EU Sanctions Enforcement
The use of trade and financial sanctions by the European Union has become an increasingly important element of the bloc’s foreign policy. There are currently in operation 44 sanctions programmes – known as restrictive measures in the EU – in respect of 34 jurisdictions, representing a significant increase during the past decade. When considering the applicability of EU sanctions regimes to businesses operating within the bloc, as well as sanctions implemented by the United States and specific regulations enacted by individual states, the scope for inadvertent breach is considerable and the consequences severe.
The Russian invasion of Ukraine has brought into sharp relief the importance of sanctions compliance, and it is imperative, therefore, that businesses based in or operating within the EU have an understanding of the various regimes with which they may need to comply, including those implemented by the United Nations (UN), the EU and the United Kingdom, as well as the United States, which has expanded the scope of its sanctions to apply to companies and individuals throughout the world.
While there has historically been limited appetite for enforcement within EU Member States, notwithstanding the impact of the covid-19 pandemic, certain jurisdictions are beginning to identify, investigate and subsequently prosecute individuals and companies for breaching the various EU sanctions regulations and there remains considerable appetite across the EU to enforce anti-money laundering breaches. Compliance, therefore, has never been more important.
The EU enforcement framework
The European Commission (the Commission) stated in 2018 that:
any rule, no matter how carefully drafted and prepared, is only as effective as its implementation. In driving forward its policy priorities, the Commission, therefore, pays attention not only to proposing new legislation but also to ensuring that it is properly applied and enforced.
Foreign policy within the EU has traditionally been viewed as a national competence. However, over the years, the EU has developed a common foreign and security policy (CFSP) that enables the 27 Member States to present a united front on key issues, including sanctions.
The adoption of the 1992 Maastricht Treaty introduced a legal basis for the EU’s competence for sanctions, by creating the CFSP, which is governed by Chapter 2 of Title V of the Treaty on European Union. EU sanctions are enacted as part of the CFSP either to implement UN Security Council (UNSC) Resolutions (also known as derived sanctions within the EU) or with a view to pursuing autonomous EU foreign policy objectives independently of any UNSC Resolution. Autonomous sanctions are normally introduced when the EU opts to pursue stricter measures than those required by the UNSC or if the UNSC is unable to agree to measures against a particular country. All EU restrictive measures are then published in the Official Journal of the European Union, whereupon they automatically become enshrined in EU law and are binding and directly applicable throughout the EU.
A key strand of the EU’s sanctions policy was stated by the Council of the EU in 2018:
The effectiveness of EU restrictive measures – and also the EU’s credibility – hinges to a large degree on restrictive measures being implemented and enforced promptly and without exceptions in all Member States.
Role of Member States
The day-to-day administration and enforcement of sanctions is delegated to the competent authorities of each Member State within the EU. Put succinctly, the competent authorities of Member States are responsible for:
- determination of penalties for violations of the restrictive measures;
- the granting of exemptions;
- receiving information from, and cooperating with, economic operators (including financial and credit institutions);
- reporting upon their implementation to the Commission;
- for UN sanctions, liaison with Security Council sanctions committees, if required, in respect of specific exemption and delisting requests.
Each Member State must determine, therefore, the penalties that it considers to be sufficiently robust to deter transgressions, and draft and issue guidance designed to provide clarity for natural and legal persons as to their sanctions compliance obligations. Thus, depending on (1) the jurisdiction or jurisdictions in which the potential transgression has occurred, (2) the nature of the breach, and (3) the authority or authorities within the jurisdiction, or jurisdictions, that consider themselves seized, the potential offence may be criminal or civil in nature, and the penalties range from fines to custodial sentences. This lack of uniformity across the bloc is not without its critics (see ‘Criticism of the EU enforcement framework’, below).
The delegated authority for sanctions administration and enforcement is supported by an EU-wide system of checks and balances. The European Council has stated:
The uniform and consistent interpretation and effective implementation of the restrictive measures is an essential element ensuring their effectiveness in order to achieve the desired political objectives. Member States shall inform each other of the measures taken under the relevant legal acts and shall supply each other with any other relevant information at their disposal in connection with these acts, in particular information in respect of violation and enforcement problems and judgments of national courts.
This information-sharing requirement is enshrined in each Regulation and is designed to ensure that there is some form of consistency of approach as regards enforcement of sanctions across the bloc. For example, Council Regulation (EU) No. 833/2014 of 31 July 2014 concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine, mandates the following at Articles 8 and 9:
- Member States shall lay down the rules on penalties applicable to infringements of the provisions of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for must be effective, proportionate and dissuasive.
- Member States shall notify the rules referred to in paragraph 1 to the Commission without delay after the entry into force of this Regulation and shall notify it of any subsequent amendment.
- Member States shall designate the competent authorities referred to in this Regulation and identify them on the websites listed in Annex I. Member States shall notify the Commission of any changes in the addresses of their websites listed in Annex I.
- Member States shall notify the Commission of their competent authorities, including the contact details of those competent authorities, without delay after the entry into force of this Regulation, and shall notify it of any subsequent amendment.
