Understanding Russia – essential for every compliance officer

Most of our clients are global companies that conduct their business around the World. Russia is undoubtedly one of the most promising and attractive markets for all our clients, but also one of the most challenging.  While Russia is a country that challenges compliance officers daily, it is totally manageable from a compliance perspective. Being successful in managing Compliance in Russia means understanding the market and knowing how to act. 

Russian sanctions what they mean

When it comes to building compliance programmes in Russia, it is impossible to avoid the impact of sanctions. As a supplement to the need to continuously assess and update internal control measures as a part of sanctions compliance programme (“What continued Russian sanctions mean for compliance”) further steps are required to manage these risks.

Sanctions against Russia were imposed in stages.

  • First, individuals, certain Russian politicians, businessmen and personal acquaintances and companies from President Putin’s inner circle were affected after the crimean crisis;  
  • Then, in June-July 2014 sanctions against state-owned financial institutions and companies were introduced; and
  • Finally, the sectoral sanctions took place in August-September 2014 in response to Russia’s involvement in the southern-eastern conflict in Ukraine, which was responded by counter-sanctions pertaining to the use of specific economic measures that restricted the import of most agricultural products from Western countries that supported the economic sanctions against Russia. On 28 June 2017, the economic sanctions against Russia were prolonged by the EU for six more months until 31 January 2018. While USA prolonged and introduced new sanctions, which were supported by a bill signed by President Trump in July 2017. The bill will not allow the American President to ease or revoke any sanctions already in place without the approval of the Congress.

Sanctions create uncertainty, which increase risk. Here are the top five things you need to do to understand and manage these effectively:

  1.  Understand what footprint, if any, an individual or business owner may have in Russia;
  2.  Understand the network of the individuals in a company that you are looking to do business with;
  3. Conduct due diligence and more comprehensive sanction screening, especially due to the sectoral sanctions and the 51% ownership rule (1) 
  4. Consider putting in place or outsourcing an ongoing robust sanction screening program; and
  5. Use a risk based approached analysis to determine.

Does true competition shine through?

The Federal law on protection of competition came into effect in 2006 and is aimed at regulating antitrust matters in Russia. The law is under control of the Federal Antimonopoly Service (FAS). This law has extraterritorial effect, meaning that it is applicable to any foreign company whose actions have an effect on competition within Russia.

The Federal law outlined the measures needed to prevent bribery and corruption in 2013 for the very first time. Whenever FAS suspects the signs of infringements, it sends an official warning asking a company to stop violation before initiating an administrative investigation. The most recent investigations initiated by FAS demonstrate a tendency to increase scrutiny of international companies operating in Russia.

This became evident in 2016 when FAS opened several investigations against international corporations.  In February 2015, a local company filed a complaint against Google for alleged violation of competition law and in August 2016, FAS investigated major Russian retailers of Apple products.  In June 2016, FAS investigated 9 logistics companies for suspected violation of monopolistic behaviours. Concerning possible monopolistic price-fixing of the services for the trans-shipment of containers, grain, oil and mineral fertilisers. At the end of the year FAS also opened a case investigating a suspected cartel agreement involving public procurement allegedly coordinated by Lenovo and HP. At least ten more IT companies that participated in public tenders for the Pension Fund, Federal Customs Service and Federal Tax Service are under investigation.

The fact that FAS is actively pursuing foreign companies means that you should do the following key things:

  1. Understand the law: hire reputable local counsel and seek legal advice;
  2. Know your partners and conduct due diligence searches;
  3. Be cautious of working associations that are plenary and invite your competitors to meet to speak about industry issues and proposed solutions;
  4. Do not share proprietary information; and
  5. During the tender process, be transparent about any joint bids your company may be engaged in. 

Data protection in russia 

The Data Protection of 2006 (DPA) and various regulatory acts adopted to implement the DPA established basic rules regarding the transmission and protection of personal data.  In July of 2014 notable amendments to the DPA were adopted and came into force on 1 September 2015. The amendments require all personal data operators store and process any personal data of Russian individuals within databases located in Russia (subject to few exceptions). The penalty for violation of this requirement is ultimately the blocking of websites involving unlawful handling of Russian personal data. A Register of Infringers of Rights of Personal Data Subjects has been established by the “Roscomnadzor” (“Data Protection Authority”) and from there and the “Roscomnadzor “may move to block websites.  The law is equally binding for companies based outside of Russia.  

The top 5 things you should think about are:

  1. Location of your business servers and whether data stored locally can be transferred outside of Russia;
  2. Individual collection of data and the permission to duly collect and or use data collected;
  3. Forging a relationship/ partnership with a Russian data collection and storage company;
  4.  Ensuring that you have a data protection specialist on board to navigate these issues; and
  5.  Whether this is too burdensome on your business model, especially if your operations target Russian consumers?

Knowing your business partners

The Red Flag Group emphasises the importance of due diligence and promotes measures that your company could consider in order to minimise the risk exposure that is associated with doing business in Russia through third parties. 

In 2016, we reviewed many hundreds of Russian companies who are current or proposed business partners of our clients. Only 17.5% of companies we reviewed were not associated with any negative information or misconduct. That means in almost eight out of ten cases, we identified major areas of risk.

As you can see from the graph, anti-competitive behaviour is one of the serious integrity risks identified in these third parties. The number demonstrates that companies in Russia are more likely to conduct their business using illegal methods, which include but are not limited to price-fixing, cartel, collusion, monopolistic pricing activities that could hinder your business relationship.

The second most frequent integrity risk identified is fraud, money laundering and financial irregularities. This category includes various illegal actions that companies use to falsify their financial statements, misrepresent their information in order to win a tender bid, etc. In most cases, these actions could create a business risk as a third party might fail to fulfil its contractual obligations, reputational risk by damaging your image.

The third category is corruption and bribery. We rarely come across the official investigations or official accusations made against companies in Russia, our country knowledge and expertise allow us to suspect associated misconduct. We do not make any assumptions and base our analysis only on the facts, while country knowledge allows us to read between the lines and bring light to issues specific to a country. 

The category “Other risks” includes political exposure, health & safety issues, legal disputes, as well as other business risks associated with third parties in Russia.

Here are the top 5 things you can do:

  1. Conduct due diligence and background checks on potential business partners or suppliers;
  2. Based on intel gathered, ensure that legally you can mitigate your risk through appropriate contractual clauses;
  3.  Insist on a supplier code of conduct to which suppliers and third parties must adhere;
  4.  Conduct regular audits and compliance health checks on your third parties and suppliers; and
  5.  Remember the golden rule “if it walks like a duck and quacks like a duck, it is probably a duck.” Meaning use your instincts and the intel given – facts and evidence usually don’t lie! 


Our duty is to share the country knowledge we have gathered to help clients run their business in Russia in a compliant way. While it may look challenging, it is great opportunity to manage compliance in a way that adds value to the business.

(1) Any company that is owned 50 percent or more by a blocked person or entity is blocked, even if the company itself is not on the OFAC list 

Previous Article
Taking a strategic view of anti-bribery compliance in China
Taking a strategic view of anti-bribery compliance in China

Developing a networking relationship with both the Communist Party and government in China requires an appr...

Next Article
Four ways companies can use technology to reduce GTE risks
Four ways companies can use technology to reduce GTE risks

How closely do employees follow the gifts, travel and entertainment (GTE) policies of a company? It really ...

Want to receive exclusive updates?