An age of uncertainty
In the UK, the introduction of the Global Human Rights Sanctions Regulations in July of this year, gives the government the ability to immediately impose far-reaching sanctions, even before the end of the Brexit transition period. The chief uncertainty for UK business in the current climate lies in how the UK government will utilise its new-found freedom on financial sanctions in the months and years ahead.
Historically, UK financial sanctions legislation has been almost entirely the result of resolutions of the UN Security Council and decisions taken collectively by the European Union. However, post-Brexit and with the introduction of the Sanctions and Money Laundering Act 2018, the UK is seeking to carve out an independent sanctions policy: going beyond the EU’s position and driving forward its own agenda.
Although there will be substantial continuities between UK and EU sanctions policy in the near future, autonomous UK sanctions are set to develop, and will be informed by various national priorities (regional and global). For businesses operating in the UK, this will add to the administrative burden of monitoring new developments and ensuring compliance with them. Going forward, it is likely to be prudent for any business to measure up against the most stringent sanctions regime, so as not to fall foul of the law in any jurisdiction.
The legal landscape in the United Kingdom
Sanctions and Anti-Money Laundering Act 2018 (SAML)
From 11pm on 31st December 2020, the UK is set to move to its first autonomous sanctions regime, following the end of the Brexit transition period. At that point, European Union sanctions will cease to apply under UK law, and SAML will come into force.
SAML ensures that existing EU sanctions legislation is transposed into UK law, and also lays the foundations for the UK to diverge from the EU on sanctions policy for the first time. It gives the UK government greater scope for introducing sanctions, including human rights-specific purposes as “appropriate” justification for the application of sanctions. This power goes as far as permitting the government to designate persons not only by name but by description, which will impose a significant degree of unwelcome responsibility on businesses, especially since it seems that this tool is intended to cover particularly difficult groups (e.g. terrorist organisations), where names of individuals are unknown.
Global Human Rights Sanctions
Prior to SAML coming into force, the UK has already decided to exercise its new-found autonomy. In July this year, the government introduced the Global Human Rights Sanctions Regulations 2020, which came into force immediately.
The Foreign Office announced that the regulations would apply to those who “facilitate, incite, promote, or support”, as well as those deemed to “financially profit”, from human rights violations. This refers to section 6(3)(f) of the designation criteria in the regulations, which permits sanction of a person who “profits financially or obtains any other benefit from an activity falling within regulation”, designed to capture not just the violators of human rights themselves, but those providing them with funding, directly or indirectly. This will likely add further pressure to the compliance functions of companies and professional services firms, who will need to ensure complete financial separation from any persons designated under the new legislation.
The new regulations depart from the traditional country-specific approach and attach to a category of behaviour – human rights abuses – though what constitutes an abuse is at the discretion of the UK government, operating through the Office of Financial Sanctions Implementation (OFSI). This gives policymakers greater flexibility to target individuals and entities all over the world. Thus far, those designated under the regulations have been severe cases. The key question for companies subject to UK legislation will be the extent to which the generous scope of the regulations is used to cast a far wider net – encompassing, for example, financial institutions engaged in transactional relationships with certain foreign states or state-owned enterprises.
UK Cyber Security Sanctions Regime
The UK also released details of its new cyber security sanctions regime in August: Cyber (Sanctions) (EU Exit) Regulations 2020 (SI 2020/597). The regulations seek to deter those “who are, or are considering, conducting or directing relevant cyber activity from a UK or international perspective”, as well as granting the UK government the power to lift or impose sanctions autonomously, outside of the EU framework. The regulations seek to continue the EU status quo for now, but, as with SAML, allow greater flexibility for the UK government to go further in future. In the context of Covid-19, cyber security looms ever larger as a focus of UK policy, and we can expect this to be a growing area of compliance for businesses in the coming months.
