Managing sanctions and supply chain risk: What businesses need to know

24th September 2021

The combined challenges of Brexit, the Covid-19 pandemic, modern slavery, sustainability, and the broader environmental, social and governance (ESG) agenda have brought issues of supply chain management into ever-sharper focus in recent times. Against a backdrop of global tensions and protectionist trends, our International Trade specialists consider and offer their practical advice on another key feature of the supply chain landscape for businesses in all sectors to get to grips with – sanctions risk.

Sanctions in a nutshell

Sanctions are restrictions or prohibitions imposed by the UN, UK, EU, US and other countries to achieve specific foreign policy or national security objectives, maintain international peace and security and prevent terrorism. They include: trade sanctions, such as arms embargoes and controls on importing and exporting certain goods and technology (and on providing assistance and services related to them); and financial sanctions, such as targeted asset freezes, restrictions on financial markets and services, and directions to cease business with sanctioned individuals or entities. Sanctions may be imposed on specific individuals, companies or other organisations, ports, ships and aircraft, industry sectors or entire countries.

Post-Brexit, the UK has developed its own sanctions regime, independent of the EU. In relation to trade sanctions, there are some exceptions and licensing considerations that apply. For example, an export licence is required to export controlled goods, software and technology from the UK. Breaching trade sanctions and export controls is a criminal offence. Penalties include fines and up to ten years’ imprisonment. The Export Control Joint Unit of the Department for International Trade deals with export-related trade sanctions and licensing.

UK financial sanctions apply to all individuals and entities in the UK or who undertake activities here, and to all UK nationals and entities (including branches) wherever they are in the world. Breaching financial sanctions is a criminal offence, punishable by up to seven years’ imprisonment. In addition, the Office of Financial Sanctions Implementation (OFSI) can impose monetary penalties of up to 50% of the value of the breach or up to £1 million, whichever is higher. Note that a breach will fall within OFSI’s remit if it involves sufficient connection to the UK. This could include transactions using UK clearing services, actions taken by a UK company’s local subsidiary, or actions taking place overseas but directed from the UK.

OFSI publishes an updated consolidated list of sanctioned individuals and organisations (‘designated persons’). Russia-related sectoral sanctions are listed separately. Asset freezes and some financial services restrictions will apply to entities that are directly or indirectly owned or controlled by a designated person. As with trade sanctions, there are some exceptions and licensing considerations that apply. An OFSI licence will be required if a transaction involves a sanctioned individual or entity.

In August 2021, the Economic Secretary to the Treasury upheld a £50,000 penalty imposed on fintech company TransferGo Limited after it breached a prohibition in (pre-Brexit) financial sanctions legislation. The penalty concerned 16 transactions totalling just over £7,700, where TransferGo issued instructions to make payments to accounts held at a bank which was a designated person. It asserted that as the relevant clients and beneficiaries were not themselves subject to restrictions, the payments to their accounts were not breaches. OFSI considered that was not the case as funds held in bank accounts ultimately belong to those banks. TransferGo demonstrated a poor understanding of financial sanctions and, had it voluntarily disclosed the transactions, it could have received a 50% discount of the baseline penalty amount.

On 9 August 2021, the UK imposed a package of trade, financial and aviation sanctions on Belarus, in response to the continued undermining of democracy and human rights violations by the Lukashenko regime. They included measures covering the acquisition or supply and delivery of potash and petroleum products, restrictions on dealing with certain transferable security or money-market instruments, and provisions empowering the Secretary of State, air traffic control and airport operators to make certain directions with the object of preventing Belarusian aircraft from flying over or landing in the UK.

The UK’s Belarus sanctions followed on from similar EU sanctions imposed in June 2021 following the forced landing of a Ryanair flight in Minsk. EU nationals and entities (including branches), wherever they are or do business, and parties located in the EU or doing business there, must comply with EU sanctions.

In December 2021, the UK, US, EU and Canada imposed further coordinated sanctions in response to continuing attacks on human rights and fundamental freedoms in Belarus.

