How the Ukraine war changed the global sanctions landscape

Brent Connor is a Shareholder, John Pearson a Partner, Henrietta Worthington a Solicitor, and Jaime Rosenberg an Associate, all at Vedder Price

The sanctions measures introduced in response to Russia’s invasion of Ukraine have been unprecedented. Since the invasion on 24 February 2022, nations and regions including the EU, UK, US, Australia, Canada, Japan, New Zealand and others have worked together to develop a complex toolbox of measures with the aim of “cutting off funding for Putin’s illegal war from every angle.”

The global response is notable for many reasons, including the speed of implementation, the aligned approach and the novel sanctions introduced. The coordinated actions have also had a significant impact on businesses that are affected by the measures.

Indeed, the speed and expansive nature of the sanctions regimes imposed in response to the Russian invasion, whilst lauded by many, has created significant uncertainty and complex compliance challenges for businesses.

Compliance challenges and effects – speed and breadth of sanctions

To date, the EU has introduced thirteen packages of sanctions against Russia. The bloc was able to act extremely quickly in spite of the number of member states required to agree on measures, which has slowed down the implementation of such regimes in the past.

The nature of the situation meant that the sanctioning jurisdictions introduced wave after wave of sanctions, in addition to amendments and derogations to the existing sanctions. Consequently, many companies were left rushing to understand and adopt the measures within the tight timeframes imposed for implementation.

Similarly, the US has implemented an extensive array of sanctions and export controls. These measures have included ‘primary sanctions’ that require compliance by US persons, and secondary sanctions that bar entities regardless of location from doing business with individuals and entities designated on the US lists.

Unlike many regulatory requirements which provide extended grace periods for companies to implement necessary amendments to their internal processes, many of the sanctions restrictions came into immediate effect or provided expedited grace periods.

A consequence of the swift way the regimes have been introduced is companies failing to understand their obligations and of certain measures having unintended consequences. As a result, regulators have seemingly found themselves on the backfoot publishing clarifications, derogations and extended guidance to help companies navigate through the requirements.

For instance, the UK’s publication of its legal services restrictions caused a stir in the legal community prompting the UK’s Law Society to issue a briefing to Parliament stating that the restrictions imposed by the regulation would actually “negatively impact the ability of solicitors to support businesses to comply with the complex web of sanctions legislation and enable them to cut ties effectively with Russia” (emphasis added). Ultimately, a general licence was issued to permit the provision of legal services in relation to sanctions imposed by any jurisdiction.

However, the perceived ‘trial and error’ approach has also had positive effects and has led to an increased information flow between the private sector and regulators. This approach has allowed regulators to better understand how regulations impact specific industry sectors and to work more collaboratively in their development of new measures.

Sanctioning jurisdictions continue to publish guidance, and expanded guidance by sector, with FAQ sections in a way that has not been seen previously, particularly in the EU and the UK. The US has issued 100 new FAQ documents including defining terms, and has processed hundreds of requests for licences and interpretive guidance.

The aim of the guidance is to help businesses avoid compliance pitfalls. In practice, transactions parties are placing significantly more weight on the guidance than they did prior to 2022.

In addition to expanding guidance tools, the US has issued a business advisory “to help ensure that businesses, individuals, and organisations have the information necessary to inform their considerations regarding the range of heightened risks associated with doing business in or engaging in transactions involving the Russian Federation or Russia-occupied territories of Ukraine.”

This includes activities that involve the Russian military-industrial base that were not explicitly addressed by sanctions, export controls or other trade restrictions providing clarity for US entities to comply with the extensive new sanctions.

It is clear that we have entered a new era of sanctions: the global response to the Russian invasion of Ukraine prompted the G7 and its allies to apply significant pressure on Russia via sanctions and to develop previously untested measures

Why new measures pose fresh challenges

Over two years on from the invasion, it is clear that despite the wide-ranging measures introduced, there is still significant leakage or diversion of goods to Russia. This has led to a focus on anti-circumvention and the introduction of novel sanctions measures. In particular, the UK and EU are concerned with monitoring how high priority items are still able to reach Russia.

From a US perspective, although comprehensive sanctions are not a new concept to US regulators (considering the US sanctions programmes including Cuba, Iran, and North Korea), the US government has not issued a comprehensive sanctions programme against Russia to date because of its concern of entangling Western allies that are still purchasing Russian oil and gas.

The US Russia sanctions programme is consequently extremely complex because it is not comprehensive, with the US’s fragmented approach targeting some sectors of the Russian economy, but not others.

It has become clear that sanctions restrictions have forced companies and individuals to seek alternative routes to transfer goods to Russia, thereby undermining the impact of the restrictive measures. Indeed, exports of high priority items to Russia’s neighbours have increased enormously, and have an increased risk of re-export to Russia.

Recent waves of sanctions have therefore focused on anti-circumvention measures to try and identify how circumvention is taking place, including increased notification obligations on parties. For example, the EU’s recent introduction of a ‘No Russia’ clause requiring for EU exporters to contractually prohibit the re-export of certain sensitive goods to Russia.

