Compliance with financial sanctions regimes: A special risk for insurers?October 2023
The intricate world of international sanctions has become a formidable challenge for insurers. The problem has become very real since the invasion of Ukraine by Russia in 2022 and the ensuing, vast sanctions regime which was swiftly imposed, causing restrictions across a number of sectors.
Even before the hostilities in Ukraine, the sanctions picture had become complex. With the United Kingdom forging its own path in the aftermath of Brexit, introducing a distinct financial sanctions framework, insurers are left to chart unfamiliar waters. Historically, financial sanctions had fallen under the jurisdiction of the European Union (EU), but the Sanctions and Anti-Money Laundering Act 2018 paved the way for the UK to adopt its sanctions measures, targeting specific regimes. One such regime, Russia, witnessed the Russia (Sanctions) (EU Exit) Regulations 2019 initially enacted to preserve EU sanctions against Russia in response to its territorial transgressions. These regulations have since ballooned in scope, responding to Russia’s ever-expanding geopolitical ambitions.
Amidst this complex landscape, insurers grapple with a host of challenges to ensure compliance. Notably, they must steer clear of providing coverage to individuals or entities designated under sanctions, safeguarding themselves against punitive actions. But the task goes far beyond that, as insurers must navigate nuances such as covering non-Russian airlines, ensuring the insurance of goods and technology remains unaffected, and dealing with repairs to aircraft. Their journey is further complicated by the global nature of the insurance sector, requiring vigilance not only regarding UK and EU sanctions but also those of international players like the United States.
Our article below looks at matters predominantly, but not uniquely from the perspective of Russia. The aim is to illustrate how compliance with sanctions laws is a special risk – not just in terms of coverage – but from the perspective of the peril it poses to insurers as organisations. We do not talk about other sanctions regimes, such as those relating to countries such as Iran, North Korea, Cuba or Venezuela (although they are mentioned in some of our case studies). Insurers must obviously be alive to their existence though.
In this note, we look at some of the key features of the UK and EU sanctions regimes on Russia, recent enforcement actions and lessons for insurers and ask what insurers can do to address sanctions risk. Finally we consider what the sanctions fallout could be from possible future military action by the People’s Republic of China (PRC) in Taiwan and what insurers might do to prepare for such an eventuality.
- UK Sanctions Regime
The Russia (Sanctions) (EU Exit) Regulations 2019 were initially enacted to grandfather EU sanctions against the Russian regime in response to the violation of Ukraine’s territorial integrity and the annexation of Crimea. These regulations have since expanded in response to the wider invasion that commenced in February of the following year.
These measures have introduced significant complexities, including:
- imposing asset freezes on individuals and organizations, listing organisations as “designated persons” and publicly listing them.
- making funds or economic resources available to a person or entity appearing on the designated person’s list maintained by OFSI (Regulations 11 and 14 of the Russia Regulations);
- making available (directly or indirectly) economic resources (which may cover tangible or intangible things of value) to a designated person. Insurance coverage may be considered an economic resource for these purposes. The prohibition on making resources available indirectly means the prohibition could be infringed where, for example, coverage is provided to a body corporate which is owned directly or indirectly by a designated person. Insurers must also be alive to “proxy” arrangements whereby a third person (such as a relative) acting on behalf of a designated person procures funds or economic resources for them;
- a person must not directly or indirectly provide insurance or reinsurance services relating to aviation and space goods or aviation and space technology (a)to a person connected with Russia, or (b) for use in Russia (Regulation 29A of the Russia (Sanctions) (EU Exit) Regulations 2019;
- a person must not directly or indirectly provide, to a person connected with Russia, financial services in pursuance of or in connection with an arrangement whose object or effect is the export, direct or indirect supply of restricted goods or the transfer of restricted technology or directly or indirectly making restricted goodsor restricted technology available to a person. This requires insurers to familiarise themselves with those goods and services which cannot legally be provided to persons connected with Russia. That includes, for example, architectural, engineering and business consultancy services. Insurers may be subject to liability also for insuring shipments of Russian oil or diamonds into the UK.
- anti-Circumvention Provisions: Including anti-circumvention provisions, preventing parties from entering into arrangements that aim to bypass the sanctions prohibition. This could involve routing transactions through subsidiaries or using offshore structures.
