Sanctions are in place for social, economic and political protection, but they’re not always obvious and failure to spot them can have serious consequences

“The risk of breaking sanctions is very serious – and there are a lot of countries where sanctions apply. We have to be very careful about who our customers are delivering our products to and make sure that they are selling to reputable companies and not organisations that will sell those products on to others whose customer base may breach sanctions.”

This was one risk manager’s response on being asked to identify key risks for their company in the next year for this year’s StrategicRISK Report (available for download at He believed that the risk of inadvertently breaching sanctions is likely to increase in the next 12 months, particularly in view of the volatile political situation, and civil unrest currently arising in a number of countries that have already increased sanctions and are likely to continue to do so. And his comments illustrate the difficulty of trying to track end buyers in the customer chain.

Traditionally, banks have been the global watchdog as far as illegal activities such as breach of sanctions and money laundering are concerned. They’ve also tended to be the scapegoats if they turn a blind eye to suspicious transactions – a situation that has concentrated their minds significantly on the problem.

Risk intelligence organisation World-Check’s Andrew Yuille says: “Most things go through banks, so they are a fairly good place to catch on to something that should not be going on. But compliance with sanctions has to be far wider than the banking industry.”

“You have to know who is on the sanctions list to check that they’re not a customer that might present an issue – but by the time an organisation or individual has been sanctioned, it’s almost too late. It’s better to have an early warning system so that you can see who is likely to end up on a sanction list and avoid having them as a client to start off with.”

This might sound like a tall order but in fact regular sanction-busters – those who supply goods to sanctioned organisations – often leave discernable footprints. Suspect customers are unlikely to be on an actual sanctions list, but the associates on which they rely are the ones to watch out for.

Yuille cites the case of a small US business that had bought pipe bending tools from a Chinese business that turned out to be acting for an Iranian concern. Every time the organisation at that address in China was sanctioned it would change its name, a common trait with sanction busters which, along with language translation difficulties, can cloud transparency for foreign buyers.

Another problem is the number of sanctions now in force. In addition to sanctions imposed by the UN and EU, individual countries take their own approach, targeting countries or businesses that may not be on other sanction lists. It can be a minefield for global companies with different production units around the world.

Be alert to suspicions

So what’s the best way for risk managers to get to grips with this problem? Due diligence in respect of both suppliers and customers, in the first instance. Airmic’s technical director Paul Hopkin suggests that risk managers employ the same techniques that they use to ensure an ethical supply chain, and to seek assurances from customers regarding the ongoing destination of products.

“There’s a parallel between this and the kind of approach that risk managers take to limit their liability in respect of health and safety,” he says. “For example, component suppliers will specify any constraints on their use to guard against liability claims, so there’s no reason why they shouldn’t also specify constraints on their supply to sanctioned businesses or countries.”

Companies and their employees, particularly in the financial industries, shouldn’t turn a blind eye to something suspicious, as this could implicate them in what’s gone on, says Yuille. So risk managers should encourage whistleblowing. Yet history shows that whistleblowers tend to be very badly treated by their employers, so work needs to be done to encourage people.

When employee of Wachovia bank Martin Woods suspected wrongdoing on the part of his employer, his report to them was dismissed as “defensive and undeserved”. He told StrategicRISK that he underwent a sustained campaign of harassment, bullying and fabricated disciplinary proceedings before his allegations were proven well-founded. He now advises companies and individuals on all aspects of financial crime including sanction breaches.

A final word of warning. The USA has introduced a number of sanctions against countries – for example, the Comprehensive Iran Sanctions, Accountability, and Divestment Act (CISADA). There’s a possibility that such legislation could catch external companies that have a footprint in the USA in the same way as the US Foreign Corrupt Practices Act.

Case study

It’s not only the big boys and the banks that get picked up for breaching sanctions. The relatively small UK Weir Group, a Scottish engineering company employing around 9,000 people, globally admitted breaking UN sanctions in its dealings with Iraq during Saddam Hussein’s regime. It breached the Oil-for-Food programme in place at the time by paying kickbacks to the government to secure lucrative contracts.

The company was fined £3m for the breach and also had £13.9m of illegal profits confiscated.

UN sanctions watchlist


Direct or indirect supply, sale or transfer of arms and related material of all types.


Exportation, supply or delivery of any arms and related material to Osama bin Laden, the Al-Qaeda Organisation, the Taliban and their associates.

Cote de Ivoire

Import of rough diamonds, except those used solely for scientific research to facilitate the development of technical Ivorian diamond production, provided the research is approved by the Kimberley Process Committee; and supply and delivery of arms and related material, except that supplied for the parties or purposes specified in the relevant UN Security Council’s Resolutions.

Democratic Republic of the Congo

Supply and delivery of arms or related material, except to parties and under conditions specified in the UN Security Council’s Resolution 1771 (2007).

North Korea

Direct or indirect supply, sale or transfer of all arms and related material as specified in the relevant UN Security Council Resolutions; all items as set out in the lists in the UN documents S/2006/814 and S/2006/815; and exportation of the above items (other than luxury goods) from North Korea.


Direct or indirect supply, sale or transfer of all items that could contribute to Iran’s uranium-enrichment and reprocessing activities, heavy water activities or technology related to nuclear ballistic missiles set out in relevant sections of Security Council document S/2010/263 and the International Atomic Energy Agency documents INFCIRC/254/Rev. 9/Part 1 and INFCIRC/254/Rev. 7/Part 2, or determined as necessary by the Security Council, the cwommittee or the state.


Sale or supply of arms and related material to Iraq, except for those required by the relevant authority stated in the UN Security Council’s Resolution 1483 (2003).


Sale, supply or delivery of arms and related material, except for those authorised by the Government of Lebanon or by the UN Interim Force in Lebanon.


Direct or indirect supply, sale or transfer of arms and any related material to all non-governmental entities and individuals operating in the territory of Liberia.


Exportation, supply or delivery of any arms and related material, and any goods related to the manufacture or maintenance of weapons.


Supply and delivery of arms and related material to any non-governmental entity or individual, except for the parties or purposes specified in the UN Security Council’s Resolution 1591 (2005).