Non-compliance with trade sanctions increasingly attracts severe penalties for organisations, according to a recent IRM and Lexis Nexis webinar. While the effectiveness of sanctions themselves has been debated in some quarters, the size, nature and penalties of non-compliance make sanction risk a real and growing area of interest for risk managers.

Mark Dunn, segment leader for entity due diligence and monitoring at LexisNexis, said on the webinar: “Sanctions are effectively instruments of a diplomatic or economic nature. They are introduced to bring about a change… to restrict an individual, organisation, or entity in the way they operate … [to] introduce high levels of security and prevent risk.”

Designed as an alternative to military action, measures can range from arms and trade embargoes to travel bans, asset freezes or reduced diplomatic, military or cultural relationships. Both the EU and UK implement and enforce their own sanctions regimes, but the United Nations is responsible for the highest number of sanctions applied globally, while the US Office of Foreign Assets Control (OFAC) is the most proactive when it comes to enforcing sanctions compliance.

When dealing with a person or organisation that has been made the subject of a financial sanction, British businesses and individuals are obliged to freeze any funds and economic resources that belong to the target and ensure no future funds or assets are made available to them, either directly or indirectly. They are also prohibited from taking part in any activity to circumvent the sanctioning measures.

Developing an effective sanctions compliance policy

Zia Ullah, head of corporate crime and investigations at Eversheds Sutherland (International) LLP, said that international and British legal frameworks do not prescribe processes for businesses to achieve legal compliance with sanctions: “Effectively, it’s left to companies to understand what their sanctions risk is. … The main [method] is a risk assessment outlining where your main area of sanctions risk is, defining and creating group or individual policies based upon that risk and training people about how best to comply within their individual organisations.”

According to Ullah, it’s also important to conduct customer due diligence both at the on-boarding stage and on an ongoing basis, with organisations obligated to report any sanctioned entity that they deal with. Depending on the industry, some companies may need to conduct daily sanctions screening of their customers and transactions.

In order to implement an effective compliance policy, it’s critical that senior management understand their sanctions compliance obligations. As part of a sanctions policy checklist, risk managers should prepare a company policy and procedures, including disclosure requirements, and communicate them to employees and third parties. It’s also useful to conduct regular sanctions compliance training and implement a screening process appropriate to the nature, size and risk of the business, aligned to associated third-party due diligence processes.


Organisational procedures should include escalation contacts for sanctions enquiries and violation reports, and all policies, procedures, training and screening systems should be regularly reviewed and independently audited.

As the world becomes more volatile, organisations’ sanctions obligations are likely to become more onerous. With violations of OFAC sanctions resulting in fines of up to $20 million and prison sentences as long as 30 years, risk managers need to prioritise implementing a sanctions policy rather than waiting for enforcement action to be taken against their organisations.

Listen here IRM and Lexis Nexis webinar.