The AML Clinic Podcast
The AML Clinic Podcast is hosted by Michelle Clement, a former SRA AML Regulatory Manager who has audited hundreds of law firms and authored key SRA guidance now used across the profession.
This podcast delivers practical, actionable insight on anti-money laundering (AML), financial crime risk, and regulatory oversight. Each episode offers real-world examples, straight-talking analysis, and lessons from the blind spots regulators focus on, helping law firms and compliance teams understand not just the rules, but how regulators actually assess risk.
Designed for MLROs, COLPs, COFAs, compliance professionals, fee earners, and partners, the AML Clinic Podcast equips you to build defensible AML frameworks, make informed decisions, and stay ahead of enforcement trends. Whether you’re looking to improve firm-wide risk assessments, enhance client and matter-level diligence, or navigate SRA and FCA supervision, this podcast gives you the knowledge to act confidently and proactively.
The AML Clinic Podcast
Episode 20 - Looking Beyond the Sanctions List
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Michelle Clement is joined by Suzie Ogilvie to discuss how firms can recognise and manage sanctions risk in practice, apply the "reasonable cause to suspect" threshold, and make defensible decisions that stand up to regulatory scrutiny.
Hello and welcome to this episode of the AML Clinic Podcast. I'm your host, Michelle Clement. I'm a former SRA AML regulatory manager who now works with law firms to build defensible frameworks grounded in how the SRA assesses risk and decision making in practice. In this episode, we're focusing on sanctions and specifically what it takes to recognise and manage sanctions risk in the real world. This episode will focus on what effective sanction risk management looks like in practice, how firms can recognise when a matter may have a sanctions nexus, how the reasonable cause to suspect threshold can be understood and applied, and what determines whether sanctions-related decisions stand up to scrutiny when reviewed later. To explore these issues, I'm joined by Susie Ogilvie. Susie is a leading advisor in financial crime, sanctions, and ethical and reputational risk management. With more than 20 years' experience, she has held senior compliance roles at three leading international law firms and has represented the legal profession on AML and sanctions matters before UK and EU governmental and regulatory bodies. Through Agira Risk, she now advises organizations on financial crime, sanctions, ethical and geopolitical risks, helping them implement regulatory requirements in a practical and commercially sensitive way. Susie, you're welcome to the AML Clinic Podcast. Thank you. Thank you, Michelle. So I'd like us to start with how the landscape has evolved and what firms are now expected to understand in practice. So, from your perspective, how would you say the landscape has evolved in terms of what firms are now expected to understand from in comparison to say the last five to ten
Evolution of Sanctions
Speaker 4years?
Speaker 2Well, um, I'm actually going to start maybe 20 years or so ago when I first became involved in sanctions. Now I can't recall exactly how long it was, but when I first became involved, UK firms were largely focused on navigating US sanctions in respect of Iran and Cuba. Right. And at that time, the challenge was balancing the extraterritorial nature of these US sanctions versus what are known as blocking measures that had been implemented in Europe. So effectively measures that put onus on you not to follow those sanctions. Now, while I wouldn't want to diminish the difficulty of balancing those competing interests, overall the sanctions issues were relatively few and far between for firms at that time. The need to focus on more sanctions compliance grew with the dawn of the Arab Spring and the increasing concerns about Iran's development of nuclear weapons. EU sanctions weren't just limited to asset freezes and prohibitions on dealing with the governments, but also in respect of the petrochemical sector, which was key to the Iranian economy. We'll come on to an example of one of the challenges that the petrochemical sanctions presented into course. But overall, even at that time, complying with sanctions still felt manageable. And it wasn't really until 2014, after the Russian annexation of Crimea, that things started to become a lot more complicated. Now, I should add that in the early days following Russia's annexation of Crimea, I think a number of us, me certainly, in the sanction space, we'd anticipated that the US would likely lead the way as usual, particularly given some of the issues presented by the geographical proximity of the EU to Russia, and perhaps notably the reliance of many EU countries on Russian gas. And all that was until a surface-to-air missile fired by Russian separatists hit Malaysia flight, Malaysia Airways flight MH-17 as it flew over eastern Ukrainian airspace. Now