Discover the key elements required to maintain rigorous sanctions compliance in this informative video by Francis Turner from ThreatSTOP. Learn about the challenges of identifying and avoiding interactions with sanctioned entities and how ThreatSTOP's solutions can support your compliance efforts. Explore practical measures, including IP address filtering and identifying controlled entities, that can help you navigate complex sanctions regulations and keep your business secure.



Key Takeaway:
In the intricate landscape of sanctions compliance, staying vigilant is crucial. Francis outlines essential strategies to navigate the challenges of sanctions enforcement. By leveraging ThreatSTOP's tools, you can implement effective compliance measures using your existing firewalls and DNS service.  With built-in reporting, you can be sure you're not inadvertently engaging with sanctioned parties. 

ThreatSTOP DNS and IP Defense solutions demonstrate your best effort towards compliance, protecting your business from liability. Fortify your sanctions compliance strategy by contacting us and learn how ThreatSTOP can start protecting you in as little as 15 minutes.

Get a Demo


Learn More:

What DNS Security Does A Typical Enterprise Need?

DNS Defense Cloud 

DNS Defense 


Video Transcript
0:00 Intro
0:32 Stay in Compliance

Hi there, this is Francis Turner from ThreatSTOP. I'm a security researcher involved in detecting stuff related to Russian sanctions compliance or general sanctions compliance, and one of the questions that we've been asked a lot is what are the elements that you need to make sure that you stay in compliance with OFAC and other sanctions programs?

0:32 Stay in Compliance
The really simple thing is, for the most part is, don't do business with entities that have been sanctioned. Well, the problem is, of course, that these entities, they lie, you know. Surprisingly enough, they want to buy stuff or sell stuff to you. They don't want you to know that it's them that have been sanctioned. So, therefore, they will lie. 

One of the things that we do at ThreatSTOP is help you make sure that you comply, or at least that you're doing your best effort to comply. Best effort to comply is a really important thing. Everybody understands the U.S. government, the EU, and all these other sanctions-enforcing regimes understand that you know, these guys are going to lie about what they're sanctioned about. They're going to have set up subsidiaries and so on that are, you know, pretending not to be them.

However, and if you do business with them and you are tricked, then it's not your fault, but on the other hand, if you do business with them and you knew about it, then it is your fault, and you will be in a whole boatload of trouble. So one of the things that we can do at ThreatSTOP is help you to avoid all the obvious things of doing business with potentially sanctioned entities. 

So, for example, we have a system that allows you to not communicate with IP addresses or domains controlled by Russia. So that means that implies you know the whole of the Russian Federation basically, if somebody comes from that IP address base, you can't talk to it, or it can't talk to you. That is a very simple and surprisingly good way of saying hey, I am now not doing business with Russia.

There are some additional things that you want to do too. Like for example, since Russia has invaded Ukraine and has occupied parts of Ukraine, those occupied parts of Ukraine are also under the same set of sanctions, and you want to not do business with them too. That's something that I worked on last year after, well, actually a little bit beforehand too, but particularly after the Russians invaded Ukraine last year to figure out what parts of Ukraine, what IP address is and so on that are located in Ukraine are actually controlled by Russia and which ones are not controlled by Russia. 

And so with ThreatSTOP, you can be sure, and it's updated, well, actually daily at the moment, but potentially as time goes on, it could be hourly if things changed that round rapidly which IP addresses, which bits of the internet are in fact under Russian control in Ukraine and which bits are under Ukrainian control. So which bits you could talk to and which bits you can't, and that is one of the elements that will really help you prove to the U.S. government or whoever, whatever other organization that comes down here and says we think you've been doing business with Russia to say no I haven't.

Another one is that we have implemented, in conjunction with a company called Fiveby, ways to identify sanctioned banks, sanctioned financial institutions, sanctioned import-export companies, weapons companies, all sorts of things like that that are also sanctioned, but they may not obviously be part of Russia. So they're not in the Russian IP address base there in Kyrgyzstan or Cyprus or, I don't know, Hong Kong, or all sorts of other places. They are, however, companies, or in some cases, potentially individuals, but normally companies that are 100 percent owned and controlled by Russian companies that have been specifically sanctioned by the U.S. or OFAC or whichever other sanctions program and because they've been sanctioned by that, you shouldn't do business with them, and again, this is one of the things that we can do to help you show them that you made the best effort to be compliant is that we have the information of these subsidiary companies, the subsidiary entities and so on that are you know, disguised. 

They don't necessarily have the names Russia or Spur Bank or whatever in the name they call something that sounds completely legitimate and doesn't sound particularly Russian. They'll be called like Crystal Diamonds Hong Kong, for example, or something like that, and you would think Crystal Diamonds Hong Kong is just a jewelry company in Hong Kong. Well, it is a jewelry company in Hong Kong, but it's a jewelry company in Hong Kong that is 100 percent owned by a sanctioned Russian diamond exporter. So therefore, it is also something that you shouldn't do business with. 

Now, diamonds are probably not for everybody. Not everybody can do business with diamond companies, but there are plenty of other similar companies in, you know, electronics, computers, finance of various sorts, you name it, oil, natural exports, and imports of all sorts of things where the same applies, and you want to be able to be sure that you can say you can stand up to the OFAC or whichever inspector that shows up and says yes, I did my best by saying look, I was blocking traffic to and from these particular additional entities, not just Russia itself.