18. Sanctions Monitorships
Although the structure of sanctions monitorships can be similar to other types of monitorships, owing to the specifics of sanctions law and regulation, the technology systems required to be compliant, inconsistencies across geographies and the binary context of sanctions compliance, these factors require specific attention. This chapter sets forth the legal and historical context of sanctions monitorships, and specific challenges for institutions under a monitorship.
Legal context of a sanctions monitorship
Sanctions law and regulation are implemented by numerous countries and governing bodies throughout the world. Sanctions can be considered an extension or application of a country’s foreign policy, which can be unique to a single country (unilateral sanctions) or jointly applied by multiple countries (multilateral sanctions). Generally, the majority of sanctions are implemented by the United States, the United Nations and the European Union. US sanctions law, dictated by presidential executive orders and through acts of Congress, requires compliance by the following groups and entities:
- US citizens and permanent residents regardless of present location;
- companies and other entities established under US law;
- people and organisations located within the United States, regardless of origin; and
- branches of US companies and other entities outside the United States.
Sanctions compliance within the United States is applied through the concept of strict liability. All individuals and entities subject to US sanctions law are required to comply regardless of an explicit awareness of non-compliance or a provable intent to evade the law.
In the event of a violation or non-compliance with sanctions law, the competent regulatory body or law enforcement agency may choose to pursue civil and criminal action. The extent of penalties often depends on the severity of the infraction and other extenuating circumstances, such as whether the conduct is considered wilful or reckless. In the case of criminal prosecution, penalties against an individual may include jail time, although fines are the most common penalty. In addition to monetary penalties, companies and organisations may be required to commit to remediation efforts or enforcement actions by a regulator or law enforcement, which can include the implementation of business restrictions or the appointment of an independent monitor.
In the United States, the Department of Justice (DOJ) or other regulatory bodies may issue various enforcement actions as a result of non-compliance with US sanctions law. These enforcement actions may result from external investigations or proactive disclosures. The Office of Foreign Assets Control (OFAC) and the DOJ encourage companies to voluntarily self-disclose all potentially wilful violations of the statutes implementing the US government’s primary export control and sanctions regimes. If a company (1) voluntarily self-discloses export control or sanctions violations, (2) fully cooperates and (3) remediates the violations appropriately and in a timely manner, there is a presumption that the company will receive a non-prosecution agreement and pay a limited or potentially no fine. The DOJ may enforce criminal resolutions, such as a deferred prosecution agreement (DPA) or guilty plea if the violations exhibit aggravating factors, such as the export of particularly sensitive items, repeated violations, the involvement of senior management and significant profit. In these instances, the DOJ will issue, or recommend to a sentencing court, a monetary fine, but will not require the appointment of a monitor if the company provides evidence of an established and effective compliance programme being in place at the time of resolution.
Historical context and trends
Recent sanctions enforcement actions and monitorships
Between 2018 and 2019, OFAC issued 33 enforcement actions, including penalties and settlements. Historically, regulators and law enforcement agencies have focused most enforcement actions and monitorships resulting from sanctions violations towards financial institutions. In recent years, however, corporations have been the subject of increases in scrutiny and penalties following the discovery of sanctions violations.
HSBC Bank USA
HSBC entered into a DPA with the DOJ, which acknowledges the bank’s wilful violation of the International Emergency Economic Powers Act (IEEPA) and the Trading With the Enemy Act (TWEA), both sanctions laws imposed by the US Congress. The DPA required HSBC to retain an independent compliance monitor to evaluate the effectiveness of the bank’s internal controls, policies and procedures as related to continuing compliance with the IEEPA, the TWEA and applicable anti-money laundering laws.
Standard Chartered Bank
The Amended DPA between the DOJ and Standard Chartered Bank (SCB) describes the bank’s historical violations, including ‘knowingly and willfully conspiring, in violation of Title 18, United States Code, Section 371, to engage in transactions with entities associated with sanctioned countries, including Iran, Sudan, Libya, and Burma and further states that ‘the 2014 DPA Amendment required SCB to retain an independent compliance monitor’.
Deutsche Bank AG
In November 2015, Deutsche Bank and the New York State Department of Financial Services (NY DFS) agreed to a Consent Order as a result of the bank’s historical dollar clearing transactions processed on behalf of Iranian, Libyan, Syrian, Burmese and Sudanese financial institutions and other entities. As part of the Consent Order, the NY DFS required Deutsche Bank to engage an independent monitor to perform a comprehensive review of the bank’s Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) and OFAC sanctions compliance programmes, policies and procedures.