The expectation of information sharing is expanded in a Note of the Council of the European Union, which states:
Member States should also exchange information with, inter alia, other Member States, the Commission, the EEAS, Europol, Eurojust, FATF, Sanctions Committees established by the UN Security Council (including the Committee established pursuant to Resolution 1267 (1999) concerning Al-Qaida) and the UNSC Counter-Terrorism Committee, as appropriate.
Role of the European Commission
The Commission ensures that Member States implement domestic rules on enforcement and penalties in a proper and timely manner, and take appropriate action to apply and enforce these regulations. If a Member State fails to adopt the necessary implementing rules, an infringement procedure can be started by the Commission against that Member State. In its role as guardian of the Treaties, the Commission oversees the implementation of sanctions by Member States under the Treaty on the Functioning of the European Union (TFEU). To further its aims, on 4 March 2022, the Commission announced the introduction of the ‘EU Sanctions Whistleblower Tool’, designed to be used to report on ‘past, ongoing or planned’ EU sanctions violations, as well as circumvention attempts. If the Commission considers that the information provided by the whistle-blower is credible, it will share the anonymised report and any additional information gathered during the internal inquiry with the national competent authorities in the relevant Member State or States. The Commission may subsequently provide further assistance to the investigation, as needed, and periodically follow up on the investigation until a conclusion is reached.
Role of the Council of the EU
Sitting within the Council of the EU, the Working Party of Foreign Relations Counsellors (RELEX) deals with ‘legal, financial and institutional issues of the [CFSP]’, with sanctions being a priority. RELEX’s mandate includes: ‘[e]xchanging information and experiences on the implementation of specific restrictive measures regimes imposed by the EU’; ‘[c]ontributing to developing best practices among Member States in implementation of restrictive measures’; and ‘[e]xamining all relevant technical issues relating to the implementation of EU restrictive measures’.
Role of the EU courts
As enforcement of EU financial and economic sanctions takes place predominantly at the Member State level, there is a limited role for the EU supranational courts in the enforcement of restrictive measures. However, both Regulations and Council Decisions are subject to judicial review by the European Court of Justice and the General Court in Luxembourg.
Criticism of the EU enforcement framework
It has been noted that: ‘Effectiveness should be the central objective of any country’s sanctions framework, and can be measured according to a range of factors, including their economic impact, whether sanctions achieve a change of behaviour in the sanctioned target, or how widely they are implemented.’ It is this final aspect that, as regards the EU, courts the most controversy.
Lack of consistency
Historically, enforcement throughout the EU has not been consistent. What is agreed to be implemented at an EU level is not necessarily implemented as required at the Member State level. There are a number of reasons for this inconsistency of approach.
- Some Member States have specific departments dedicated to monitoring and gathering information, investigating breaches of the EU sanctions regimes and subsequently enforcing in appropriate cases, while in others the subject of enforcement is a more convoluted matter.
- In some countries, there may be a lack of political impetus to pursue stringent enforcement, while in others the issue may simply be one of resourcing.
- There may be domestic legal constraints or an inclination to protect the economic interests of domestic operators regarding the enforcement of sanctions.
The result is an uncoordinated and, arguably, weak EU sanctions regime, which undermines the single market, as EU companies, including EU subsidiaries of foreign companies, have ample opportunity for sanctions evasion. Even when there are clear examples of breaches of the EU sanctions regime, enforcement has not always occurred. One example of this failure is a complaint by the European Centre for Constitutional and Human Rights that a secret meeting took place between a senior military adviser to Syria’s president, Bashar al-Assad, and top Italian officials and for which no action has been taken to date.
To compound the issue, the publicised penalties for sanctions violations as between Member States are also extremely inconsistent, as are the disjointed licensing regimes throughout the bloc. The fact that there are very few Member States that release information regarding sanctions investigations or enforcement activity creates further uncertainty, particularly for corporates looking for guidance on the creation of an effective systems and controls environment designed to minimise the potential for sanctions breaches.
Scope for evasion
EU sanctions are narrow in application, broadly requiring compliance only by those with a clear EU nexus, jurisdiction, nationality or incorporation. Given the importance of the EU’s economy to international trade, this limited application of sanctions presents innumerable opportunities for those seeking to use EU products or financial services with a view to evading the broader application of US sanctions. At present, the only tool for coordination between the Member States consists of exchanging experience and developing best practices, which, given the scope for sanctions violations without a coordinated EU effort, is problematic. This lack of uniformity in terms of implementation across the bloc needs to be addressed (see ‘The future of EU sanctions enforcement’, below).
Following the departure of the UK from the EU, there is scope for this type of criticism to increase. Historically, the UK was a vocal proponent of EU sanctions, and played a key part in their design, implementation and direction, as well as providing valuable intelligence on which the Council of the EU has historically relied. Its departure is likely to have a detrimental effect on both UK and EU sanctions policy, implementation and enforcement going forward.
