Washington Targets Loopholes for Sanctions Evasion: How to Mitigate Risks

Bradley Intelligence Report

Client Alert


Since the February 2022 Russian invasion of Ukraine, the U.S. has adopted a new, more aggressive sanctions strategy, increasingly going after parties who enable sanctioned businesses and individuals to conduct business and shield their wealth. Since the invasion, over 13,000 sanctions have been levied against the Russian Federation – over 2,000 of those by the U.S. In addition, the U.S. government has created two new task forces to support and expand sanctions enforcement – the Department of Justice’s (DOJ) KeptoCapture Task Force and the joint DOJ/Treasury Russian Elites, Proxies and Oligarchs (REPO) task force, which focuses on oligarch asset forfeiture. This new, aggressive sanctions implementation and enforcement strategy poses substantial risk to financial institutions or businesses that operate in the international marketplace.  

Total number of list-based sanctions imposed on Russia by territories ad organizations from Feb 22, 2022 to Feb 10, 2023

Source: Statista

The scope of these news sanctions, enforcement actions and task forces go far beyond the traditional designation of specific persons by the Treasury Department or their addition to the Commerce Department’s export control lists. In a new, aggressive approach to sanctions enforcement, the United States has adopted a whole-of-government approach targeting private-sector actors who facilitate another party’s evasion of U.S. economic sanctions and export controls, acting as so-called facilitators.  Per Deputy Attorney General Lisa Monaco, the government will now aggressively “go after the enablers, the facilitators, the companies that prop up and enable and facilitate the ability of these oligarchs to hide their wealth, to shield it, to evade sanctions, and to capitalize on the kind of dark corners of the global financial system.”

This increasingly aggressive sanctions strategy creates potential civil or criminal exposure for financial institutions or businesses who use intermediaries that violate U.S. sanctions – knowingly or unknowingly. In December 2022, the DOJ charged seven individuals, including two U.S. nationals, who conspired to obtain sanctioned and export-controlled military-grade and dual-use technologies from U.S. companies for the Russian military via third-party intermediaries. In 2022, a $500,000 administrative penalty was imposed on a Texas-based company for violation of export control restrictions and OFAC-imposed sanctions for shipping integrated circuit components, which were components in missiles and military satellites, to Russia via a Bulgarian front company. And a recent Reuters investigation revealed possible sanctions and exports control violations by unnamed U.S. companies, including an instance in which a St. Petersburg-based company imported at least $138 million worth of electronics, including sanctioned-U.S. computer parts, from a Turkish-based company.


Maintain a risk-based sanctions compliance program

Financial institutions and businesses that operate in the international marketplace should maintain a risk-based sanctions compliance program (SCP) and conduct periodic assessments of their SCPs. At a minimum, an effective SCP should consist of:

  • Senior management commitment
  • A sanctions risk assessment
  • Internal controls
  • Testing and auditing
  • Training

An effective SCP will help clients identify and mitigate their risks of inadvertently violating complex sanctions and export restrictions regimes. 

Incorporate risk factors into SCPs

Risk-conscious businesses should incorporate risk factors into their SCP to identify third-party intermediaries who may use their products or services to circumvent sanctions or export controls. They should also train employees who manage operational risk to identify the indicators of possible sanctions or compliance issues. In March of 2023, the DOJ, Department of Commerce, and Department of the Treasury issued a joint memorandum that set forth a list of red flags to help risk managers identify business partners who may be engaged in sanctions and export violations. These red flags include behaviors such as resisting necessary paperwork such as end-user agreements, attempts to obfuscate company identity through steps such as using personal email accounts, using shell companies for international wire transfers, registering businesses to residential addresses, and routing shipments through known reshipment hubs commonly used to illegally redirect restricted items to Russia and Belarus, like Hong Kong, Macau, Armenia, Turkey, and Uzbekistan. The full list of red flags is available here.

Develop procedures to screen customers and third-party intermediaries

Businesses should supplement due diligence best practices by incorporating the consolidated screening list and OFAC sanctions list into their best practices. Regularly consulting these lists, in addition to advice, guidance and targeted actions from the Commerce and Treasury Departments, will reduce chances of committing an inadvertent sanctions or export violation.

Consider voluntarily self-disclosure

The U.S. government recommends that parties who believe that they may have violated sanctions or export control laws should voluntarily self-disclose the conduct to the relevant agency. While there may be significant advantages and government incentives to self-disclosure, anyone who suspects they have violated sanctions should promptly seek legal counsel before making any disclosures.