Non-compliance with sanctions can carry severe consequences, including custodial sentences of up to seven years and substantial financial penalties, capped at the greater of £1,000,000 or 50% of transaction value. Standard Chartered Bank’s £20.47 million fine in 2020 for sanctions violations serves as a stark reminder of the consequences.
Given the international nature of the insurance sector, insurers are not only subject to UK and EU sanctions but also must remain vigilant regarding sanctions regimes in other jurisdictions, especially the United States, where the Office of Financial and Asset Control (OFAC) aggressively enforces rules even in relation to overseas businesses. The US regime is not discussed in detail in this article. We would note though that any time a business makes or receives a payment in US dollars they will run up against OFAC’s jurisdiction, given that such payments will need to be cleared by an American financial institution.
- European Union: key Russia sanctions provisions
As regards the EU, Council Regulation (EU) No 269/2014 was first introduced in response to Russian aggression in Crimea and Eastern Ukraine (since expanded in scope after the incidents of 2022). This instrument contained a number of measures similar to those discussed in the context of the UK. For example, the EU Council is able to impose asset freezes on designated individuals (Article 2(1)) thereby prohibiting them from receiving or dealing in economic resources (Article 2(2)).
As mentioned, the original EU sanctions regime has been vastly expanded. In July 2023, the EU issued guidance on the key provisions of the EU sanctions regimes insofar as it relates to insurance and reinsurance under Articles 3c, 3m, and 3n of Council Regulation 833/2014, as of 30 June 2023, can be summarized as follows:
- Reinsurance for Russian insurer: EU reinsurers are prohibited from providing reinsurance services to Russian persons or entities under Article 3c(2). EU operators must take necessary measures to comply with this prohibition.
- Coverage for Non-Russian airlines: Prohibitions in Article 3c(2) apply to aircraft but not to non-Russian airlines conducting international flights in and out of Russia. This coverage is not considered “for use in Russia.”
- Insurance for Non-Russian owners: EU insurers/reinsurers can provide insurance and reinsurance to other EU parties if the goods and technology in Annex XI are not intended for a person in Russia or for use in Russia.
- Items Listed in Annex XI: Insurance and reinsurance of goods and technology in Annex XI are allowed, even if these items are retained in Russia against the will of their non-Russian owner. Certain conditions must be met for insurance settlements in such cases.
- Aircraft repairs: Prohibitions do not extend to re/insurance of parts or components for the purpose of conducting repairs to an aircraft, even if the repair takes place in Russia.
- EU vessel in Russian port: Prohibitions in Article 3c do not prevent EU airplanes, vessels, and trucks from leaving or returning to the EU as part of normal commercial activities. The prohibitions in Article 3c primarily relate to insurance activities related to the sale, supply, transfer, or export of listed goods.
- Insurance of Transshipments: Insurance of transshipment of goods subject to sanctions in EU territorial waters and airspace is not allowed under Article 3c(4).
- Wind-Down Period: The wind-down provision applies to subsections 1 and 4 only. Insurance services for the sale, supply, transfer, or export of goods and technologies listed in Annex XI are not restricted until 28 March 2022.
- Definition of “Financial Assistance”: The definition of “financing or financial assistance” in Article 1(o) applies throughout Regulation (EU) 833/2014.
- Authorization for Dual-Use Goods: Authorization for providing financial assistance for the sale, supply, transfer, or export of dual-use goods should be requested by the insurer after consulting the exporter.
- Financial Measures Under Regulation 269/2014: EU re/insurance operators should cease providing insurance services to persons and entities listed under Regulation 269/2014 due to asset freeze and prohibition on making funds and economic resources available to them.
- Reinsuring Export Receivables: Public financing or financial assistance for trade with Russia is allowed if the binding commitment was established prior to 26 February 2022, regardless of the size of the company.
- Insurance for Russian Oil Transport: After specific dates, EU operators can only provide insurance for the maritime transport of goods set out in Annex XXV to third countries if goods were purchased at or below the price cap.
- Price Cap and Transport of Oil: The prohibition on providing technical assistance, financing, and financial assistance above the price cap applies to maritime transport but not pipeline transport.
- EU Insurance for Non-EU or EU Vessel Carrying Russian Oil: EU insurers or reinsurers can provide services for vessels carrying Russian oil only if such goods were purchased at or below the price cap.
- Notification Requirements: There are no notification requirements for insurers or reinsurers under Article 3m and 3n.
