The endlessly complex and ever-changing impact of sanctions means that while enhanced due diligence may be a standard practice for operating in a risk-heavy world, it’s anything but sufficient, argues Nick Henderson-Mayo of VinciWorks.
Sanctions regimes are changing at the pace of geopolitics, which in 2025 is being upended by the minute. Just when you think the rules are firm, someone wipes them away. The West is peeling back sanctions on Syria, while Russia and Iran have all but normalized sophisticated sanctions evasion tactics, creating entire shadow economies outside SWIFT. And then there’s the art and luxury goods world, acting as a gleaming Trojan horse, rolling through compliance gates with millions of pounds inside and precious little scrutiny.
We are not experiencing a normal risk environment.
In Syria, decades of sanctions have unwound in a matter of months, while a regime with a track record of chemical weapons, terror alliances and organized crime remains entrenched. Turkish developers are practically salivating at the thought of rebuilding Syria’s shattered cities, but who’s really behind those contracts? Could the same regime operatives who built WMD sites be about to build luxury apartment blocks, laundering the proceeds of state violence through construction? The West seems to have decided sanctions fatigue is worth the risk. But it will be risk-exposed companies on the business end of realpolitik.
The art market and high-value dealers have become the vehicle of choice for sanctions evasion by Syrian warlords and Hezbollah financiers. Art trades hands in freeports with less scrutiny and oversight than a used-car dealership in St. Petersburg.
And then there’s crypto, the digital wild west and currency of choice for cartels and crime lords. Even the laziest sanctioned actors can set up a Tether wallet and transfer funds globally in under 60 seconds. Western authorities are still patting themselves on the back for freezing Tornado Cash, but meanwhile, a dozen new mixers emerge every month. We cannot out-regulate crypto’s innovation speed. We can only out-audit it, out-trace it and out-skeptic it.
So, how can businesses effectively operate in this risk-heavy world, when we’re expected to process transactions from Syria while at the same time potentially facing prison for dealing with a Russian? Perhaps it’s time for firms to truly go beyond the risk-based tick box and apply extreme due diligence to severe cases or geopolitical hotspots.
This level of deep and broad Know Your Customer (KYC) would be a significant step up from the legally mandated enhanced due diligence required of high-risk ventures. It means taking an investigator’s approach to a potentially dangerous deal: examining the people involved, the funding, the subcontractors, the ultimate owners and then their owners and benefactors as well.
What’s Next on the Board’s Agenda? Geopolitics
Research points to moves that are helping directors effectively govern in unstable environment
Read moreDetailsEnhanced due diligence (EDD), the process outlined in Financial Action Task Force (FATF) guidance, was designed for a world where risks were more predictable, issues like drug lords and carwashes or oligarch’s children living beyond their means (not that we’ve cracked that problem yet, either). EDD advises you to review politically exposed persons (PEPs), look for high-risk third countries, verify the source of funds for larger sums and consider digging one layer deeper than normal.
Extreme due diligence (EXDD), would go far beyond what’s legally required. It would be a mindset, not a checklist. It means you don’t stop at one degree of separation; you map out the entire ownership chain down to the smallest shareholding. You seriously question why money is being moved in a certain way, not just who moved it. You assume the worst until you have solid proof otherwise. It is about asking: Could this payment, this asset or this buyer, even indirectly, connect to a sanctioned network, a state actor or a politically exposed person? And if it could, you freeze it until you are absolutely sure.
Enhanced due diligence will keep you legally compliant, but extreme due diligence protects you and your clients in a risky world while enabling legitimate business to continue. In the very risky real world of Syria, sanctions are being lifted. Still, the players on the ground haven’t changed: politically exposed cronies, militia-linked subcontractors and sanctioned banks operating behind new front companies.
An ordinary enhanced due diligence process might verify a corporate registration or a passport and call it good. But extreme due diligence means interrogating the actual ownership of a construction partner, tracing cash flow back through every subcontract and mapping relationships that could link to a terrorist’s circle or sanctioned militias. Done correctly, this kind of extreme due diligence wouldn’t just protect the firm; it could even help companies engage in the Syrian economy, which the West has already fired the starting gun on.
Less reputable actors — Iran, Russia and their proxies — are already deeply entrenched in the Syrian landscape. Any company thinking about opening up a satellite office in Damascus is going to be rubbing shoulders with (sanctioned) Russians. The risk exposure here is that Russia and Iran have spent years building sanctions‑proof ecosystems, engineering layers of evasion so intricate that even their own regulators can struggle to track them. In Russia’s case, this includes pivoting to bilateral clearing deals with friendly states, experimenting with digital rouble transactions and working through payment corridors that extend well beyond the reach of SWIFT. Iran’s networks are arguably even more baroque: front companies in Dubai, shell operations in Hong Kong, shadow banking in Turkey, each a new head of a Hydra that regrows faster than enforcement can react.
Into this swamp pours crypto. It promises transparency on the blockchain, but mixers, tumblers and privacy coins shred those trails in seconds. Nearly 40% of illicit crypto transactions are from sanctioned jurisdictions and entities. Oligarchs use their speed, liquidity and borderless nature to slip past traditional compliance checkpoints. It’s like watching a river of money disappear underground. When it resurfaces, you can never be certain whose hands it passed through.
Extreme due diligence is the only realistic approach to begin to interact with this high-risk world. Forget static sanctions-screening lists. You need an active tracing of wallet addresses, network analysis of counterparties and a relentless focus on the beneficial owners of the exchanges and OTC brokers involved. Extreme due diligence would mean investing in blockchain analytics as well as human intelligence, local partnerships and pattern recognition tools that go beyond “name matching” to build dynamic risk profiles.
Take Dubai. It has become a magnet for sanctioned wealth, as Russian oligarchs purchase towers in cash and Iranian proxies use intermediaries to funnel oil profits into property and luxury assets. Meanwhile, the Emirati sheikhs have negotiated their way off the high-risk jurisdictions list. In a world of bribery, or worse, only extreme due diligence has a chance to map the murky chain of relationships, identify the political entanglements and put together a picture of hidden influence and layered proxies.
Extreme due diligence is the only true defense for any business trying to navigate a sanctions regime in pieces, where evasion is not an exception but the entire business model of your counterparty. If the past few years have taught us anything, it is that compliance failures aren’t just a legal risk; they are an existential one.