US sanctions are administered by the Office of Foreign Assets Control (OFAC). They are strict and focused on individual countries and on parties typically placed on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List). Their assets are blocked and US nationals and entities (including foreign branches), and anyone located in the US, are generally prohibited from dealing with them. Entities directly or indirectly owned 50% or more by one of the parties on the SDN List are treated as if they are on it. Again, certain exceptions and licensing considerations apply. Penalties for breach of most US sanctions programmes include up to twenty years’ imprisonment and fines of up to one million US dollars.

Importantly, non-US parties can be caught if there is a sufficient nexus to US jurisdiction (including transactions in US dollars) or if they are subject to ‘secondary sanctions’ by engaging in specified targeted activities (involving Iran, for example).

What are the risks?

Aside from the obvious risk of incurring criminal and other penalties, businesses will be acutely aware of the significant reputational damage that can flow from a failure to comply with international sanctions at a time of intense consumer and investor scrutiny of firms’ ESG practices. Sanctions rules are complex. They can bite at any touchpoint in the supply chain and in relation to any number of factors, such as the individuals, entities, sectors and jurisdictions involved, the source of the goods or the nature of the financial transactions. Compliance problems can start to appear when businesses come up against supply shortages but are under pressure to meet contractual requirements and to source the goods quickly from elsewhere, an issue exacerbated by the current pandemic, for example. Failure to comply with sanctions rules can impact on the ability to perform contracts, affect current and future funding arrangements and result in potentially significant time and cost being incurred in managing the fallout.

So what practical measures can be put in place to help protect the business?

Controls procedures

• Know your business: The probability and potential impact of sanctions risk will be specific to individual businesses. As an initial step, think about how the business is organised, where it is located, where it trades and the nationality of employees, shareholders and directors. Where are goods or services coming from or going to, who are they from or who is receiving them? Who is transporting them, how and via what routes? Where have products been sourced? What currency are you dealing in? Are there parts of the business that are more exposed than others?

• Internal risk management: Implement a clear internal sanctions policy with supporting guidance/a compliance manual tailored to the business and the level of risk it faces. Consider having an additional layer of approval for higher-risk activity. Ensure that staff understand the standards expected of them and that these are reflected in the conduct of senior management. Provide regular training to bring the sanctions policy and supporting materials to life. Adapt your messaging as required to accommodate the challenges of remote working. Ensure that you and your employees understand how their nationality or residence may affect sanctions compliance. Integrate your sanctions policy with your wider financial crime compliance programme.

• Know your suppliers and customers: Who are you doing business with, directly and indirectly? Screening parties against restricted lists is central to a sanctions compliance programme and risk mitigation. Register to receive online alerts. Apply a proportionate, risk-based approach which reflects the circumstances of the transaction or project and the risk appetite of the business. As a minimum, screen both information in your possession and information available publicly. Apply greater due diligence when dealing with high-risk parties and jurisdictions – consider commissioning an in-depth report from a specialist provider. Test your screening rules and ensure that you understand and tailor any automated tools. Identify and screen all parties to the transaction, not just the direct counterparty, including any individuals or entities that may have control over them. Think about who is in the payment chain. Do you need a licence? Consider requesting key information from counterparties as a matter of course. Don’t assume that one-time screening is enough.

• Ongoing monitoring: Sanctions lists can change frequently and at short notice. Ensure that you have appropriate systems in place. Monitor updated sanctions against your business and risk profile. Consider enhanced monitoring and other controls post-completion of a merger or acquisition.

• Dealing with red flags: As part of your internal sanctions policy, have a mechanism in place to analyse and deal with identified pre- and post-contractual red flags. Understanding the specific detail of the relevant law, and how it applies to the particular situation, is vital to determine and assess risk. Ensure you have clear reporting lines, internally and externally. Consider whether you need to terminate a transaction (see below), freeze funds/assets and report to the relevant regulator.

