Sanctions have quickly become the foreign policy tool of choice for countries around the world amidst the increasingly heated geopolitical climate over the past few years. Thus far, the EU, UK, US and their partner countries have imposed a series of extensive trade and financial sanctions packages against Russia, which are targeted at undermining Russia’s ability to continue the conflict.
Navigating an ever-changing sanctions landscape can be challenging for companies and their D&Os and it is no surprise that the risk of breaching sanctions has leapt into the top seven risks for those in financial services, especially the largest of companies within that sector.
Whereas trade sanctions target particular goods, a major component of financial sanctions are asset freeze measures, which freeze the assets of designated individuals and entities determined to have engaged in malign conduct. These measures will typically contain a prohibition imposed on all natural and legal persons within the relevant jurisdiction from making funds or economic resources available to, or for the benefit of, designated individuals and entities. Such prohibitions generally also apply to entities that are owned and/or controlled by designated persons despite such entities not themselves being expressly designated. Violation of asset freeze prohibitions can result in significant fines, unfavourable press and, in some cases, the violator itself becoming designated.
Prior to the 2022 invasion, UK and EU sanctions were primarily targeted at certain sectors and at individuals within what was described as President Putin’s inner circle. This has now vastly increased. As things stand, the UK and EU have collectively designated almost 1,500 entities and individuals, many of them with business interests inside and outside of Russia.
Central to mitigating the elevated sanctions risk is thorough sanctions due diligence, particularly where there is a Russian nexus. Sanctions risks will inevitably come to the fore when there is a claim arising from insureds based in Russia and/or from designated D&Os or third parties.
At a minimum, such due diligence should include sanctions screening, that is, checking whether relevant parties are on applicable sanctions lists. Enhanced due diligence will be needed if red flags arise, or to address concerns that an undesignated party may be owned or controlled by a designated person. Unfortunately, because the corporate structure of some private companies can be opaque, even the most rigorous due diligence will not satisfactorily resolve the ownership or control issue. This may well lead to questions about whether to seek a license from the relevant sanctions authority to permit otherwise prohibited acts.
Setting aside insurance considerations, D&Os should be alive to the implications that sanctions may have on them personally. In the event that a director or officer is involved in proceedings and one or more parties to such proceedings are designated (either a corporate entity or D&Os in their individual capacity), payment of settlements and/or defence costs connected to such proceedings could be prohibited without a specific licence authorising such payments.
These procedures will help mitigate the organisation’s risk of sanctions exposure through flagging of sanctions touchpoints, setting out protocols for addressing sanctions issues as they arise, and promoting best practices amongst employees going forward. Non-compliance with sanctions is likely to result in hefty fines on the corporate entity and/or on individual D&Os and accompanying reputational loss, which may diminish the value of a company. This may also precipitate ensuing shareholder claims against the responsible D&Os. In addition, in certain circumstances, sanctions breaches may result in criminal liability for the parties involved.
The importance of having robust sanctions compliance measures in place is illustrated in the recent case involving the French cement manufacturer, Lafarge. In this matter, Lafarge was found to have indirectly paid the terrorist organisation ISIS (a US asset freeze target) multiple millions of dollars to obtain permission to operate a cement plant in Syria between 2013 and 2014.
Following investigations by the US and other supporting jurisdictions, Lafarge was fined USD778 million in respect of its sanctions violations. The actions of Lafarge and its directors and officers also gave rise to a coverage dispute under the D&O policy.
Looking ahead, we anticipate that Western countries will shift their focus towards stepping up sanctions enforcement measures. Given the wide range of sanctions already in place against Russia, new restrictive measures are becoming more limited in scope. For instance, the EU’s 11th sanctions package will reportedly be focused on curbing loopholes in its sanctions legislation and preventing sanctions circumvention by designating those who facilitate sanctions evasion. The possibility of an EU-wide sanctions enforcement body is also being considered. Meanwhile, in the UK, the Office of Financial Sanctions Implementation (OFSI) is taking steps to increase enforcement action.
Therefore, in the current geopolitical climate, it is essential for insureds and their insurers to have effective sanctions compliance procedures in place in order to identify sanctions risk within their business operations and to be able to take steps to mitigate such risk.