Decoding Sanctions: How Governments can get the Best out of Banks

Governments increasingly regulate the trade in certain goods, imposing sanctions and trade restrictive measures to prevent sensitive technologies from reaching competitor economies and military opponents. The challenge comes with enforcement: how to promote compliance in the private sector? Regulators have a choice – either rely on the thousands of exporters (who are largely unregulated) or let compliance fall to the much smaller number of banks already subject to stringent oversight.

Their choice has been clear. Banks are the financial frontline of sanctions enforcement, tasked with applying a multiplying patchwork of national, UN and multilateral restrictions on trade with Russia, Iran and North Korea – all countries with military, security and proliferation programmes that are subject to extensive sanctions, export controls and trade restrictions, yet continue to seek access to western-origin high-tech goods.

If banks are to support governments to restrict the flow of high-value dual-use goods, then governments and regulators should take greater efforts to align restrictions with systems the financial institutions use. Namely, the current system of sanctions based on Harmonised System (HS) codes should be adapted to include reference to the industry codes banks use – for example, UN International Standard Industrial Classification (ISIC) codes. In addition to the UN ISIC codes system there are others such as SIC and NAICS used by the US and Canada, NACE2, used by the EU and UK and NIZCS used by Australia and New Zealand. Your authors propose using the UN code as it is the most developed, but the approach we recommend could be used with any of these.

This should be government-led to ensure consistency and completeness across the financial sector.

How Sensitive Technology gets to Illicit Actors

Supply chains for military and dual-use technology rely on convoluted and complex shadow networks, which results in complicit and non-complicit actors who obscure ownership through shell companies. In most cases, their trades fall outside the invasive, document-heavy, trade finance transactions some western banks provide to large corporates. The financial flows associated with a transaction may not always correspond directly to the movement of the underlying goods: for example, a payment may go through Germany when advanced microprocessors are shipped from the US, ostensibly to Malaysia but actually to Russia.

In October 2024, the US designated Turkish company Tioseal for exporting US and EU origin semiconductor devices to Russian importer, TreydStroyTsentr, critical components that Russia requires for military equipment for use in its war in Ukraine. Further information on the mechanics of this trade was not provided but the available information suggests that the Turkish company was procuring the semiconductors directly or indirectly from the US and EU and then exporting them to Russia, highlighting a likely multi-step procurement chain across different jurisdictions to conceal the true end-user. What information might banks use to identify the various companies involved in this multi-layer transaction? 

What Banking Transactions Show About this Trade

Previous RUSI analysis has demonstrated that financial institutions primarily rely on customer monitoring and due diligence to identify sanctions issues. Trade restrictive measures and sectoral sanctions usually rely on Harmonised System (HS) codes, which are not used for financial transactions – which creates a misalignment with banks’ automated systems.

HS codes correspond to the controls implemented by export-control procedures, which occur outside banks. For dual-use goods subject to export restrictions, exporters should apply for and be granted an export licence to allow them to sell dual-use goods (which include most high-tech items). There are other controls on dual-use goods that are uncontrolled – in other words, they have military applications but are not on international control lists. These must receive licenses if the end-user is in a particular country or is a military entity or presents some other concern. Banks do not routinely receive the full range of export control documentation associated with an underlying trade transaction, particularly in Open Account transactions.

On the other hand, banks’ screening and monitoring systems primarily rely on SWIFT messages. A SWIFT message’s narrative field (field 70) is designed primarily to facilitate the movement of funds rather than provide detailed information on the underlying goods or services associated with a transaction. As a result, financial institutions typically combine payment data with customer due diligence, transaction monitoring and other sources of information when assessing sanctions and financial crime risks.

Sanctions screening, therefore, focuses on the parties involved in the transaction: whether they are sanctioned, their jurisdiction and other obvious indicators of potential illicit activity.

As a result, where existing controls identify potential concerns, financial institutions may seek additional information about transactions to supplement screening, monitoring and due diligence processes. Such enquiries are generally focused on higher-risk cases where additional context may assist in understanding the underlying activity and associated risks.

Aligning HS Codes with ISIC Codes 

We propose adapting sanctions and trade restrictive measures to include ISIC codes, which would make them easier to implement and therefore more effective. The difference is that HS codes relate to specific items, whilst ISIC codes cover industry activities, better equipping banks to identify potentially relevant customers that would be caught by the sanctions and restrictions.