BNP Paribas entered into a plea agreement with the DOJ on 27 June 2014 for conspiring to violate the IEEPA and TWEA through the illegal processing of transactions for countries subject to US economic sanctions. The plea agreement discusses the total forfeiture amount, or fine, levied against BNP Paribas, which takes into account the bank’s related settlements imposed by the New York County District Attorney’s Office, the Board of Governors of the Federal Reserve System and the NY DFS. In addition, a stipulation of the plea agreement required BNP Paribas to engage a compliance consultant or monitor.
In the case of large corporations, ZTE Corporation (ZTEC), the China-based telecommunications company, entered into a plea agreement with the DOJ in 2017 for conspiring to evade US sanctions law through the illegal shipping of US goods and technology to Iran. The plea agreement states: ‘ZTEC agrees to retain an independent, third-party compliance monitor (the Monitor) to review and assess in a professionally independent and objective fashion ZTEC’s processes, policies, and procedures related to compliance with US Export Control Laws, as well as ZTEC’s compliance with the terms of this Plea Agreement.’
Huawei Technologies Co Ltd
Huawei, a Chinese multinational technology company, was indicted on charges of knowingly and wilfully conducting business in countries subject to US, UN and EU sanctions, and of efforts to conceal the scope of business activity with sanctioned countries or entities. The US government’s investigation of Huawei and the allegations included in the indictment are ongoing. Effective 16 May 2019, the Bureau of Industry and Security (BIS) added Huawei to its restricted entity list as a result of Huawei’s involvement in activities considered contrary to US national security or foreign policy including violations of the IEEPA through the export, re-export, sale and supply of goods, technology and services (banking and other financial services) from the US to Iran and the government of Iran. Although Huawei is not currently the subject of a monitorship, the actions taken against the organisation highlight regulators’ increased efforts to seek enforcement actions against corporations, not solely financial institutions. As a result, corporations could also face the prospect of settlements that include provisions for oversight by a monitor for a substantial period.
Legislative bodies, governments and intergovernmental organisations all implement various forms of sanctions law, resolutions or restrictive measures. Separately, in most cases, related government branches, regulatory bodies and law enforcers are responsible for the enforcement and monitoring of sanctions compliance. The primary enforcers of sanctions measures include the United States, the United Nations, the European Union, as well as other countries and influential organisations.
OFAC, BIS, other financial regulators such as the Office of the Comptroller of the Currency, the Federal Reserve Bank and state-level regulators, such as the NY DFS, each have a role in the monitoring of sanctions compliance. OFAC, as part of the Department of the Treasury, maintains the Specially Designated Nationals and Blocked Persons lists, which identify individuals, companies and other entities deemed restricted, requiring activity to be blocked or frozen. Within the Department of Commerce, the BIS is responsible for the Denied Persons List, a catalogue of individuals who are denied export privileges, and for the Export Administration Regulations, which apply export controls to specific commodities, technology, software and other items.
The NY DFS implemented its 504 Rule pertaining to Transaction Monitoring and Filtering Program Requirements and Certifications following prior investigations into institutions regulated by the NY DFS and various identified deficiencies. The 504 Rule aims to clarify the required components of a transaction monitoring and filtering programme. Further, it specifically requires management to certify that a filtering programme is reasonably designed to interdict transactions prohibited by OFAC, similar to requirements of The Sarbanes–Oxley Act of 2002.
The UN enacts sanctions regulations through resolutions, and the UN Security Council sets the specific criteria for targeting individuals and entities. The UN Security Council is composed of 15 member countries, with each member participating or voting to enact sanctions resolutions. Member States of the UN are each obliged to adopt and comply with the UN sanctions resolutions but may also create their own laws and regulations, and enforcement bodies.
The European Union imposes sanctions law through restrictive measures developed by the European External Action Service and agreed by the Council of the European Union. The European Union implements all UN-issued sanctions resolutions, and EU Member States are required to enact individualised legislation for sanctions monitoring and enforcement, including penalties for violations.
Various other countries enact sanctions law and compliance requirements, and establish local authorities to oversee enforcement. The following are some examples:
- United Kingdom: The Office of Financial Sanctions Implementation (part of HM Treasury) establishes and administers sanctions.
- Australia: The Department of Foreign Affairs and Trade enacts general sanctions policy.
- Singapore: The Monetary Authority of Singapore administers financial sanctions.