Investigating suspected breaches
In-house counsel, senior compliance officers, c-suite executives and directors are expected to understand their business to the best of their ability, including any potential exposure to sanctions. For those working in multinational organisations, this can be a particular challenge. It is imperative, therefore, for senior directors and officers to understand the business areas that are more explicitly exposed to the risk of sanctions breaches. This can only be fully recognised following the implementation of a robust risk assessment framework, including mediation of identified issues.
However, even the strongest systems and controls framework will invariably have weaknesses. Potential breaches of sanctions can arise in a myriad of ways. Transaction monitoring systems within financial institutions may identify potential matches with specially designated nationals, sectoral sanctions identifications, and entities and individuals designated by the EU, that require investigation by monitoring teams. These investigations may be straightforward or complicated, depending on the nature of the ‘hit’. More complicated will be investigations when it is not the system that has identified the potential issue, but rather identification is by way of a whistle-blower or as part of ‘business as usual’ continuing monitoring, thereby indicating potentially active deception and obfuscation by clients and, in some cases, employees.
What is required in terms of an investigation will vary depending on the initial issues identified and the manner in which the investigation unfolds. However, key considerations at the outset of an investigation may include the following:
- investigation committee: well-run investigations will normally be directed by a central investigation committee, separate from the board, that can control the focus and progress of investigatory work. Depending on the nature of the investigation, the committee may require input from various departments, including legal, financial crime, compliance, information technology, risk, human resources (HR) and operations, as well as a representative of the board;
- scoping: the scope of the investigation should be ascertained from the outset. The size and scale of any investigation will depend on a number of factors, including the potential severity of any suspected breaches of sanctions and the efficacy of the systems and controls framework within which those potential breaches occurred. Investigations that are flexible in terms of scale tend to be the most effective;
- regulatory exposure: it is important to identify which regulators in which jurisdictions would expect to be notified of the potential or actual issue. By considering this from the outset, the terms of reference for the investigation will take cognisance of regulatory expectations, which may be gleaned from guidance, judgments or enforcement actions publicised by the relevant competent authority. When considering the regulator to which a report may need to be made, corporates should consider, inter alia, their place of registration, jurisdictions with a corporate presence, the place or places where the misconduct occurred, and the nationality and location of members of staff and clients linked to the conduct;
- potential penalties: the nature of the potential exposure to the company and any implicated individuals is obviously key. This exposure may include civil and criminal penalties, the imposition of monitors on the business, reputational impact, potential for additional scrutiny from other regulators, and costly systems and controls remediation;
- internal and external communications: communications, both internal and external, should be drafted and implemented from a central point and all external communications should be reviewed by legal counsel;
- independent legal advisers (ILAs): for larger-scale investigations, consideration will need to be given to the provision of ILAs for those in the spotlight or those whose interests will not necessarily align with those of the company;
- document preservation: document preservation protocols should be implemented and, where applicable, automatic deletion of documentation protocols suspended to ensure key evidence is not destroyed. Staff being investigated should be notified of document preservation requirements;
- HR issues: consideration of employee suspension and, potentially, termination may be required; and
- regulatory reporting: at the appropriate time, it will be important to consider whether there is an obligation to report to regulators, or whether it would be in the company’s interests to voluntarily self-report. In the former case, there may be agreements, statutes, regulations or other legal requirements that mandate some form of disclosure by the company. In the latter, providing a voluntary self-disclosure may result in a reduced penalty. In either event, it is important to note that many regulators now have open lines of communication with their foreign counterparts. It should be assumed, therefore, that disclosure to one regulator will result in information being passed to other regulators throughout the world. Reporting is considered further in the next section.
Reporting, professional secrecy and legal professional privilege
There are two distinct reporting requirements in respect of EU sanctions. The first is a general obligation that applies to everyone and requires that natural and legal persons supply their competent authority as soon as practicable with information that would facilitate compliance with the regulations. The second is a more targeted obligation that applies to specified businesses and professions. Those businesses will vary in each jurisdiction, as will the penalties for failing to comply with the reporting expectations. The manner of reporting varies from jurisdiction to jurisdiction.
Examples of information that might be reported from the perspective of a financial institution include:
- the reason for the report;
- full details regarding the customer, including name, account name, account numbers and sort codes, bank details, residential or company address, date of birth and nationality, where known;
- full details of the remitter or beneficiary (or both), which may be available from, for example, the SWIFT message. These details may include account names, account numbers and sort codes, bank details, nationalities of payers, and dates of birth, where known;
- any other information that may be available from the transfer message, which may include references, dates, goods involved, amounts and currencies;
- intermediary information, which may include the intermediary’s role in the transfer, names, date of birth, company registration information, country of operation or nationality, address or location, account name, account number and sort code, and bank details, where known;
- ultimate beneficiary information, which may include name, account name, account number and sort code, bank details, residential or company address, date of birth and nationality, where known;
- the amount of funds in question;
- the quantity of any funds or economic resources held on behalf of the customer;
- a breakdown of the prior transactions on the account;
- the nature of the investigation undertaken and any relevant findings and remedial action;
- if reporting a breach, details of the breach; and
- the sanctions regimes to which the report relates.
