RegRally Insights: Sanctions Essentials – December 2025

Welcome to the newsletter on Sanctions powered by ECOVIS ProventusLaw and dedicated to those who want to stay informed about the latest trends and developments in sanctions area, receive expert tips, and deepen their knowledge.

EU Expands Russia Sanctions and Extends Their Reach Beyond the Union

The EU has adopted Council Decision (CFSP) 2025/2032, introducing additional restrictive measures in response to actions by the Russian Federation destabilising Ukraine. The new measures include a ban on importing Russian LNG, transaction prohibitions targeting specified Russian energy companies, expanded restrictions on petroleum products and liquefied petroleum gas, sanctions against Russia-linked banks and payment systems, and limitations on certain crypto-asset and fintech services. Several non-EU countries — North Macedonia, Montenegro, Albania, Bosnia and Herzegovina, Iceland, Liechtenstein, Norway, Ukraine, Georgia and Moldova — have formally aligned with the Decision, committing to implement equivalent measures within their national legal frameworks. As a result, the territorial scope of the EU’s restrictive regime is significantly extended, with aligned third countries expected to enforce comparable prohibitions across the energy, financial and technology sectors connected to Russia.

EU Adds Ten Individuals to Russia Human-Rights Sanctions List

On 20 November 2025, the Council of the European Union adopted Council Decision (CFSP) 2025/2357, amending the existing Russia sanctions framework by adding ten individuals to the EU sanctions list. The newly designated persons are linked to serious human-rights violations in the Russian Federation, including torture and ill-treatment in detention facilities, repression of civil society and media, and politically motivated prosecutions of activists, journalists and opposition figures. The measures apply immediately and include an asset freeze, a ban on making funds or economic resources available to the listed individuals, and a travel ban covering entry into or transit through the EU. The decision forms part of the EU’s broader human rights sanctions regime, launched in 2024 and progressively expanded in response to ongoing violations of fundamental freedoms and the rule of law in Russia.

OFAC Sanctions Cyber-Crime Infrastructure and “Bullet-Proof Hosting” Providers

The U.S. Office of Foreign Assets Control has designated a network of entities and individuals across the United States, the United Kingdom and Australia for supporting cybercrime infrastructure, including ransomware operations. The action targets hosting providers and related IT infrastructure used to enable cyber-enabled crime, explicitly treating the provision of “bullet-proof hosting” and infrastructure relocation services to evade sanctions as sanctionable conduct. All persons designated under SB0319 are subject to U.S. asset freezes, and U.S. persons are broadly prohibited from engaging in any transactions with them. The designations confirm OFAC’s enforcement approach extends beyond core cybercriminals to include service providers, facilitators and enablers supporting illicit cyber activity.

Key compliance considerations:

  • Update sanctions screening systems immediately to reflect all SB0319 designations.
  • Ensure blocking of funds, services and indirect support, including IT hosting or infrastructure services.
  • Review client and counterparty relationships involving hosting or IT services, particularly in high-risk or previously sanctioned contexts.
  • Strengthen controls to detect and escalate requests that may support ransomware or cybercrime activity.

OFAC Imposes USD 4.68 Million Penalty for Dealing in Blocked Real Estate

OFAC has imposed a civil penalty of USD 4.68 million on a U.S. real-estate investor for willfully engaging in prohibited transactions involving property owned by a sanctioned individual. Despite a cease-and-desist order, the investor mortgaged, renovated and sold the blocked property and failed to comply with an OFAC subpoena. OFAC concluded that the conduct was willful and concealed, justifying the maximum statutory penalty. The case confirms that sanctions prohibitions apply fully to property transactions and that both individuals and companies can be held liable for dealing in blocked assets or attempting to obscure the involvement of designated persons.

Key compliance takeaways:

  • Ensure sanctions screening covers not only counterparties but also underlying assets, including real estate and beneficial ownership.
  • Apply enhanced due diligence to property-related transactions with any potential sanctions nexus.
  • Maintain robust records to enable prompt responses to regulatory requests and subpoenas.
  • Monitor transactions for indicators of concealed ownership, refinancing or resale of blocked property.
  • Reinforce internal awareness that willful sanctions breaches can lead to severe financial and reputational consequences.

Latvia Convicts Travel Agency for Sanctions Breaches Related to Crimea Tourism

A regional Latvian court has convicted a travel consultant and her agency for organising tourist trips to Crimea, in violation of EU sanctions prohibiting tourism-related services to Crimea and Sevastopol. The individual was sentenced to 100 hours of community service, while the company was fined €10,500. The conviction followed an appeal by FIU Latvia, reversing an earlier acquittal, and confirms that both individuals and legal entities may face liability for sanctions violations. Since April 2024, FIU Latvia has been the competent authority for sanctions enforcement in Latvia, signalling heightened scrutiny and enforcement activity.

Market implications:

  • Sanctions compliance must explicitly cover tourism, travel and related services linked to sanctioned territories.
  • Any client or transaction connected to sanctioned jurisdictions should be treated as high-risk and subject to enhanced controls.
  • Firms should have clear internal procedures to detect and block prohibited travel-related transactions.
  • Staff training is critical to ensure awareness that sanctions breaches can result in criminal or administrative penalties for both employees and companies.
  • Comprehensive documentation of due diligence and decision-making is essential to demonstrate compliance in investigations or appeals.

FIU Latvia: Centralised and Enforceable Sanctions Are Essential for Effectiveness

FIU Latvia has underlined that sanctions are effective only when applied through unified action, consistent implementation and clear accountability. Latvia operates a centralised sanctions-enforcement model under FIU Latvia, which coordinates asset freezes, maintains a verified sanctions register, and works closely with financial supervisors, customs, the central bank and other competent authorities. Speaking at an international conference, Latvian authorities emphasised that sanctions are not merely political instruments, but a critical tool for restricting aggression, safeguarding international security, and preventing illicit financial flows. FIU Latvia also emphasised that transparency and tangible consequences for breaches are essential to preserve the credibility and deterrent effect of the sanctions regime.

Key compliance takeaways:

  • Apply a conservative approach to ownership and control, treating entities linked to sanctioned persons as high-risk even if not expressly listed.
  • Strengthen internal processes for identifying, freezing and reporting transactions connected to sanctioned persons, jurisdictions or circumvention patterns.
  • Maintain detailed and well-structured documentation to demonstrate compliance and ensure readiness for sanctions-related audits or investigations.
Newsletter SubscriptionGet in touch
Free initial advice now!

Have a question or need more information?

Send us an e-mail message!