On Feb. 23, the US announced sanctions and export controls on hundreds of Russian and “enabling” persons and entities to mark the second anniversary of Russia’s further invasion of Ukraine and in protest of the death of imprisoned anti-corruption activist Alexei Navalny.
The more than 500 new sanctions “target individuals connected to Navalny’s imprisonment as well as Russia’s financial sector, defense industrial base, procurement networks and sanctions evaders across multiple continents,” while new export restrictions target “nearly 100 entities for providing backdoor support for Russia’s war machine.”
All US companies engaged in international commerce, directly or indirectly, are expected to maintain effective compliance programs that screen for, and avoid transactions with, targeted persons and entities. Going forward, the newly sanctioned must be added to the rolls of know-your-customer blacklists maintained by companies and their screening vendors.
However, the facilitators and enablers who construct evasion networks are undoubtedly already adapting and replacing—aided by Russia’s intelligence services—these targeted entities with new waves of strawmen willing to risk future sanctions for financial reward.
The increasing sophistication of our state adversaries and corresponding countermeasures by our government lead to seemingly never-ending cycles of designation and evasion. At the same time, more aggressive criminal enforcement of existing sanctions and export controls is likely.
The Department of Justice has criticized traditional screening methods as insufficient and signaled its intent to enforce sanctions and export controls in a manner similar to US Foreign Corrupt Practices Act enforcement—which is driven not only by an “actual knowledge” standard for liability but also “high probability” standard of liability for the actions of intermediaries.
Companies and their compliance teams will be consistently stuck in the middle of a whack-a-mole exercise of increasing complexity. How best can they respond to and manage such challenges?
Considering that sanctions and export controls are tools to further foreign policy objectives, companies can borrow lessons from America’s struggle against terrorist networks in Iraq—and indeed other national security challenges—where the root cause of failure was an organizational mindset ill-adapted to the new tactics deployed by a resourceful adversary.
Retired General Stanley McChrystal described the issue as an “attachment to procedure instead of purpose” that valued “efficiency over adaptability.” While this approach can be successful within relatively simple systems, the same may prove fatal when the “number of branches on the contingency tree” becomes too great and something “that was once merely complicated had passed the threshold of complexity.” In such circumstances, he wrote, for “crews trained in checklist-based efficiency, minor deviations from the plan led to unnecessary deaths.”
Faced with a rapidly evolving and increasingly complex threat environment in Iraq circa 2006, two strategies proved successful: flattening hierarchies and facilitating cross-functional information-sharing across military branches and government agencies, and identifying facilitators and enablers without whom the terrorist networks’ foot soldiers couldn’t effectively coordinate and launch attacks.
McChrystal’s Joint Special Operations Command pooled data seized on the battlefield with information from tactical interrogations and national intelligence agencies’ holdings. Analysts observed terrorists contacting the same bomb-makers, corrupt police, forgers, money launderers, and smugglers. JSOC drew on those links to quickly identify and locate more terrorists and degrade the ability of the next wave of terrorists to carry out deadly attacks.
With this example in mind, what actions can companies take to better manage the ever-increasing complexity of today’s evasion networks and leave the whack-a-mole paradigm?
First, companies should improve coordination and sharing among and across teams. Sanctions and export controls teams should be in regular communication about challenges and lessons learned. Anti-corruption teams familiar with the “high probability” standard should be included. Colleagues in tax, finance, procurement, and sales likely also have information important to a holistic, risk-based assessment of evasion risk. Companies should pool information—as JSOC did—and push it down to lower levels to better inform operational decisions.
Second, cross-functional teams should conduct a root-cause analysis whenever customers, resellers, or distributors are designated or listed. Doing so will allow companies to identify the facilitators and enablers that frustrated their prior compliance efforts and prevent exposure to future liability.
- What intermediaries were involved?
- Who are the managers and ultimate beneficial owners of such entities—and do they appear in other relationships?
- Who was the identified end-user, and do they have the industrial and technical background to use the products?
- Do the addresses provided appear to be legitimate business locations, or in other relationships?
- Who from sales proposed the relationships?
- Have those colleagues since proposed new opportunities for similar orders?
As JSOC learned, identifying and locating second-order persons facilitating the underlying actions allows more-effective and higher-impact targeting.
We don’t suggest that such cross-functional retrospectives can or should be done for all of a company’s counterparties or intermediaries. But when any counterparty or intermediary is designated or listed, such an exercise would be well worth the effort.
Companies undertaking such an exercise can best protect themselves from the next wave of front companies that the facilitators and enablers will deploy. We expect that US regulators will view such efforts as part of effective compliance programs.
Companies are—as the DOJ has warned them—on the front lines of this economic war. Taking lessons from successful warfighting strategies are necessary to anticipate and block the next steps of the highly sophisticated, complex evasion networks we face today.
This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.
Author Information
Kevin Carroll is partner at Hughes Hubbard & Reed and formerly served with the Department of Homeland Security.
Michael Huneke is partner at Hughes Hubbard & Reed’s sanctions and export controls practice.
Sean Reilly is counsel at Hughes Hubbard & Reed and formerly served with the Department of Commerce.
Write for Us: Author Guidelines
To contact the editors responsible for this story:
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.