Following the U.S. decision to pull out of the Iran nuclear deal known as the Joint Comprehensive Plan of Action (JCPOA) and to reimpose sanctions, EU companies, such as carmaker Peugeot, engineering firm Siemens, and oil producers Total and BP, have begun to wind down investments and joint ventures in Iran despite the fact that European leaders have said that they will remain in the deal and find ways around the sanctions.

While this is leading to confusion and uncertainty for compliance officers, both Pekka Dare, a director with International Compliance Training (ICT), and Foundation of Defense for Democracies senior advisor Richard Goldberg agreed that trying to comply with sanctions over Iran was already a compliance nightmare.

“Over the last few years, even with the JCPOA, there has still not been a stampede of European companies getting into Iran,” said Dare. “You have three basic categories of banks in Europe—you have banks with U.S. DPAs (deferred prosecution agreements) such as the HSBCs and Standard Chartereds of this world; the terms of those agreements with the American authorities would preclude them from doing much of anything in Iran. Then, you have banks that don’t have a DPA but have a significant presence in the U.S., for example Barclays; and then a third category with very little direct exposure to the U.S. What we’ve seen is that all three categories are very wary of doing any direct business with Iran.”

“A couple-of-hundred-billion-dollar economy in Iran is in no way worth the risk of losing a multitrillion-dollar economy in the U.S.,” said Goldberg. “This means that most banks are walking away from Iran unless they are illicit, borderline financial institutions.”

“Part of this has been about the uncertainty,” continued Dare “and it’s also been about direct and indirect exposure and the fear of secondary sanctions from the U.S. Obviously, those banks that follow UN [United Nations], EU, and OFAC [Office of Foreign Assets Control] sanctions, there will be a list of countries and, in the case of Crimea, territories where they will not do any direct business, like Syria, Iran, and Iraq. They will have policies that preclude any direct business with those countries, which means that they could not deal with a customer who has residence in that country or facilitate goods flowing directly into that country or money coming from that country.”

“[The banks] are doing a lot of work on due diligence, and their risk appetite is really low. And with the Americans backing right out of the JCPOA, and threatening sanctions against anybody who dares to disagree with them, that appetite is really reduced.”

Pekka Dare, Director, International Compliance Training

But, with the JCPOA, said Dare, banks’ customers have wanted to explore opportunities in Iran, so the challenge for banks has been to conduct proper sanctions risk assessment of their customers. “So, for example,” explained Dare, “when a relationship manager onboards a commercial client in a commercial bank, part of the job is to assess the jurisdiction of that customer, who are their customers, who are they selling to. The banks have all had to work out what their tolerance is for indirect exposure. That might be where you have a customer who was wasn’t necessarily selling goods directly to Iran or Syria, but might be selling those goods to hundreds of distributors, and maybe one or two of those distributors might then sell those products into a sanctioned country.” Banks are struggling with this kind of indirect exposures and are wary of being involved in facilitating the flow of goods into a sanctioned country and then facing some sort of secondary sanction from the U.S.

“They’re doing a lot of work on due diligence, and their risk appetite is really low. And with the Americans backing right out of the JCPOA and threatening sanctions against anybody who dares to disagree with them, that appetite is really reduced,” said Dare. “A lot of banks might use an informal rule of thumb and say we would tolerate a client who had maybe 10 percent of their overall business indirectly exposed to a sanctioned country. But, we must not directly facilitate any of that business. Now all the banks will be looking again at those levels of tolerance.”

Dare reiterated that the latest withdrawal from the JCPOA has not had a massive impact, because most of the banks have already made this judgment. “Even if legally under the JCPOA our clients can do business in Iran,” said Dare, “what are the risks in that, and how are we going to do customer due diligence and understand the structures of entities we are dealing with in Iran? Because, while many of the sanctions were lifted, there were still many sanctions in relation to, for example, the Iranian Revolutionary Guard. So, if you are going into a joint venture with a customer who is a corporate entity in Iran, how easily could you see through the transparency of the ownership structure? There is nervousness about that.”

“From a compliance perspective, the baseline was that it was already hell to do business in Iran.”

Richard Goldberg, Senior Advisor, FDD

FDD’s Goldberg described the complicated situation: “From a compliance perspective, the baseline was that it was already hell to do business in Iran. Iran does not allow an independent compliance mechanism that would allow due diligence over your investments or contracts. You have to use an Islamic Republic sanctioned compliance team in the country. If you want to do a deal with an Iranian company,” he said, “you have to do the due diligence that would ensure that the IRGC [Islamic Revolutionary Guard Corps] is not behind that company, but the only way to do that is to ask the Iran-based compliance team to undertake that for you. That’s been a major hindrance to investment in Iran.”