Several notable organisations have taken steps to further develop principles and guidance to aid in anti-money laundering, terrorist financing and sanctions compliance.
Financial Action Task Force
In 1989, seven countries came together to create the Financial Action Task Force (FATF) with the primary goal of developing recommendations on international standards to combat money laundering and terrorist financing. The FATF has grown to 35 Member States, each required to adhere to the FATF recommendations. Additionally, the FATF publishes Mutual Evaluation Reports, which evaluate a country’s adherence to the FATF recommendations.
The Wolfsberg Group
The Wolfsberg Group, an international organisation composed of 13 global banks, develops and publishes guidance for global banks on the framework and best practices for managing and combating financial crime risk.
The legal requirements
As discussed above, the United States, the United Nations and the European Union have implemented more numerous and comprehensive sanctions regimes than other countries or intergovernmental bodies. Upon implementation of a law or restriction, various regulatory bodies, such as OFAC, are tasked with enforcement.
In the United States, the President may enact sanctions regulations through Acts of Congress or Executive Orders. The UN Security Council implements sanctions or resolutions, and all Member States are expected to adopt the passed resolutions. Last, the European External Action Service prepares restrictive measures to which Member States are expected to adhere.
Unique challenges of sanctions monitorships and compliance
Financial institutions under a sanctions monitorship
Financial institutions under a sanctions monitorship encounter several challenges to comply with the terms of a monitorship and regulatory requirements. From a general perspective, unique aspects of a sanctions monitorship include (1) the global scope versus the regional scope of the remediation, (2) the level of remediation efforts and regulator involvement, (3) the effect on ‘business as usual’ of monitorship requirements and (4) system enhancements and technology changes. Specific challenges also include data issues, inconsistent or conflicting regulation of sanctions law against certain countries, and the requirements of a DPA or consent order may be more restrictive than the law.
Global versus regional scope
The scope of the monitorship presents a challenge to financial institutions based on the size of the institution, the geographies within which it operates, the number of customers, the products and services offered, and the delivery channels. For example, sanctions violations may originate from one region or branch of a financial institution, leading to localised remediation efforts of the regional sanctions compliance programme. A financial institution with a more expansive footprint and a global presence may require enhancements to the global sanctions compliance programme, and compliance elements unique to each region. It is imperative that regional sanctions personnel are properly trained on the requirements of the global sanctions compliance programme and on the sanctions laws of the jurisdictions where the financial institution conducts business or processes transactions. In addition, changes and enhancements made to a global sanctions compliance programme may require implementation in the applicable regional sanctions compliance programmes.
Remediation efforts and regulator involvement
Monitorships exhibit varying levels of involvement by multiple enforcement bodies and consulting firms. For example, a financial institution may be simultaneously complying with multiple DPAs or consent orders involving more than one enforcement body (such as the NY DFS, the DOJ or the UK’s Prudential Regulatory Authority). Depending on the scope of the engagement or applicable conflicts of interest, the enforcement bodies may engage different consulting firms to carry out the work. As such, the financial institution may handle requests for information and meetings from multiple firms, resulting in potential duplication of efforts and increased burden on sanctions personnel. Additionally, the enforcement body’s level of direct involvement may vary. For example, an enforcement body may be satisfied with receiving updates from the monitor on the status of the engagement, while another may prefer to have regular meetings itself with the financial institution or submit special requests in addition to those made by the monitor.
Regulatory and jurisdictional conflicts
Financial institutions may also encounter potential conflicts between the requirements of a DPA and the application of sanctions laws across various countries. Specifically, the requirements of the applicable DPA or consent order may be more restrictive than the governing laws of the jurisdiction where the financial institution resides or conducts business. As such, the financial institution may be required to implement additional programme enhancements or compliance measures beyond those necessary to comply with regional sanctions laws, which may necessitate an increase in compliance budget or personnel. Further, the application of sanctions laws against a particular country may vary depending on the jurisdiction. Specifically, sanctions implemented against a country such as Cuba by the United States may not be honoured by other countries and could cause a conflict for financial institutions with customers transacting with both Cuba and the United States.
Balancing ‘business as usual’ with monitorship requirements
Financial institutions working with an appointed monitor to oversee compliance with the terms of a DPA or consent order face the unique challenge of balancing ‘business as usual’ responsibilities with the additional work required to comply with monitor, regulator or law enforcement requests. Specifically, in addition to day-to-day responsibilities and requests from the monitor, the sanctions or compliance teams are often responding to requests from internal audit or compliance assurance. Further, the monitor may submit a substantial number of document requests, and schedule meetings and interviews with sanctions personnel to gain a better understanding of the levels of knowledge and expertise of the staff, and of the sanctions compliance process in place at the financial institution. These simultaneous requests can place a significant strain on resources, specifically the sanctions personnel responding to requests for documentation and attending meetings with the monitor, and responsible for the applicable internal compliance functions.