this signaled a significant shift at EU level, and sanctions were stepped up. Now, in terms of the measures used in 2014, a new type of sanction emerged. There had already been asset freezing or blocking measures, sector-focused restrictions like the Iranian petrochemical restrictions, and restrictions on investments in countries. But 2014 saw the introduction of these capital raising sanctions. So essentially sanctions that were intended to restrict an entity's access to new capital or loan finance. And the provisions of these sanctions had to be carefully considered. For example, new loans also covered existing loans that were being significantly amended. Right. So it became quite complicated. Sanctions continued to incrementally increase when the US enacted Catza, the countering Americans America's adversary through Sanctions Act. Sorry, it's a bit of a mouthful. That happened in 2017, and that imposed additional measures on Iran, North Korea, and Russia, some of which had extraterritorial effect. So by the time Russia invaded Ukraine in 2022, there was already a lot to grapple with. And then in 2022, sanctions came thick and fast. Many new designations on a regular basis, meaning firms had to swiftly grapple with them. Other measures were also introduced, while some of the pre-existing measures were expanded. Trade sanctions were added incrementally. Firms then had to navigate the original legal services ban, which, of course, to add to the challenges, was different to the EU ban. And while all of this was happening, of course, those on the receiving end of sanctions, so the designated persons, etc., were looking at new ways around those sanctions. So firms were at risk of becoming involved in circumvention and evasion schemes. Now, those of us who had followed sanctions over the years definitely found it difficult to keep a pace of all of the developments and take the necessary action. We were familiar with it. So for those who were less familiar, I would say it was like climbing Mount Everest, and possibly still is. Firms are now often dealing with new designations requiring swift action, new measures that require analysis of the work that's being undertaken, and challenges of circumvention.
Speaker 4So, Susie, I mean, 20 years in in about two minutes, that that just covered just how complex an area we're talking about. It's just as much understanding the rules as it is about understanding the context, is what I'm taking away from that as well. Yep, that's correct. So I have a two-pronged question.
Identifying Sanctions Nexus
Speaker 4Um, what do you see, given it's such a complex area, what do you see as the biggest gaps in terms of knowledge or recognition that something might have a sanctions nexus? And then the the other part of the question is why is that?
Speaker 2Um so I've alluded to the fact that there's a vast number of measures in place and also the pace of change. But I would probably categorize the key issues as follows. So, firstly, when considering new designations or conducting searches as part of new work, identifying if a name match is an actual sanctions match or false positive, that's a challenge. Then you have ownership and control issues to grapple with. And then the application of non-list-based sanctions more generally, for example, those focused on sectors, as well as the difficulties in identifying if there might be trade sanctions measures that affect a piece of work. There are other issues, of course, but these are some of the key ones. There are a variety of reasons for the difficulty. So the pace of change, the sheer volume of measures, they create the perfect storm. Then potential data quality issues, including lack of sufficient identifying details to consider sanctions matching. Also, the practical challenges of applying measures, the focus of which was the potential impact that they might have, as opposed to how they might be practically applied. Right. The Russia oil price cap was a perfect example of this. Many hours had been put into thinking about what would hit Russia Russian oil hard, but not much consideration was given to how firms might actually have to practically implement that. Additionally, in some cases, challenges arise where, on the face of it, there's no apparent initial nexus to a country that is subject to financial or trade sanctions measures. And also the difference across the sanctions regimes that are implemented by the US, the UK, and the EU can impact those with branch offices elsewhere. Whilst you might have two regimes that apply in respect of another country, they might differ and that can cause issues. The legal services ban, the UK and the EU ones differ, for example. I mentioned I would come back to the petrochemical prohibitions that were once in place in respect to Iran. And this is just to give you an example of some of the challenges that arrived. Because one of the prohibitions that had been applied at one stage was in respect of transactions that involved products derived from petroleum.