Goldberg added: “Now you have layers and layers of sanctions coming back. Even if you paid a whole team of compliance officers around the clock they would still be likely to fail.”

Goldberg also noted that Iran could not reap the rewards of the sanctions relief because of the risk of the Iranian financial system and the fact that the IRGC was still designated as a terrorist organisation.

“There is also nervousness about the risk of litigation,” said Dare. The U.S. Anti-Terrorism Act allows individuals to sue anyone who provides material support to a foreign terrorist organization, such as in the cases of Freeman v. HSBC and Weiss v. NatWest, Dare noted. Banks have been prosecuted on a civil basis, because they’ve had exposure to Iran. “Even with Trump’s actions it has probably not resulted in a great deal of change; it’s just reinforced the banks’ current policies, which are already centered around all the uncertainties,” he said.

The difficulties of doing deals in Iran and still complying with sanctions law, said Goldberg, is disconnected from what European leaders are saying. “The political leadership is saying: Stay in the deal; we are going to provide ways for you to be protected from U.S. sanctions. We will bring in blocking regulations, which will shield you from any U.S. sanctions and, if the U.S. tries to fine you, you can sue in European court to try get your money back. But this is total market access being threatened; it’s not just a fine.”

Goldberg said the EU was considering a plan that would allow them to evade U.S. sanctions and continue to do business with Iran. Basically, Germany would allow anyone who wants to continue to do business with Iran to send the central bank—either the European Central Bank or the Bundesbank—their transactions; conversions would occur there, with all transactions settled at once. Then, a billion-dollar payment that is a total of all the European payments owed would be sent to the Central Bank of Iran. Goldberg said that it would be very difficult for U.S. regulators to parse out every transaction. “If the Royal Bank of Scotland sends a series of different messages to the central bank in Germany, which they do all the time, they will not be able to parse out which one is for Iran and which one is for Germany. The game of chicken is that the Bundesbank is daring the United States to designate a central European bank and to impose sanctions on them.” 

But he also said that the sanctions regime allows the U.S. to pursue individuals such as the bank’s governors, its directors, or even just employees. “There are ways for the U.S. to exert an enormous amount of pressure short of designating a central bank.” Goldberg added that the Iranian financial sector as a whole has been designated as being a jurisdiction of money laundering concern and that this has stayed in place throughout the life of the JCPOA.

And that’s just the problems with Iran. Dare said the situation with Russian sanctions can be even more complicated. “Russia is different, because you have you have SSIs [sectoral sanctions identifiers],” he said. “There’s not a comprehensive ban on doing business with Russia, but there are targeted sectoral sanctions—so the challenge there is what can happen with those sanctions regimes, because they’re incredibly complicated. For example, you have a comprehensive ban on dealing with anyone in the Crimean Peninsula—but that’s not simple, because how do you screen for a part of a country? You have to screen the names of ports, names of towns. … And, of course, in eastern Ukraine many people consider themselves to be Russian and describe themselves as living in part of Russia, so there’s real challenges with that. If you’re dealing with a Russian bank for example, like Sberbank, you can deal with them, but you can’t give them certain financial products like long-term capital loans.”

Dare said this meant that compliance officers had to conduct incredibly complicated screening of any transactions involving these Russian sectors, like deep sea oil, to make sure that they’re complying with sectoral sanctions. “An additional challenge for banks at the moment, with Americans daily bringing in new sanctions targeted against Russian individuals, is keeping their systems and policies up-to-date. The sheer pace and volume of change is a big challenge for banks, and all of us.”

Sanctions compliance has become, in the last few years, a recognized, defined professional discipline within banks, and people with those skills are very sought after. “It’s a very gray area,” said Dare. “People think it’s simple; if somebody or some entity is on the sanctions list you can’t deal with them. But what the banks are wrestling with are these gray issues around direct and indirect exposure, and sectoral lists. There’s a huge amount of fear factor around the size of the penalties as well.”

Dare pointed to the new U.K. Office of Financial Sanctions Implementation (OFSI), which has new regulatory powers that allows it to connect with the National Crime Agency. “They are actively reviewing many enforcement actions at the moment. You’re going to see more enforcement action in the U.K. as a result of this,” he said.

“There’s a lot going on,” said Dare. “Banks are constantly upgrading and downgrading their risk tolerance regarding certain countries. Who knows where we are going to be with Russia in six months’ time? And you’ve got North Korea on top of that.”