Understanding Sanction Compliance: Responsibilities Beyond the Board of Directors
Understanding Sanction Compliance: Responsibilities Beyond the Board of Directors
The importance of sanction compliance for companies has dramatically increased in recent years. Failure to conduct thorough checks or even small errors can lead to severe reputational damage or, in extreme cases, criminal liability. In this article, we delve into the intricacies of sanction compliance, the associated challenges, and the best practices companies should follow to mitigate risks, as explained by Jānis Ciguzis, the head of the AML and Sanction Practices Group at the BDO Law firm.
Key Responsibilities for Sanction Compliance
The obligations for businesses regarding sanction compliance vary depending on their legal status. Companies listed under Latvia's AML (Anti-Money Laundering) and Counter-Terrorism Financing Law, such as banks, legal service providers, accountants, and real estate brokers, are required to implement internal control systems (ICS). This system is designed based on risk assessments that consider factors such as client behavior, geographical reach, and supply channels. The goal is to create robust policies and procedures to monitor and control identified risks, including investigating clients and reporting suspicious activities.
For companies not directly subject to the AML law, compliance with national and international sanctions is still mandatory. Although establishing an ICS specifically for sanctions is not required by law, it is highly recommended, especially for businesses exposed to higher sanction-related risks.
The Scope of Sanction Checks
Many business leaders question whether the sanction search tool provided by the Financial Intelligence Unit (FIU) of Latvia covers all possible sanctions—be they national, European Union (EU), or United Nations (UN) sanctions. However, it is essential to realize that not all entities will explicitly appear on these sanction lists. This means that relying solely on a company’s name in a search engine may not reveal hidden risks, such as ownership links to sanctioned persons.
In practice, entities where a sanctioned person holds less than 50% ownership might still be involved in control mechanisms, making it risky to engage with them. While the legal requirement for full control is over 50%, hidden control arrangements are common, so companies must carefully evaluate each potential partnership to avoid unintended breaches of sanctions.
Access to Critical Information
Accessing information on potential business partners can be a daunting task, especially when dealing with entities outside of Latvia. For Latvian-registered companies, ownership and beneficial owner information is available through the Company Register. However, for businesses registered in other EU countries, information is often harder to obtain and may come with additional costs. In some countries, such as the Netherlands, recent legal developments have made beneficial ownership registers less accessible due to privacy regulations.
For companies doing business with third-country entities (i.e., non-EU countries), acquiring this information can be even more challenging. In such cases, companies may need to rely on cooperation from their business partners or invest in expensive third-party data sources to gather essential compliance information.
Sanctions in Practice: Challenges and Risks
One key issue businesses face is navigating sectoral sanctions, which can restrict trade with certain countries or specific goods. For example, while a company may legally trade non-restricted goods with a country under sectoral sanctions, other factors must be considered. A military goods producer, even if selling non-restricted items, might still pose risks due to ownership or operational ties to sanctioned individuals or entities.
The situation is even more complicated when engaging with businesses outside the EU, where transparency is limited, and legal requirements for reporting are different. Thus, companies need to conduct a thorough investigation into both the ownership structure and the goods or services involved in a potential transaction.
Best Practices for Minimizing Risk
Companies can take several steps to mitigate risks associated with sanctions, including:
- Implementing an ICS – Even if not required by law, establishing an internal control system for sanctions can provide a safety net, especially for businesses exposed to high-risk markets.
- Thorough Documentation – Keeping detailed records of all sanction-related checks and decisions is crucial. In the event of an investigation, proper documentation can serve as evidence that the company acted in good faith and followed best practices.
- Periodic Monitoring – Companies should not assume that a single check at the start of a business relationship is sufficient. Continuous monitoring and re-evaluation of business partners, especially in the context of changing international regulations, is essential to maintain compliance.
- Engaging Professional Help – Given the complexity of international sanctions and the legal nuances involved, companies are encouraged to seek advice from professionals, such as legal experts or specialized advisory firms. These experts can help navigate the challenges of compliance and reduce exposure to sanction risks.
Conclusion: Compliance is Everyone’s Responsibility
While the responsibility for sanction compliance primarily falls on the company’s board of directors, all employees involved in financial transactions or partner relationships must be aware of their role in ensuring compliance. Sanctions are a complex and evolving area of law, and as such, companies must be proactive in establishing comprehensive risk management strategies to avoid legal and financial repercussions.
Sanctions are not just about legal obligations; they are about safeguarding the company’s reputation and ensuring long-term business viability in an increasingly interconnected and regulated global market.