Speaker 4Okay.
Speaker 2Now, it's probably fairly easy to identify transactions that may have involved the same sale of transport fuels, heating oils, um, LPG. But petroleum products are also essential raw materials for manufacturing plastics, synthetic fibers, cosmetics, and some everyday household cleaning products, to name but few. I mentioned circumvention, and turning to circumvention risks, it wasn't until early 2025 that the Office of Financial Sanctions Implementation, OFSI, published their first official threat assessments in which they listed out what they termed as intermediary countries, and that is countries where the risks of circumvention are considered to be greater. Meanwhile, the press were having a bit of a field day criticizing organizations, companies that may have supplied products to entities in those intermediary countries, only to discover later that their products had ended up in Russia. Now, those of us who are well versed in geopolitical issues are at a distinct advantage, but it's often part of the day-to-day for us. For many, though, understanding those ties, it's not so easy, and so it's easy to get caught out.
Speaker 4That's really helpful. I think it just shows how circumstantial this area really is, and there's so many factors that come into play, which make it so easy to you know to miss the risk, especially when it doesn't present in an obvious way. How does this tie into or what sort of um parallels can we draw with complying with the dual use prohibition um
Challenge of Dual Use Prohibition
Speaker 4for firms?
Speaker 2Yeah, so dual use. I think that this is an area where understanding what falls into the category of dual use goods is itself a challenge. Um I think industry, so you know, those who are actually that the companies that produce these goods will probably have a better feel for what is controlled. They're closer to the trading side of things. For lawyers, well, the lawyers are well versed in their area of law, but not necessarily with not necessarily, you know, the aspects of what is the actual product. They're experts in advising on the legal aspects of a contract or a structure, but they may not fully appreciate the status of the underlying assets. Like identifying whether a product is derived from petroleum, it may not always be able to identify that there's certain assets that form part of the transaction that may be subject to controls. The second aspect of dual use is, as the name suggests, is that while they can be used for military purposes, they can also be used for civilian purposes, legitimate commercial business, day-to-day you know, transactions. And this adds to the challenge as it's harder to set up triggers in your systems to be able to identify the potentially problematic issues in this area. And thirdly, it's often the counterparty rather than your client that may be the red flag.
Speaker 3Yeah.
Speaker 2And while firms are focused on due diligence on their clients for AML purposes, counterparties may not always be flagged as giving rise to the increased risk. There are probably certain sectors that you need to take note of as giving rise to an increased risk. And then in those sectors, it might be necessary to consider asking questions of the client as to what their goods are, what the assets are, and whether there are any restrictions, as they're in the best position to be able to tell you.
Reasonable Cause to Suspect Threshold
Speaker 4Really helpful, Susie. So I think as you've alluded to, recognising potential sanctions risk is one thing, but then knowing when those concerns actually cross the line into suspicion is often where firms actually face the greatest challenge. So, how do you see the reasonable cause to suspect threshold in respect of designated persons operating in real-world cases? Are firms sometimes maybe setting the bar too high or too narrowly, in your view?
