In today’s rapidly changing sanctions landscape, a bare minimum approach to sanctions compliance can leave organizations open to a range of risks that can wreak havoc across their business. Holistic approaches to due diligence can help mitigate these risks and create frameworks that drive compliance for the long-term.

Posted In:

Nearly a year into Russia’s war in Ukraine, it might seem reasonable to expect that any state-owned enterprise, politically exposed person (PEP), and beneficiary of Putin’s kleptocracy that can be sanctioned has been sanctioned. Thus, many sanctions compliance programs simply run the names of their potential business partners or investments through the lists of over 235,000 sanctioned entities and individuals worldwide. Compliance analysts, stretched thin already by the pace and complexity of sanctions, often must trust that automated search engines are accurate and government databases are updated and complete. However, checking a name against a sanctions list should be the floor not the ceiling for compliance. Failing to dig deeper, whether with good intentions or out of willful ignorance, exposes businesses to avoidable risk.

The first problem with this approach is that it is the bare minimum and does not measure up to what is needed in an ever-evolving scenario. Sanctions compliance now requires compliance officers to make complex capital structure decisions and investigate entities beyond the country of origin or the name on the company stationary because of prohibitions against doing business with sanctioned subsidiaries, offshores, and shell corporations. It is no longer enough to enter “no trades with North Korea” in a Bloomberg terminal. This approach also does not account for the business risk of dealing with entities and individuals who either violate sanctions or may become sanctioned in the future. Recent US sanctions have come with and through federal indictments for sanctions evasion, and many of our clients are concerned about the risk to their businesses should one of their key suppliers, customers, or partners become sanctioned or indicted for evading sanctions, particularly in industries where it is difficult to sever relationships or find alternatives.

If prevention is the best medicine, then thorough sanctions due diligence can help mitigate financial, reputational, and legal risks across industries. The below examples can help illustrate how this comes to life.

Supplier Due Diligence

November 2022 US sanctions against several oil and gas traders in Hong Kong, China, and United Arab Emirates for helping facilitate the sale and transport of sanctioned Iranian petrochemicals serves as a warning that doing business with intermediaries who are helping other customers violate sanctions may, at the very least, disrupt business, and could, at the worst, implicate it, too. One of the sanctioned companies, East Asia Trading Import and Export Trade Co. LTD. boasts 346 clients across 96 countries. While most of them are unlikely to be taking shipments of illicit Iranian oil and are likely shocked to learn that their longtime shipping facilitator in Hong Kong has been violating US sanctions, they nonetheless must scramble to indemnify themselves while searching for a new shipping facilitator in Hong Kong on a moment’s notice.

Searching for the next shipping facilitator will likely be very different after this experience. It must involve screening the supplier’s key personnel for any previous infractions, auditing available shipping logs and bills of lading, as well as inquiring about sources of revenue and other clients. Nobody will readily admit to violating US sanctions, but the same information and techniques that US government agencies use to identify and investigate sanctions violations can be applied by anybody as a form of proactive due diligence.

Manufacturer Due Diligence

In October 2022, OFAC sanctioned several Russian individuals and their German companies for facilitating deals that procured dual-use technology for sanctioned Russian entities and the Russian government. The Justice Department charged the same individuals with evading global sanctions and money laundering. The microprocessors and advanced semiconductors designated as dual-use technology in this case have applications in both civilian and military avionics guidance systems. This enforcement serves as a reminder that many high-tech manufacturers could be in the crosshair of sanctions enforcement in the future even if they are not strictly military manufacturers, and that sanctions evaders use companies and intermediaries registered in countries like Germany to avoid scrutiny.

The acceleration of strategic competition in the high-tech space coupled with the ever-increasing complexity of corporate layering sometimes means regulation outpaces enforcement, let alone private business due diligence. For example, US Treasury’s broad ban on doing business with manufacturers owned by Chinese State-owned military industrial companies includes numerous ongoing exceptions, clarifications, and updates based on changing ownership structures and national security priorities. In a world of shifting and reorganizing supply chains, unprecedented technological acceleration, and global instability, it is vital to diligence every third-party manufacturer’s ownership structure and client list whenever possible. Third-party manufacturer diligence is especially good practice for those companies that do not have regular exposure to dual-use technology.

LP Due Diligence

Private equity (“PE”) investors have long been wise to the power of thorough pre-deal diligence, and many limited partners (“LPs”), particularly institutional investors, require PE firms to conduct sanctions diligence on their investments. The process of M&A diligence has become more robust in recent months as many firms are choosing to not just run the name of their target company through a sanctions database, but to conduct full scope background investigations into founders, other investors, and key hires. Thorough M&A diligence now means investigating the founder’s offshore companies, the CFO’s former problematic employer, and a major investor’s source of funds, to name a few examples of potential future sanctions exposure.

The PE industry has certainly moved beyond merely checking the box when it comes to pre-deal diligence, but not as many PE firms are as thorough when it comes to diligence before forming a fund. What happens if an LP becomes sanctioned three years into a five-year fund? What if a PE firm is raising its fourth fund with an investor they have known for decades, but other LPs investing public money are nervous about entering a fund with a politically exposed person? Conducting thorough diligence can help assuage concerns that a potential LP risks becoming sanctioned down the road. Removing an LP from a fund is far more onerous than offloading a bad investment, and the next era of PE diligence will likely spotlight the risk posed by LPs themselves.

Customer Due Diligence

Businesses like high-end luxury real estate developers and design/builders that assume significant asymmetric risk relative to their customers are particularly vulnerable to sanctions exposure. Customers commissioning luxury homes conduct extensive due diligence on their builder—they look at previous work samples, interview former customers, search for litigation, and perhaps ask for proof of an ESG record. They also often launch the project on a relatively miniscule deposit. But design/builders rarely do the same level of diligence on their customers while also incurring the lion’s share of financial risk.

If the customer turns out to be a sanctioned individual acting through an intermediary, or a politically exposed international that becomes sanctioned part way through the project, or even a combative character whose assets are tied up in multiple lawsuits, most builders will wish they had never taken on the customer in the first place. It is much more difficult to offload a partially built custom luxury residence for a sanctioned oligarch than it is to sell recently sanctioned securities, not to mention the sunk opportunity cost of rejecting other business for the duration of the now tainted project. Luxury builders are but one example of an enterprise whose revenue is driven by a handful of deals annually, incurs significant opportunity cost when taking on new clients and operates in an industry where the customer assumes far less risk than the seller. Art and antiquities dealers and manufacturers of luxury goods like jets and yachts need to consider vetting their customers carefully.


The trend is clear: sanctions are a major part of geo-economic policy and will continue to affect more industries than ever before. As a result, the future of sanctions compliance will require deeper knowledge of global corporate investigations than ever before. The simultaneous proliferation and complexity of global sanctions has the potential to expose almost any business to sanctions risk—from the expected oil trader and technology buyer to the unexpected private equity fund and high-end home builder. Incorporating preventative sanctions diligence into every compliance process and risk mitigation strategy is a must for any business that cannot afford major disruptions in the future.

About the Authors

Naphtali Rivkin

Naphtali Rivkin

Naphtali Rivkin brings more than seven years of experience in intelligence and investigations for the U.S. government, private investors, and political and nonprofit organizations. Specifically, Naphtali focuses on pre-transaction human […]

Read Bio
David Holley

David A. Holley

David A. Holley, a Partner with StoneTurn, has more than 30 years of investigative and risk consulting experience and frequently serves as a trusted advisor to corporations, law firms, audit […]

Read Bio