Certain EU regulations, including, for example, Council Regulation (EU) 2017/1509, which addresses the destabilising conduct of the Democratic People’s Republic of Korea (DPRK), require that credit and financial institutions ‘promptly report any suspicious transaction, including attempted transactions’ and notify their local financial intelligence unit ‘where there are reasonable grounds to suspect that funds could contribute to the DPRK’s nuclear-related, ballistic-missile-related or other weapons of mass destruction-related programmes or activities (“proliferation financing”)’. EU corporates must have a thorough understanding of their reporting requirements, therefore, both under the relevant regulations and pursuant to domestic requirements.
Professional secrecy and legal professional privilege
Notwithstanding the existence of reporting requirements, organisations are not required to provide any information to which professional secrecy or legal professional privilege attaches.
In common law systems, legal professional privilege and confidentiality are a fundamental feature of the rule of law. Documents are normally considered to be privileged if they contain confidential information supplied by a client to his or her lawyer, or advice supplied by the lawyer to the client. When litigation is reasonably in contemplation, the scope of privilege may be extended to third-party communications.
In civil law systems, professional secrecy requirements can vary. For example, in France, a relatively new rule, Article 226-13, in the Criminal Code concerning professional secrecy no longer mentions a specific profession: ‘The disclosure of secret information by a person entrusted with such a secret, either because of his position or profession, or because of a temporary function or mission, is punished by one year’s imprisonment and a fine of €15,000.’ In Germany, however, the obligations of professional secrecy stem from both the German Criminal Code and the law regulating the legal profession. Section 43a of the Federal Lawyers’ Act provides:
A Rechtsanwalt has a duty to observe professional secrecy. This duty relates to everything that has become known to the Rechtsanwalt in professional practice. This does not apply to facts that are obvious or which do not need to be kept secret from the point of view of their significance.
It should be noted that certain jurisdictions do not consider that in-house counsel are able to assert professional secrecy over documents. This is something that should be considered by in-house counsel (or externally instructed lawyers) during any sanctions investigation.
Whenever sanctions issues are identified, and it is considered either necessary or appropriate to report to regulators, issues of professional secrecy and legal professional privilege will need to be considered, both in respect of historical documentation and documentation created as part of any investigation that is undertaken. Key considerations may include the following.
- In respect of historical documentation, for what purpose the document was created. Were legal counsel involved in the creation of the documentation? Was litigation reasonably in contemplation at the time the documentation was created?
- In respect of investigation-related documentation, whether lawyers are involved in providing advice or receiving information designed to inform any advice they give. Are lawyers providing legal advice or are they, in fact, providing commercial advice – a single document can include both. If third parties are involved (e.g., forensic accountants), is litigation reasonably in contemplation? If so, communications with, and documents created by, the third parties may also be covered by professional secrecy or privilege. When interviewing employees, does your jurisdiction consider the work-product to be covered by professional secrecy rules or privilege?
The decision as to whether to claim privilege or rely on professional secrecy when dealing with regulators is of the utmost importance. In general, regulators will expect companies to be entirely frank with them regarding the conduct in question, and the steps undertaken to investigate the issue. Asserting professional secrecy or legal privilege when communicating with regulators may raise doubt as to the scope of the investigation undertaken and the conclusions reached. In certain cases, this could affect any potential discount that may be applied to penalties issued by the regulator.
Recent enforcement decisions
Although the number of enforcement actions within the EU remains low compared to the US, there is a positive trend in the number of actions and the value of the penalties extracted by certain competent authorities. It is clear that EU competent authorities are interested in pursuing actions against individuals and corporates, which has been the modus operandi of US regulators for many years. Ensuring that both classes of potential defendants are prosecuted should serve to promote top-level commitment to effective sanctions compliance, as well as a risk-averse attitude to problematic activity at all levels within an organisation.
Set out below are a few of the key sanctions decisions from the past three years.
On 7 February 2019, it was announced that three Belgian companies, AAE Chemie Trading (AAE), Anex Customs (Anex) and Danmar Logistics (Danmar), were convicted for exporting chemicals to Syria without a licence. Council Regulation (EU) No. 36/2012 (as amended) prohibits the ‘transfer or export, directly or indirectly’ of equipment, goods or technology ‘which might be used for the manufacture and maintenance of products which might be used for internal repression’. In breach of this regulation, AAE, Anex and Danmar were alleged to have exported to Syria 168 tonnes of isopropanol, 219 tonnes of acetone, 77 tonnes of methanol and 21 tonnes of dichloromethane in 24 deliveries from 2014 to 2016.
The Court imposed conditional fines of up to €500,000 and suspended prison sentences for one managing director and one manager.
This case demonstrates the severity with which those in breach of sanctions can be treated, notwithstanding that there was no evidence that the dual-use goods were intended to be used for nefarious purposes and that domestic screening failures had resulted in the breaching shipments.