The monitor may also identify findings and related recommendations to improve the financial institution’s sanctions compliance programme, including enhancements to policies and procedures, improvements to processes or programme documents, and the addition or re-assignment of Sanctions personnel. The increased workload to comply with the terms of the monitorship, remediate any findings and implement enhancements to the programme may require the financial institution to hire additional full-time resources or contract work out to external firms.
It is imperative that the business or corporate functions of the financial institution remain aware of the challenges being faced and the amount of work and financial commitment needed to comply with the terms of the monitorship. The sanctions compliance team should provide regular updates to the governance oversight committee, senior leadership and the board of directors on the progress of the monitorship and any significant changes required to remediate the monitor’s findings. Without full commitment from the financial institution to approve additional funding or increase staff, the sanctions compliance team may struggle to balance ‘business as usual’ with the requirements of the monitorship, posing additional compliance risk to the institution.
Data, sanctions technology and personnel
Data presents a challenge to financial institutions in complying with sanctions laws as the volume and format of available data varies across institutions and jurisdictions. Frequently, data sources can be truncated, incomplete and disjointed across multiple systems or platforms within the institution, making it difficult to maintain real-time watch list screening practices. In addition, the data must be screened against state, federal and international watch lists, depending on regulatory requirements. Further, institutions with a global presence face the challenge of differing data privacy laws and translation or transliteration processes. Finally, the volume of data in an organisation can further complicate sanctions screening. The difficulty in monitoring the flow of payments increases as an institution expands its customer base and the products and services offered. Specific challenges include customer onboarding and identity verification, transaction screening and watch list updates.
Additional challenges for financial institutions facing sanctions monitorships include the implementation of the enhancements recommended by the monitor. These often involve enhancements to sanctions screening technology, changes to, or the implementation of, case management systems, and improvements to list management processes. Implementing system changes or new technologies presents additional risk as system down time can lead to a backlog of required regulatory filings, such as potential circumvention attempts and voluntary self-disclosures. Further, changes to sanctions screening technology and system settings may increase the number of sanctions alerts and cases requiring review and possible escalation.
Sanctions personnel and training
System enhancements and the implementation of new technology requires financial institutions to conduct supplementary training for all sanctions personnel as well as the required formal compliance training programme. The training ensures that all members of staff are deploying the sanctions screening technology in the proper manner and serves as an important control in the mitigation of sanctions compliance risks to which the financial institution may be exposed. In addition, a monitor may make recommendations to augment or reduce the number of sanctions compliance personnel, based on the appropriateness of roles and responsibilities, sanctions experience and industry knowledge. The proposed changes in role or responsibilities might result in staff attrition or a heavier workload for the sanctions team.
Maintaining sanctions compliance
Financial institutions face continuous challenges in maintaining compliance with local and international sanctions laws. Specifically, the following can affect a financial institution’s sanctions compliance programme.
Evolving sanctions regulation and regimes
Sanctions regulation and regimes are continually evolving, creating a moving target for financial institutions striving to achieve compliance with regulatory standards. Effectively monitoring these changes and staying informed about the global political climate mitigates the risk inherent to financial institutions posed by these changes. Methods of staying current include requiring vendors to provide updated lists, monitoring government websites through subscriptions, and creating tailored news alerts. In addition, consulting external sanctions experts or counsel can ensure that an institution stays aware of sanctions developments. Sanctions counsel can actively track pending sanctions legislation and provide real-time advice on developments. Financial institutions must also remain diligent in updating sanctions-related policies, procedures and process documents to reflect these changes, train applicable personnel on any developments affecting their day-to-day responsibilities and rescreen any customers who may be affected by the regulatory changes.
Jurisdiction or extraterritoriality issues
It is critical that financial institutions maintain continuous awareness of both domestic and international sanctions requirements. Sanctions measures and requirements for compliance can be complex in nature and the level of cooperation between jurisdictions varies. In certain circumstances, economic sanctions imposed by one jurisdiction may result in measures being imposed against entities located in another country. Examples include the scope and application of the TWEA and IEEPA. In addition, some economic sanctions may conflict with the sanctions laws enacted in another country, creating a challenge for financial institutions conducting business in both countries as to which sanctions laws they are required to follow. Further, some jurisdictions have enacted blocking statutes designed to shield entities in that jurisdiction by disallowing the recognition of certain extraterritorial sanctions imposed by other countries. The European Union established one such blocking statute that nullifies US sanctions against commercial trade with Iran.