These guidelines provide clarity on various aspects of insurance and reinsurance activities concerning Russian entities and goods listed in Annex XI under EU sanctions regulations. Insurers and reinsurers should carefully adhere to these guidelines to ensure compliance with EU sanctions.
The imposition of penalties in the EU is a national competence meaning that these vary from Member State to Member State. In France, for example, infringing or attempting to infringe sanctions rules is punishable by imprisonment for five years and fines of not less than the amount, and not more than twice the sum, in respect of which the offence was committed or attempted.
- Lessons from recent cases
Recent cases from the USA and UK illustrate some important lessons for insurers with regard to mitigating against sanctions risk:
- Construction Specialties Inc. (CS) (OFAC, 16 August 2023) settled with OFAC for $660,594 over three apparent violations of Iranian sanctions. CSME, a UAE subsidiary wholly controlled by CS, knowingly imported and reexported building materials to Iran, despite warnings and company policies. The settlement amount was reduced due to CS’s voluntary self-disclosure of the violations. This case highlights the challenges companies face in high-risk jurisdictions and the importance of robust compliance programs. It also underscores the need for companies to foster a culture where whistle-blowers can come forward, as employees may sometimes be motivated to disregard protocols for financial or commercial gain.
- Poloniex Case (OFAC, 1 May 2023) Poloniex operated an an online trading and settlement platform. It settled with OFAC for $7,591,630 for apparent sanctions violations. These came about when compliance gaps allowed customers in sanctioned jurisdictions to transact on the platform. In particular, Poloniex screened customers against sanctions lists but took this step only for new customers, not existing ones.
- Swedbank Latvia Case (OFAC, 20 June 2023) Swedbank Latvia settled with OFAC for $3,430,900 for sanctions violations related to Crimea. The bank relied on assurances from its customer that the transactions did not involve Crimea. These assurances turned out to be false. OFAC found that Swedbank had been unwise in acting upon them, as opposed to applying risk-based sanctions compliance controls to detect red flag circumstances. Financial institutions should integrate all available information, including IP data and KYC information, into sanctions screening. OFAC also outlined how the customers had acted to conceal the Crimea connection. Entities must remain vigilant against evasive practices used to evade sanctions in high-risk regions.
- Clear Junction (OFSI, 21 February 2022) OFSI imposed a GBP 36,393.45 penalty on Clear Junction for payments to non-sanctioned parties with the Russian National Commercial Bank (“RNCB”). The non-sanctioned persons all made payments from a Russian bank which was Clear Junction voluntarily disclosed some transactions but not all, resulting in a partial reduction. The case showed that firms should screen both counterparties and banks in the payment chain when dealing with sanctioned banks. Full and frank disclosures are crucial to receive maximum credit for voluntary disclosure.
- Wise Payments Limited (OFSI, 31 August 2023) Wise operated an e-payments platform. Within hours of being placed on the designated persons list, one of Wise’s customers withdrew £250 from his account with Wise. Despite the small amount involved and the fact that the customer had only been listed twelve hours previously, OFSI still took action against Wise. However, it limited this to a disclosure (effectively a public reprimand). OFSI categorized the breach as moderately severe but did not impose a monetary penalty. The case underscores the importance of robust sanctions compliance controls and timely response to sanctions risks.
These recent cases highlight the significance of stringent sanctions compliance measures, early integration of compliance in emerging sectors, and the need for thorough screening and disclosure to mitigate risks effectively. We would take the following lessons from these cases:
- Robust Compliance Procedures: Establishing robust compliance procedures that include screening new customers against lists of designated persons and extending beyond to uncover complex ownership structures. Poloniex illustrated the importance of screening existing customers as well as new ones. Wise Payments showed the importance of updating checks frequently. As Clear Junction showed, screening should be undertaken against the customer’s bank, as well as checking their name against the designated person’s list.
- Risk Assessment: Conducting thorough risk assessments to evaluate potential sanctions risks relevant to the business. This assessment should encompass all risks, including those related to customers, third parties, and business lines. For example, in Swedbank, a robust risk assessment could have helped put in place systems that would have raised red flags about the customer, notwithstanding the assurances they were giving the bank.
- Effective Policies and Procedures: Establishing and maintaining effective policies, procedures, and processes related to the blocking and reporting of accounts. Again, this was a failure in Swedbank.
