Back to All Blog Posts

The View from the Top: Sanctions Response 2022 – A Guide to Leveraging Your Own Data to Mitigate Risks Following the Russian Invasion of Ukraine

Sancions Tips AML Compliance

Disclaimer: The following posting is my own and does not represent Huron’s positions, strategies or opinions.

The skinny:

  • Longtime fincrime compliance thought leader Rob Loh, Senior Director at Huron, offers a deep and detailed analysis of key tactics financial institutions and corporates more broadly can use to gauge how blacklisted groups and entities on sanctions lists have touched their operations.
  • In short: By examining current data on past interactions with Russian and related entities – some that were not designated by any jurisdiction at the time – institutions can craft bespoke, tailored and multi-dimensional risk profiles charting legal,regulatory and reputational exposure points.
  • Sanctions compliance, a challenge in the best of times, has become a more vexing issue for financial institutions and businesses with designations nearly tripling in just a few months – and rising weekly.

The View from the Top is a new ACFCS series connecting, collaborating and sharing the knowledge of the sector’s brightest minds to light your darkest days.

By Rob Loh
Senior Director, Huron
May 24, 2022

In the days and weeks following Russia’s February 2022 invasion of Ukraine, the United States, European Union, and others levied multiple rounds of sanctions against Russian individuals, government entities and corporations in an expansion of those sanctions enacted following Russia’s 2014 invasion of Crimea.

The speed and breadth of the expansion of sanctions has set financial institutions and government enforcement agencies scrambling to keep up.

Sanctions against Russian individuals and entities, chiefly tied to the annexation of Crimea in 2014 totaled 2,754, but the United States, Europe, the United Kingdom and other regions have added 7,826 additional parties since February 2022, according to Catellum.AI.

To view the full Russian sanctions dashboard, click here.

The result: overnight, customer relationships and transactions that had been permissible were now subject to restrictions and increased scrutiny.

Financial institutions, both small and large, have been racing to understand the scope of these expanded sanctions, identify the relevant risk areas, and prepare for any related interactions with regulatory and enforcement agencies.

While the emerging risks are sure to cause concern for management teams, these concerns can be mitigated by leveraging readily available data.

Rob Loh

The Big Picture and Risk Exposure

Risks related to the expanded Russian sanctions can come from both governmental and public sources.

Increased attention from government enforcement agencies with the ability to level civil and criminal penalties can be expected and backlash from the public for not meeting the new sanctions are real possibilities.

In the United States, two of the agencies enforcing sanctions are the Office of Foreign Assets Control (“OFAC”) and the Department of Justice (“DOJ”).

OFAC, a financial intelligence and enforcement agency of the U.S. Treasury Department, was established in 1950 following China’s entry into the Korean War and is responsible for civil enforcement of U.S. sanctions laws.

OFAC maintains a list of “Specially Designated Nationals” (“SDNs”) comprised of “individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries.”[1]

Additionally, the Financial Crimes Enforcement Network (FinCEN), also part of the U.S. Treasury Department, is circulating information to financial institutions regarding red flags associated with attempts to evade sanctions[2] and has reminded institutions of suspicious activity reporting requirements.

Further, the Kleptocracy Asset Recovery Rewards Program[3], established as part of the National Defense Authorization Act, and offers rewards of up to $5,000,000 for information “leading to the (1) restraint or seizure (2) forfeiture or (3) repatriation of stolen assets in an account at a U.S. financial institution…”

The DOJ is responsible for investigating criminal violations of sanctions laws and recently announced the formation of a special team, Task Force KleptoCapture, specifically to investigate and prosecute violations of economic sanctions.[4]

Attorney General Merrick Garland, when announcing the creation of Task Force KleptoCapture, made clear the government’s intent to enforce the sanctions, stating that “The Justice Department will use all of its authorities to seize the assets of individuals and entities who violate these sanctions.”