If we take the example of semiconductors, a focus of G7 export controls: the HS code for semiconductor-based transducers are listed under HS code 8541.51. There are two relevant ISIC codes for such items covering both manufacturing (ISIC code 2610) and wholesale (ISIC code 4652). The tables below show how the relevant ISIC codes can be used for identifying companies involved in manufacturing and selling semiconductor-based transducers (HS code 8541.51).

When onboarding a customer, financial institutions use industry codes not only for financial crime purposes, but also for commercial reasons. Banks categorise their customers using ISIC codes for various reasons: for reporting to central banks on the distribution of loans, advances and deposits by industry, regulatory compliance, as well as to identify outlier activity that may indicate financial crime. This means that, although they do not have any record of an HS code for a trade, they likely have identified the semiconductor manufacturers and wholesalers by their ISIC codes. Additional segmentation based on ISIC codes could be achieved through additional KYC or client due diligence (CDD) procedures, or by analysing transaction data across a population of similar clients.

On this basis, financial institutions can then identify the ‘normal’ and ‘abnormal’ trading activity for customers of this type. For example, a new company reporting anomalously high revenues may be a red flag, particularly if its trading partners are in regions with high risk of sanctions evasion. The financial institution can then engage with the refined population to address and better understand the clients’ dealings – whether they have a compliance programme in place, do they screen transactions or counterparties, do they deal with high-risk countries for diversion and have they acquired any new clients in unexpected locations, for example, in the case of Russia sanctions, whether new counterparties have been acquired since 2022.

These codes will not solve all problems of evasion. For example, many of the shadowy intermediaries are general trading companies and may deliberately fall outside high-risk industries, in order to obscure their real activities. However, even these general trading companies could be identified using the ISIC code 4690 (non-specialised wholesale trade). Companies with this ISIC code could be filtered further by using other risk factors such as ownership structures, control relationships, customer risk indicators, beneficial ownership information and geographic exposure as well as the jurisdiction of the country (with a focus on known sanctions-evasion and diversion risks).

Therefore, our proposed approach meets financial institutions where they are at, using data they already collect for their own purposes. Financial institutions can use this data to address sanctions evasion and proliferation financing risks through their strengths in CDD/KYC, rather than attempting to identify this through transaction monitoring, where information available is limited or fragmentary.

Governments Should Map HS Codes onto ISIC Codes 

To our knowledge, no sanctioning authority has mapped the sanctioned HS codes against ISIC codes, which means that it is not required to do this customer segmentation. Any financial institutions taking the initiative to map HS codes against industry codes do this on their own, interpreting the codes individually.

The utility and reach of these lists is therefore more limited than what could be achieved through an official mapping exercise. Financial institutions also need to correctly categorise customers under the right industry code(s).

We recommend that sanctions authorities publicise not only the HS codes but also the associated ISIC codes for manufacturers and wholesalers of that item. Designations of entities could also include their ISIC code which would allow banks to classify as higher risk other similar companies with the same or similar ISIC codes. We suggest that using ISIC codes, in addition to HS codes, becomes common practice not only across designations but also in advisories and sanctions alerts, published unilaterally or multilaterally by sanctions authorities. For example, the Common High-Priority List (CHPL) should list the ISIC codes as well as the HS codes.

Banks will almost certainly remain the front line of financial enforcement for the foreseeable future and sanctions authorities will just as inevitably increase the expectations on them to do more. However, financial institutions are not participants in the underlying movement of goods and therefore operate with a different perspective and information set from exporters, importers and licensing authorities.

Industry codes offer a tool with which banks could identify sanctions evasion networks, but this must be government-led, so that there is a common approach across the industry. Government authorities and financial institutions should continue to work together to improve the effectiveness of information available to each within their respective legal and regulatory obligations, which will improve the effectiveness of trade-related sanctions.

© RUSI, 2026.

The views expressed in this Commentary are the author's, and do not represent those of RUSI or any other institution.

For terms of use, see Website Terms and Conditions of Use.

Have an idea for a Commentary you'd like to write for us? Send a short pitch to commentaries@rusi.org and we'll get back to you if it fits into our research interests. View full guidelines for contributors.