Sanctions Risk in Reinsurance: Indirect Exposure, “Reason to Know” Standard and Control Challenges in Post-2022 Environment

By Madina Rashid and Maeva Donlin

Madina Rashid is a Legal and Compliance Consultant advising governments, financial institutions and multilateral organizations on national security, financial crime and regulatory risk. She specialises in national security, sanctions and compliance governance, with experience across both public and private sectors. She advises on the design and implementation of risk-based compliance frameworks in complex cross-border environments, with a particular focus on sanctions regimes, financial crime risk and regulatory governance. Madina is UK legally trained and is currently undertaking the New York Bar.

Maeva Donlin is Head of Sanctions Compliance at Nordea, responsible for the bank’s global sanctions and trade regulatory compliance framework. Previously, she served as Sanctions Advisory Lead at Bank of the West (BNP Paribas Group), where she advised on complex sanctions issues, led regulatory examinations, and oversaw sanctions policy governance and risk assessments. She is a founding member of the Women in Sanctions Network and an Adjunct Professor at Fordham University School of Law, where she teaches sanctions and financial crime compliance.

Introduction: Why Reinsurance Creates Unique Sanctions Risk

Reinsurance exists to distribute risk across the global insurance market. By allowing insurers to transfer portions of their exposure, reinsurance supports market stability, capital efficiency and the underwriting of complex or catastrophic risks that would otherwise exceed the capacity of individual insurers. In practice, however, this creates a highly layered and interconnected ecosystem. A single insured risk may pass through multiple insurers, reinsurers and retrocessionaires across jurisdictions, each with varying degrees of visibility over the underlying insured party, beneficiary or transaction. From a sanctions perspective, this creates a fundamental challenge: regulatory expectations continue to increase, while operational visibility often decreases as risk moves through the reinsurance chain.

Historically, sanctions enforcement focused primarily on banks due to their central role in payment processing and correspondent banking relationships. That distinction has narrowed considerably. Regulators increasingly recognize that reinsurance arrangements may facilitate the transfer of economic benefit, preserve asset value or support prohibited trade involving sanctioned persons or jurisdictions. As set out in OFAC’s Framework for OFAC Compliance Commitments, firms are expected to implement risk-based sanctions compliance programs supported by governance, internal controls, testing and accountability. In the reinsurance context, however, these obligations raise distinct legal and operational questions regarding what a reinsurer knows - and critically, what it reasonably should know.

Indirect Exposure and the “Reason to Know” Standard

Sanctions regimes in the United States, United Kingdom and European Union consistently prohibit making funds or economic resources available, directly or indirectly, to designated persons. In reinsurance, exposure is rarely direct. Instead, sanctions risk often arises through layered contractual arrangements involving cedants, brokers and delegated underwriting structures. This is where the concept of “reason to know” becomes increasingly important. While sanctions regimes differ across jurisdictions, enforcement authorities are increasingly focused not only on actual knowledge, but on whether firms failed to identify sanctions exposure that should reasonably have been identified through adequate due diligence and controls. For example, a reinsurer participating in marine or trade credit programs involving high-risk jurisdictions may be expected to identify indicators of sanctions exposure even where the underlying insured party is not expressly disclosed.

This expectation is reinforced by the joint OFAC, OFSI and international maritime guidance issued in relation to sanctions evasion and deceptive shipping practices. The guidance identifies practices including AIS manipulation; ship-to-ship transfers; opaque ownership structures; falsified shipping documentation; intermediary layering as indicators requiring enhanced scrutiny in maritime and trade-related sectors. For reinsurers underwriting marine or cargo-related exposure, the implication is significant. Regulatory authorities increasingly expect firms to assess whether the surrounding factual circumstances create a sufficient basis to infer sanctions risk. The question is no longer limited to what a reinsurer knew, but whether the firm had sufficient information available to identify the exposure had reasonable controls been applied.

Fragmentation and Structural Blind Spots

One of the defining characteristics of reinsurance is limited access to granular customer and transaction-level data. Unlike banks, which typically maintain direct transactional visibility, reinsurers frequently rely on aggregated exposure reporting, bordereaux submissions and cedant-provided data. This creates structural blind spots in sanctions screening and due diligence processes. For example, a reinsurer may receive portfolio-level exposure information without detailed ownership, beneficiary or counterparty data. In practice, this may prevent effective identification of designated persons or sanctioned ownership structures embedded within the portfolio. These risks are amplified in cross-border programs involving multiple cedants, intermediaries and delegated underwriting authorities. From a supervisory perspective, regulators increasingly view such limitations not as a defense, but as an operational risk requiring mitigation through enhanced governance and controls. In practice, firms are expected to implement risk-based frameworks capable of identifying where additional due diligence, escalation or contractual protections are required.

Delegated Authority and Third-Party Risk

Delegated authority arrangements remain central to the operation of the reinsurance market, particularly within the London Market and specialty insurance sectors.

