Seven ways for compliance officers to manage risks associated with Russian sanctions


After Russian forces crossed Ukraine’s borders on 24 February, the world responded swiftly to impose sanctions against President Putin’s regime. In the UK, Putin and foreign minister Sergey Lavrov have been sanctioned, plus five Russian banks and more than 300 individuals and entities connected to Putin’s regime, including the Chelsea Football Club owner, Roman Abramovich. The London Stock Exchange has suspended the shares of 28 Russian-linked companies and it is now a criminal offence for any Russian aircraft to enter UK airspace, or for British ports to give access to ships connected with the country. 

Financial sanctions prevent law firms from doing business or acting for any listed individuals, entities or ships. If a sanctioned individual is subject to an asset freeze, firms must not deal with those funds or make resources available to that person. Firms must also report suspicions to the Office of Financial Sanctions Implementation (OFSI). Breaching sanctions can result in a criminal prosecution or a fine. Recently payments provider Clear Junction Limited was fined more than £36,000 by OFSI in relation to a series of transactions that contravened UK Russian sanctions. 

The government has also indicated criminal penalties for non compliance will increase under the Economic Crime (Transparency and Enforcement) Bill from £500 per day to £2,500 per day. Those convicted could also face prison sentences of up to five years. 

The Solicitors Regulation Authority (SRA) has warned that regulated firms must have appropriate policies in place to ensure they comply with sanctions legislation, and is starting to conduct spot checks on firms to assess compliance. 

In the face of a rapidly changing situation, and with the threat of significant fines hanging over them, compliance officers may understandably feel overwhelmed by the responsibility to get this right. Here’s how full service law firms should respond to Russian sanctions in the UK: 

1. Screen existing clients

As a first step, law firms should consider their own exposure. Do you have any clients based in Russia or connected to sanctioned individuals or entities? Are there any clients that have significant business dealings with Russia, particularly those in the energy, transport and construction sectors? Remember that some sanctioned individuals may have British citizenship.  A number of law firms are already making the decision to remove themselves from problematic clients. Legally, organisations are able to act for someone on a sanctions list but must apply for a licence from OFSI before starting work

2. Assess screening protocols 

Once your client base has been screened, consider your existing protocols. Are the platforms you use able to detect and manage relevant risks, where sanctioned customers or entities are identified? If your firm is using an electronic verification system for customer due diligence, check they are refreshing sanctions lists with sufficient frequency. Thirdfort works with LexisNexis (through Experian) and ComplyAdvantage to identify politically exposed people (PEP), and sanctions across all jurisdictions. ComplyAdvantage in particular uses artificial intelligence to monitor and automatically capture any sanctions updates. 

3. Update risk assessments

Organisations should make it clear they have considered the risks and are aware of the impact sanctions have on their work, in case of a spot check by the SRA. Update your firm-wide risk assessment to reflect that you have reviewed matters and made any appropriate changes to policies, controls and procedures. 

4. Add additional enhanced monitoring where necessary

Make sure you have a full understanding of the ownership structures of all of your clients. If that’s not in place, request evidence from your client or use an external service that can provide this. New procedures for extra due diligence should be put in place, where the firm doesn’t automatically know who the ultimate beneficial owners are, or where funds may come from Russia or allied countries. Thirdfort uses Experian initially to assess cases, before doing more in-depth consideration via ComplyAdvantage if there’s a positive or potential PEP and sanction match. 

5. Provide regular training and guidance

Beyond the compliance team, all employees need to understand the latest sanctions, how it impacts their work with clients, and what they should do if they identify a sanctioned person or entity. Organise regular updates to inform colleagues about any changes, and encourage them to ask questions, even if they’re not sure whether something looks suspicious.

6. Be aware of other sanctions lists 

While the OFSI only enforces the UK’s sanctions list, it’s a good idea to keep an eye on lists from the US, EU and UN, particularly if your firm operates internationally. A PEP and sanctions search system like Thirdfort’s covers all jurisdictions and nationalities globally, giving you the information you need to manage the risk associated with a particular client.  

7. Continue to monitor updates

The situation is changing every day, with new sanctions expected in the immediate future. Put systems in place for continuous monitoring of the latest news and alerts, such as signing up to receive alerts on the latest sanctions changes from the OFSI website. Alternatively, feel free to speak to our team who'll be happy to advise you on how to stay on top of the new regulatory changes.


Forward thinking legal firms are embracing change and their businesses are benefiting greatly. 

By bringing in simple, user-friendly solutions like Thirdfort for compliance management, these firms are successfully navigating the evolving regulatory landscape with the tech they now need to stay compliant and speed up client onboarding times.

If you’d like to learn more about how your firm can automate AML and ID verification using Thirdfort, book a demo with one of our team here

Subscribe to our newsletter

Subscribe to our monthly newsletter for recaps and recordings of our webinars, invitations for upcoming events and curated industry news. We’ll also send our guide to Digital ID Verification as a welcome gift.

Our Privacy Policy sets out how the personal data collected from you will be processed by us.