New Wave of Sanctions Against Russia Stresses Compliance Programs

A new round of sanctions leveled against Russia last week by the United States and European Union, along with previous sanctions for Russia’s role in the violence that has plagued Ukraine  are imposing greater compliance difficulties for multinational companies.

Sanctions compliance is nothing new, of course, and U.S. officials, in recent years, have frequently wielded them as a diplomatic weapon.  The current, evolving Russian sanctions, however, may be the most complex that businesses have ever faced. To start, Russia is one of the world’s top economies, especially in the energy sector, meaning that more companies are affected. The sanctions also now go beyond merely designating individuals and companies to target entire industries and financing.

Traditionally, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has periodically issued its Specially Designated Nationals list, a tally of companies and individuals subjected to a range of restricted business activities. Companies have used fairly straightforward keyword screens to internally flag SDN designees. Now, however, firms also must respond to OFAC’s new Sectoral Sanctions Identification List, an industry-focused listing of individuals and entities with whom U.S. companies cannot transact with. New sanctions also prohibit new debt or equity issuances with terms of 90 days or more with certain Russian customers.

With new names, banks, and companies continually added to sanctions lists, companies that do business in Russia, even tangentially, face many compliance hurdles, says Amy Worlton, a partner with law firm WileyRein. “We are seeing a lot of companies that are right in the front lines of sanctions,” she says. “Financial institutions are committing ever-greater resources to sanctions and anti-money laundering compliance. It may be getting to the point where it affects their bottom line.”

Sectoral Sanctions

Sectoral sanctions require “a new kind of analysis and a more delicate one” and “there are innumerable questions about where they need to apply and where they don’t,” Worlton says. Although she has been impressed with how OFAC is responding to industry questions, the complex sanctions regime is leading many businesses to merely cut all Russian business ties, rather than zero in on what is prohibited.“It can be too costly, too risky, and too complicated to try to puzzle out whether a particular sanction applies,” she says. “It can just be easier not to do business with a party subject to sectoral sanctions.”

The Russian sanctions, more than any others, have underscored the need to be proactive in thinking through your sanctions risk, no matter what company or industry you are in.
William Barry, Partner, Richards Kibbe & Orbe

“Imposing sanctions against Russia is not the same as imposing sanctions against relatively small economies like the Sudan, or Cuba, or perhaps economies U.S. companies really didn’t have so much to do with anyway like Iran,” Worlton explains. The traditional model of SDN filters is no longer adequate because OFAC has said that when an SDN owns 50 percent or more of a subsidiary, that subsidiary is effectively treated as an SDN. “It’s not simple for a U.S. company or a global financial institution to figure out which subsidiaries they are doing business with in Russia tare 50 percent controlled by an SDN,” she says. “We have heard of clients spending huge resources to hire law firms, consultants, and other service providers to try to figure out whether their business partners and counter-parties are 50 percent or more controlled.”

Prohibitions on the issuance of new debt and equity with a maturity of 90 days or longer have to be closely monitored, says Jeremy Zucker a partner with the law firm Dechert and co-chair of the firm’s International Trade and Government Regulation practice. “You’ll need to pay attention to payment terms, because an argument could be made that if you are allowing [Russian customers] to pay you on terms greater than 90 days, then you have extended them credit, which is a form of new debt.”

OFAC and Compliance

The Following is from a set of Frequently Asked Questions published by the Treasury Department regarding Specially Designated Nationals.
Does OFAC itself require that banks set up a certain type of compliance program?
No. There is no single compliance program suitable for every financial institution. OFAC is not itself a bank regulator; its basic requirement is that financial institutions not violate the laws that it administers. Financial institutions should check with their regulators regarding the suitability of specific programs to their unique situations. [09-10-02]
What do I need to do to comply? Do I have to buy expensive software?
This is primarily a question for your regulator. What constitutes an adequate compliance program depends in large part on who your customers are and what kinds of business you do. Certain areas of bank operations, such as international wire transfers and trade finance, are at a higher risk than others. There are numerous interdiction software packages that are commercially available. They vary considerably in cost and capabilities. If your bank feels it needs to invest in software in its attempt to comply with OFAC regulations, OFAC recommends that you talk to your counterparts in other banks about the systems they have in place and contact vendors for an assessment of your needs. It should be noted that .TXT and .PDF versions of OFAC's SDN list can be manually scanned; OFAC also offers a free, online search engine at the following URL: http://sdnsearch.ofac.treas.gov.
How often do I need to scan my customer database for SDNs?
The frequency of running an OFAC scan must be guided by your internal bank policy and procedures. Keep in mind, however, that if your bank fails to identify and block a target account (of a terrorist, for example), there could be "real world" consequences such as a transfer of funds or other valuable property to an SDN, an enforcement action against your bank, and negative publicity
What are the features and benefits that banks should be looking for when selecting an OFAC compliance software package?
There are a wide variety of software packages available to the financial community. The size and needs of each institution help to determine what to look for in a package. Some packages are used to interdict sanctioned countries and SDN names in wire transfers, while others are used to check the names of new customers; other packages also filter the names of all account holders. One suggestion for finding the right software for your bank is to research what your peer banks are using and determine if the software package is working for them. Your bank also could talk to a variety of software vendors who can easily be located by doing an Internet search.
Source: Treasury Department.

“The Russian sanctions, more than any others, have underscored the need to be proactive in thinking through your sanctions risk, no matter what company or industry you are in,” says William Barry of the law firm Richards Kibbe & Orbe. “The problem is that, today, you might be able to transact with a particular Russian company or person, but how do you plan for the long term when you don’t know whether you are going to be stuck if foreign policy changes?”

Barry’s advice is to carefully vet not just direct transactions, but ancillary ones as well. New and expanded training programs should be considered to better empower employees to spot and report transactions that may trigger a sanctions concern. That training can also be extended to vendors and joint ventures as a supplement to contractual efforts to ensure sanctions compliance. “There is great value in not only vetting third parties for sanctions risks, but training them,” he says.

Audits Needed

Companies need to also audit their sanctions compliance program, Barry says. “There is a tendency to default to the older types of procedures where you type that name in and see if it comes up as an SDN,” he says. “It is very difficult to react in real time if that is your approach. It is not only a question of identifying when there is a problem, it is anticipating risk and making sure you don’t get stuck in a transaction that can do real harm to your business.”

Big fines from regulators (OFAC can impose fines of up to $19 billion) are not the only concern for firms. A sanctions violation will garner negative publicity and reputational risk. “It’s not only an enforcement risk proposition, it is a real value and market participation proposition,” Barry says. “Banks won’t want to deal with you if you have that reputation. Your counter-parties will identify you as high risk, and there are whole swaths of potential investors who will say they can’t do business with you.”

Companies that do business in Russia also face uncertainty about what comes next. “There are lots of questions, and those questions for the most part have murky answers,” Ronald Kirk, senior of counsel for the law firm Gibson, Dunn & Crutcher and co-chair of its international trade practice said during a recent Webcast. “What’s the next step? What the scope of future sanctions? What kind of due diligence will be required of businesses before they do business with a Russian entity? What exactly will be the Russian response?”

As for the last question, Russian officials have already begun banning certain food imports from the U.S. and are threatening to place a ban on the Big Four accounting firms.

“Another question, about as critical a question as you can have, is what will be the enforcement posture taken by OFAC,” Kirk added. “So far, we have seen a lot of teeth from OFAC, but no bite yet. At some point soon, they may very well decide to start enforcing some of these sanctions.”