The U.S. Treasury has imposed expanded sanctions, and the Administration has heightened alerts for potential sanctions evasion as well as cyber risks. Companies should not only comply with these evolving sanctions, but also look to assess, enhance, and invest in their sanctions compliance program considering OFAC’s 2019 framework across five essential components: management commitment, risk assessment, internal controls, testing and auditing, and training. (See KPMG Regulatory Alert, here.) The Administration has also urged companies to implement several cybersecurity measures in anticipation of potential Russian cyber-attacks in response to the sanctions. Companies should consider how the Russia-Ukraine war could develop, scenarios that could arise, and the implications of each scenario on the company’s people, businesses, supply chains, and technology, with cybersecurity as one element of this broader view.