Minimising sanctions risk: Four actions leaders should consider

By Penny Dunn, Partner, PwC Australia, Khurram Khan, Director, PwC Australia and Alan Wong, Director, PwC Australia

The sanctions landscape is increasingly complex and challenging. Multinational corporations, businesses with US dealings, and those involved in trade and exports are particularly vulnerable due to globalisation, geopolitical tensions, and intricate international trade regulations. Governments’ expanding use of sanctions for foreign policy purposes adds further complexity.

Australian businesses must comply with local regulations such as the Autonomous Sanctions Act 2011, the Charter of the United Nations Act 1945, and guidelines from the Australian Sanctions Office (ASO), the Department of Foreign Affairs and Trade (DFAT), and the Australian Transaction Reports and Analysis Centre (AUSTRAC). Compliance is critical to avoid legal issues and maintain ethical trade practices. However, those entering high-risk regions face increased risks of inadvertent violations due to direct dealings with sanctioned entities, indirect exposure through third parties, and evolving sanctions lists.

Inadequate compliance can lead to severe regulatory fines, business disruptions, increased costs, and reputational damage. PwC’s Global Economic Crime Survey (GECS) 2024 reveals that while 44% of executives prioritize sanctions risk compliance, only 30% have comprehensive assessments of their sanctions programs. This gap underscores the urgent need for enhanced compliance measures.

Given this environment, heightened vigilance and adaptability are crucial to effectively navigate the complex regulatory landscape. Inadequate sanctions compliance can result in substantial regulatory fines, increased business disruptions and operational costs, and reputational damage that can erode customer trust and investor confidence.

Key Actions for Managing Sanctions Risk

1. Enhance Third-Party Due Diligence and Risk Management

The survey shows 75% of Australian respondents see third parties as their greatest sanctions compliance risk, compared to 63% globally. To address this risk, Australian organisations should take the following steps to strengthen their third-party risk management:

• Customer and Supplier Screening: Implement rigorous checks to make sure partners are not on sanctions lists.
• Enhanced Due Diligence: Conduct thorough checks for high-risk transactions.
• Ongoing Monitoring: Continuously track transactions and relationships for potential sanctions risks.

2. Invest in Advanced Technology and Analytics

Inadequate technology can hinder sanctions compliance. In an environment that evolves rapidly, organisations need to be agile and responsive to changes. Investing in advanced technologies can streamline compliance and improve effectiveness. Key technologies include AI-enabled screening tools, blockchain for transaction transparency, and comprehensive compliance management systems and risk assessment platforms. These technologies offer real-time monitoring, minimise manual errors, and ensure up-to-date adherence to regulatory changes, making compliance efforts more efficient and cost-effective.

Consider leveraging the following capabilities:

• Screening Software and Automation: Automate checks against sanctions lists.
• Third-Party and Transaction Monitoring Systems: Use systems to monitor for potential risks.

Despite cautious optimism, with 48% of Australian organisations seeing promise in technologies like AI, they do not anticipate significant impacts in the next year compared to 31% globally, highlighting the need for ongoing investment.

3. Stay Informed and Continuously Improve

It is crucial for leaders to stay informed about global regulatory changes and cultivate a culture of continuous improvement in risk management practices. As companies expand and engage with a diverse array of international partners, the potential for sanctions risk exposure increases.

To manage sanctions risk effectively:

• Stay Informed: Keep up-to-date with Australian sanctions laws, primarily governed by the DFAT, as well as international sanctions regimes.
• Consult with Experts: Regularly engage with specialists in sanctions law to support ongoing compliance.
• Appoint Compliance Officers: Designate dedicated compliance officers to oversee and manage sanctions compliance efforts.
• Maintain Proactive Communication: Keep open lines of communication with regulatory authorities to stay current on changes in sanctions laws.
• Continuously Improve: Use findings from audits and reviews to continuously enhance your sanctions compliance program.

4. Prioritise Tone from the Top

Senior management and the board play a crucial role in compliance, yet only 31% of Australian organisations report significant involvement from senior leadership, compared to 42% globally. 

Greater engagement from senior leaders is essential to managing a robust sanctions compliance program. Their active involvement prioritises compliance and makes sure it is adequately resourced.

To improve:

• Implement and Review Policies: Develop and regularly update comprehensive sanctions compliance policies.
• Training Programs: Conduct training for staff and management on sanctions compliance, endorsed by executives.

Sanctions compliance relies on a thorough assessment of several key areas. As a business leader, ask the following questions to gauge how well your organisation is managing sanctions risks:

1. Sanctions Risk Assessment: Has your organisation conducted a sanctions risk assessment? How robust is your compliance program? Is your risk assessment methodology effective? Do you have comprehensive, risk-based compliance programs that include tailored policies, procedures, and training?
2. Third-Party Exposure: Are you well-informed about your sanction's exposure from third parties? Is your third-party risk management approach adequate? Do you perform thorough due diligence, ongoing monitoring, include compliance clauses in contracts, and provide training to ensure third parties adhere to sanctions laws?
3. Industry Risks: Are you aware if your industry is considered high-risk for sanctions? How do you engage with industry peers, regulators, and international bodies to stay updated on trends and best practices?
4. Investigation Capabilities: Do you have the necessary capabilities to investigate sanctions issues promptly? Are you leveraging technology and data, such as AI and machine learning, to enhance sanctions screening and reduce false positives?
5. Risk-Based Management: Are you applying a risk-based approach to managing sanctions risks? Are resources allocated to higher-risk areas and transactions? When was the last time you audited or reviewed your compliance programs to gauge whether they are effective and current with regulatory changes?

These questions will help support your organisation’s sanctions compliance program to be comprehensive and up-to-date.

Sanctions compliance relies on a thorough assessment of several key areas. As a business leader, ask the following questions to gauge how well your organisation is managing sanctions risks:

1. Sanctions Risk Assessment: Has your organisation conducted a sanctions risk assessment? How robust is your compliance program? Is your risk assessment methodology effective? Do you have comprehensive, risk-based compliance programs that include tailored policies, procedures, and training?
2. Third-Party Exposure: Are you well-informed about your sanction's exposure from third parties? Is your third-party risk management approach adequate? Do you perform thorough due diligence, ongoing monitoring, include compliance clauses in contracts, and provide training to ensure third parties adhere to sanctions laws?
3. Industry Risks: Are you aware if your industry is considered high-risk for sanctions? How do you engage with industry peers, regulators, and international bodies to stay updated on trends and best practices?
4. Investigation Capabilities: Do you have the necessary capabilities to investigate sanctions issues promptly? Are you leveraging technology and data, such as AI and machine learning, to enhance sanctions screening and reduce false positives?
5. Risk-Based Management: Are you applying a risk-based approach to managing sanctions risks? Are resources allocated to higher-risk areas and transactions? When was the last time you audited or reviewed your compliance programs to gauge whether they are effective and current with regulatory changes?

These questions will help support your organisation’s sanctions compliance program to be comprehensive and up-to-date.

This article has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this article without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this article, and, to the extent permitted by law, PricewaterhouseCoopers, , its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this article or for any decision based on it.

PwC’s Liability limited by a scheme approved under Professional Standards Legislation