regulators that related to masking of payment origin information by non–US banks, but there are a number of recent actions for conduct which a much wider range of business could find themselves at risk of being engaged in.

Taking Cuba as an example, CGG Services recently paid a $614,250 civil penalty for exporting US–origin goods to ships operating in Cuba’s territorial waters and processing data from seismic surveys benefitting a Cuban company. Even more starkly, Haliburton paid a $300,000 fine for providing oil and gas services to an Angolan project on the basis that their due diligence failed to identify a 5 per cent ownership holding of the project by a Cuban state entity.

In 2015, Schlumberger paid a $233m criminal penalty for conducting business with Iran and Sudan from the United States. Federal investigators found that some of Schlumberger’s shipments to Iran and Sudan involved US–based employees in the company’s drilling–and–measurements unit in Texas. Employees for Schlumberger’s Iran and Sudan operations also contacted the company’s US–based employees for technical support.

This year, Johnson & Johnson was issued with a Finding of Violation letter (but no fine) after US authorities found that a US person was involved in the supply chain for shipping goods with a value of $227,818 from Egypt to Sudan.

The focus to date has been on US enforcement, but we are seeing moves in the UK through the establishment of OFSI and the bill towards expanded regulatory capacity and enforcement powers.

The bill, for example, includes: raising criminal penalties from a maximum of two years to seven years for a breach of financial sanctions; enabling deferred prosecution orders and serious crime prevention orders to be made for breaches of financial sanctions; empowering OFSI to issue monetary penalties for breaches up to the amount of £1m or 50 per cent of the value of the breach; and enabling the UK to implement UN sanctions on a temporary basis to reduce the risk of asset flight.

What do businesses need to do?

Primarily, all businesses, including financial institutions and their business customers, need to take their sanctions compliance processes much more seriously than many have done in the past. The range of targeted sectors has grown to include international banks, some of the world’s biggest energy companies, and businessmen involved in the operation of major companies worldwide.

The risks of non–compliance are also increasing with heavy US fines, a new UK regime and financial regulators looking very closely at financial institutions from a systems and controls perspective.

As well as dealing with the more traditional systems around compliance, businesses need to ensure that their commercial contracts, their insurance contracts and their financing arrangements provide sufficient flexibility for them to be able to de–risk if new sanctions come into force without putting them in breach of contract or affecting the cover of their core risk management and financing.

Transactional advisers, insurers and other financial institutions need to take these points on board in the context of their own risk management but also for their business customers.

Finally, the reward for having a strong due diligence program in place is rapidly increasing. Better KYC and transaction checking will reduce the risk of inadvertent breaches. But, just as importantly, in a world where banks will decline to process payments in contexts where sanctioned persons are involved at all, strong due diligence programs will allow businesses to provide their relationship banks with evidence allowing the banks to process payments and facilitate business for customers where competitors may be unable to.