In an interconnected global economy, operating in complex supply chains that extend across geographical borders has become a standard business model. This complexity comes with significant sanctions risk exposure – not just from targeted financial sanctions which target specific individuals or entities, but also from the ever-increasing web of trade and service sanctions deployed against specific countries, or sectors of the economy within those countries.

For example, following Russia’s full-scale invasion of Ukraine in 2022, Western governments have imposed wide-reaching restrictions targeting Russian companies and their ability to engage in the world economy – prohibiting the provision of professional services, cutting off access to international financial channels and investment, and severely restricting what goods can be imported from and exported to Russian companies. Alongside these broad restrictions, over 400 specific Russian companies – most prominently in the military, energy and financial sector – have been sanctioned by the UK government, many of them with complex ownership structures and subsidiaries throughout the world.

Sanctions are now used as a tool-of-first-resort by governments to respond to international crises, and businesses have to be acutely aware of the sanctions risk they are exposed to through their supply chains, understand the nuances of complex sanctions regulations to avoid inadvertently breaching sanctions, and conducting effective due diligence on counterparties to identify and mitigate sanctions risks. 

Building solid foundations

A risk-based approach

Basic sanctions screening will form the foundation of most firms’ sanctions compliance programmes. This involves screening the names of counterparties, partners, vendors and suppliers against lists of sanctioned entities in order to identify potential sanctions exposure. 

Sanctions screening alone, however, is often not sufficient to capture the full spectrum of sanctions risks that firms are exposed to, and should be enhanced with other controls.

A sanctions risk assessment will enable a firm to identify potential areas of its business where more due diligence is needed, and allow them to stay ahead of sanctions risks. Central to this process is the application of a risk-based approach, which ensures that resources are proportionately allocated to higher-risk relationships and transactions. This involves assessing the geographical reach of the supply chain and the types of goods and services involved in transactions, to establish whether there is any potential for dealing with sanctioned jurisdictions or entities.

A risk-based approach is also critical in third-party screening, where firms should assess the level of due diligence based on the risk profile of the counterparty, taking into account factors such as ownership structures, country risk, and the likelihood of indirect sanctions exposure through intermediaries.

Optimising with additional lists

Many firms supplement sanctions screening with other lists, such as:

• Ownership and control lists. These include names of entities who may be owned or controlled by a sanctioned party. This is important, as firms are prohibited from dealing with these entities even if they are not themselves sanctioned.
• State-owned enterprises. Given that many sanctions and export control restrictions target the military industrial complex of key countries, lists of state-owned enterprises are a helpful way to identify any firms who have exposure to the government. EU sanctions, for example, prohibit any transaction with entities owned 50% or more by the Russian government.
• Politically exposed persons. PEPs, due to their positions of power and influence in sanctioned states, may also be an additional indicator of increased sanctions exposure, in addition to bribery and corruption risks. 
• Adverse media. Media outlets, such as the International Consortium of Investigative Journalists, conduct complex investigations into alleged sanctions breaches or evasion. In its Cyprus Confidential files, the ICIJ published details of companies involved in alleged sanctions evasion by designated Russian oligarchs, with many of those companies not yet on a sanctions list. Adverse media can therefore be a proactive sanctions intelligence tool. 

Applying sector context

Firms should understand how the sector they operate in might be exposed to sanctions. While export controls can be highly technical – with small deviances in product specifications sometimes making the difference between whether a specific item is prohibited for export or not – firms should understand at a high level whether any counterparties they deal with are in sectors more vulnerable to sanctions and export controls. This includes, for example, products with a military end-use, heavy and precision manufacturing, advanced computing, and the energy sector.

It should be noted that for Russia, the list of prohibited sectors goes far beyond these categories. To aid firms in this exercise, the EU introduced lists of Economically Critical Goods of industrial items that Russia relies on from the EU, and a list of Common High Priority Items (published together with the US, UK and Japan) which includes dual-use items and technology used in Russian military systems. 

---

Detecting sanctions evasion

While firms may screen parties in their supply chains, these efforts may be obscured by the ability of sanctioned parties to engage in ever-more sophisticated sanctions evasion methods. These can include the use of shell and front companies to obscure the true counterparty to transactions, falsification of shipping and invoice documentation, or routing goods through third countries to conceal the true end destination. Crucially, many of these techniques cannot be detected through screening alone, but require firms to stay vigilant, spot potential signs of evasion, and identify patterns that may indicate that sanctions evasion techniques are being used. 

Staying on top of evolving typologies and applying them in real-time to transactions or business relationships can be challenging without the use of technology. Technology can be used to detect and trigger alerts for certain scenarios (for example, counterparties in certain countries combined with specific product codes), while more sophisticated AI methods can be deployed to combine multiple data points, identify hidden links and networks, and predict the likelihood of sanctions evasion taking place.

Firms should remain alert to the following indicators, which may point to attempted or ongoing sanctions evasion:

Countering Russia sanctions evasion

In recent years, governments have particularly focused on countering Russia’s attempts to circumvent trade sanctions and issued red flags and best practice guidelines that industry should familiarise themselves with and implement.

Examples of this include:

• Whether or not the country of transit or end destination is neighbouring Russia or Belarus, or has easy transport options to those countries (Guidance for EU Operators, issued by the EU Commission).
• Sudden changes in business and trading activity of counterparties after 24th February 2022 (industry guidance issued by the G7), or companies dealing in high-risk goods (e.g. dual-use items) set up after February 2022 outside Russia.
• The need to conduct enhanced due diligence when exporting at-risk products to certain countries identified by the UK government (guidance and country list issued by the Office of Trade Sanctions Implementation).

Tackling non-compliance

It is important to note that sanctions evasion can also occur through misunderstanding or non-compliance. In its 2024 Threat Assessment for the Financial Services Sector, the UK’s Office of Financial Sanctions Compliance (OFSI) noted that most non-compliance by UK firms occurred due to common compliance issues, including breaching license conditions, inaccurately assessing ownership of sanctioned parties, or failure to identify a UK nexus that would make the transaction subject to UK sanctions. The same issues likely persist in other sectors too, given the often complex nature of sanctions requirements. 

Crucially, any firms that are part of a larger group of companies must understand what sanctions regulations they have to comply with. For example, UK sanctions apply to all individuals and entities in the UK, as well as any legal entities established under UK law, plus their branches and subsidiaries, wherever they are in the world. While the UK parent entity may understand and comply with their sanctions obligations, its subsidiaries and offices overseas will conduct their own business relations and have their own counterparties. Ensuring that any branches and subsidiaries understand and comply with sanctions obligations established at the group level is therefore critical to mitigating supply chain sanctions risk. 

Creating a sanctions-ready supply chain

Managing sanctions risks in complex supply chains is critical to complying with sanctions regulations, and is not a task that is achieved overnight. Rather, it is an ongoing process of continuously assessing exposure to sanctions risk through the supply chain, understanding sanctions regulations and how to comply, and designing controls which sufficiently identify sanctions risks and prevent sanctions evasion.

A risk worth managing right

In an era where geopolitical tensions are increasingly shaping global trade, managing sanctions risks across supply chains is no longer optional. As sanctions become more dynamic, complex, and far-reaching, firms must go beyond basic compliance measures and adopt a risk-based, holistic approach to identifying, assessing, and mitigating sanctions exposure.

This involves understanding not only who you are dealing with, but also where goods and services are going, who ultimately benefits from them, and whether counterparties fall within the scope of applicable sanctions regimes.

Ultimately, building a resilient sanctions compliance framework is not just about avoiding enforcement – it is about protecting your business and its integrity in an increasingly volatile regulatory and geopolitical landscape.