The civil and criminal penalties of not complying with sanctions regimes can be severe.

For example, in 2014, BNP Paribas S.A. entered a guilty plea and paid $8.9 billion to resolve charges linked to processing financial transactions for entities and individuals in countries such as Sudan, Iran, and Cuba in violation of U.S. sanctions.[5]

In addition to the legal risks associated with governmental inquiries, financial institutions also face potential reputational harm in the court of public perception.

The degree of public attention on the events in Ukraine will undoubtedly raise the specter of reputational harm in eyes of the public should an institution fail to adequately adapt to the new sanctions.

This reputational harm may even lead to customers moving to other institutions.

Risk Level  Ranking

Responding to the Expanded Risk Environment

The legal and public perception risks of failing to stay on top of the evolving sanctions landscape are significant.

Effectively responding to these risks will require institutions to understand the degree to which their organization is currently or may have previously interacted with sanctioned entities and individuals.

Many of these SDNs have spent years moving money through western financial systems using complex webs of shell and front companies to avoid detection and acquire assets such as luxury apartments, artwork, yachts, jets, etc.

A thorough understanding of how your institution has historically interacted with these entities – which may have been entirely permissible prior to the sanctions enhancements – will go a long way to helping design and implement effective policies and procedures going forward when handling account opening, sanctions screening, transaction monitoring and suspicious activity reporting for similar groups.

Gaining this level of insight will not be quick or easy. However, much of the necessary information is likely already in the hands of financial institutions.

In the following sections, I have outlined several strategies that can be employed to identify information related to past interactions, understand it, and use it to develop an action plan to more effectively remain compliant.

Taylor Pic 2

What types of data does an institution have?

In the ordinary course of business, financial institutions regularly generate substantial amounts of data in both structured and unstructured formats.

  •   Structured data, (i.e., categorized and highly organized)
  • Customer data (e.g., names, addresses, account activity histories, etc.),
  • Transaction information (e.g., SWIFT, Travel rule requirements, 314(b) sharing, etc.), and
  • Information from government agencies (e.g., SDN lists, 314(a) lists, etc.).
  •   Unstructured data (primarily qualitative data) typically accounts for a significantly larger portion of the data collected by financial institutions, including emails, negative news screening reports, social media data, and other sources.

Additionally, it is critical to understand the availability of external data sources that can be used to better identify the networks and entities that may have been used to obfuscate beneficial ownership information for an institution’s customers. This might include corporate registration data (e.g., addresses, officers/directors, etc.) and other banking relationship information, including joint accounts.

Institutions should consider the degree to which this data can be collected from automated vs. manual processes, and where gaps in both internally and externally generated sources of data may lurk.

Refinitiv AML Member Spotlight

What can be learned from this data?

Once an institution understands the types of information available to it, it can begin the process of analyzing and leveraging the data to create actionable intelligence. This intelligence can be targeted by answering the following questions as a starting point:

  • Do we have a current relationship with the sanctioned parties?
  • Do we have relationships with known proxies and business entities which may have transacted with these customers in the past?
  • Do we have indications that a party may be attempting to skirt beneficial ownership rules?
  • Are we processing transactions with a geographical link to Russia? What about countries known to facilitate Russian transactions (e.g., Cyprus, Serbia, etc.) or those publicly supporting Russia?
  • Is our transaction monitoring program detecting shifts in patterns since the expansion of the sanctions regimes? Are transactions that have previously been expected for Russian linked individuals and entities now flowing through a different jurisdiction or to another party?
  • Do we have correspondent banking relationships that should also be scrutinized for activity sufficient to create a nexus for US regulators to bring enforcement actions against the institution?

By combining all the data, financial institutions can employ multi-dimensional risk screening profiles, which will create a more complete view of potentially illicit financial activity.

How can this intelligence be utilized?

As institutions begin to collect and analyze the available data, these findings should be applied to the institution’s risk appetite framework to reassess their overall risk exposure.

