EU Outlines Compliance Steps for Common High-Priority Items, Countering Evasion

The guidance, published as a set of FAQs, features first-of-their-kind guidelines for EU exporters and other companies dealing in common high-priority items -- the various microelectronics, industrial inputs and other key dual-use goods that Russia is seeking for its military and defense industrial base. It lists specific due diligence steps EU “operators” should take for those transactions and their customers, various “risk factors” they should consider, what the EU views as “appropriate” compliance procedures, and more.

It also says EU member states may carry out “routine checks to verify” whether EU companies are taking steps to stop exports of these sensitive items to Russia, and those countries “may consider the EU exporter’s failure to conduct adequate due diligence as a violation of EU sanctions law.”

The guidance comes as both the EU and the U.S. prioritize enforcement against companies or third-country suppliers found to be shipping common high-priority items to Russia. It also comes after the U.S. Bureau of Industry and Security began sending a list of about 700 risky foreign suppliers to U.S. companies whose products, including common high-priority items, were being shipped by those suppliers to Russia for use in missiles, drones and other military or dual-use items (see 2406060041 and 2409110046). BIS has since said companies should “identify affirmative information” that a party on that list is not violating export controls before starting or continuing business with them (see 2407100027).

The EU said it’s especially concerned about shipments to Russia of items the country can use in its military systems or that are “critical” to the development of those systems. Its guidance specifically lists electronic components -- including integrated circuits -- as well as radio frequency transceiver modules, items needed to make and test the “electronic components of the printed circuit boards,” and items to make “high precision complex metal components.”

Although the bloc said there’s “no single model for conducting due diligence,” EU companies should carefully tailor their compliance programs to match their risks and scrutinize their business partners, customers and customers’ beneficial owners. They should also analyze potential transactions for red flags, including by asking:

• Is the country of transit or destination a country neighboring Russia or known to reexport goods to those two nations?
• Are complex or unusual transportation routes being used?
• Has the value of goods changed since sanctions on Russia took effect?
• What is the business rationale for the transaction, and are there “unexpected surges in demand” from regions without a “known market” for those products?
• Does the transaction use “complex financial schemes” or include “unusual or abnormal elements in the documentation” that can’t be justified?

The guidance also includes a list of “risk factors” that EU companies should consider before selling or moving a common high priority item, such as whether the shipment involves intermediaries or shell companies that “make no or little economic sense.” Companies also should examine whether the item will transit through countries that are known as “circumvention hubs,” whether the customer recently changed their ownership share to reduce their stake below the 50% threshold, whether the CEO or manager of the customer is “never available for discussions,” and more.

One FAQ outlines what the EU considers as “appropriate steps” in carrying out due diligence on transactions involving common high-priority items. EU companies should first “map out” the products, transactions and economic activities “within their range of services that are at risk of being involved” in shipments of those items to Russia, and should understand “how those risks can materialise.” They should also make sure they’re regularly updating their compliance controls and/or keeping track of new sanctions legislation, new designations, circumvention techniques and circumvention trade flows.

The EU also called compliance training for staff “critical,” and that may need to include senior executives, not just employees within their trade compliance office or those dealing in sales. The bloc said it recommends that “senior management of a company is personally involved and informed regularly by its compliance team on risks identified and measures taken.”

It added that a company can be deemed to have “effectively mitigated/managed” its risks if its due diligence hasn’t led to the “detection of any red flags,” or when it has put in place mitigation measures to address any red flags.

A separate guidance document includes new FAQs about how companies should approach due diligence to prevent sanctions evasion. One new FAQ stresses that banks also have a compliance responsibility and may need to screen its customers and transactions for “possible infringement of EU trade restrictions.” Banks “can tailor their compliance programmes to specific risks identified in relation to certain transactions or parties involved, such calibration being then more risk-based than systematic.”

BIS issued guidance in October that outlined similar due diligence expectations for banks and other financial institutions (see 2410090027 and 2411010030), saying banks should screen new customers’ customers against lists of parties believed to have shipped controlled items to Russia. Although BIS said banks don’t necessarily need to carry out that level of screening for all customers on a “real-time” basis, they should at least screen those exporting sensitive items on the BIS Common High Priority List.

Another new FAQ in the EU guidance says an EU company may be held liable if a sanctioned party transferred their assets to the EU company before the party was sanctioned, and that asset transfer was designed to help the now-sanctioned party “evade the effects of its possible future listing.” The bloc said “ongoing participation in that structure can amount to circumvention of the restrictive measures,” even “if the freezing of assets is not discontinued and no assets reach or benefit the now-listed person.”

The guidance also clarifies that, in order for a company to have violated the EU’s anti-circumvention rules, the company needed to have “knowingly and intentionally” tried to evade sanctions. “Thus, the threshold is acting with knowledge and intent to circumvent a prohibition included in the Regulations,” the EU said.

It added that it defines “knowingly and intentionally” as a situation not only where a person “deliberately seeks the object or effect of circumventing sanctions but also where a person participating in an activity having that object or effect is aware that such participation may have that object or that effect, and accepts that possibility.”

Another FAQ touches on the EU’s “non-liability clauses,” which shield an EU company from liability if they didn’t know or had reason to suspect that their activities would violate sanctions laws. The bloc stressed that companies shouldn’t be able to “successfully invoke” this clause if it “failed to carry out simple checks or inspections.”

It said those minimum checks include:

• Screening all parties to the transaction, including the customer’s beneficial owner and other “indirect parties,” such as suppliers, service providers, transporters and banks.
• Checking whether their goods and services, whether they’re a finished product or a component, are subject to any EU trade controls, including for dual-use and military items.
• Conducting a risk analysis of the transaction, including on the “contractual documentation,” the “rationale” for the transaction, any associated “financial flows,” the route of the shipment, the end-use of the goods and any risk of diversion.