On 11 November 2020, the Danish State Prosecutor for Serious Economic and International Crime announced charges against a Danish marine fuel trader, Dan-Bunkering, suspected of violating EU sanctions on Syria by delivering 172,000 tonnes of jet fuel in 33 transactions to Russian warplanes stationed there. The transactions, carried out between 2015 and 2017, amounted to 647 million kroner. On 14 December 2021, Dan-Bunkering was fined 30 million kroner while profits of 15 million kroner were also confiscated. The CEO of the company was handed a four-month suspended prison sentence. In addition, Bunker Holding was fined 4 million kroner. The verdict affirmed that EU courts are willing to hold business managers personally accountable for their company’s breaches of sanctions.
On 29 March 2019, the Sanctions Commission of the French Banking Regulator (the ACPR) conducted disciplinary proceedings against the bank Raguram International (Raguram) and rendered its decision on 8 April 2019.
The Sanctions Commission found that, between 2015 and 2017, Raguram recorded thousands of foreign exchange transactions that breached EU and French regulations for failing to identify and verify its customer base and for failing to integrate lists of persons targeted by EU regulations into its systems and controls framework, resulting in an inability to comply with EU and national asset freeze measures. Raguram had further failed to correctly report to the ACPR that it had inadequate systems and controls to ensure compliance with anti-money laundering and asset freeze obligations because, at the time of the report, it had not recognised that its controls environment was defective.
No penalty was issued, as the bank had purchased a compliance solution prior to the grievance being identified during an on-site inspection, and had implemented enhanced controls for customer identification and verification.
This decision demonstrates that competent authorities expect companies to continue to review and enhance their internal systems and controls framework. Companies that have demonstrated proactivity in terms of remediation have often received reduced penalties in recognition of their proactive approach to compliance.
In March 2021, two German citizens were convicted by the Hanseatic Higher Regional Court in Hamburg for violating an arms embargo on Russia imposed after the annexation of Crimea in 2014. According to investigations, the individuals sold metal processing equipment, which could have been used in military missile production, to Russian clients. To circumvent checks on these dual-use goods, the individuals made contracts with fictitious recipients and forged documents, and the goods ultimately ended up with a defence end purchaser. Along with a prison sentence, the main defendant was also fined more than €8 million, that being the price he received for the equipment in question. The second defendant was sentenced to two years’ probation and handed a fine.
The German Federal Court of Justice also considered a number of cases relating to payments made to members of the Islamic State in breach of Article 2.II of Regulation (EC) No. 881/2002. The Court had to consider whether the making of a private benefit to an individual is considered as making the same benefit ‘available’ to an organisation associated with that individual. The Court ultimately ruled that the phrase ‘made available’ should be interpreted broadly, which serves as a compliance lesson to any individuals or corporates looking to make payments to those linked in whatever way to parties designated by the EU.
On 18 February 2019, the Limburg court convicted Dutch company Euroturbine BV and its Bahrain-based subsidiary Euroturbine SPC for exporting gas turbine parts to Iran without a licence. It imposed fines of €500,000 and €350,000, respectively, finding that sham legal structures were established to circumvent export controls. It also imposed custodial sentences on two individuals and sentenced a third to 180 hours of community service.
On 7 February 2020, the Limburg court imposed penalties of €600,000 and more than €4 million on the same entities for breaching EU and Dutch export controls on Iran. The penalties represent the value obtained by each entity as a result of their illegal transport of gas turbine components to Iran without an export licence.
The future of EU sanctions enforcement
Sanctions are a key tool for supporting the EU’s foreign policy objectives, which include ‘safeguarding EU’s values, fundamental interests, and security’. However, for that tool to achieve its full potential, proper implementation and enforcement of sanctions by EU Member States is fundamental. Indeed, in September 2019, Ursula von der Leyen called for ‘proposals to ensure Europe is more resilient to extraterritorial sanctions by third countries and to ensure that the sanctions imposed by the EU are properly enforced throughout its financial system’.
To reinforce this objective, on 19 January 2021, the Commission published a Communication entitled ‘The European economic and financial system: fostering openness, strength and resilience’ (the Communication). The Communication ‘sets out how the EU can reinforce its open strategic autonomy in the macro-economic and financial fields by . . . improving the implementation and enforcement of EU’s sanctions’ regimes, and increasing the EU’s resilience to the effects of the unlawful extra-territorial application of unilateral sanctions and other measures by third countries’. Proposals in the Communication included the following.
- The Commission, as the institution in charge of monitoring and coordinating the implementation of EU sanctions under the TFEU, will from 2021 contribute to the assessment of the effectiveness of EU sanctions.
- In 2021, the Commission will also conduct a review of practices that circumvent and undermine sanctions, including the use of cryptocurrencies and stablecoins. The results of this will inform possible legislative proposals or implementation guidelines from 2022.
- In 2021, the Commission will develop a database, the Sanctions Information Exchange Repository. This will enable prompt reporting and exchange of information between Member States and the Commission on the implementation and enforcement of sanctions.
- The Commission is setting up an expert group of representatives of Member States on sanctions and extraterritoriality.
