In the wake of Russia's invasion of Ukraine, compliance has become increasingly complex as new rules flood in almost daily. In this blog we examine the errors, pitfalls, and challenges faced by businesses as they attempt to keep up with a constantly evolving landscape.

The unprecedented international sanctions regime imposed on Russia by the coalition of Western nations following its invasion of Ukraine, has presented a huge challenge for businesses across the world.

Failure to comply with this ever-expanding compliance landscape has resulted in many businesses being hit with major fines, not to mention the accompanying reputational damage.

In one example, The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) fined a Seattle-based virtual currency exchange $53 million for violating multiple US sanctions; the case emphasised the importance of implementing appropriate risk-based sanctions compliance controls.

The US regulator also imposed a penalty of over $6 million on an Australian logistics firm, highlighting the fact that the responsibility for sanctions compliance lies not only with banks and insurers, but with all companies across the entire supply chain.

But this is just the tip of the iceberg.

Regulators are coming under pressure to increase their scrutiny and actions against non-compliant firms; in the UK, MPs openly criticised the government for what they see as weak enforcement of its sanctions regime.

An increasingly complex environment 

Sanctions compliance has become a complex and constantly evolving landscape with new rules flooding in almost daily. Just a few weeks ago, a tenth EU package of sanctions was announced that once again ramps up the pressure with a raft of new rules.

While the media focus has been on sanctions that target individuals and entities from Russia, these simply add to the already significant restrictions on trade with other countries, and lateral campaigns aimed at restricting terrorist financing and cyberattacks. To underline the point, the US and the UK have over 30 active sanctions programmes, while the EU has more than 40.

Every organisation that conducts business in the EU is required to comply with these sanctions, which can include asset freezes, travel bans, as well as trade and investment restrictions.

To add to its complexity, the US and UK rules also apply extra-territorially, which extends their legal authority beyond their immediate geographical boundaries.

Avoiding compliance errors

According to Sebastiaan Bennink, partner at legal firm BenninkAmar Advocaten, the current Russia sanctions regime has hit the majority of sectors – with industrial, financial and services sectors being particularly impacted.

Bennink says that the biggest compliance mistakes companies make are not knowing whether restrictions apply to their products, not knowing who they are dealing with, or whether the intended transaction may involve direct or indirect sanctioned parties. If a business attempts transactions without that knowledge, it results in significant regulatory and reputational risks.

To avoid such mistakes, Bennink recommends applying transparency, communication, cooperation and a critical eye throughout compliance processes and procedures.

With this in mind, the latest automated technologies should be employed in order to provide fast and accurate insight into the parties you might be involved with.

Understanding the challenges

The Association of Certified Sanctions Specialists (ACSS) has highlighted additional potential compliance missteps, such as a dysfunctional compliance culture, poor controls, lack of training, and missing red flags of sanctions evasion.

Part of the problem is the sheer weight of compliance information that companies have had to absorb in such a short period of time.

Cyprus-based independent trade controls consultant Maria Miltiadou said companies have had to digest new sanctions from the US, EU, and UK, assess the risk, then close down activities, and sometimes longstanding relationships, with sanctioned companies.

“It’s taking time to understand what they can and can’t do,’ she said. “All the factors they have to consider are mind-boggling, and they’ve been frantically trying to get their heads around it.”

One significant challenge is that each jurisdiction’s approach is slightly different – for example, the US, EU and UK have different sanctions lists and approaches.

Miltiadou said: “You start by looking at who you’ve been trading with – customers and suppliers – and how. If you are a retailer, that includes looking at your products and where they are made. Identify all the jurisdictions you operate in and the rules for each.”

One blind spot can be if you have branches around the world, but some of them do not follow sanctions compliance processes as rigorously as your main office.

Another can be if third parties – such as agencies, banks and payment platforms – are involved in a transaction that haven’t been checked as rigorously as the main parties.

Avoiding the pitfalls

One potential pitfall is trade controls over dual-use items that have both civilian and military uses. This covers a wide range of items and supplies, from chlorine to facial recognition technology.

Also, companies may have multiple layers of ownership that may conceal that the ultimate owner is a sanctioned Russian.

Yet another complicating factor is the 50% ownership rule which governs how sanctions apply in certain jurisdictions. This can be difficult to calculate with companies that have complicated ownership structures.

“Even if the firm is not on a sanctions list, it’s your responsibility to figure out if it’s 50% or more owned by a company that is,” said Miltiadou. ‘That’s complex because some companies have obscured the ownership. Even if you get over the hurdle of the 50% rule, you have to think about reputational risk.”

Many compliance professionals identify other firms as high risk if they have links to Russia and treat them as sanctioned even if they are not on an official sanctions list.

How automated technology will keep you keep pace with an ever-changing sanctions regime

The Russia sanctions regime shows little sign of abating.

As a result, it requires every business to pay much closer due diligence, in order to ascertain whether the companies they conduct business with are in any way connected with Russia, or are designated persons. 

Crucially, business across a wide range of sectors must undertake appropriate checks on clients and potential clients to ensure they comply with regulations, as sanctions are subject to strict liability if breached.

This becomes an almost impossible task if you rely on manual or outdated systems as they simply aren’t able to keep up with the speed at which sanctions are being imposed or updated.

To discover how the latest automated technology can help you to more efficiently mitigate risk when screening and onboarding clients, even when faced with the most complex client structures, request a discovery call today.


Most Popular

The latest in AML & KYC

Subscribe: Weekly AML Round-up

The latest financial crime and compliance content that matters, direct to your inbox.

More from the Blog

Fintechs: Know your AML vulnerabilities!

As regulators increase their scrutiny of fintechs, not only does this raise the risk of regulatory action and punitive fines, it can also lead to reputational damage and even prevent an otherwise promising early-stage business from fulfilling its potential.

At RiskScreen we work with hundreds of companies around the world from a wide range of sectors – both regulated and unregulated.

Any screening technology is only as good as its underlying data. That’s why we work to find the best providers, ensuring you get screening matches you can trust.


The latest news, commentary and events from RiskScreen. For industry insight, visit our AML insight hub, KYC360.

Used by over 30,000 compliance professionals for AML news & analysis. Free CPD wallet.


RiskScreen was founded by experts in financial crime. It’s because of this unrivalled subject matter expertise that companies choose to partner with us.