Navigating Board Duties & Investigation Risks: Sanctions - Part I

Economic sanctions and export controls are complex and cross-jurisdictional, creating significant liability risks for companies and their boards. 

This blog post discusses – in two parts – why economic sanctions and related investigation risks should be at the top of every board’s agenda. This in particular against the backdrop of unprecedented economic sanctions targeting companies deeply interwoven in the global economy and the increasing investigative scrutiny and enforcement by regulators.

Complex sanctions risk landscape

Companies today face a dynamically evolving sanctions risk landscape, exposing them to disruptive challenges due to intensifying global geopolitical tensions. Sanctions are multifaceted and cover a wide range of limitations for foreign trade activities. The most relevant types of sanctions for companies include: 

1. Asset freeze / blocking sanctions, which require the freezing of assets belonging to sanctioned persons or entities. In addition, EU asset freeze sanctions for example also prohibit the direct or indirect provision of funds or economic resources to sanctioned persons or entities. 
2. Product trade restrictions, which impose import and export bans on specific restricted products and prohibit the direct or indirect provision of ancillary services related to restricted products. 
3. Services ban restrictions, which prohibit the provision of certain professional services. For example, the EU services ban which, inter alia, prohibits the direct or indirect provision of accounting, business and management consulting, and IT consultancy services to the Russian government and legal persons established in Russia.
4. Other types of sanctions include the investment ban (restricting certain investments in sanctioned countries). 

As the complexity of sanctions programs and the required compliance efforts for companies continue to grow, sanctions compliance is a constantly evolving challenge. This is mainly because sanctions regimes (i) are interconnected across multiple jurisdictions (e.g. the oil price cap on a G7 level); (ii) can cover not only direct, but also indirect activities (e.g. via local representatives) as well as circumventive or other deceptive practices (see discussion further below); and (iii) demand comprehensive compliance efforts throughout the corporate governance framework (for instance screening of counterparties and products). 

Foreign trade activities often require compliance with not just one, but several sanctions regimes simultaneously, further complicating compliance efforts. This is due to legal, contractual or internal governance requirements of companies. For example, a web of contractual sanctions obligations with suppliers, customers and creditors can require compliance with foreign sanctions regimes (such as e.g. EU sanctions), even if the nexus to the respective jurisdiction would not be strong enough to create a compliance obligation by law. Additionally, companies sometimes voluntarily choose to adhere to a broader set of sanctions regimes, even in the absence of legal or contractual obligations to do so. 

As mentioned above, sanctions can – in certain cases – not only prohibit direct, but also indirect activities, making comprehensive due diligence and contractual safeguards throughout the supply chain indispensable. Furthermore, sanctions obligations do not stop at a company’s doorstep: For example, US sanctions can have extraterritorial reach, potentially creating US sanctions liability even where there is no direct US nexus. In addition, EU companies are obliged to undertake their best efforts to ensure that their non-EU subsidiaries do not undermine EU-Russia and EU-Belarus sanctions. This has tremendous effects on the corporate governance structure. 

Consequently, compliance with economic sanctions and the implementation of adequate risk management frameworks, including state-of-the-art compliance programs and monitoring mechanisms, require constant attention at the board level.

Sanctions liability risks

Non-compliance with sanctions can expose companies to severe legal and reputational consequences for companies and their board members, including: 

• Criminal liability and/or administrative fines: Sanctions breaches may result in criminal liability and/or significant administrative fines against companies and their board members and management. Under the EU best-efforts obligation, EU parent companies can also be held liable for not taking sufficient measures to ensure sanctions compliance by their non-EU subsidiaries. The upcoming Directive (EU) 2024/1226 also foresees on an EU member state level fines of up to 5% of the worldwide annual turnover of a company or a fixed amount of up to €40 million, with implementation required by May 2025.
• Contractual risks: Sanctions violations can also lead to breaches of contractual (sanctions compliance) obligations, potentially triggering default scenarios in financing arrangement contexts or resulting in arbitration or litigation alleging breaches of contract.
• Reputational risks: Beyond legal and contractual consequences, sanctions non-compliance carries significant reputational damage that can have adverse effects on a company’s market position and stakeholder trust.

Furthermore, regulators increasingly place higher expectations on companies. For example, the EU recently clarified that EU operators must conduct “appropriate” due diligence to be granted protection against liability (i.e. to prove that they had no reasonable cause to suspect that their actions would breach EU sanctions). In addition, the mere awareness of potential circumvention suffices as a breach of sanctions (previously the actual knowledge and circumvention intent was required). 

Key Questions

In light of these significant risks, boards should consider the following key sanctions compliance questions: 

• Do we fully understand all potential risks the company is facing? What are the specific sanctions / foreign trade risks? 
• Do we have the necessary monitoring systems in place to track political, regulatory, and legal developments that impact our business on a regular basis?
• Are our current compliance processes effective in mitigating sanctions risks? 
• Do we have a designated person responsible for sanctions compliance oversight and reporting to the board?
• How adaptable are our risk mitigation strategies to rapidly evolving sanctions frameworks?
• Do we have a well-defined response plan in place for addressing potential sanctions violations, including crisis contingency frameworks, internal investigations and reporting obligations?

Conclusion

Board members face liability risks related to sanctions and export controls. They must ensure that comprehensive measures and adequate controls are in place. Inadequate compliance management systems, ineffective export control management, and violations of sanctions or foreign trade regulations can lead to severe legal and financial consequences. Therefore, it is essential for board members to implement robust compliance programmes, which should be regularly reviewed and updated. 

In Part II of this blogpost our investigations team will discuss the importance of having established effective investigation frameworks to investigate potential sanctions related incidents.