Ruling [CJEU] ¦ Sanctions, Courts, and Compliance: What the Rosneft Judgment Means for Financial Crime Risk

A landmark sanctions case with lasting impact

In March 2017, the Court of Justice of the European Union, sitting as the Grand Chamber, delivered a judgment that shapes how financial institutions, regulators, and compliance teams understand EU sanctions law. The Rosneft case addressed the legality, interpretation, and enforceability of EU restrictive measures adopted in response to Russia’s actions in Ukraine. At its core, the ruling clarified how far EU courts can go in reviewing sanctions adopted under the Common Foreign and Security Policy (CFSP) , and what those sanctions mean in practice for banks and other market participants.

For professionals working in financial crime prevention, the judgment is less about geopolitics and more about legal certainty, criminal exposure, and day‑to‑day compliance decisions.

The background: sectoral sanctions and a legal challenge

Following Russia’s actions destabilising Ukraine in 2014, the EU adopted a package of sectoral sanctions. These measures targeted access to capital markets, financial services, and sensitive technologies, especially in the oil sector. Two legal instruments sat at the centre of the case: Council Decision 2014/512, adopted under the Common Foreign and Security Policy, and Regulation (EU) No 833/2014, which implemented those measures across the EU.

Rosneft, a major Russian oil company majority‑owned by the Russian state, was explicitly named in the annexes to both acts. The company challenged the sanctions before EU courts and, in parallel, before UK courts, arguing that the measures were unlawful, unclear, disproportionate, and incompatible with international agreements.

The UK High Court referred a series of questions to the Court of Justice, asking whether the sanctions were valid, how key terms should be interpreted, and whether criminal penalties could be imposed when the scope of the rules was still contested.

Bastian Schwind-Wagner _Follow

"The Rosneft judgment shows how EU sanctions law balances political objectives with legal accountability. Even in sensitive foreign policy areas, targeted restrictive measures remain open to judicial review and enforcement.

For financial institutions, the case confirms that uncertainty does not pause compliance duties. Criminal liability can arise before every term is fully clarified, making careful risk assessment and legal interpretation essential."

Jurisdiction clarified: CFSP acts are not beyond judicial review

One of the most important aspects of the judgment concerns jurisdiction. Traditionally, acts adopted under the Common Foreign and Security Policy sit largely outside the Court’s control. The Rosneft ruling confirmed, however, that this exclusion is not absolute.

The Court held that it does have jurisdiction to review the validity of CFSP decisions where two conditions are met:

1. where compliance with Article 40 TEU is at issue, meaning whether CFSP measures encroach on other EU competences;
2. where a CFSP decision provides for restrictive measures against named natural or legal persons.

This finding matters for financial crime enforcement. It confirms that targeted sanctions are subject to judicial scrutiny, including through preliminary references from national courts. Compliance obligations do not operate in a legal vacuum, and sanctioned entities can challenge the measures that affect them.

Sectoral versus targeted measures: why the distinction matters

The Court drew a clear line between general sectoral restrictions and targeted financial measures. Provisions restricting oil exploration technologies were treated as measures of general application. By contrast, restrictions on securities, loans, and financial dealings with named entities like Rosneft were considered targeted restrictive measures.

This distinction has practical consequences. Only targeted measures fall within the Court’s special CFSP review jurisdiction. For compliance teams, it reinforces the need to distinguish between broad trade controls and entity‑specific prohibitions when assessing legal risk and exposure.

Criminal penalties and legal certainty

A central concern for the referring court was whether Member States could impose criminal penalties when the meaning of sanctions rules was still debated. Rosneft argued that unclear terms such as “shale”, “waters deeper than 150 metres”, “financial assistance”, and “transferable securities” made criminal enforcement unlawful.

The Court rejected that argument. It confirmed that EU law does not require absolute precision. Sanctions rules may use general terms, and borderline cases do not invalidate them. What matters is whether, taken as a whole and with appropriate legal advice, the rules allow individuals and companies to understand what conduct is prohibited.

Crucially for financial crime enforcement, the Court held that Member States may impose criminal penalties under Regulation No 833/2014 even before the Court has clarified every interpretative question. Judicial interpretation can develop over time, and that gradual clarification does not breach the principle of nulla poena sine lege certa .

What counts as financial assistance?

One of the most practical outcomes of the judgment relates to banking operations. The Court was asked whether “financial assistance” includes the processing of payments by banks.

The answer was no. The Court ruled that financial assistance, as used in the regulation, refers to measures such as loans, grants, and export credit insurance that involve the use of the bank’s own resources. Mere payment processing, where a bank acts as an intermediary transferring client funds, does not in itself constitute financial assistance.

This distinction remains central to sanctions compliance. While banks must not process payments linked to prohibited transactions, they are not required to treat every payment as a sanctionable act simply because it relates to a restricted sector.

Capital markets controls and depositary receipts

The Court also addressed Global Depositary Receipts (GDRs) . It held that issuing GDRs after 12 September 2014 is prohibited where they relate to shares of sanctioned entities, even if the underlying shares were issued before that date.

For capital markets compliance, this confirmed a broad reading of capital‑raising restrictions. The focus is on the timing and nature of the financial instrument, not only on the origin of the underlying shares.

Proportionality and fundamental rights

Rosneft argued that the sanctions disproportionately interfered with its freedom to conduct business and its property rights. The Court acknowledged that sanctions inevitably cause economic harm, including to shareholders, but emphasised the weight of the EU’s objectives.

Protecting Ukraine’s territorial integrity and promoting international peace were considered objectives of such importance that significant economic consequences for targeted entities were justified. The Court found no manifest disproportionality in targeting a state‑controlled energy company as part of a broader sanctions strategy.

Why this judgment still matters

The Rosneft judgment is a reference point for sanctions enforcement across the EU. It confirms that targeted sanctions are reviewable, that criminal penalties can apply even where interpretation evolves, and that banks must carefully distinguish between prohibited financing and permissible payment services.

For financial crime professionals, the case underscores a recurring theme in sanctions compliance: legal uncertainty does not suspend enforcement. Institutions are expected to assess risk, seek advice, and act cautiously, even when the boundaries of the rules are still being tested in court.

Dive deeper

• EUR-Lex ¦ Case C-72/15, Judgment of the Court (Grand Chamber) of 28 March 2017 ¦ Link
• EUR-Lex ¦ Council Decision 2014/512/CFSP ¦ Link
• EUR-Lex ¦ Regulation (EU) No 833/2014 ¦ Link
• EUR-Lex ¦ Treaty on European Union (TEU) ¦ Link