Horizon spotting: key jurisdictions
United States
The United States continues to lead the global sanctions framework due to its vast extra-territorial reach and aggressive enforcement policy. Primary US sanctions apply not just to US persons but to any non-US persons with a nexus to the country, and that nexus can be as remote as an email server hosted in the US or employees with US passports. Since 2016, the US has adopted an even more assertive territorial position through its further reliance on the controversial use of secondary sanctions. The possibility of being blocked from accessing the US financial system for even a perceived failure to comply with those measures is too great a risk for many companies, including those ostensibly operating outside of US jurisdiction. The decision by the US to re-impose secondary sanctions against Iran following its withdrawal from the Joint Comprehensive Plan of Action (JCPOA) in May 2018 has reignited a legal minefield for international businesses operating in the country.
The European Union responded to the US withdrawal by activating its “blocking regulation”, which aims to prohibit compliance by EU persons with US sanctions on both Iran, and on Cuba (whom the US additionally re-imposed strict secondary sanctions against). The UK has also enacted further legislation to criminalise compliance with US sanctions on Iran. This has created conflicting legal responsibilities for European companies, who are caught in the cross-fire of competing national regimes.
The lack of EU case law on the issue has heightened the uncertainty for businesses, though the European Court of Justice is expected to shortly give clarity on the issue. Given the posture of the current US administration and the growing divergence between Washington and Brussels on sanctions policy, the concern for businesses is that blocking statutes, conflicting regimes and legal uncertainty will only continue to expand in the near future.
Russia
In June 2020, Russia passed amendments to its own federal law known as the "Lugovoy Law", which was portrayed as a retaliation to encroaching sanctions legislation imposed by the UK, EU and US against Russian companies and individuals. The amendments provide sanctioned Russian individuals and entities with the right to have their disputes determined in Russia, even in the event of a contractual agreement between the parties which grants a foreign court jurisdiction.
As part of the roll-out of the Global Human Rights Sanctions Regulations, the UK imposed sanctions on numerous Russian nationals believed to be involved in the mistreatment and death of lawyer Sergei Magnitsky. This represented a statement of intent from the UK government, which also pushed hard for EU-wide sanctions against the country following the poisoning of Sergei and Yulia Skripal in Salisbury in 2018. Soon after, Russia announced that it will be implementing its own measures in response.
Meanwhile, the UK’s Russian sanctions policy remains steadfast, as illustrated by the UK Intelligence and Security Committee’s report on Russia published on 21 July 2020. The Report asserted that “intelligence and security cooperation” in the form of sanctions can deliver “real-world effects against Russia”. The Committee supported the National Crime Agency’s call for the introduction of “serious and organised crime” as grounds for imposing sanctions under the act.
The combination of escalating sanctions and rising tensions between Moscow, Brussels and Washington contributes to a precarious climate for international businesses, with the potential to have a chilling effect on cross-border trade with Russia.
China
Another jurisdiction in the global firing line is China. The US has adopted a bellicose tone towards China in recent months, with a series of executive orders signed by President Trump designed to target the country’s globalised economy. Executive orders were announced in August prohibiting transactions with Chinese companies ByteDance and Tencent, the owners of popular apps TikTok and WeChat respectively. In a strongly-worded statement, the US government stated that “the spread in the United States of mobile applications developed and owned by companies in the People’s Republic of China…continues to threaten the national security, foreign policy, and economy of the United States.”
The US also moved to cut off Chinese technology company Huawei’s access to its global suppliers, a move which could be fatal to one of the world’s largest providers of cellular networks. The moves against Chinese companies have gone hand-in-hand with a series of sanctions against Chinese and Hong Kong officials, including Hong Kong chief executive Carrie Lam, in response to the enactment of a controversial security law in the region.
In June, President Trump also signed the Uyghur Human Rights Policy Act of 2020, which authorises sanctions against Chinese government officials deemed to be responsible for human rights violations. In response, China has introduced reciprocal measures on U.S. government officials. US Secretary of State Mike Pompeo has also threatened fresh sanctions in response to China and Iran seeking to broker an economic and security deal between their two countries.
