Named and shamed: The implications of appearing on the EU's sanctions list

What is the EU's sanctions list? How is it produced and amended? What are the implications of being listed? Aki Corsoni-Husain answers these questions in this article, originally published by ThomsonReuters©.

Of the many client risks faced by financial institutions doing business today, one probably tops the growing list of reasons for Europe-based compliance officers to lose sleep at night: finding out that a client is named on the EU's consolidated sanctions list of persons, groups and entities subject to EU financial sanctions (sanctions list).

It can legitimately take the title of being the primus inter pares of compliance concerns and not just of the private sector but in many cases of regulators and competent authorities alike.

These worries have been brought into sharp focus following the steadily increasing use of listings by the world's two sanctions-designating superpowers: the United States and the European Union. Within the EU two events brought sanctions, or more precisely restrictive measures, into sharp relief: the 2011 Arab spring and Russia's annexation of Crimea in 2014.

What is the EU's sanctions list?

The sanctions list represents a vital component of the EU's aim to implement a unified and autonomous foreign policy, ie its common foreign and security policy (CFSP). In practical terms it operates effectively as a blacklist of those individuals, organisations and entities (designated persons) appearing on it.

In a rare example of extra-territorial reach, the list must be observed by EU citizens based anywhere in the world. The EU also works actively with third countries, even including the United States at times, to encourage the implementation equivalent and uniform sanctions lists.

How is the EU sanctions list produced and amended?

The EU is ultimately a rules-based structure, and as such the authority for the imposition of the list is contained in its founding treaties (more precisely, Article 29 of the Treaty on the European Union or TEU). In broad terms, restrictive measures are imposed for political rather than economic reasons, in essence to bring about a change in policy or activity by the target country, government, entities or individuals, in line with the objectives set out in the CFSP implementing legislation.

UN Security Council sanctions lists are included automatically within the EU's list but the EU additionally implements a vast number of extra designations far beyond those listed by the UN. In some cases, entirely new and autonomous sanctions regimes (and their lists) have been created where none exist at UN level for political reasons: those on Russia and Ukraine being prime examples.

Within the EU, its political wing, the Council, is responsible for the production and roll out of the lists. The Council's Working Party of Foreign Relations Counsellors (RELEX) deals with sanctions formation policy whereas the European External Action Service (EEAS), a form of foreign civil service of the Council, assists in the administration of the lists, including requests for corrections, amendments and delisting.

Implications of being listed

The immediate and direct consequence of being listed is that:

  • property and assets (very broadly defined),
  • which are owned or controlled (or held to the benefit of) by a designated person, and
  • which are based in, or subject to, EU jurisdiction,

must be frozen by all persons (not just financial institutions), and even including the designated persons themselves.

For a designated person to access frozen funding, even in order to pay for mundane expenses such as the weekly shop, a licence must be obtained from the competent authorities. The application for a licence must set out the precise grounds, in law, for the issuance of a licence. Obtaining a licence is not, however, straightforward for a designated person (or third parties) and can take many weeks or months.

Practical impact of the sanctions lists

From an institutional perspective, it may be far from clear whether the sanctions regime should apply, in particular, where the funds or assets of designated persons are mixed with non-designated persons. This can be particularly stark, for example, where a company is owned by a number of parties and only one is a designated party, in particular where the designated person is only a minority shareholder. To lawyers' delight it is impossible to avoid the complexity in many, possibly most, cases.

Added to this, there is relatively little that institutions can do to prevent ever dealing with a person that might, one day, end up on sanctions list. After all, clients may be the darling of the City and Wall Street one day but pariahs the next. This was seen in stark relief in the case of Libya where numerous blue-chip credit and financial institutions worked to be appointed by the country's sovereign wealth funds only to be required to freeze all assets following the fall of the Gaddafi regime in 2011.

In the light of the above, institutions now look to mitigate risks through increased intelligence gathering from third party platforms to better understand background information about counterparties, especially those based in emerging and frontier markets and in particular in relation to their source of wealth and financing.

Whereas in the past it may have been entirely acceptable for an institution to simply have an anti-money laundering (AML) policy in place, today's players will invariably implement detailed sanctions and anti-bribery and corruption policies and training alongside AML processes into their systems and controls.

From a transactional perspective the constant revisions and additions to sanctions lists mean that institutions now pay far greater attention to the drafting of sanctions clauses in contracts than ever before, the goal being to increase rights to exit an arrangement or else reduce liabilities following the onset of sanctions.

Recent developments in EU sanctions lists

In the beginning the EU created a consolidated list which was posted on its EUROPA website and updated from time to time. Institutions would either need to refer directly to the website on an ongoing basis or else engage third party intelligence providers who would compile the lists and distribute them onwards to paying customers.

In aid of boosting what are relatively rare cost saving measures for the compliance industry, the EU, through the European Commission's Financial Sanctions Files (FSF) service, has as of 5 July 2019 set up a revamped real time sanctions list notification service.

Unlike past lists on the EU's online portal, the new list is updated in real time. XML files are also generated via the FSF service to enable the financial institutions' IT systems to automatically "read" the EU's lists (admittedly, the precise way that the IT system does this is unfortunately beyond the understanding of the author). RSS feeds can deliver immediate notifications of changes to the list to all concerned.

It is expected that this increased cooperation between institutions and the EU database should lower, maybe even eliminate, the dreaded risk of the compliance department: the "false positive" requiring manual reconciliation by overworked personnel.

In a similar way and bearing in mind sanctions implementation in Europe is a patch-work of cooperation of national competent authorities (NCAs) alongside the EU institutions, the new developments would seem to lower the risk of old or out of date sanctions lists being replicated on official NCA website's around the continent. The safest bet for NCAs would seem to be to refer interested parties to the FSF service rather than recreating it.