Sanctions compliance: what every board and senior executive needs to know

November 2025  |  SPOTLIGHT | GLOBAL TRADE

Financier Worldwide Magazine

November 2025 Issue

In today’s volatile geopolitical climate, sanctions compliance is no longer a niche legal issue. It is a core pillar of corporate governance and risk management. Whether a business operates in financial services, energy, technology, consumer goods or manufacturing, global sanctions regimes can, and increasingly do, reach deep into operations, partnerships and customer base.

For boards and senior executives, sanctions risk is not something to delegate or downplay. It is a strategic imperative. Failures can trigger regulatory enforcement, reputational harm, financial penalties, even criminal liability and, in some cases, the loss of access to critical markets. Regulators are also making it clear: accountability sits squarely with leadership.

This article distils sanctions compliance from a leadership perspective. What are the real risks? What is expected of board members or executives? And what practical steps should be taken to safeguard the organisation in an environment of fast-changing regulatory demands?

Understanding the sanctions landscape

Sanctions are legal restrictions imposed by governments or supranational bodies such as the United Nations, European Union (EU), the US (via the Office of Foreign Assets Control (OFAC)) or the UK (via the Office of Financial Sanctions Implementation (OFSI)) to advance foreign policy and national security objectives. They may target individuals, entities, industries, regions or even entire nations.

The pace of change in sanctions has been unprecedented in the last five years, shaped by the Russia-Ukraine conflict, developments in the Middle East and the evolving US-China relationship. For multinational businesses, the challenge is not just complexity but reach. A company headquartered in India, for example, could still face US enforcement action if it transacts with a sanctioned party using US dollars, even if no American entity is directly involved.

Why it matters to senior leaders

Too often, executives assume sanctions compliance sits solely with compliance or legal teams. That assumption is dangerous. Regulators are increasingly holding senior leaders and boards personally accountable for failures.

Consider the case of Murad, LLC, acquired by Unilever in 2015. The company was fined over $3m for continued violations of Iran-related sanctions. OFAC went further, reaching a rare individual settlement with a senior executive personally. The message is clear: liability does not stop at the institutional level; it extends to individuals.

Sanctions compliance is therefore not just a regulatory checkbox; it is a strategic risk. Failures can jeopardise market access, licences, investor confidence and brand integrity. From a governance perspective, this sits squarely within the board’s fiduciary duties. Leaders are expected to ensure the organisation: (i) identifies and assesses sanctions risks; (ii) implements robust compliance frameworks; (iii) monitors and escalates potential breaches; and (iv) embeds a culture of compliance throughout the business.

Common weaknesses in sanctions programmes

Sanctions breaches are rarely the result of intentional wrongdoing. More often, they arise from systemic weaknesses – poor governance, inadequate controls and a lack of awareness at the leadership level. Several recurring issues contribute to these failures.

One common problem is the use of outdated risk assessments, particularly when companies expand into new markets or introduce new products without revisiting their exposure. Screening processes also tend to fall short, especially when legacy systems fail to detect sanctioned entities due to aliasing, language barriers or incomplete data.

Third-party relationships present another blind spot. Suppliers, distributors and joint venture partners are frequently overlooked in compliance efforts, leaving organisations vulnerable. Compounding these risks is poor record-keeping, which makes it difficult to audit screening decisions or demonstrate compliance.

Training deficiencies further exacerbate the issue. Frontline teams often lack the knowledge or confidence to identify red flags or escalate concerns appropriately. Ultimately, these vulnerabilities trace back to a lack of board-level engagement and investment. For sanctions compliance to be truly effective, it must be driven from the top.

Boards and executive action

The task is not to master sanctions law, but to ensure the right frameworks, culture and oversight are firmly in place. Six priorities stand out, as outlined below.

First, treat sanctions as a strategic risk. Embed sanctions risk into the enterprise risk management framework. Place it on the board’s risk agenda. Challenge management on how risks are identified, monitored and mitigated, especially in high-risk markets.

Second, champion a culture of compliance. Tone from the top is non-negotiable. Ethical behaviour and compliance must be visible, consistent and linked to performance incentives. Employees must know that doing the right thing, even at the cost of time or money, will always be supported.

Third, strengthen governance and oversight. Ask the right questions. Who owns sanctions compliance internally? How often is the risk assessment refreshed? What escalation routes exist for red flags? How is compliance performance measured? Are policies clear, current and enforced? How often is training delivered?

Boards should receive regular reporting on sanctions risks, near misses and regulatory updates. They should also assess whether the compliance function is adequately resourced and empowered.

Fourth, scrutinise third-party risk. Third parties are often the weakest link. Ensure due diligence is risk-based, ongoing and proportionate to the geography and sector. Regulators care less about what an organisation knew and more about whether it made reasonable efforts to know. Document every decision, especially when red flags arise.

Fifth, invest in screening and monitoring. Sanctions compliance is technology-driven, but human judgment is equally critical. Ensure screening tools are modern, calibrated and supplemented by skilled review, particularly in high-risk contexts. Challenge whether the business is investing enough in both systems and expertise.

Lastly, be prepared for breaches. Zero breaches is unrealistic. Regulators expect transparency and responsiveness. Establish clear investigation, escalation and reporting protocols, as well as response plans that include communications, legal counsel and regulator engagement.

A shifting enforcement climate

Global coordination is rising. The UK’s OFSI has strengthened its enforcement powers. The EU is moving toward centralised enforcement. The US remains the most aggressive player, holding even non-US companies accountable if their actions cause a US person or the US financial system to breach sanctions.

The implication for boards is simple: ignorance is no defence. If the business touches US dollars, US banks or US entities in any form, US sanctions laws apply, regardless of where you are headquartered.

Final thoughts

Sanctions compliance is not about avoiding fines; it is about protecting a business’s licence to operate, its reputation and its long-term value. In a world where geopolitics increasingly shapes commerce, sanctions risk deserves the same weight as financial, cyber or climate risk.

We have seen how quickly a minor oversight, a missed flag in an enterprise resource planning system, can escalate into a multibillion-dollar enforcement action. We have also seen how strong governance, leadership engagement and a proactive compliance culture can turn sanctions compliance into a competitive advantage.

The message for senior leaders is clear: sanctions compliance starts at the top. Awareness is not enough; engagement is essential. The business, and senior leaders’ personal accountability, may depend on it.

 

Tarun Bhatia is regional managing director and co-head of APAC, investigations, diligence and compliance and Radhika Vohra is associate managing director of investigations, diligence and compliance at Kroll. Mr Bhatia can be contacted on +91 99202 07042 or by email: tarun.bhatia@kroll.com. Ms Vohra can be contacted on +91 99106 36022 or by email: radhika.vohra@kroll.com.

© Financier Worldwide

BY

Tarun Bhatia and Radhika Vohra

Kroll

©2001-2025 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.