Speaker 2Um well, I think uh it it's worth going back to the case, though. Um, the the reasonable cause to suspect threshold has been considered by the courts, and um particularly in the case of the Vneshprombank and Bedzhamov, um, is perhaps the most helpful case. And there'll be a number of listeners who may be familiar with this case, but I think it's worth a quick overview because I think that helps individuals understand the test that might be applicable. Okay. So this case considered whether a Russian company, A1, is controlled by UK designated persons, namely Mikhail Friedman, German Kahn, and Alexei Kuzmachev. The case before the courts didn't actually involve A1 directly, but A1 was financing the litigation for Vneshprombank. The three individuals, Friedman Kahn and Kuzmachev, were shareholders in A1 until 2022, when they had sold their shareholdings. However, the sale of that shareholding took place shortly after the designations, and that was carried out for a nominal value of less than £800 to an existing employee, casting doubt on its legitimacy and giving rise to concerns that the designated trio retained control in the background. In considering the test of reasonable cause to suspect, the court looked back at prior cases in paragraph 54 of the judgment and it highlighted eight key aspects. So first of all, the test imports an objective element requiring an evidential foundation. Secondly, the court must be fact-based and genuinely reasonable. The test also required that on the available information, a reasonable person would not might, not could, but a reasonable person would suspect that in, for example, the case of Regulation 11 of the Russia Sanctions regulations, that a person whose funds or economic resources are dealt with is a designated person. Then they consider that the next element, which was the question whether there are reasonable grounds to suspect, has to be considered in the round, in a fair-minded review, taking into account all relevant information, including undermining material, initial suspicions that may be dispelled by information or evidence. It's also necessary to guard against unreliable assumptions and to exercise caution in treating the complexity of corporate structures as ground for suspicion. Then the accuracy and credibility of the sources of evidence relied upon should be evaluated, although such evidence isn't just limited to that which could be admissible in court. The seventh point was whether the statutory test of reasonable suspicion is method must be carefully considered and the applications or presentations subject to rigorous and critical analysis of it. And then finally, speculation as to continued control by a designated person over a non-designated entity does not establish a triable case of such continuing control. What does that all mean? Well, in this case, if you look back at the facts, the court noted that the test did not require definitive proof of control, but rested on whether the available evidence reasonably raised concerns about the connection between sanctioned individuals and the relevant entities. This includes indirect evidence that may require further investigation of potential sanctioned breaches. The suspicion threshold could be met by red flags, like insufficient documentation or transactions that appear to lack commercial rationale without needing hard evidence of ongoing control. The court also noted that the individual who acquired the shares was not a neutral third party, but a long time employee of the designated persons. And finally, the court highlighted the timing of key business decisions, namely that the sale occurred immediately after the imposition of sanctions. And that's a critical factor in your assessment of whether or not something is at arm's length and potentially a circumvention strategy. So in this case, the court took all of these factors together and considered that there was reasonable cause to suspect on the facts of the case. So there were multiple overlapping indications that the designated individuals retained control. To go back to your question, you asked if I thought firms were setting the bar too high or too low. Well, there's often considerable uncertainty when you're looking at each individual case. Yes, a common sense approach is needed, but the focus of the case is on whether a reasonable person would, not could, conclude that a person was designated. But in reality, the fact of every situation that you're looking at is going to differ. Which has its own internal costs. So to the extent that a firm's already engaged in the matter, then that due diligence may be a necessity. However, if you're considering new business and it's at the outset of the matter, undertaking that due diligence may not be worth it in circumstances where you can never be absolutely comfortable.
Speaker 3Yeah.
Speaker 2Um and it should be remembered that while a case might be winnable in court, it doesn't necessarily stop an investigation being carried out. It doesn't stop inquiries being made of you. So the very thought of even going through that process and going through the courts is in itself a lot of work and stress. And therefore, asking whether firms are setting the bar too low or too high, it really depends on the case and depends on their own risk appetite. And it also depends on whether or not they feel that the exercise is worth it going through. Through that exercise is actually worth it, given all of that sort of commercial context that sits around it. And for me, the greatest concern isn't about whether firms are are you know making those decisions after due diligence and and potentially opening up the thought of a case against them, it's when they're not doing the necessary thinking and not looking at everything in the round, as the case suggested that you must do.