This would include discussions regarding potential remediation actions to take in response to any findings or changes in risk profiles.

For example, if accounts linked to sanctioned parties are found, should the institution simply freeze the accounts or end the banking relationship entirely? Discussions could also involve the potential need to amend previously filed suspicious activity reports based on newly generated data.

Taylor Main Fincrime cast

How can institutions plan for inquiries from regulatory and enforcement agencies?

Once institutions understand the insights available from their data and begin to decide on how to act on it, they need to prepare for potential inquiries from regulatory and law enforcement agencies.

These inquiries may occur during a regularly scheduled regulatory exam or may come from law enforcement agencies investigating a specific allegation.

Additionally, a tip leading to a DOJ investigation may come from another institution or from a whistleblower submission made under the Kleptocracy Asset Recovery Rewards Program.

It is important to have evaluated and planned for the government’s inquiry because the institution’s initial response can have significant impact on the subsequent course of the government’s review of the activity at question. You do not want to be caught flat-footed.

This preparation should be in place already, but if not, the first step is for financial institutions to have clearly defined and communicated policies and procedures for interacting with regulatory and enforcement agencies.

Institutions should also consider how to adapt these policies based on differing requirements for both domestic and international operations.

The second is to have procedures in place to undertake lookback transaction reviews to understand past practices, document any internal control/policy deficiencies, and create a remediation plan.

This activity should inform an institution’s Risk Appetite and Limit Frameworks, tuning of models and reporting content and frequency.

Rather than waiting on inquiries from regulators and enforcement agencies, financial institutions should consider, with the help of internal and external counsel and unless restricted by law, pro-actively self-disclosing issues.

The self-disclosure of issues does not need to wait for the completion of a full internal investigation but should include a reasonable investigation plan as well as an understanding of the relevant issues.

Finally, financial institutions should also undertake assessments of their own Financial Intelligence Unit operations and conduct regular audit readiness reviews as a further check against missing indicators of potential sanctions violations.

Coronavirus Falling

Preparing for the Future

The expansion of sanctions following Russia’s invasion of Ukraine is forcing financial institutions, and other organizations such as auction houses, yacht sellers, real estate brokers, etc. to all re-think their approach to combatting financial crimes.

While it is too early to point to significant enforcement actions directly related to the invasion, it is unlikely that sanctions violations will be ignored.

The BNP Paribas resolution shows that the potential penalties associated with failing to adequately comply with the sanctions are significant.

Organizations re-thinking their approach to financial crimes in response the expansion of sanctions should strive to:

  • (i) understand the available data,
  • (ii) apply intelligence gained from it to existing risk frameworks, and
  • (iii) prepare for interactions with regulatory and enforcement agencies.

Those making serious efforts now in these areas will be well positioned to avoid extremely large and severe penalties in the future from both legal and public sources.

See What Certified Financial Crime Specialists Are Saying

"The CFCS tests the skills necessary to fight financial crime. It's comprehensive. Passing it should be considered a mark of high achievement, distinguishing qualified experts in this growing specialty area."


(JD, Washington)

"It's a vigorous exam. Anyone passing it should have a great sense of achievement."


(CFCS, Official Superior

de Cumplimiento Cidel

Bank & Trust Inc. Nueva York)

"The exam tests one's ability to apply concepts in practical scenarios. Passing it can be a great asset for professionals in the converging disciplines of financial crime."


(CFCS, Royal Band of

Canada, Montreal)

"The Exam is far-reaching. I love that the questions are scenario based. I recommend it to anyone in the financial crime detection and prevention profession."


(CFCS, CAMS Lead Compliance

Trainer, FINRA, Member Regulation

Training, Washington, DC)

"This certification comes at a very ripe time. Professionals can no longer get away with having siloed knowledge. Compliance is all-encompassing and enterprise-driven."

Director, Global Risk
& Investigation Practice
FTI Consulting, Los Angeles