- The Commission will work with Member States to set up a system to centralise notifications and the dissemination of information across Member States, and to help coordinate Member States’ replies, in full compliance with the division of competences in the treaties.
- The Commission will discuss the implementation of EU sanctions with Member States to ensure a harmonised approach in this regard.
The proposals fall short of the establishment of an EU-wide sanctions enforcement body, which could have built on the work already undertaken by RELEX, and there is limited information available on the status quo of those initiatives. On 16 March 2022, Commissioner McGuinness, the European Commissioner for Financial Stability, Financial Services and the Capital Markets Union stated:
We need to ensure that those who provide services – financial, legal and others – to oligarchs to facilitate sanctions evasion are fully aware of the risks they run. We will investigate any and all efforts to breach our sanctions legislation and there will be consequences for violations. The focus of our work is to stop money flowing to the Russian war machine. Wealthy oligarchs supporting the Russian war machine need to know that they will not find any safe haven in the EU or elsewhere.
While the bloc has historically been reticent in establishing a centralised monitoring body, as it would require significant funding and a legislative mandate for which there has historically been little appetite, the developments of the past few months may ultimately lead to a tightening of enforcement policy and supervision. With the gradually increasing rate of enforcement activity, it seems clear that certain EU Member States are prepared to take sanctions-busting activity seriously, and companies should prepare for an increased focus on enforcement of EU sanctions going forward.
 David Savage is a partner at Stewarts.
 For details about EU sanctions regimes, see the EU Sanctions Map, created during the Estonian Presidency of the EU Council, that took place between July and December 2017. Several countries, including Iran and Syria, are the targets of multiple EU sanctions programmes. Certain entries on the list are not considered to be ‘typical’ sanctions programmes; for example, those concerning Haiti, Serbia and Montenegro (bans on satisfying claims arising from former sanctions against these three countries), as well as the United States (measures restricting extraterritorial effects of US law, more commonly known as the EU Blocking Regulation), at https://sanctionsmap.eu/#/main.
 Third-party jurisdictions often align with EU restrictive measures. For example, on 17 December 2020, the Republic of North Macedonia, Montenegro, Albania, Iceland, Liechtenstein and Norway aligned themselves with Council Decision (CFSP) 2020/2130 implementing Council Decision 2012/642/CFSP concerning restrictive measures against Belarus, at www.consilium.europa.eu/en/press/press-releases/2021/01/26/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-the-alignment-of-certain-countries-concerning-restrictive-measures-against-belarus/.
 Sanctions and anti-money laundering (AML) requirements within the EU share many objectives and characteristics. Considering AML enforcement actions, particularly in the context of commentary on a company’s systems and controls framework, can be useful in informing the direction of a sanctions compliance programme.
 European Commission, press release, ‘Member States’ compliance with EU law: the situation improves but still work to be done’, 12 July 2018, at https://ec.europa.eu/commission/presscorner/detail/en/IP_18_4295.
 See ‘Consolidated versions of the Treaty on European Union and the Treaty on the Functioning of the European Union [TFEU] – Consolidated version of the Treaty on European Union – Protocols – Declarations annexed to the Final Act of the Intergovernmental Conference which adopted the Treaty of Lisbon, signed on 13 December 2007 – Tables of equivalences’, at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A12012M%2FTXT. See also Article 2(4) TFEU, which provides: ‘The Union shall have competence, in accordance with the provisions of the Treaty on European Union, to define and implement a common foreign and security policy, including the progressive framing of a common defence policy.’
 Council of the European Union, ‘Basic Principles on the Use of Restrictive Measures (Sanctions)’, Doc. 10198/1/04 REV 1 of 7 June 2004, Paragraph 3, at https://data.consilium.europa.eu/doc/document/ST-10198-2004-REV-1/en/pdf.
 See Article 27 of the UN Charter for details on UN Security Council votes and majority required (www.un.org/en/sections/un-charter/un-charter-full-text/). Note also: ‘The creators of the United Nations Charter conceived that five countries – China, France, the Union of Soviet Socialist Republics (USSR) [which was succeeded in 1990 by the Russian Federation], the United Kingdom and the United States – because of their key roles in the establishment of the United Nations, would continue to play important roles in the maintenance of international peace and security. They were granted the special status of Permanent Member States at the Security Council, along with a special voting power known as the “right to veto”. It was agreed by the drafters that if any one of the five permanent members cast a negative vote in the 15-member Security Council, the resolution or decision would not be approved.’ (See www.un.org/securitycouncil/content/voting-system.)
 See, e.g., ‘Security Council Fails to Adopt Draft Resolution on Syria That Would Have Threatened Sanctions, Due to Negative Votes of China, Russian Federation’, 19 July 2012, at www.un.org/press/en/2012/sc10714.doc.htm.
 See ‘The direct effect of European Union law’ for discourse on the principle of direct effect within the EU, at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=LEGISSUM%3Al14547.