• Supply chain audits: Consider implementing supply chain audits to confirm country of origin and mitigate against the risk that goods or services are sourced from a sanctioned entity/location.

• Record-keeping: Ensure that you have in place appropriate record-keeping procedures, documenting your decision-making, due diligence and mitigation measures.

Contractual protections – future contracts

Insert express sanctions and trade controls compliance clauses when contracting with counterparties, tailored to the circumstances (such as jurisdiction, product, corporate structure involved) and level of risk. These may include: representations and warranties that the counterparty has not breached sanctions, is not a sanctioned party (or owned/controlled by one) and will not distribute to or source products from prohibited parties/sectors/countries; obligations not to deal with such parties and to ensure that sanctions compliance obligations flow through the contractual supply chain; and sanctions reporting requirements and audit rights.

Address what happens when a sanctions event impacts on contractual performance. This might be where a party is in breach of the sanctions compliance clauses, or continuing to perform would or could put a party in breach. Other scenarios include the imposition of sanctions that affect the supply of certain products or disrupt the movement of goods via established trading routes, potentially adding extra cost and delays in the supply chain, or even rendering performance impossible.

Contractual protections include suspension and termination rights/obligations/options and provisions or mechanisms releasing a party from performing (including but not limited to force majeure, discussed further below) or allowing for some form of alternative performance or commercial flexibility or assistance. Note that the English courts do not look favourably on reliance on force majeure clauses to escape contractual obligations that have simply become more expensive or difficult to perform. Parties can, however, negotiate and expressly provide for a clause of this kind.

Take particular care when drafting termination provisions. For example, does the contract cater for termination arising out of the imposition of new sanctions or US secondary sanctions risks? Exercise caution when documenting the reasons for termination, especially where there is the potential for challenge. Without a valid contractual ground for termination, a mere risk of exposure to US secondary sanctions may not be sufficient. Depending on the sanction in question, it may be difficult to terminate a contract with a sanctioned party/a licence may be required. Problems may also arise where, for example, the parent company in one jurisdiction becomes subject to sanctions but the subsidiary in another does not and must continue to perform. Consider such scenarios at the drafting stage – tailor your drafting rather than relying purely on boilerplate provisions.

What about existing contracts?

Check the contract for specific sanctions clauses and related suspension, termination and other provisions. Even if there is no express sanctions clause, the event which is impacting performance may be covered by a force majeure clause. “Force majeure” typically excuses one or more parties from performing a contract following the occurrence of certain events outside a party’s control, and will either suspend performance while the force majeure exists, or relieve a party completely from further performance.

Note that sanctions events will not automatically be covered. Under English law, force majeure provisions must be express (they cannot be implied into the contract) and the event in question must fall within the definition. If the contract is governed by a law which implies such a provision into a contract, a party may still be able to rely on force majeure, although it will usually be necessary to show that all possible steps were taken to prevent or mitigate the effects of the event.

If reliance on force majeure is not an option, it may be possible to argue that the contract is frustrated or should be terminated due to supervening illegality. In the scenario where a counterparty has been made the subject of sanctions after the contract was entered into, the contract will only potentially be frustrated if the contract is impossible to perform in fact, not just because it would be impossible to perform without breaking the sanctions. For example, where there is a mechanism in place to apply for a licence to allow an otherwise prohibited activity or transaction to take place, performance would not be impossible until such an application had been made and refused. The bar for a successful frustration claim is high – the doctrine operates within very narrow confines and the courts will not lightly relieve parties of their contractual obligations [1].

Now would be a prudent time to review contractual arrangements and insert specific sanctions clauses and other protections as appropriate.

How we can help

We have a team of specialists ready to help you navigate the complexities of trading internationally, including managing your sanctions and supply chain risk. Please contact one of the team below if you have any queries arising from this briefing, or need advice or assistance on any aspects of compliance, training, contract drafting or available termination or related options. Read about our supply chain contracts health check services here.

[1] See our earlier briefing for more about force majeure and frustration.