What the Latest EU Sanctions Package Means for Your Company

In June, the European Union adopted its 14th package of sanctions against Russia. In addition to sanctioning specific entities and individuals, this package introduced new compliance requirements for businesses that will impact their due diligence and risk assessment processes.

These new requirements mean that you not only have to conduct adequate due diligence on your customers, but you must also now have oversight over the entire supply chain and all third-party intermediaries, combined with the appropriate risk assessment. Some of these obligations will come into force on 26 December 2024, so companies must ensure that they have implemented the appropriate mechanisms by the specified deadline; failure to do so may result in significant consequences from the European Union.

The 14th package of sanctions measures aims to strengthen the enforcement of sanctions and close loopholes that have allowed certain goods and technologies to reach Russia despite existing bans.

Combatting Circumvention

One of the key elements of the 14th package is the focus on anti-circumvention. The EU now requires companies to perform stringent risk assessments to prevent their products, especially common high-priority items such as dual-use goods and advanced technologies, from being diverted to Russia. These assessments must be proactive and continuously updated, considering the evolving geopolitical and business environment.

Beginning on 26 December 2024, any EU business involved in commercial transactions that include these common high-priority items will be required to implement risk assessment policies  and procedures specifically designed to mitigate the risk of these items being exported to, or used in, Russia.

This includes extending compliance obligations to non-EU subsidiaries and affiliates, ensuring that they also adhere to EU sanctions. The sanctions package places a strong emphasis on the "No Russia" clause, which mandates that contracts explicitly prohibit the re-exportation of restricted goods to Russia. Companies are also required to include similar provisions in contracts involving the transfer of industrial know-how, particularly for goods that could be used in Russia's military efforts.

Similarly, from 26 December 2024, EU businesses that sell, license, or transfer intellectual property (IP) rights or trade secrets related to these high-priority items to non-EU partners must contractually prohibit those partners, as well as any downstream customers, from utilizing such IP or trade secrets for items intended for Russia.

For businesses, these new rules mean that compliance is no longer limited to direct transactions. Companies must now ensure that their entire supply chain, including third-party intermediaries in countries like Turkey, China, and Kazakhstan, does not facilitate the circumvention of EU sanctions.

The implications are far-reaching. Non-compliance can lead to significant legal and reputational risks, including potential fines and asset freezes. Therefore, businesses involved in the export of goods that could end up in Russia need to reassess their compliance frameworks, enhance their due diligence processes, and ensure that their global operations are aligned with the new regulatory requirements.

The package also allows member states to consider voluntary self-disclosures of sanctions violations as a mitigating factor in an enforcement case. This means that if you discover a violation somewhere in your supply chain, you have the opportunity to avoid fines if you disclose the information to the correct authority.

Components of a Risk Assessment

The risk assessment element of a sanctions compliance program is critical in identifying and mitigating potential risks associated with a company's operations, customers, and counterparties.

Firstly, companies should have a thorough understanding of the nature and scope of their operations, including the products and services they offer, the geographic locations they operate in, and their business partners. This understanding is essential in identifying potential sanctions risks.

Next, companies should assess the specific risks associated with their operations, customers, and counterparties. These risks may include the potential for engaging in transactions with individuals or entities subject to sanctions or conducting business in countries subject to economic sanctions. Enhanced due diligence on all suppliers, customers, and vendors in your supply chain is also vital to staying compliant.

The risk assessment should also consider any internal controls the company has in place to mitigate risks. This may include policies and procedures, training and awareness programs, and monitoring and testing.

The 14th sanctions package underscores the EU's commitment to enforcing sanctions more rigorously, and businesses will need to adapt quickly to avoid falling foul of these stringent new regulations.

To learn more about our specialized sanctions practice that can assist with the establishment and operation of due diligence and risk assessment processes, reach out to our team.