Further, many sanctions measures are not absolute in their application and include the possibility of exemptions from sanctioned measures. Entities in the United States, for example, may apply for specific licences for (1) the release of blocked funds, (2) travel under specified conditions to jurisdictions that the sanctions measures would otherwise prohibit or (3) exporting certain commodities that support medical and agricultural needs in sanctioned jurisdictions. The myriad of complexities in the application and enforcement of sanctions efforts across jurisdictions can present challenges in maintaining an effective sanctions compliance programme.
Global trade processes and data privacy laws
In addition to evolving regulations and jurisdictional conflicts, international trade finance continues to operate using outdated technology and antiquated processes that create greater risk of sanctions evasion. Specific examples include (1) trade agreements written before the emergence of digital commerce, (2) transactions accompanied by large amounts of paperwork and (3) trade financing that depends on traditional banking methods. A large portion of the trade industry is still based on paper documents and antiquated processes that slow international commerce and have a significant effect on the economy. Specifically, drawbacks of the global trade process include (1) trucks and containers standing idle at ports, (2) cash flow tied up in goods awaiting the production of trade documents and (3) a lack of visibility and inventory status. Further, missing documentation, inadequate global location tracking and diluted or forfeited data pose daily challenges to sanctions compliance efforts.
In addition, data privacy laws differ across jurisdictions. In certain countries, such as Zimbabwe and South Korea, the data privacy laws limit or restrict the provision of confidential data across jurisdictions. Further, colleagues working within the same institution with a global presence may not be permitted to share information unless they are both physically present in the jurisdiction where the data is stored. Lack of access to certain information poses a challenge to financial institutions in complying with international sanctions laws and opens up the institution to additional risks of a sanctions violation.
Digital assets, such as cryptocurrencies, present challenges to financial institutions in complying with regulatory sanctions requirements owing to the wide array of products and services, and the thousands of cryptocurrencies, currently in circulation. The complexity of cryptocurrency makes it difficult for financial institutions to identify and control inherent risks, making cryptocurrencies attractive to entities in sanctioned countries, such as Iran and Cuba. For example, Cuba is reportedly launching its own cryptocurrency, which may facilitate the circumvention of sanctions currently levied against the country. While many cryptocurrency products are traceable and regulated in certain jurisdictions (Switzerland, the United States) by agencies such as the Financial Crimes Enforcement Network, sanctioned entities can gain access to cryptocurrencies through non-traditional means, such as the dark web, or cryptocurrency mining, which creates anonymity for users. This anonymity increases the difficulty of identifying circumvention attempts by those sanctioned entities.
Artificial intelligence (AI) is the future for sanctions and BSA/AML compliance, but it is also a new area of focus for regulators and law enforcement. Financial institutions investing in AI implementation to improve efficiencies should be fully versed in the solution so that it can be explained easily to regulators and law enforcement. The AI should also be customisable to account for the dynamic nature of economic sanctions, as it appears governments are amenable to an expanded use of economic sanctions. Further, the use of AI will require the introduction of a quality assurance (QA) component by sanctions personnel. In addition to the time spent to review the output of AI, the QA review introduces further risk of potential human error to the process.
Sanctions technology can automate repetitive and menial tasks to make a financial institution’s sanctions compliance programme more efficient. If not properly tuned or maintained, however, it could magnify inaccuracies by repeating the same fault on multiple occasions. Financial institutions should conduct periodic model and data validation testing to ensure that the system performs exactly as intended.
Law enforcement and regulatory bodies are becoming more comfortable with the inclusion of an independent body as part of a settlement to ensure their remediation requirements are met. Specifically, regulators and law enforcement agencies appear to be increasing the penalties and frequency of enforcement actions, including the use of monitorships, for economic sanctions violations. Financial institutions and corporations should prepare for the possibility of receiving a monitor as part of a settlement. If an institution does receive a monitor as part of a settlement, it needs to plan and prepare to manage the process as smoothly as possible. The institution and its staff will be challenged to maintain business as usual while also responding to requests from the monitor, regulators and internal or external auditors. Financial institutions and corporations can both benefit from evaluating whether their current programme complies with sanctions law and regulation, keeping in mind the continuing and evolving complexities of sanctions compliance. Further, sanctions technology and AI may be a focus for regulators and law enforcement agencies in future sanctions monitorships, as the use of AI becomes more prevalent in financial institutions and sanctions compliance programmes.
