US sanctions on Russia to have limited immediate impact but add to political, contract risks for business

Many commentators have described the new US sanctions on Russia as soft and symbolic, with a lot of coverage of the restrictions imposed on US lenders considering Russian sovereign debt. However, we believe that this coverage understates a new and more significant sanctions reality for companies and investors involved or interested in Russia.  

The latest US executive order on 15 April allows the US government to designate Russian individuals and companies more quickly, and the range of possible targets for designations – both individual and institutional – is wider. In our assessment this expands the sanctions grey zone for international companies and investors operating in Russia, or for investors considering technology sector targets outside Russia that might have connections to Russian counterparts. 

Major step

The 15 April executive order represents the most significant expansion of the US sanctions regime against Russia since the 2017 Countering America’s Adversaries Through Sanctions Act (CAATSA). The order was issued under a new legal mandate, which is based on President Biden declaring a national emergency to deal with the “Russian threat”. This offers Biden’s administration the maximum flexibility to target any Russian individuals or entities that were found to be enabling “harmful activities”, such as interference in elections or major disinformation campaigns, cyber hacks, new military operations against Ukraine or key NATO partners, or attempts to use energy supply as a geopolitical tool against Russia’s neighbours. The list can be expanded quickly without any legislative or bureaucratic impediments, and potential sanctions under this order include new prohibitions to purchase Russian debt on the secondary market and expansion of sector-specific restrictions or sectoral sanctions.

Broad scope

The executive order allows for the sanctioning of any Russian individual or entity for their links to the Russian state and government, for being part of its technology sector, and for being involved in the disruption of gas or energy supplies to Europe, the Caucasus or Asia. As a result, the sanctions risks of doing business with Russian technology, energy and state-owned companies have increased, though only a small number of individuals and companies are likely to be targeted in these sectors.  The executive order specifically mentions that “other sectors” of the Russian economy could be sanctioned without the need to pass additional legal framework (a new executive order or legislation).

Technology sector in focus

The executive order authorises sanctions against any individual who operates or has operated in the technology sector of the Russian Federation economy – or any other sector of the Russian Federation economy – if the US Treasury Department concludes that they have assisted the Russian government with malicious cyber activity, interference in elections or weakening of democratic institutions not only in the US, but also among its allies and partners.

This creates more wide-ranging possible sanctions against the Russian technology sector, which may put any engagement with Russian cyber security firms out of bounds for US businesses and investors, including those operating in Russia, as most of these firms have contracts with government institutions or state-owned companies. Similarly, non-Russian technology companies that are headquartered in third countries, but with links to Russian clients, developers or investors, may also be exposed to sanctions, and links to Russia will need to be a feature of any due diligence of new transactions in the technology sector.

The US Treasury Department imposed sanctions against six large Russian technology companies, which according to the executive order provide support to the Russian intelligence services’ cyber programme. Some of the sanctioned cyber security companies have major international corporations among their business partners. The fact that the Russian government and state-controlled corporations tend to be the main clients for cyber security solutions elevates the sanctions risk in the whole sector and in turn these companies’ international counterparts. 

The US is likely to continue to pressure its allies and partners to scrutinise investments in the Russian IT sector and may introduce secondary sanctions in this space for any links with companies suspected of involvement in Russia’s cyber activities.

Links with the Russian state scrutinised

Sanctions are targeting several categories of individuals and entities for their links with the Russian government. The executive order specifies that anyone who has been a leader, official, senior executive officer, or member of the board of directors of the Russian company owned or controlled by the government could be targeted, as well as entities providing services to the Russian state. The order also specifies that sanctions can be extended to the immediate relatives – spouses and grown-up children – of sanctioned individuals, who were engaged in harmful activities or enabled them.
Similar provision can be found in CAATSA, the 2017 framework for sanctions against Russia, but it has not been applied in practice, and no family member of a specially designated national has been targeted solely because of the familial ties. Repeating this norm in a new document may signal the Biden administration’s preparedness to revitalise this approach, in contrast to his predecessor.  

Next steps

US-Russia tensions are likely to escalate. As sanctions remain the main US policy instrument aimed at punishing and deterring Moscow’s “harmful” policies and actions, companies and investors need to step up their analytical and compliance capability to be prepared for a rapid escalation of sanctions. Companies and investors will need to conduct careful analysis of their current and future sanctions risk exposure when considering their Russian partners or indeed non-Russian investment targets with connections to Russia. This needs to be considered as a look back exercise with existing relationships and as an important due diligence item with any future relationships. In addition to ensuring compliance with new designations, it is important to conduct forward-looking assessments for sanctions escalation options, including scenario planning and related risk and mitigation strategies for new deals and relationships.