The extensive utilisation of sanctions as a foreign policy tool is a comparatively recent development in the European Union. As such, there are limited examples of enforcement actions taken against those who breach sanctions, whether deliberately or accidentally.

This is in contrast to the United States, where there is a history of enforcement actions going back many years, with significant fines being imposed on violators responsible for multiple breaches. These have included fines against European banking groups in 2010 of $176m, and in 2009 of $536m and $217m. Such fines are often accompanied by a requirement for enhanced compliance to be carried out by the offending company.

However, evidence suggests that the UK Government is now taking enforcement more seriously. In March 2012 it was announced by HM Revenue and Customs that 84 British companies had been found to have breached the Iranian sanctions regime during the financial year, in comparison with just 40 cases in 2008/9, and 64 and 65 cases in the following two years.

How do governments monitor compliance with sanctions?

Governments are often reliant on companies self-reporting breaches that have occurred. In the United States, banks are expected to monitor the transactions they carry out and report any potential infringements to the Treasury Department's Office of Foreign Assets Control (OFAC). With a vast amount of international trade being priced in US dollars, and those dollars having to be cleared through US banks, requiring banks to self-police is an effective method of tracking compliance without having to deploy significant resources.

Under the most recent EU Regulation imposing further sanctions on Iran (Council Regulation (EU) 267/2012), companies must report permitted transactions involving the import, purchase or transport of oil and petroleum products originating from Iran, and any financing or financial assistance in respect of the same, including the provision of (re)insurance. The notification must be made 20 working days in advance of the execution of the contract. Requiring such notifications to be made allows governments to monitor activity, again without deploying significant resources.

What penalties can be imposed on entities that breach sanctions?


Penalties for violating US sanctions vary widely and are dependent upon a number of factors. Penalties range from issuance of a "cautionary letter" to transaction-based civil penalties, and, if the violation is wilful, to referral to the US Department of Justice for criminal prosecution with the prospect of a $1 million fine and up to 20 years imprisonment.

OFAC makes use of a "penalty matrix" in assessing the penalty to impose, which places emphasis on whether the violation was "egregious" (a finding of which would increase the penalty) or voluntarily self-disclosed (a finding of which would reduce the penalty). Other factors OFAC considers are whether or not the conduct at issue was reckless, whether management was involved, whether or not the violator is a large and sophisticated enterprise, whether the violator cooperated with OFAC's investigation, and whether the violator has in place an appropriate compliance programme.


In the United Kingdom, a statutory instrument will be passed to enact criminal sanctions contained in EU legislation, as individual Member States are responsible for imposing criminal penalties. The severity of the penalty will of course depend on the offence committed, but by way of example, the maximum penalty for breaching the prohibition on providing financing or financial assistance for the import, purchase or transport of crude oil or petroleum products originating from Iran is imprisonment for two years, or a fine, or both.

Can individuals be penalised?

Yes. One of the most high-profile cases in recent months where a sanctions breach has been alleged is that of Christopher Tappin, a freight forwarder who has been accused of conspiring to export batteries for Hawk surface to air missiles from the US to Iran, an offence for which, should he be found guilty, is punishable with a sentence of up to 35 years in jail. Tappin denies the offences and is currently on bail awaiting trial.

How can businesses try to prevent inadvertent breaches of sanctions legislation?

  • Due diligence: adequate due diligence should be carried out in all transactions where there is a potential sanctions touchpoint, bearing in mind that there is no "one size fits all" approach to such enquiries. Education of employees in assessing the level of risk involved in entering into transactions is vital
  • Licences: restricted goods can often be exported under licence. Ensure that the licence obtained fully covers the goods to be exported
  • Be aware of notification and authorisation requirements: there are reporting requirements for certain transactions with specific jurisdictions. For example, transfers of more than €10,000 to Iranian entities and individuals require notification to the relevant competent authority; and transfers over €40,000 require authorisation in advance If another party to the transaction has taken responsibility for making notifications or obtaining authorisations, ensure that you are satisfied that the procedure has been followed correctly
  • Review old transactions to ensure that there is no potential for activity which could result in a breach
  • Records: keep adequate records of all transactions

In summary, the vigilance of the authorities and the severity of penalties varies from jurisdiction to jurisdiction, but all potentially impacted entities need to watch out for the long arm of the US authorities, in particular. The potential impact of US proceedings against a company or an individual is very serious.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.