Speaker 4Thank you. That was really helpful, a helpful background to set the scene, Susie. Um I want to say it sounds straightforward in theory, but I I think I'd be lying to myself. Um, but it definitely becomes more difficult when you're dealing with real-world facts. So I'm sure people who who do sanctions work would be able to relate with that. So let's drill
Managing Sanctions Risk in Practice
Speaker 4down a bit into how firms manage sanctions risk in practice. How much of the challenge do you see is being driven by the structural complexities and how much is down to data limitation?
Speaker 3Um so I think it's a bit of both.
Speaker 2Um so I think you've got the complexity of the sanctions, the need to consider all aspects of compliance, so not just focusing on clients and matters, but on suppliers and other touch points, like the position of the account holding banks, of parties, etc. Compliance teams have a lot of focus on new business intake. That that's generally the way that they're set up, they're set up to consider new business intake, and the work that's being undertaken for clients and other aspects tend to take a bit more of a back seat. Um, and sanctions compliance needs a broader horizon scan. In order to do the job properly, you need data, but both internal data, ensuring that that internal data is structured in a way that it is useful and can be reported upon easily, as well as having the access to the external data to allow the compliance team to be able to make determinations as to sanctions risk. Yeah it's it's it's everything. It's it's you know, it's not just one answer. You need to have everything internally structured in the correct way, but also have the ability to use the external data in a way that matches up with your systems and the way that they're set up.
Speaker 3And from a practical angle, what can technology do to support firms in this process?
Speaker 2Well, sanctions monitoring tools are available. Um but there's the case of WISE Payments, which I often talk about. Um, and essentially WISE Payments was a case where it wasn't so much a case, it was a decision notice that was made by OFSI. Um and what what happened in WISE Payments was that they had a sanctions monitoring program in place, they had access to technology, but as a result of a regular high number of false positives, WISE had taken the decision to, whilst it stopped all other transactions, it permitted debit card withdrawals as it reviewed potential sanctions matches. And so, unfortunately for WISE, one day, eventually a designated person withdrew £250 in cash while WISE was reviewing the designation. Now, if you look at some of the facts of the case, which I think are are helpful here, is the designated person was added to OFSI's consolidated list on the morning of 29th of June 2022. The following morning, very very early on, so shortly after midnight, Wise's third-party sanctions data provider added the designated person to its sanctions list in response to OFSI updating the list. A couple of hours later, Wise's customer base was screened following that update, and Wise's systems raised an alert due to a possible name match with the designated person. Um but Wise's policy, as I said, was to effectively suspend the account but permit the debit card payments to still be made. And a few hours later, so at about 7 a.m. in the morning of 30th June, an employee of the designated person successfully withdrew £250 in cash using that debit card. It wasn't until Friday, the 1st of July, that someone at WISE reviewed the previously generated alert and determined it was a likely true name match. And then, in accordance with escalation policy, they then escalated it to someone more senior, a sanction specialist team. However, it was on a Friday and it wasn't reviewed that Friday by the sanction specialist team, and they didn't operate weekend working. So it wasn't actually until the following Monday that anything was actually discovered. Now they they self-reported, but I think if you go back to how can technology help, then yes, it goes part of the way, it will provide you with some of the data, but you do have to have the systems the the support and the controls in place that support that. You need people to be able to review the alerts, yeah. And you also need to make sure that as new sanctions arise, you're able to manage that in a timely manner. In Wise case, in the WISE case, it was very critical that there was nobody there on weekends to assist in reviewing these matches at that time. Now, I think if we all look as the compliance teams, you know, we're we're busy anyway, and we look at it and we think, oh wow, you know, that's a considerable resource that we have to actually provide towards that. And people are very, very anxious about it. But you can't just rely on the technology. Now, there are tools available that will help to identify potential red flags, and they might be able to um categorize some of the potential matches into the higher risk ones and the lower risk ones, which might help you to manage it. But I think one thing that I would say is every single firm has to consider its business and what technology might work for it. Expensive solutions aren't necessarily appropriate for all. Um, and so it goes back to thinking about your business and the work that you do and working out what's appropriate for your firm.