 Council of the European Union, ‘Sanctions Guidelines – update’, Doc. 5664/18 of 4 May 2018, at https://data.consilium.europa.eu/doc/document/ST-5664-2018-INIT/en/pdf.
 id., at Paragraph 53: ‘Member States should take appropriate measures to ensure that restrictive measures are complied with.’
 European Commission, ‘Sanctions or restrictive measures’, Spring 2008, at http://eeas.europa.eu/archives/docs/cfsp/sanctions/docs/index_en.pdf.
 Council of the European Union, ‘Sanctions Guidelines – update’, Doc. 5664/18 of 4 May 2018, at https://data.consilium.europa.eu/doc/document/ST-5664-2018-INIT/en/pdf.
 Council Regulation (EU) No. 833/2014 of 31 July 2014 concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine, OJ L 229, 31.7.2014, pp. 1–11, at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02014R0833-20220316.
 Council of the European Union, ‘Restrictive measures (Sanctions) – Update of the EU Best Practices for the effective implementation of restrictive measures’, Doc 8519/18 of 4 May 2018, at https://data.consilium.europa.eu/doc/document/ST-8519-2018-INIT/en/pdf. This Note also requires that: ‘Member States should ensure efficient national co-ordination and communication mechanisms between all relevant government agencies, bodies and services with competence in the field of restrictive measures, such as ministries, financial intelligence units, financial supervisors, intelligence and security services, judicial authorities, the office of the public prosecutor and other law enforcement bodies, as appropriate.’
 Articles 227 and 228 of the Treaty establishing the European Community; see also ‘Consolidated versions of the Treaty on European Union and the Treaty on the Functioning of the European Union – Consolidated version of the Treaty on European Union – Protocols – Declarations annexed to the Final Act of the Intergovernmental Conference which adopted the Treaty of Lisbon, signed on 13 December 2007 – Tables of equivalences’, at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A12012M%2FTXT.
 For further information regarding the ‘Sanctions Formation’ of RELEX, see Council of the European Union, ‘Monitoring and evaluation of restrictive measures (sanctions) in the framework of CFSP – Establishment of a “Sanctions” formation of the Foreign Relations Counsellors Working party (RELEX/Sanctions)’, Doc. 5603/04, 22 January 2004, at http://data.consilium.europa.eu/doc/document/ST-5603-2004-INIT/en/pdf.
 Council of the European Union, ‘Sanctions Guidelines – update’, Doc 5664/18 of 4 May 2018, at https://data.consilium.europa.eu/doc/document/ST-5664-2018-INIT/en/pdf.
 For further information, see Elena Chachko, ‘Foreign Affairs in Court: Lessons from CJEU Targeted Sanctions Jurisprudence’, The Yale Journal of International Law, Volume 44: 1, at https://digitalcommons.law.yale.edu/cgi/viewcontent.cgi?article=1694&context=yjil.
 See Emil Dall, Isabella Chase and Tom Keatinge, ‘Coordinating Sanctions After Brexit: Considerations for the Future of UK Sanctions Policy’, Royal United Services Institute, 13 May 2020, p. 3.
 See ‘European Parliament recommendation to the Council of 2 February 2012 on a consistent policy towards regimes against which the EU applies restrictive measures, when their leaders exercise their personal and commercial interests within EU borders (2011/2187(INI))’, at www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+TA+P7-TA-2012-0018+0+DOC+PDF+V0//EN.
 For example, prior to Brexit, the UK’s Office for Financial Sanctions Implementation was one such dedicated department (www.gov.uk/government/organisations/office-of-financial-sanctions-implementation). Another example is Spain’s Commission for the Prevention of Money Laundering and Financial Infringements, within the Ministry of Economy (www.sepblac.es/).
 European Center for Constitutional And Human Rights, ‘Joint Letter: 14 Syrian and International Human Rights Organisations Support ECCHR’s Complaint Against Italy’, 28 June 2018, at www.ecchr.eu/nc/en/press-release/joint-letter-14-syrian-and-international-human-rights-organisations-support-ecchrs-complaint-against-italy/.
 See, e.g., Article 11 of Council Regulation (EC) No. 1183/2005 of 18 July 2005 imposing certain specific restrictive measures directed against persons acting in violation of the arms embargo with regard to the Democratic Republic of the Congo, which states to whom that Regulation will apply, at https://eur-lex.europa.eu/eli/reg/2005/1183/2019-12-11.
 US sanctions can have extraterritorial application, including through the use of US dollars in transactions. Furthermore, certain other US sanctions regimes are ‘secondary sanctions’, which can apply absent any nexus with the US.
 This was particularly so with respect to sanctions against Russia in 2014, following the illegal annexation of Crimea (and Sevastopol).
 For further information on the potential impact of Brexit on EU sanctions policy, see Erica Moret and Fabrice Pothier, ‘Sanctions After Brexit’, Survival, Global Politics and Strategy, 60:2, pp. 179–200, at https://iiss.tandfonline.com/doi/abs/10.1080/00396338.2018.1448585?journalCode=tsur20#.XvHbcdiSmUk; see also Emil Dall, Isabella Chase and Tom Keatinge, footnote 27.