This requirement was specifically introduced “to combat the circumvention of EU export bans” and the EU hopes that the notification of any breaches will assist in identifying how high priority items continue to be channelled to Russia.

Alignment between sanctioning jurisdictions

Whilst the G7 nations have moved together on their approach to sanctions for some time now, the Russian sanctions were significant in the unified global approach: nations are increasingly moving in lockstep to implement regimes, multiplying the impact of economic measures.

Despite the overall cohesive approach adopted by the G7 countries in response to the Russian invasion, the surfeit of new sanctions has created significant compliance challenges for international companies and companies that do business overseas as there are inherent underlying differences between the aligned regimes.

Enforcement

When navigating the fragmented sanctions landscape, in practice many companies facing multiple regimes have made the commercial decision to prioritise the US requirements, usually on the basis of perceived appetite for enforcement.

Historically, the US has been the most aggressive in implementing and enforcing economic sanctions and export controls. In 2023 alone, the Office of Foreign Assets Control (OFAC) enforced 17 penalties against entities who violated US sanctions totalling USD 1,541,380,594.08 in fines.

It enforced four penalties totalling USD 8,085,195.86 in fines under its Russian sanctions regime in 2023. OFAC’s continued enforcement demonstrates the US commitment to compliance and protecting the US financial system from bad actors. With the release of numerous compliance guidance, OFAC is committed to working with the private sector to further promote the understanding of, and compliance with, sanctions requirements.

In contrast to the US, in the UK, no fines have been issued to date as a result of breaches of the Russian sanctions regime, which has led the Chair of the Foreign Affairs Committee to query whether it’s time “to ask difficult questions about the efficacy of [the Office of the Superintendent of Financial Institutions (OFSI)]’s enforcement capacity.”

Since it was given the right to impose monetary penalties in 2017, OFSI has issued 10 fines totalling £22 million. However, it is coming under increasing pressure to use its fining powers. In May 2024, OFSI updated its sanctions enforcement and monetary penalties guidance, summarising how it deals with breaches.

In the EU, enforcement is the responsibility of each member state and has therefore been patchy. However, the EU, like the UK, has shown its appetite to increase enforcement across the bloc. In March 2024, the EU approved rules aimed at harmonising enforcement through a new EU Directive that entered into force on 19 May 2024.

The new rules criminalise sanctions violations and introduce a common definition of, and minimum penalties for, sanctions violations. The EU has also emphasised the importance of ensuring that judges are “able to issue dissuasive fines” signalling that the bloc may be moving towards a US style enforcement approach.

Increasing use of thematic sanctions

The scope of thematic sanctions has evolved hugely since the US enacted the Global Magnitsky Human Rights Accountability Act in 2016. Thematic sanctions regimes now encompass chemical weapons and non-proliferation, corruption, cyber-attacks, human rights, narcotics and terrorism.

Thematic sanctions regimes give the sanctioning jurisdiction the authority to impose targeted sanctions on individuals or companies anywhere in the world who have been involved in the specified act (e.g. human rights abuses or drug trafficking). Globally, there were 1,044 thematic sanctions designations made in 2023, which is nearly double the previous year.

The increase in the use of thematic sanctions creates compliance issues similar to those addressed previously in the context of Russian sanctions, including, for example, issues of breadth, novel measures and coordination in approach. A recent example of a novel thematic sanctions measure is the US’s proposed Fentanyl Eradication and Narcotics Deterrence Off Fentanyl Act (or the FEND Off Fentanyl Act).

If signed into law, the FEND Off Fentanyl Act will provide a framework for the US to sanction individuals and entities responsible for trafficking fentanyl and other illicit opioids.

Recently, OFAC and OFSI coordinated to implement sanctions under a thematic sanctions regime (namely the cyber-attacks framework). The US and UK’s aligned actions targeted a company and individuals tied to the China state-affiliated hacking group named Advanced Persistent Threat Group 31 (APT31) as a result of its “malicious cyber campaigns targeting democratic institutions and parliamentarians.”

The UK revealed that it is highly likely that the group hacked the UK Electoral Commission between 2021 and 2022, and that they attempted reconnaissance activity against UK parliamentarians in 2021. The US identified malicious cyber activity by the group targeting certain critical infrastructure sectors over a period from 2010 to 2020.

The sheer breadth of the sanctions has increased hugely, and the number of designations has grown exponentially as a result. The nature of thematic sanctions provides that any bad actor across the globe can become subject to sanctions. Consequently, companies can no longer afford to just avoid dealing with high-risk jurisdictions, but rather must ensure that they heighten their due diligence practices.

It is clear that we have entered a new era of sanctions: the global response to the Russian invasion of Ukraine prompted the G7 and its allies to apply significant pressure on Russia via sanctions and to develop previously untested measures.

More information is flowing to sanctioning authorities that will allow them to develop their regimes further. Businesses will need to stay vigilant, ensure their compliance processes are in order and adapt to any further changes.