Skip to main content

Taking action against sanctions

Published by
Hydrocarbon Engineering,

Emma Hodges, Forensic Risk Alliance, UK, looks at the recent US/EU sanctions imposed on Russian businesses and outlines the steps that companies should take in order to avoid being exposed to sanctions breaches through their oil and gas partners.

Russia is the world’s third largest producer of oil and the second-largest producer of natural gas. It generates over two-thirds of its export earnings from the sector, which is largely responsible for its impressive US$ 486 billion cushion of foreign exchange reserves.1,2 It is also the country to watch at the moment as the political landscape in the region continues to shift and Western governments respond ever more aggressively.

Russia has never been an easy place to do business. The recent political upheaval surrounding it and Ukraine has resulted in the EU and US placing targeted sanctions on the country, with both individuals and numerous companies placed on sanctions lists – some the affected companies are involved in the oil and gas industry in both the supply and development of gas deposits. Throughout April and May further Russian officials were placed on an EU sanctions list, banning them from visiting any member state and freezing any assets they may hold. In the oil and gas arena Igor Sechin, the Chairman of Rosneft, has been added to the sanctions list and further US sanctions are also likely to follow in the coming months.

It is worth being aware that there is limited legal defence against sanctions violations – one either deals with a sanctioned entity or does not, and there is little due process around regulatory investigations and fines. This means the regulators have a lot of power – ask Bank Paris Nationale (BNP) and the growing number banks who have already paid up billions of dollars in fines (Barclays, Lloyds, Standard Chartered, RBS, etc.). The US has also been more than willing to criminally prosecute corporations (again BNP and also Credit Suisse).

In this current climate, it is therefore unsurprising to see compliance issues move up the agenda. There has also been a shift in focus from bribery and corruption to concerns surrounding sanctions exposure – a compliance risk area that, until recently, has taken a bit of a back seat.

It remains to be seen how extensive the impact of Ukraine-based sanctions will be – particularly in the oil and gas sector. The changing and unstable nature of the region and extreme likelihood that current sanctions will only get tougher in the future, leaves oil and gas companies considering what precautions to take to ensure that they do not suddenly end up dealing with a designated person or regime.

The consequences of breaching sanctions are extremely serious and severe. Aside from the huge fines that can be levied, there are the very significant costs incurred in investigations – legal costs in defending prosecutions, business interruption and loss of profits in cases where the relevant authorities order business activity to be suspended or cease entirely. There is also the ultimate cost: the loss of one’s liberty if a custodial sentence is imposed. This is the reality facing anyone who breaches sanctions, whether deliberately or inadvertently, and is a risk that companies need to be particularly aware of as they partner with Russian entities.

Exposure to risk of sanctions breaches through oil and gas partners

The Russian government has historically been reluctant to use production sharing agreements (PSAs). Across the oil and gas industry foreign companies’ investment in Russia is primarily accomplished through joint ventures (JVs) with a Russian local partner company. JVs can take various forms; in essence they are business structures intended to manage and apportion risk and raise funding. A key question is: ‘Who are you dealing with?’ Russians, for legitimate (and maybe less legitimate) reasons, often use shell companies and intermediaries – disguising beneficial ownership is part of the corporate landscape.

The issue surrounding this lack of transparency at the operational level is applicable to many types of JV partnerships. The level of accounting detail provided to partners varies case by case, but is rarely down to an individual transaction level for practical accounting and operational reasons. While the actual list of sanctioned individuals and corporate entities is relatively small, it has been growing, and the risk for foreign companies is difficult to quantify but could potentially be very high. Companies that do not have adequate oversight of the JV’s operations will find it difficult to monitor their own risk exposure, particularly in respect of sanctions.

