The United States and other countries have imposed new sanctions and/or export controls on Russia, Belarus, and certain regions of Ukraine. Companies face heightened risk associated with sanctions compliance as well as the management of their correspondent banking relationships. Companies should quickly:
- Assess company activities to determine whether authorizations are now required for sales, support, procurement, or other activities.
- Update or perform dynamic risk assessments given evolving events and trade restrictions.
- Ensure that restricted party screening is updated with the most recent government lists.
- Develop and implement a plan for complying with the U.S. and EU “50 Percent Rules” if not already in place.
- Update screening filters to identify records mentioning locations in the “so-called Donetsk People’s Republic (DNR) or Luhansk People’s Republic (LNR)” regions of Ukraine to ensure such locations generate an alert for human review.
Of note, the U.S. Cybersecurity and Infrastructure Security Agency has urged all organizations to strengthen their cyber security due to increased potential threats. Companies in financial services and critical infrastructure should be vigilant to potential threats, take precautions as feasible and immediately notify the appropriate escalation channels in the event a cyber incident is detected.
Note: This Regulatory Alert focuses only on U.S. actions.
The United States, along with other countries, jointly announced on February 26, 2022, that they will:
- Ensure that “selected Russian banks” are removed from the SWIFT (Society for Worldwide Interbank Financial Telecommunication) messaging system.
- Impose “restrictive measures” on the Central Bank of the Russian Federation and its international reserves; related prohibitions were announced February 28, 2022 impacting the Central Bank and other named entities.
- Launch a transatlantic task force to ensure “effective implementation” of their financial sanctions.
The Department of the Treasury Office of Foreign Assets Control (OFAC) announced, on February 24, 2022, sanctions and other economic measures that target the Russian financial system. Actions include:
- Correspondent and Payable-Through Account sanctions against Sberbank (Public Joint Stock Company Sberbank of Russia). U.S. financial institutions are required to close all such Sberbank accounts and to reject any future transactions of Sberbank or any of its foreign financial institution subsidiaries (that are at least 50 percent owned directly or indirectly) beginning March 26, 2022.
- Full blocking sanctions against other Russian banks and certain of their subsidiaries (those at least 50 percent owned directly or indirectly).
- Sanctions against certain named Russian “elites” and their family members (in a separate action on February 25, 2022, OFAC added the Russian Federation President and the Minister of Foreign Affairs to this group of individuals).
- Prohibitions on transactions and/or dealings of U.S. persons or within the United States related to new debt of longer than 14 days and new equity of “major” state-owned enterprises and privately owned financial institutions.
- General licenses permitting certain transactions (see related FAQs).
OFAC’s actions were taken pursuant to Executive Order 14024 and in coordination with U.S. partners and allies. They follow an earlier announcement and Executive Order, released on February 22, 2022 and February 21, 2022, respectively, that:
- Sanctioned two Russian financial institutions and certain of their subsidiaries as well as certain named Russian elites and their family members.
- Extended Russia’s existing sovereign debt prohibitions to cover participation in the secondary market for bonds issued after March 1, 2022.
- Prohibited economic activity in the “so-called Donetsk People’s Republic (DNR) or Luhansk People’s Republic (LNR)” regions of Ukraine.
Persons sanctioned pursuant to E.O. 14024 are added to one or more OFAC sanctions lists based on the type of sanction, including the Specially Designated Nationals and Blocked Persons List (SDN List), the List of Foreign Financial Institutions Subject to Correspondent Account or Payable-Through Account Sanctions (CAPTA List), and the Non-SDN Menu-Based Sanctions List (NS-MBS List).
Belarus. In a separate action, OFAC sanctioned 24 Belarusian individuals and entities, including two financial institutions, due to “Belarus’s support for, and facilitation of,” the Russia-Ukraine conflict.
The U.S. Department of Commerce, Bureau of Industry and Security (BIS) issued Russia-specific export control measures on February 24, 2022.
- New export license requirements, which apply:
- In advance of the export, re-export, or transfer of items subject to the U.S. Export Administration Regulations (EAR) to the “so-called” Donetsk People’s Republic (“DNR”) and the Luhansk People’s Republic (“LNR”) regions of Ukraine.
- In advance of the export, re-export, or transfer of items subject to the EAR that are described on the Commerce Control List (CCL), Categories 3 through 9.
- To expanded “Military End Use” and “Military End User” (MEU) restrictions for all items subject to the EAR when destined to a MEU.
- A new policy of denial, with certain limited exceptions, for export license applications involving exports, re-exports, or transfers within Russia.
- Two new Foreign Direct Product (FDP) Rules, which expand EAR jurisdiction to a broader set of non-U.S.-made items:
- Russia FDP Rule – applies to foreign produced items that are the direct product of certain US-origin software or technology subject to the EAR, as well as items produced by certain plants or major components of the plants that are themselves the direct product of certain US-origin software or technology subject to the EAR on the CCL.
- Russia MEU FDP Rule – more extensive than the Russia FDP Rule and applies to foreign produced items that are the direct product of any US-origin software or technology subject to the EAR, as well as items produced by certain plants or major components of the plants that are themselves the direct product of certain US-origin software or technology subject to the EAR on the CCL, when destined to certain Russia MEUs. Such items will require a license for certain entities if they are a party to the transaction or will be used by the entities.
- Other measures, including restrictions on the use of EAR license exceptions for Russia exports, re-exports, and in-country transfers, as well as adding 49 entities to the BIS Entity List.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory recommending all organizations — regardless of size — adopt a heightened posture with regard to cybersecurity and the protection of critical assets. The advisory includes recommended actions directed toward corporate leaders and CEOs, as well as links to additional resources and tools. The CISA advisory can be found at Shields Up | CISA. An earlier CISA alert covered “Understanding and Mitigating Russian-State Sponsored Cyber Threats to Critical Infrastructures.”