1 Ellen S Zimiles and Patrick J McArdle are partners, Steven McCarthy is a director and Jeremy Robb is an associate director at Guidehouse.
2 Electronic Code of Federal Regulations, ‘Appendix A to Part 501 – Economic Sanctions Enforcement Guidelines’, 18 February 2020, at https://www.ecfr.gov/cgi-bin/text-idx?SID=ccac94aaa0387efe2a9c3fca2dc5a4ab&mc=true&node=ap31.3.501_1901.a&rgn=div9.
3 18 U.S. Code § 981; 18 U.S. Code § 982; 18 U.S.C. § 3571(d); 18 U.S.C. § 3572(a).
4 US Department of Justice, ‘Export Control and Sanctions Enforcement Policy for Business Organizations’, 13 December 2019.
5 US Department of Treasury, ‘Civil Penalties and Enforcement Information’, 21 January 2020, at https://www.treasury.gov/resource-center/sanctions/CivPen/Pages/2019.aspx.
6 United States of America v. HSBC USA, Deferred Prosecution Agreement, Attachment B Corporate Compliance Monitor, 10 December 2012, at https://www.justice.gov/sites/default/files/opa/legacy/2012/12/11/dpa-executed.pdf.
7 United States of America v. Standard Chartered Bank, Notice on Consent of Amended Deferred Prosecution Agreement, 9 April 2019, at https://www.justice.gov/opa/press-release/file/1152801/download.
9 US Department of Justice, United States v. BNP Paribas S.A., Plea Agreement, 27 June 2014, at https://www.justice.gov/sites/default/files/opa/legacy/2014/06/30/plea-agreement.pdf.
10 United States of America v. ZTE Corporation, Plea Agreement, 2 March 2017, at https://www.justice.gov/opa/press-release/file/946276/download.
11 United States of America v. Huawei Technologies Co., Ltd. Superseding Indictment, 13 February 2020, at https://www.justice.gov/opa/press-release/file/1248961/download.
12 Federal Register. ‘Addition of Entities to the Entity List – A Rule by the Industry and Security Bureau’, 21 May 2019, at https://www.federalregister.gov/documents/2019/05/21/2019-10616/addition-of-entities-to-the-entity-list.
13 Department of Financial Services, Superintendent’s Regulations, ‘Part 504 Banking Division Transaction Monitoring and Filtering Program Requirements and Certifications’, 1 January 2017, at https://www.dfs.ny.gov/docs/legal/regulations/adoptions/dfsp504t.pdf
14 Computer Services, Inc, ‘The 4 Major Challenges of Real-Time Sanctions Screening’, 21 September 2017, at https://www.csiweb.com/resources/blog/post/2017/09/21/the-4-major-challenges-of-real-time-sanctions-screening.
15 Financier Worldwide, ‘Global sanctions – compliance and enforcement trends’, October 2017, at https://www.financierworldwide.com/global-sanctions-compliance-and-enforcement-trends#.Xk1v9yhKjGi.
16 RT Business, ‘EU blocking US sanctions against Iran to protect European companies’, 6 August 2018, at https://www.rt.com/business/435198-eu-blocking-us-sanctions-against-iran/.
17 European Commission, ‘Updated Blocking Statute in support of Iran nuclear deal enters into force’, 6 August 2018, at https://ec.europa.eu/commission/presscorner/detail/en/IP_18_4805.
18 US Department of the Treasury, ‘OFAC License Application’, 23 July 2018, at https://www.treasury.gov/resource-center/sanctions/Pages/licensing.aspx.
19 World Economic Forum, ‘These 5 technologies have the potential to change global trade forever,’ 6 June 2018, at https://www.weforum.org/agenda/2018/06/from-blockchain-to-mobile-payments-these-technologies-will-disrupt-global-trade/.
20 IOTA Foundation, ‘The challenges facing today’s supply chains’, 20 December 2018, at https://blog.iota.org/the-challenges-facing-todays-supply-chains-aaa9d3d9fc6d.
21 Association of Certified Sanctions Specialists, ‘Do Cryptocurrencies Pose a Sanctions Risk?’, 4 October 2019, at https://sanctionsassociation.org/do-cryptocurrencies-pose-a-sanctions-risk/.