Elvita Gece

Senior Associate, PwC Legal

As Russia continues the war in Ukraine, the US and the European Union (EU) together with other countries keep increasing the size of sanctions imposed on Russia.

At the EU summit held on 30–31 May 2022, the European Council agreed on the sixth package of sanctions against Russia that will mainly apply to crude oil and petroleum products supplied to EU member states. Yet the Council of Europe has agreed a temporary exception for crude oil supplied through pipelines. Ursula von der Leyen, President of the European Commission, has said that the restrictions included in the package will in fact stop around 90% of EU oil imports from Russia by the end of this year.

As the size of the sanctions grows, confused companies are having more and more questions about how to cope with the increasing sanctions burden, whether a company is supervised by particular regulatory bodies, and whether the current sanctions rules and guidelines provide for setting up an internal control system to manage sanctions risk.

Who has to prepare a sanctions internal control system (SICS)?

Section 13.1 of the International and Latvian Sanctions Act imposes an obligation to carry out a sanctions risk assessment and set up a SICS on subjects that are supervised by the supervisory bodies listed in section 13.1(1), such as the Financial and Capital Market Commission, the State Revenue Service, the Consumer Rights Protection Centre, the Latvian Bar Council, and the Latvian Notaries Council, and are simultaneously subjects of the Anti Money Laundering and Counter Terrorism and Proliferation Financing Act.

Companies that are liable to set up a SICS will carry out and document an international and national sanctions risk assessment according to their line of business in order to identify and manage sanctions non-compliance risk associated with their operations or customers. To assess sanctions non-compliance risk, the company should assess at least the sanctions risks inherent in its line of business, structure, beneficial owners and legal representatives, as well as sanctions risks inherent in its customers – customer residence country risk, the customer’s organisational structure, beneficial owners and their nationalities, legal representatives, and goods offered by the customer, their export and import markets, and – as far as possible – the customer’s suppliers.

It is advisable for the assessment to give more information on the number of customers from particular jurisdictions, as well as the beneficial owners’ nationalities, supplementing the assessment with an evaluation of risks inherent in the customer’s goods or services and associated with the customer’s jurisdiction, restrictions on the import and export of certain goods or services, and their manufacturer. It is also important to name any agents the customer uses in selling his goods or services.

Based on this assessment, the supervised companies will set up a SICS, including the preparation and documentation of relevant policies and procedures.

Companies that are not supervised by those bodies are advised to set up a SICS, yet this is not a mandatory requirement. Sanctions compliance, however, applies to all subjects – individuals and entities – even if the law does not impose an obligation to set up a SICS. So, if your company does not have minimum sanctions checks in place, you are more likely to face a sanctions breach. The SICS is particularly recommended for companies whose customers or suppliers come from high-risk countries or from sanctioned countries because those companies may represent a higher sanctions non-compliance risk if customers are not checked against the sanctions lists.

Matters to be included in the SICS

Companies that are required or advised to set up a SICS should prepare chapters laying down the following procedures:

1. Preparing sanctions risk management policies and procedures, including regular revision requirements
2. Assessing, documenting, and revising customer risk
3. Complying with sanctions and managing sanctions risk in line with the sanctions risk assessment, including mitigation measures
4. Detecting and examining breaches or circumventions of sanctions
5. Making decisions to do business with a customer whose operations represent a heightened sanctions risk
6. Reporting detected sanctions risks to the board or top governing body
7. Appointing an employee in charge and their competence, as well as the duties and responsibilities of staff involved in customer checks
8. Reporting a sanctions breach or an attempted breach to the National Security Service
9. Reporting suspicions of a sanctions circumvention or an attempted circumvention in complying with the financial restrictions to the Financial Intelligence Unit
10. Reporting a sanctions breach or an attempt to breach or circumvent sanctions to the supervisory body (if applicable)

Common problems facing companies without a SICS

AML and sanctions experts commonly receive requests from companies for setting up a SICS when financing has been denied to them or when a credit institution has refused to do business with them or has sent an information request asking about their sanctions supervision procedures before the potential suspension of banking services to them. Credit institutions commonly send such information requests to customers whose account statements show transfers to individuals or companies in high-risk jurisdictions. If your company already knows that some of its non-Latvian customers might come from higher risk countries (Russia, Belarus, Syria, Yemen etc), then it is advisable to begin preparing sanctions review procedures or a SICS early on.

In certain cases, credit institutions will freeze a company’s funds on a particular transaction and expect the company to provide explanations of the substance of the transaction and supporting documents. In that case, the company should verify that the transaction is not in breach of the sanctions, prepare a detailed explanation for the credit institution, and present supporting documents (e.g. a contract and invoices).

If your company has identified potential sanctions risks or you have a question about conducting a sanctions review, PwC and PwC Legal will be happy to consider your question and provide a solution tailored to your situation so you can continue your business without delay.