- Alert Review and Action: Ensuring that alerts raised during sanctions screening are promptly reviewed and acted upon. In a number of the cases above, both OFSI and OFAC reduced fines due to rapid self-reporting.
- Remedial Action: Taking remedial action when a sanctions issue is identified, including ceasing coverage or payments where necessary.
- Governance processes: Training staff to ensure compliance is critical, as is having in place a whistleblowing procedure so that staff can alert senior staff when rogue practices creep into the organisation. The Construction Specialties case showed that sometimes staff wilfully contravene the rules for personal or commercial gain making it imperative that their colleagues are able to spot and report this type of conduct.
In light of these and other challenges, insurers have needed to adapt their compliance priorities:
- Global Sanctions Intelligence: Insurers have in many cases invested in robust global sanctions intelligence systems that provide real-time updates and alerts on sanctions developments worldwide. A challenge has been the efforts
- Enhanced Due Diligence: Due diligence processes should be enhanced to include thorough screenings of clients, partners, and third parties, especially in high-risk regions or industries.
- Training and Education: Continuous training and education programs for employees are essential to ensure they are well-versed in sanctions regulations and can identify potential issues proactively.
- Sanctions Clause Review: Insurance policies and contracts should be regularly reviewed to ensure sanctions clauses are up to date and aligned with the latest regulatory changes.
- Advanced Technology Solutions: Leveraging advanced technology, such as artificial intelligence and machine learning, can aid in automating sanctions screening and risk assessment processes.
- Legal Advisory: Engaging legal experts well-versed in sanctions law is crucial for interpreting complex regulatory changes and providing guidance on compliance strategies. Curiously, we have heard some insurers complain there is a shortage of legal advisers who understand both the law of financial sanctions and the intricacies of the insurance sector.
- Taiwan: could PRC sanctions come to pass? What can insurers do?
By February 2022, the Russian Federation had assembled a significant portion of its armed forces along the Ukrainian border. Most commentators dismissed the manoeuvres as sabre rattling. History proved them wrong.
This experience has led many to take more seriously the prospect of a future conflict in the Taiwan Strait between the People’s Republic of China and Taiwan. The suddenness and unexpected proliferation of hostilities between Hamas and Israel has only strengthened the feeling that hostilities are impossible to predict.
It may seem alarmist, but we would not consider it overkill for insurers to start considering the potential implications of sanctions on China. Relative to Russia, the economies of the west and the PRC are intertwined to a much greater degree. It follows that the fall-out of an invasion of Taiwan would be much wider and the impact on insurers – particularly business insurers – that much more acute.
In the article “Sanctioning China in a Taiwan crisis: Scenarios and risks” by Charlie Vest and Agatha Kratz published in Atlantic Magazine, the authors postulate that sanctions could be imposed in several stages, targeting different levels of Chinese officials, business elites, and industries. This would mirror the same evolution as measures imposed on Russia in the aftermath of the Ukrainian invasion. The analysis of Vest and Kratz, summarised below, assists insurers in “war gaming” how they would respond to the introduction of a PRC sanctions regime.
- Sanctions on Select CCP, Government, and Military Officials:
- In a preliminary scenario, sanctions may be imposed on a narrow group of CCP, government, and military officials directly responsible for actions in the Taiwan Strait.
- These sanctions, such as asset freezes and travel bans, would be largely symbolic and aimed at condemning China’s actions.
- The impact on these officials’ assets may be limited, as they are likely under close political scrutiny in China, minimizing overseas holdings.
- Expanding sanctions to close associates and family members, especially those studying in G7 countries, could increase the scope of assets subject to sanctions.
- Wider Sanctions on CCP, Government, and Military Officials and Business Elites
- In response to escalating tensions, G7 countries may broaden sanctions to cover a larger group of officials, including those with links to China’s leadership.
- These sanctions could extend to business elites supporting China’s actions or involved in military-industrial sectors.
- Beyond asset freezes and travel bans, restrictions on professional and financial services for these elites may be considered.
- If intelligence about overseas assets is available, these sanctions could impact tens of billions of dollars in assets.
- Sanctions on China’s High-Level Leaders:
- In an extreme scenario, sanctions might target China’s top leaders, including members of the Political Bureau of the CCP’s Central Committee and even Xi Jinping himself.
- Similar to previous tiers, these sanctions would have mainly symbolic significance.
