New sanctions legislation targeting sanctions circumvention – what does this mean for financial institutions?

Following Russia’s invasion of Ukraine in 2022, the EU has drastically tightened sanctions against Russia. Preventing the circumvention of sanctions has therefore become increasingly important as such circumvention is attempted more frequently and on a larger scale than ever before (one of the biggest and most complex sanctions circumvention scheme is the so-called “shadow fleet” regarding the evasion of the oil price cap on Russian oil).

The latest EU sanctions package against Russia (and now the 16^th), which was released on 24 February 2025, reflects the importance to combat sanctions circumvention, adding new designated persons to sanctions lists and also adding new listing criteria. Furthermore, a similar emphasis on sanctions circumvention was also underlined by Directive 2023/1113/EU, as implemented in Germany in Section 15a of the German AML Act (Geldwäschegesetz), which entered into force on 30 December 2024. The new provision requires obliged entities executing a transfer of crypto assets, where the beneficiary or principal is a self-hosted address, to identify the AML risks associated with the transfer as well as the risks of non-compliance and circumvention of target financial sanctions and take appropriate risk mitigation measures. The German watchdog, BaFin, has recently issued corresponding administrative guidance.

These recent developments have a significant impact on sanctions compliance: While prior to 2022, sanctions compliance mainly consisted of name list screening, in a post 2022-world, this measure is considered as the bare minimum standard. Nowadays, sanctions compliance rather requires more sophisticated customer due diligence measures such as monitoring of customer relationships. In particular, compliance departments need to explore transactions more thoroughly as it is no longer sufficient to only know the originator’s and the beneficiary’s names. In order to identify relevant red flags and decide on a case-by-case basis whether further due diligence measures should be employed, it is necessary to assess the source and the intended use of funds and to track transactions - something that is already a key measure of AML/CTF prevention. Therefore, in order to understand how these due diligence measures can be employed for sanctions compliance, it is crucial to first understand their original purpose in the context of AML/CTF prevention.

What is the rationale behind the assessment of the source of funds and intended use of funds?

AML and CTF prevention come in two different ways: From the perspective of the financial institution, AML has a focus on incoming funds, CTF concentrates on outgoing funds.  

• AML typically involves the identification of illicit sources of funds and patterns and how funds from illicit sources are introduced to the financial system to disguise the origin of the funds. Therefore, a focus of AML prevention systems is on assessing the source of funds and identifying patterns to disguise the source.
• CTF, on the other hand, focuses on the purpose for which the funds are to be used, and whether this purpose is illegal. This is because most funds intended to be used to finance terrorism come from legal sources, so the question of the source is less important than the purpose for which they are used.

How is this linked to sanctions circumvention?

Both incoming funds and outgoing funds are relevant when it comes to the detection of sanctions circumvention. In the following examples, the seller attempts to sell goods to a purchaser who is located in a sanctioned country or region and tries to collect payment from the purchaser:

• Example for incoming funds: Virtual currencies are a typical payment method to evade transaction monitoring systems. For example, a person located in a sanctioned country or region wants to purchase goods that may not be imported to his location. He agrees with the seller of the goods to pay the purchase price with virtual currencies (e.g. bitcoin). The bitcoins are directly transferred to the seller’s wallet. The seller subsequently sells the bitcoins and receives euros, which are transferred to his bank account. The transaction monitoring system of the bank, accepting the incoming funds, only recognizes that the seller has received funds for a bitcoin transaction while the actual purpose of the transaction remains disguised.
• Example for outgoing funds: In order to facilitate the sale and export of goods that are subject to sanctions, sellers may use legal funds (e.g. from a bank loan) to purchase sensitive goods, such as dual use goods or technology equipment. The purchased goods are intended for an export to a sanctioned country, region or person, but if the seller chooses an unsuspicious shipping address (e.g. the seller’s own address, which is located in a non-EU country and not subject to sanctions) and uses legal funds to effect the purchase, the outgoing funds are unlikely to trigger alerts in the bank’s transaction monitoring system.