 SWIFT (Society for Worldwide Interbank Financial Telecommunication) is a network of more than 8,300 banks, securities and corporations located in more than 200 countries that allows for the exchange of standardised financial messages between financial institutions throughout the world.
 Council Regulation (EU) 2017/1509 of 30 August 2017 concerning restrictive measures against the Democratic People’s Republic of Korea and repealing Regulation (EC) No. 329/2007, at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02017R1509-20210807.
 Article 23(1)(e) of Council Regulation (EU) 2017/1509 of 30 August 2017.
 See, e.g., the UK’s Serious Fraud Office’s ‘Corporate Co-operation Guidance’, which states: ‘Organisations seeking credit for co-operation by providing witness accounts should additionally provide any recording, notes and/or transcripts of the interview and identify a witness competent to speak to the contents of each interview.’ (www.sfo.gov.uk/publications/guidance-policy-and-protocols/sfo-operational-handbook/corporate-co-operation-guidance/.)
 Interestingly, the UK’s Office of Financial Sanctions Implementation states in its guidance on ‘Monetary Penalties For Breaches of Financial Sanctions’: ‘We also recognise that some documents may be protected by legal professional privilege. Protections for legally privileged material are explicitly written into the majority of the current regulations, which exempt legally privileged information from having to be disclosed under the above obligations and requirements. Even where there is no such explicit provision, we consider that relying on legal professional privilege could amount to a reasonable excuse not to disclose a document.’ (https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/708990/Monetary_Penalties_Guidance_web.pdf.)
 Council Regulation (EU) No. 36/2012 of 18 January 2012 concerning restrictive measures in view of the situation in Syria and repealing Regulation (EU) No. 442/2011, at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02012R0036-20200217.
 Council Regulation (EU) No. 697/2013 of 22 July 2013 amending Regulation (EU) No. 36/2012 concerning restrictive measures in view of the situation in Syria, at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32013R0697.
 id., at Article 2a.
 ‘Four Months’ Suspended Prison Sentence for Demant Over Dan-Bunkering Sanctions Breaches’, Ship and Bunker, 13 December 2021, https://shipandbunker.com/news/world/381571-four-months-suspended-prison-sentence-for-demant-over-dan-bunkering-sanctions-breaches.
 Raguram International, Procedure No. 2018-05, Removal from the list mentioned in Article L.612-21 of the Monetary and Financial Code, Audience of 29 March 2019, Decision rendered on 8 April 2019, at https://acpr.banque-france.fr/sites/default/files/media/2019/04/10/190409_pd_raguram.pdf (in French).
 Suddeutsche Zeitung, ‘Detention for violations of the Russia embargo’, 4 March 2021, www.sueddeutsche.de/bayern/prozesse-hamburg-haft-fuer-verstoesse-gegen-russland-embargo-dpa.urn-newsml-dpa-com-20090101-210303-99-676270.
 Linburg District Court, ECLI:NL:RBLIM:2019:1484, 18 February 2019, https://uitspraken.rechtspraak.nl/inziendocument?id=ECLI:NL:RBLIM:2019:1484.
 Linburg District Court, ECLI: NL: RBLIM: 2020: 899, 7 February 2020, https://uitspraken.rechtspraak.nl/inziendocument?id=ECLI:NL:RBLIM:2020:899.
 Mission letter from President von der Leyen to Valdis Dombrovskis, Executive Vice President responsible for the Directorate-General for Financial Stability, Financial Services and Capital Markets Union, 10 September 2019, at https://ec.europa.eu/info/sites/default/files/mission-letter-valdis-dombrovskis-2019_en.pdf.
 COM/2021/32 final of 19 January 2021, ‘Communication from the Commission to the European Parliament, the Council, the European Central Bank, the European Economic and Social Committee and the Committee of the Regions: The European economic and financial system: fostering openness, strength and resilience’, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52021DC0032&qid=1611728656387.
 For an exploration as to why a centralised EU enforcement body is not practicable, see Niklas Helwig, Juha Jokela and Clara Portela, ‘Sharpening EU sanctions policy for a geopolitical era’, Prime Minister’s Office Helsinki 2020, https://julkaisut.valtioneuvosto.fi/bitstream/handle/10024/162257/VNTEAS_2020_31.pdf.
 For more information, see www.consilium.europa.eu/en/council-eu/preparatory-bodies/working-party-foreign-relations-counsellors/.
 https://ec.europa.eu/commission/presscorner/detail/es/ip_22_1828. See also, https://ec.europa.eu/info/business-economy-euro/banking-and-finance/international-relations/restrictive-measures-sanctions/what-are-restrictive-measures-sanctions_en, which states: ‘[The Directorate-General for Financial Stability, Financial Services and Capital Markets Union (DG FISMA)] is also in charge of monitoring, on behalf of the European Commission, the implementation and enforcement of EU sanctions across Member States. DG FISMA is increasingly supporting Member States in their efforts to apply sanctions, by answering questions of interpretation raised by national competent authorities, as well as economic and humanitarian operators.’