These sanctions would serve as a tool to pressure China internally for policy change. However, their effectiveness in altering behaviour remains uncertain. Business leaders may already oppose Chinese aggression against Taiwan due to potential disruptions in trade and investment. Still, the centralisation of power under Xi Jinping raises questions about their influence on policy. The upshot may be the imposition of more severe measures as summarised below.
- Economic Countermeasures Targeting Chinese Industries:
- G7 countries could consider economic countermeasures against Chinese companies or industries linked to China’s military or defense industrial base.
- Export controls and other economic statecraft tools might be deployed to limit the flow of dual-use goods to China’s military and disrupt critical sectors.
- These countermeasures could be costly, impacting global supply chains and the global economy.
For insurers, understanding the potential impact of sanctions on China is vital for risk assessment and compliance. Sanctions have become a central tool in international economic statecraft, and their implications in a Taiwan crisis could be substantial. The interdependencies between China and G7 economies, especially in sectors like aerospace, highlight the need for insurers to stay informed and adapt to changing geopolitical landscapes. While the adoption of sanctions is complex and involves ethical considerations, insurers must be prepared for the possible consequences and challenges posed by sanctions in the insurance sector.
While these scenarios are not concrete realities yet, insurers should proactively consider how they would navigate sanctions compliance in each of these hypothetical situations. Being prepared for such eventualities is crucial for insurers operating in a globally interconnected world. Here are some key points insurers should consider:
- Identifying Areas of Exposure: Insurers need to assess which parts of their business might be most exposed to People’s Republic of China (PRC) sanctions risk. This includes evaluating their portfolios, clients, and partnerships that could be impacted.
- Beneficiary Designations: To ensure sanctions compliance, insurers must have a mechanism in place to determine whether any beneficiary of coverage would be designated under new sanction regimes. This requires robust due diligence and monitoring procedures.
- Risk Assessment and Monitoring: Developing a risk assessment framework is vital. This should involve continuously monitoring political developments, international relations, and geopolitical tensions to anticipate potential sanctions.
- Industry Targets: Understanding which industries are likely to be targeted in the event of sanctions is crucial. For instance, industries related to defence, technology, or critical infrastructure may be more vulnerable.
- Reviewing Existing Policies: Insurers should review their existing policies to identify any potential conflicts with sanctions. Adjustments or amendments may be necessary to ensure compliance. Consider which exemption clauses have worked well and less well in recent litigation.
- Data and Information Gathering: Gathering information on clients and business partners is essential. This includes understanding the ownership structures and affiliations of entities to identify potential risks.
- Communication and Reporting: Establishing clear communication channels and reporting mechanisms within the organization is key. Staff should be trained to recognize and report potential sanctions risks promptly.
- Compliance Protocols: Developing compliance protocols and procedures tailored to different sanctions scenarios is essential. Insurers should have a playbook in place to respond swiftly to changing geopolitical dynamics.
- Global Coordination: Given the international nature of sanctions, insurers should be prepared to coordinate with regulatory authorities and international bodies to ensure compliance.
- Ethical Considerations: Insurers must also consider the ethical implications of sanctions. While compliance is essential, it’s equally important to evaluate the broader impact of sanctions on individuals and communities.
In summary, insurers should be prepared to think the unthinkable. Stay informed, adapt to changing geopolitical landscapes, and be ready to take action to ensure sanctions compliance while minimising potential adverse effects on their business and stakeholders.
In this ever-evolving world, insurers are faced with a formidable task: understanding and adhering to international sanctions regimes that are shifting and expanding like never before. The implications of non-compliance are severe, not only in terms of financial penalties but also in terms of reputational damage. To thrive in this challenging environment, insurers must not only comply with existing regulations but also proactively prepare for the uncertain future of sanctions.
To navigate these treacherous waters, insurers must invest in robust compliance procedures, conduct thorough risk assessments, maintain effective policies and procedures, promptly review and act on sanctions alerts, and, when necessary, cease coverage to avoid sanctions infringements. They must also keep a watchful eye on emerging geopolitical developments and adapt their strategies accordingly.
In conclusion, the challenge of sanctions compliance in the insurance sector is not only a special risk, but also a multifaceted initiative, entailing legal, ethical, and operational considerations. Insurers that prioritise compliance, invest in advanced technology solutions, and remain vigilant in an ever-changing global landscape will be best equipped to protect their operations while staying on the right side of the law.Download PDF