Speaker 4Yeah, so you you said something that was quite interesting, which so you mentioned about the high levels of false positives that WISE was having. Um, and this is something that firms experience a lot. Um, they have issues with fuzzy matching and the variations in in names. So, just on the name handling point, how important do you think it is for compliance professionals to understand different naming conventions and cultural variations when assessing alerts?
Speaker 2I think much depends. As it, you know, it's to go back to this point about your firm is the types of clients and mandates that you're ordinarily looking at. Um large firms that might be working for individuals globally or small, smaller, limited companies with a limited business profile may be more at risk than those who deal with the multinationals on a regular basis. And this is where going back to the firm-wide sanctions risk assessment is actually quite important. Consider where the areas of focus ought to be. Some training is obviously useful, but the extent of that training is going to depend on the risks that your business faces. And you don't want to be in a situation where you're providing unnecessary training to people and they're missing the real issues. So it's that balance and having to consider what is who are the clients that we are ordinarily come across, who are the counterparties that we might ordinarily come across, what are the sorts of things that are we that we might be doing, so that we can then put in place the appropriate
Evaluating Decision Making in Sanctions
Speaker 2training. So it's not necessarily just the naming conventions, it's looking to how do you discount other matches that may uh crop up. Um and you know, going back to the technology, if you are one of those larger firms that acts for a lot of individuals globally, you might think that investment in some form of technology is actually going to support your team. Whereas if you are a smaller firm that rarely comes across an issue, that will be more focused on the training of individuals to spot if there's something that is not in keeping with your ordinary course of business, as opposed to the training on how do you understand what the naming conventions are in a particular country?
Speaker 4It's a really important point about what the the risk that the exposure that different firms have depending on the types of clients they have and the size and geopolitical issues that they might encounter in the process. If we now look at this from the other end, so when decisions are reviewed in hindsight, what type of factors tend to distinguish a strong decision from a weak one?
Speaker 2Um well, going back to that case, um the the A1 um decision, it's incredibly important to remember to look at the full picture and take all of the factors into consideration. It's really important to avoid considering red flags and discounting each one of them individually without considering how things appear when you take a list of view of all of those red flags. Um it's often possible to provide a plausible argument, discounting each red flag that might arise. And I've seen this done, and um lawyers are quite good at arguing points, you know, things point by point.
Speaker 1Yeah.
Speaker 2But if you're only just getting comfort, or you're just putting forward counter-arguments for each issue, and you don't look at the bigger picture, and and this also, as I'm sure you appreciate, applies to money laundering risk as well. Well, you're potentially overlooking the risk. It's really important to make sure that all people involved understand that it's not the negotiation of a contract where you deal with each outstanding difference between the parties line by line, but it's a risk decision for the firm.
Speaker 3Yeah.
Speaker 2And going back to the case law, it was very, very clear that all factors have to be considered in the round.
Speaker 4So building on that, how should firms think about documenting the steps they've taken in a way that later on would stand up to scrutiny? You know, what sort sorts of things tend to be missing when decisions are reviewed later?
Speaker 2So I think it's important to um look at this for on two levels. It's very clear that it's helpful to document the controls that are in place essentially, as well as each individual decision that's taken. So after the flurry of sanctions in 2022, um many firms developed ways of addressing issues, but didn't have the time to enshrine these informal processes. The processes existed, but they were being carried out on an ad hoc basis, um, or that they were being carried out without there actually being a written procedure in place that outlined what should happen. I think it's really key to ensure that those are clearly documented and centralized policies if they haven't already been. Then, from the perspective of individual decisions, these need to be recorded. And in fact, going back to the point about, you know, taking everything in the round, writing that out can help you challenge your comfort levels. If you're write typing everything out, putting the arguments down and then rereading them all together, you can ask yourself at that point, when reading it back to yourself, if you feel that you could justify it, should everything go south. And so that documentation process has more than one more than one purpose. I think the difficulty is why payments has taught us we need to be quick in taking action, but other situations are suggesting that we must ensure that we're thorough and that takes time. So you've got competing interests. Yes. People often are having the conversation and they're going through the analysis, but they're not fully recording it, or it's too high level and it might not stand up to scrutiny. Um just as with client advice, proper attendance notes are key, and so are the records of the decisions that are made. Um if there's any technology that can help you download a transcript of any advice that you might have given over, say, Teams, then it's worth maybe using that as the basis for your record keeping and your decision making to make sure because we all feel that time pressure that that exists when you're trying to get through all of the work and all of the you know sanctions matching exercises, etc.