How the concealment of incoming funds and outgoing funds can be combined with fraud to circumvent sanctions 

Both examples can be combined with fraud as follows:

As displayed above, the Seller, which is the person facilitating the sanctions circumvention, employs methods designed to both disguise the use of the specific purpose and the source of funds. Employing these methods also makes it difficult for a bank’s IT system to detect the connection between the incoming funds and the outgoing funds, as there is seemingly no connection between the funds received due to a virtual currency transaction, and the outgoing funds which are used to purchase goods that are delivered to an unsuspicious address.

In order to even further reduce the likelihood of the outgoing funds to be investigated by Bank, Seller also commits fraud against Bank. Seller pretends to be a manufacturing company purchasing micro processors for its own business. For this purchase, Seller uses falsified business records vis-à-vis Bank, who in turn grants the loan and pays out the loan according to Seller’s instructions (no. 2 in the chart above).

This example also demonstrates that a single transaction may look unsuspicious, but a string of transactions may shed light on a scheme that is part of a larger operation designed specifically to commit sanctions circumvention. In the case at hand, if a bank only looks at one transaction, they are unlikely to identify the entire structure, however if they investigate the case and relevant red flags from various angles, the structure becomes more apparent. Therefore, in order to detect sanctions circumvention, financial institutions must, in addition to mere name-screening checks, deploy similar safeguarding measures and due diligence methods as required under AML/CTF-rules.

What measures are appropriate to identify and prevent sanction circumvention?

Reviewing individual transactions alone will consequently not suffice, but financial institutions have to employ the full spectrum of measures at their disposal to review both a string of transactions and also the overall client relationship. This means for example:

• Increasing the due diligence of customers – does the transaction pattern and volume match the ordinary business of the customer? Do the transactions look plausible given the area of business the customer operates in?
• Performing due diligence of third parties who have a connection (even if indirect) to the customer and/or the transaction at hand, for example transport companies, service providers, or business partners;
• Increasing the scrutiny for transactions linked to goods and the parties related, even if no export to a (high risk) third country is directly affected, e.g. reviewing the nature of goods and the export routes whether the export routes involve risks for sanction evasion, or risks of goods being redirected;
• Reviewing client relationships regarding connections to other clients or client groups, even if these clients are not directly related;
• Analyzing the parties involved and the source of funds when virtual currency transactions are concerned;
• Requesting further information and documentation from the client on various aspects of his business, if permissible, e.g. contracts, government permits, export licenses, bill of lading, bank statements, etc.;
• Conducting client outreaches and reviewing whether the client is aware of their risk exposure regarding AML, CTF and sanctions;
• In case of fraud cases, investigating potential links to sanctions circumvention. 

Similar measures are also proposed in the best practice guidance of the Export Control Enforcement of the G7-group, which was published to assist the industry in identifying Russian evasion practices and complying with the controls established by the G7 states, thereby protecting their technology from misappropriation, preventing reputational harm, and mitigating liability risk. The newly published best practice guidance urges caution when facing red flag indicators (such as concealing the end user, or when facing false or misleading documentation) and recommends conducting due diligence, analyzing the risk associated of sanctions violation/circumvention and ultimately, refraining from the transaction if the risk cannot be mitigated properly.

Outlook

2024 has seen a remarkable shift with more intensive enforcement actions and implementation of higher maximum fines (see also our blog post in relation to sanction enforcement trends in 2025) in case of a sanctions violation. Also, there is a stronger focus on sanctions topics and sanctions compliance within the AML annual audit in financial institutions – therefore, it remains to be seen whether more intensive audits will yield more findings which in turn may lead to more enforcement actions also by financial regulators. The financial industry used to have a head start compared to many other industries when it comes to sanctions compliance, but still, many challenges lie ahead with tougher regulation and increasing compliance standards.