As we move through 2026, the global risk landscape related to sanctions continues to evolve, driven by factors including geopolitical tension, dynamic enforcement strategies, and increasingly sophisticated evasion tactics.
In a recent discussion with Hera Smith, industry practice lead at Moody’s, several key themes emerged – there is an increasingly complex sanctions environment and shifting enforcement priorities, alongside the growing impact of export controls.
The number of sanctioned individuals, entities, vessels, and related networks has increased substantially, particularly since the beginning of the Russia/Ukraine war. Along with this growth, sanctions programs now include a wider range of restrictions, from ownership and control considerations to targeted, sector‑related measures that can limit certain types of activity.
This expansion may lead organizations to rethink their compliance processes. Traditional sanctions screening alone might not be enough to understand the full extent of exposure to sanctions‑related risks: banks, financial institutions, and corporates might, for example, need to understand more about who their customers’ customers are; who ultimately owns or controls counterparties; or how goods and services move through multi‑country supply chains.
These third-party risk factors increase the relevance of understanding multilayered corporate structures and the importance of measuring ownership and control. Identifying parties who are sanctioned directly or by extension can be complex though.
While the US and UK continue to work closely on sanctions, there are signs that alignment with the EU may have become less consistent. This kind of regional divergence could create practical challenges for risk and compliance teams, particularly if legal obligations differ. The EU’s long‑standing blocking statute, for example, prevents EU‑based organizations from adhering to certain non‑EU sanctions, which can complicate matters for companies with US operations.
Rather than choosing between regimes, organizations often consider structuring their compliance programs to meet the most demanding elements of the frameworks affecting their operations. For businesses operating internationally, especially those clearing transactions in US dollars or interacting with US financial systems, this might result in adopting controls that reflect the highest applicable standards while remaining compliant with local legal requirements.
The European Commission recently presented a draft 20th sanctions package focused on energy, financial services, and trade. It is now moving into discussion with EU member states, and a decision is anticipated by the end of February 2026.*
Some of the key elements in the EU’s proposed package include:
Other recent EU sanctions developments have expanded the scope of how designated entities may be identified, including the introduction of “mirror or successor entities”. As referenced in the European Banking Authority’s (EBA) regulatory materials, a mirror or successor entity is defined as an entity that demonstrates continuity with a listed entity across multiple dimensions. The regulation sets out that at least two criteria must be met, such as substantially identical content, data feeds or transaction flows; continuity of branding, design or user interface; overlapping ownership, control or management; redirection or migration of users from a listed entity; or continuity of technical infrastructure, including shared code bases, domains or applications. This reflects an effort to capture structural and operational continuity, rather than relying on legal name changes alone.
Secondary sanctions allow a country to impose restrictions on non‑domestic entities for activity that takes place entirely outside its borders, where that activity is viewed as supporting sanctioned individuals, sectors, or regimes.
As a result, businesses with no direct presence in the sanctioning country might still face exposure. For example, a bank based in the UK could be subject to US measures if it engages in certain dealings linked to US sanctions targets.
Even banks with no presence in the United States often rely on US‑dollar payment channels. Because many dollar transactions clear through US financial institutions, this can create exposure to US sanctions measures—even for entities operating entirely outside the United States.
Similar exposure to secondary sanctions extends beyond the financial sector. Non‑US companies in areas such as energy, shipping, manufacturing, technology, and insurance may also face consequences under secondary sanctions if they engage in certain dealings with sanctioned parties.
Evasion of controls continues to evolve too, but three tactics may come to stand out more clearly in 2026:
1. Transshipment via third countries
Whether exporting to Russia, Iran, or other high‑risk jurisdictions, goods can be routed through intermediary states to evade sanctions. These transactions can appear benign on paper, while masking their true destinations.
2. Manipulation of trade and payment documentation
End‑user certificates, invoices, and shipment records can be falsified to obscure ultimate beneficiaries.
3. Evasion is also becoming more digital, for instance actors are spoofing
Automatic Identification Systems to manipulate vessel tracking data, masking IP addresses, or routing activity through VPNs to try to bypass geographic restrictions.
Together, these tactics illustrate the sophistication of sanctions evasion, and the need for data and automation to support sanctions screening and risk management.
There is also increased interest and discussion in the use of AI to support sanctions screening across sectors. Corporates, banks, financial institutions, and regulators are exploring its potential. Recent research from the US Federal Reserve highlights how AI‑based models could help materially reduce false positives and improve detection in screening workflows, for example.
Issues related to sanctions, such as vessel designations, continue to feature in public discussions, but export controls have become an impactful enforcement tool used in addition to sanctions. This has however added to the complexity around compliance work.
The scope of export controls has widened for both corporate businesses and banks:
The result is growing operational complexity and an increased need for integrated data solutions capable of mapping ownership, control, and goods‑level restrictions.
Export control reviews often involve identifying early indicators that goods or transactions need specialist review. While formal export‑classification decisions would be carried out by qualified experts, organizations could still benefit from tools that help:
For readers tracking how export‑control measures are evolving—particularly around sensitive technologies—the planned BIS 50% rule may be of interest. Our article on the topic offers an overview of the rule’s scope, how it may be applied to ownership and control calculations, and what organizations may be monitoring as they prepare for potential regulatory developments.
Today, the global sanctions framework is broader, more complex, and in some ways more dynamic than ever. Enforcement has intensified, evasion tactics have adapted, and compliance workloads continue to grow. Organizations now face a sanctions environment shaped as much by geopolitics as by regulatory frameworks.
As 2026 unfolds, deeper data visibility, stronger cross‑functional controls, and adaptable policies capable of keeping pace may help corporates, banks, and other financial institutions with an increasingly shifting sanctions landscape.
For more information about how Moody’s automated, data‑driven, and AI‑supported solutions can support your sanctions program, please get in touch with the team any time. We would love to hear from you.
*This timeframe reflects our understanding at the time of publication.
*Disclaimer: This content is for informational purposes only and does not constitute legal, financial, compliance or other professional advice. Please consult with a qualified professional for specific legal, financial, compliance, or other professional advice. For more terms and conditions pertaining to Moody’s products and services, refer to the disclaimer on Moody’s website.