The ratcheting up of tensions between the US and China risks the emergence of what some have called a “technological iron curtain” between the two countries. In such a scenario, Europe will find it increasingly hard not to fall in line with the US position.
In July, the UK reversed its previous decision and decided that all Huawei 5G kit must be removed from the jurisdiction by 2027. The UK’s decision followed a report by the UK’s National Cyber Security Centre (NCSC), which acknowledged that the US measures imposed on Huawei in May 2020 had influenced the security assessment of Huawei’s UK presence. The implementation period (seven years) is a nod to the likely practical difficulties for UK businesses extricating themselves from certain commercial arrangements, and it remains to be seen if this can be achieved in reality, particularly as the country enters an economic downturn.
Similarly, Dominic Raab has come under pressure in parliament to expand the new Global Human Rights Sanctions regime to include China. In July, the European Union imposed its own sanctions on China, alongside North Korea and Russia, under the EU-wide cyber security sanctions regime.
Sanctions at speed
The suddenness of decisions taken in relation to Iran and China highlights a growing trend in global sanctions policy towards speedy imposition of sanctions – adding risks to any companies seeking to operate in exposed jurisdictions. In invoking its order against ByteDance, Tencent and Huawei, the US government cited the International Emergency Economic Powers Act and the National Emergencies Act, effectively declaring the situation as a national emergency which required immediate action. While TikTok argued the executive order was “issued without any due process” and would risk “undermining global businesses’ trust in the United States”, the threat posed is sufficient to discourage investment.
Ultimately, this assertive behaviour by the US demonstrates the importance of companies maintaining a keen eye on political priorities, to give their businesses sufficient time to prepare for incoming regulation or divestment. Such action is not limited to the US. In August, for instance, the European Union announced financial sanctions against individuals in Belarus following the election there, which had taken place only weeks before.
How to mitigate the risks precipitated by an uncertain and developing sanctions framework
The consequences of getting matters wrong in relation to compliance with sanctions are costly and damaging to reputation, and in the current environment, likely to cross territorial borders. In April 2020, OFSI issued its first multi-million dollar fine of a global financial institution for breaches of restrictions on loans to Russian financial institutions, determining the bank’s behaviour to be “most serious”. From this, and other recent enforcement actions, some key lessons arise:
- Voluntary self-reporting breaches will likely earn you credit. Per OFSI: “Co-operation is a sign of good faith and makes enforcing the law simpler, easier, quicker and more effective”, and entitles a party to up to a 50% reduction in the final penalty for a prompt and voluntary disclosure of a breach in serious cases.
- Demonstrate that you have identified the problem promptly and without unnecessary delay. Clear lines of internal reporting in relation to any potential breaches are essential. Credit will be given for taking remedial steps quickly, and in a logical manner to address the breaches while avoiding unnecessary disruption to business.
- Continuously review your due diligence and compliance processes. Do relevant staff understand both the prohibitions and exemptions contained within financial sanctions legislation? How regularly are your policies and processes to manage sanctions risk reviewed and updated? How do you manage the risks across different jurisdictions? Do your policies appropriately respond to and mitigate those risks?
- Consider staffing of your compliance team. Do you have (i) appropriately-qualified members of staff dedicated to sanctions compliance (depending on the nature of your business); and (ii) do you have enough staff? If not, do you have access to and budget for external resource?
- Monitor developments globally. All businesses with a presence or supply chain beyond the UK need to be mindful that the global sanctions regime is fast-moving. Changes in direction and/or new sanctions are first signalled by the politicians, with the legislators playing catch-up. Risk assess your businesses’ footprint – and ensure your contracts provide the flexibility required if you are doing business in jurisdictions which are at risk of further sanctions.
Co-authored by trainee solicitor Sophia Rolt.