Under these structures, underwriting and claims authority may be delegated to cover holders, managing general agents (“MGAs”) or other intermediaries.

While operationally efficient, these arrangements create additional sanctions exposure by increasing the distance between the reinsurer and the underlying insured risk.

From a regulatory perspective, however, delegation does not transfer accountability.

This principle is reflected consistently across OFSI guidance and OFAC expectations, both of which emphasize that firms remain responsible for sanctions compliance failures arising through third parties.

For example, reinsurers may face exposure where:

• delegated underwriters bind risks involving sanctioned jurisdictions

• claims are processed involving designated beneficiaries

• inadequate due diligence is conducted on underlying counterparties

As a result, regulators increasingly expect reinsurers to implement robust oversight frameworks including:

• contractual sanctions obligations

• defined screening responsibilities

• audit rights and information-sharing provisions

• escalation procedures for high-risk exposures

Sanctions Clauses: Useful Protection or False Comfort?

One of the most common risk mitigation tools used within the reinsurance market is the sanctions clause. These clauses typically provide that coverage, payments or contractual obligations will not apply where performance would expose the insurer or reinsurer to sanctions liability. However, reliance on sanctions clauses alone presents significant limitations. From a contractual perspective, sanctions clauses may provide a mechanism to suspend or refuse payment obligations. From a regulatory perspective, however, they do not eliminate the obligation to maintain effective sanctions controls.

This distinction is increasingly important. The English High Court’s decision in Mamancochet Mining Ltd v Aegis Managing Agency Ltd (2018) (Mamancochet-v-Aegis-Case-Summary.pdf) highlighted the legal complexity surrounding sanctions clauses and the interpretation of sanctions-related payment restrictions. Importantly, the case reinforced that sanctions clauses must be interpreted within the broader legal and regulatory framework rather than treated as blanket protections against liability.

From a compliance perspective, sanctions clauses are therefore best understood as one component of a broader control environment - not a substitute for due diligence, governance or escalation procedures. In practice, regulators increasingly expect firms to demonstrate that sanctions exposure was proactively assessed and managed, rather than contractually deferred.

Enforcement Trends and Emerging Supervisory Expectations

Although reinsurance-specific enforcement actions remain relatively limited, broader insurance enforcement activity provides important indicators of supervisory expectations. For example, OFAC’s enforcement action against American Life Insurance Company (2024) (Settlement Agreement between the U.S. Department of the Treasury's Office of Foreign Assets Control and American Life Insurance Company | Office of Foreign Assets Control) involved more than 2,300 apparent violations of Iran-related sanctions, including failures relating to ownership identification and escalation controls involving entities linked to the Government of Iran. While not a reinsurance-specific case, the underlying lesson is highly relevant: indirect exposure and failures in governance may give rise to substantial liability even where the sanctioned relationship is not immediately visible.

From a UK perspective, OFSI’s enforcement guidance similarly emphasises that firms may face penalties not only for deliberate breaches, but for systems and controls failures.

The regulatory direction of travel is therefore clear. Authorities increasingly expect firms to demonstrate not merely formal compliance policies, but operationally effective frameworks capable of identifying and escalating sanctions risk across complex structures.

Technology, Governance and Risk Allocation

Technology is playing an increasingly important role in addressing reinsurance-specific sanctions challenges. Firms are investing in:

• entity resolution technologies

• ownership mapping tools

• enhanced bordereaux analytics

• automated exposure monitoring systems

These tools may improve visibility across fragmented datasets and support more effective screening processes. However, regulators continue to emphasise that technology cannot replace governance. As reflected in OFAC’s compliance framework, firms must maintain clear accountability structures, documented escalation processes and effective human oversight. This is particularly important in reinsurance, where responsibility for sanctions compliance may be distributed across cedants, brokers, reinsurers and retrocessionaires.

From a governance perspective, firms must therefore clearly define:

• ownership of sanctions risk

• information-sharing obligations

• escalation pathways

• oversight responsibilities across underwriting, legal and compliance functions

Conclusion

Sanctions risk in reinsurance is defined by indirect exposure, limited visibility and increasingly complex global structures. However, the regulatory expectation is becoming increasingly consistent across jurisdictions: firms must identify and mitigate sanctions exposure not only based on actual knowledge, but also on what they reasonably should have identified through effective controls and due diligence.

For reinsurers, this requires a shift away from reliance on contractual protections alone and towards more proactive, risk-based compliance frameworks supported by governance, oversight and operational transparency.

As sanctions regimes continue to evolve, reinsurers will face growing pressure to demonstrate that their controls can address the realities of modern reinsurance structures - including the layered and indirect nature of exposure itself.

This article forms part of a broader series examining sanctions risk across the insurance value chain, with the next instalment focusing on underwriting and delegated authority models.