For multinational oil and gas companies in particular, the interconnected nature of primary and subsidiary operations, supply chains as well as points of sale have become so expansive, that the chances dramatically escalate that they could, even in some small way, be connected to sanctioned individuals or companies. As the pressure intensifies companies are faced with a large burden to uncover their potential exposure to the moving target of sanctioned people, corporate entities and potentially technologies that could constitute a sanctioned regime. Associating even a small part of a company’s operations could represent an enormous compliance cost depending upon the penalties the US and EU decide to impose. It is therefore important to put in place controls that evidence consideration of the key risks and attempts to mitigate and avoid breaches – intentional as well as the more arcane unintentional.

Appreciably, with the long-established US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act, which came into force in the summer of 2011, some companies have gone a little way to implementing improved anti-bribery and corruption measures, as well as an increased vetting of direct counterparties, to ensure that they are not designated persons. The problem, however, is that the concentration tends to be on gifts and entertainment, third party payments and only direct counterparties or dealings.

Essentially, the accusation can be, and often is (from regulators), that the due diligence conducted has not gone far enough, deep enough or wide enough. Even standard good business practice such as setting up critical insurance cover required to back many oil and gas exploration and extraction operations could potentially expose companies to sanctions breaches through working with distant (and sometimes even unknown) third-parties. In some cases, this could even be front companies founded by governments with sanctions imposed against them. For example, many commercial insurance transactions will involve the client insured, a local agent and/or introducer and/or a producing broker, a placing broker and finally the insurer in a placing contract. A claim can involve the insurer, the placing broker, the local agent (and/or introducer and/or producing broker), a loss adjuster and finally the client insured and/or nominated loss payee. With this in mind, it is absolutely crucial that ‘Know Your Client’ (KYC) and ‘Anti-Money Laundering’ (AML) measures are sufficient and robust.

It is important to remember that within sanctions and embargoes legislation, the designation of individuals and entities, and the penalties that may be incurred for any actual or alleged breach is a constantly ‘moving feast’. Take the examples of Myanmar and Zimbabwe, where sanctions have eased, compared to the likes of Russia, North Korea and Syria, where they are increasingly tightening. Even if there are no direct dealings with sanctioned or embargoed regimes or individuals and/or entities therefrom, it is vital to be sure and evidence to the various regulatory authorities that there are no DPs standing behind the individuals and entities being dealt with.

What to do?

Ensure the tone from the top – and across the JV and agree a plan to educate management and employees at the asset level as well as their agents and suppliers on the likely impacts of the sanctions risks, and show people how to avoid falling foul of the law.

Check high risk areas: set out a programme to review past practice to identify areas, relationships or transactions at risk, and seek independent help and advice to deal with problems and to improve processes so that they are fluid enough to capture changes in the environment that may expose the company to further risk. Allow JV members to review, comment and enhance as appropriate. Do so on an iterative risk based basis – just because the risk did not exist yesterday does not mean it will not tomorrow.

Business partners: the operating partner must structure their business to ensure there are contracts with key business partners that require clear, honest practice. They must put contingency arrangements in place wherever risks lie and retain the right to audit a business partner’s practices – and be prepared to audit in the event of a red flag or whistle-blower allegations.

Due diligence: effective due diligence is at the heart of a robust compliance programme and should start with a risk assessment of both third-party customers and suppliers. Due diligence is often now thought of as being important from an anti-bribery and corruption perspective, but can be effectively designed to also satisfy diligence requirements from a sanctions perspective. As with many other compliance activities, the effort needs to be proportionate and reasonable to the risk exposure. At a basic level, companies should be running checks of counterparties against sanctions lists. Again, it is crucial that this is not a one-off check, but one that is done with sufficient regularity. It will only be worthwhile if it is performed on the most up-to-date information (checked against the latest sanctions list) about who a company is doing business with. 


  1. ‘Russia’s economy: Tipping the scales’, The Economist, (3 May 2014).
  2. The US Energy Information Administration.

Article taken from the June 2014 issue of Oilfield Technology.

Adapted by David Bizley

Read the article online at:


Embed article link: (copy the HTML code below):