Speaker 4So what you said actually deeply resonates with me. So I also inspected firms on their sanctions frameworks as well. Um and actually, when I think back to most of the firms that were referred for investigation for not for non-compliance, um, that it wasn't necessarily about the outcome, it was many of the things that you were speaking about. So thank
Practical Guidance for Firms
Speaker 4you. So, in closing, I always like to finish the podcast with a practical with practical guidance. Are there any other practical tips you would give to firms to help them improve how they think about, how they question, and how they respond to potential sanctions risks that we haven't covered?
Speaker 2I think and I'm going to go back to the firm-wide sanctions risk assessment piece.
unknownOkay.
Speaker 2I think everybody sort of looks at the risk assessment uh challenge and there's a bit of a groan. Um, nobody really likes the exercise. Yes. It's it, you know, it can feel frustrating, but it is actually in this area, is actually quite a key piece of work. And having a look at your clients, what are the types of work that you ordinarily do as against the types of measures that are in place? You don't need to have to go into the detail of each measure, you just need to know the areas where it applies and get an overall picture of where there might be risk. That then might inform the level of the systems and controls that you have and also the resourcing that you need. Yeah. And that's the technology resourcing, but also the human resourcing as well, because you need, as we've talked about, you need those human resources to be able to analyze what the technology and the systems and the software is throwing at you. Um it's key to focus the mind beyond those list-based sanctions. Consider the countries where you might do business, consider OFSI's intermediary list, as well as the other sector-focused sanctions. Um and I also in that piece stress the importance of considering the other risks, including reputational risk and the commercial factors. What are the restrictions that your account bank might have in place? Think about those first before you take on the work, before you agree to do anything. Everyone gets quite excited about the new work, but they don't think about some of these practical commercial aspects. Think about your insurance coverage. What does the insurance policy say? Those things ought to be checked before you actually enter into a matter that might have some form of sanctions nexus or potential sanctions nexus. The other thing is it's incredibly challenging. It is an area there's new sanctions all the time, there's the pace of change, the measures are complex, they're not so easy to actually practically implement because they haven't gone through all of the consultations that ordinary legislation would normally go through. And one of the problems as well is that it's not hitting headlines nowadays, and so you get this feel from people that sanctions are done, it's done and dusted, so to speak. And a lot of anxiety and stress when you're dealing with off sea. So it's taking each step, not assuming it's done, and always doing that sort of the rather dull risk assessment and the rather dull looking for loopholes and potential gaps in your systems and controls.
Speaker 4Susie, thank you so much for joining me today. I've got a few cautionary tales that I could probably tell. Um I remember sitting in in inspections and asking firms um who haven't received money in two years why why are you doing this type of work again? Um, but thank you so much for sharing your insights with us. Um, most appreciated. My pleasure. And thank you to you for listening. I hope this episode has shed more light on the importance of understanding how sanctions risk can present indirectly, why suspicion is often built from a combination of factors, and why understanding the wider context is just as important as understanding the rules themselves. If you've enjoyed this discussion, please subscribe and share it with your colleagues who work in the world of nuance, risk, and razor thin judgment calls. I look forward to welcoming you back for future conversations. Until then, stay informed and stay compliant.