10 June 2025
EU Sanctions Helpdesk ¦ The First Four Training Modules - Module 4 Compliance and Due Diligence
EU Sanctions: Practical steps for SMEs to build effective compliance and due diligence
Why sanctions due diligence matters for EU SMEs
Sanctions due diligence is the process of identifying, preventing and managing potential sanctions risks in your business. For small and medium-sized enterprises (SMEs) operating in the EU, the consequences of getting this wrong range from halted transactions and reputational damage to severe financial penalties and criminal exposure.
Four fundamentals to structure your checks
A straightforward way to think about sanctions risk is to ask four simple questions for every transaction: Who, What, Where and Why.
- Who are the parties involved — customers, suppliers, agents, ultimate owners and controllers?
- What are the goods or services, and do they fall within lists of restricted or strategic items?
- Where are the goods going — the destination, routing, and payment flows — and does any part of the logistics expose you to a sanctioned country or transit hub?
- Why is the transaction happening — what is the end-use and the identity of the end-user?
Answering these four Ws feeds directly into the practical checks you must perform before committing to a deal.
Four pre-transaction checks every SME should do
Before entering into any transaction that could result in sanctions being imposed, carry out these four checks.
1. Restricted party (sanctions list) screening
Screen every party to the transaction against the EU Financial Sanctions List and relevant national lists. Don’t limit the search to the immediate counterparty: screen beneficial owners, upstream suppliers, downstream customers, agents and intermediaries. Where appropriate, consider exposure to third-country sanctions regimes and augment list screening with basic internet research and a review of the company’s website and public filings. List screening tools are widely available; ensure they are updated with the latest EU and member-state listings.
2. Country check
Assess whether the transaction involves a sanctioned country, either directly or indirectly. Even if the buyer is in one jurisdiction, routing, transhipment points or ultimate destination could be in a prohibited or high-risk country. Payment flows that pass through banks in sanctioned jurisdictions or involve routing through known circumvention hubs should be treated as red flags.
3. Product check
Determine if the goods or services are subject to trade restrictions or export controls. Some sanctions regimes include lists of economically critical goods, common high priority items, or luxury goods that are specifically restricted. In parallel, check EU export control rules (including the Dual-Use Regulation and the Common Military List) and any member-state export control measures. For tangible goods, classify the product using the EU TARIC/CN codes and verify whether that code appears on restricted lists.
4. Sectoral sanctions check
Identify whether sectoral measures apply, which can restrict particular types of transactions (for example, financing, servicing or supply of specific goods to certain economic sectors). Sectoral sanctions often target specified technologies, financing or services linked to energy, defence or other strategic sectors. Assess whether your product, service or the counterparty’s industry is subject to such measures.
How to spot and manage attempts at circumvention
EU rules prohibit participation in activities intended to circumvent sanctions. You must pay close attention to any signs that a transaction is intended to circumvent prohibitions. Circumvention can be deliberate or occur where a party participates despite being aware of the risk and accepts it. Common circumvention techniques include routing through third countries known as “circumvention hubs,” use of intermediaries and complex ownership structures that obscure ultimate control. When such patterns appear, escalate investigation and, when appropriate, refuse to proceed.
Contractual and transactional safeguards to reduce risk
Contracts are powerful tools to manage sanctions risk, but they must be used correctly. Draft agreements to ensure that national (EU or member-state) law applies rather than a potentially problematic foreign law. Include express sanctions clauses that allow suspension or termination if sanctions risk materialises, integrate sanctions language within force majeure provisions, and add no re-export and no Russia (or other country-specific) clauses where relevant. Require end-user and end-use declarations when needed. Prepayment requirements can reduce exposure when there is insufficient assurance of compliance. Crucially, do not rely blindly on client-provided information; verify it before proceeding. If you discover a counterparty is sanctioned, freezing services or assets may be the required response rather than immediate termination.
Practical approach to transactional risk assessment
Treat sanctions due diligence as you would any other legal and commercial risk assessment. Collect relevant information about all parties and the transaction chain, verify the information through independent sources, and ask targeted questions where gaps remain. Maintain records of your checks and decisions. If uncertainty persists and the transaction could expose the business to breaches, pause and seek specialist advice or make use of the EU Sanctions Helpdesk’s compliance support services for SMEs.
Red flags that should prompt deeper scrutiny
Be particularly wary when you encounter:
- exports to or transit through circumvention hubs;
- use of intermediaries in indirect transactions;
- complex corporate or trust structures designed to obscure ultimate owners;
- recently incorporated counterparties or those sharing addresses with multiple companies (a classic shell-company indicator);
- sudden changes in ownership structures that reduce shareholdings below typical control thresholds; and
- any change in routing, payment methods or documentation that appears designed to conceal true origin, destination or beneficial ownership.
These indicators should trigger enhanced due diligence and, where necessary, legal advice.
Tailoring compliance programmes to business risk
There is no one-size-fits-all compliance programme. The appropriate design depends on the nature of your business, geographic footprint, product or service mix and identified risk exposure. The European Commission’s guidance and the EU Sanctions Helpdesk’s Six Tips for creating a sanctions compliance programme are practical starting points. Core elements include governance and senior responsibility, risk-based policies and procedures, regular training, screening and record-keeping, escalation routes for suspicious cases, and periodic reviews of the programme’s effectiveness.
Case example: group distribution and designated persons
A scenario discussed in the Helpdesk training illustrates the practical dilemmas businesses face. An EU parent brewery sells via a Belarusian subsidiary which distributes to local selling points. If the owner of a local selling point is subsequently identified as a designated person, the parent must not simply “keep selling” without action. The appropriate steps are to screen involved parties, inform the subsidiary of findings, and, depending on the result, refrain from dealings that would lead to prohibited exports or distribution. Immediate screening, transparency with the subsidiary and legal advice are essential. Where a designated person is involved, continuing sales would likely breach sanctions.
Where SMEs can get help
The EU Sanctions Helpdesk is a central resource tailored to EU operators, offering publications (including a “DD Essentials” series), videos, practical tips and free due diligence support. It also runs awareness-raising events and a Compliance Support Service portal that SMEs can use to obtain guidance. Use these public resources and consider professional legal or compliance advice for complex matters.
Conclusion
Sanctions due diligence is a practical, stepwise process built around the four Ws and four mandatory pre-transaction checks: restricted-party screening, country checks, product classification, and sectoral sanctions assessment. SMEs can limit legal and commercial exposure by embedding these checks into contracts and transactional workflows, recognising red flags, and tailoring a proportionate compliance programme to their risk profile. When in doubt, use the EU Sanctions Helpdesk and other compliance resources — and document your decision-making to demonstrate a reasoned, risk-based approach.