Sanctions enforcement has entered uncharted waters. Rising geopolitical tensions, rapid technological change, and increasingly complex global trade flows are reshaping the risk landscape. At the same time, sanctioned actors have more tools than ever to circumvent restrictions — even as authorities deploy more targeted, prescriptive, and coordinated measures.

From fast-evolving sanctions against Russia and Iran to designations tied to proliferation, corruption, and human rights abuses, companies across sectors face heightened exposure. But investment and professional services firms sit at a particularly sensitive intersection. Advising clients, structuring deals, forming entities, financing trade, or investing in emerging platforms can place firms directly or even indirectly in the path of sanctions evasion networks.

In today’s world, sanctions risk is not just about what appears on a list. It is about intermediaries, new evasion tactics, and whole ecosystems designed to circumvent financial and trade-based restrictions.

At Themis, we conduct research into sanctions circumvention to identify the latest tactics, typologies, and network structures being deployed across jurisdictions. This research feeds into our broader threat-based work, allowing us to track how evasion methodologies evolve and where enforcement and regulatory scrutiny are likely to move next.

We’ve outlined the key threat areas reshaping exposure this year for investment and professional services firms, as we are seeing a clear uptick in sanctions-related risk across both industries.

‍

An Expanding Compliance Perimeter

Sanctions policy may reflect shared geopolitical priorities, but enforcement is far from uniform. The US, UK, and EU increasingly pursue similar targets using different legal frameworks, definitions, and enforcement strategies. What is permissible in one jurisdiction may create liability in another.

For investment and professional services firms, this fragmentation complicates due diligence, cross-border structuring, and client advisory work. It also increases the risk of inadvertent facilitation.

At the same time, regulators are zeroing in on circumvention. Enforcement now routinely targets intermediaries and enablers, whether knowingly involved or not. Accountability is expanding beyond primary actors to include those providing financing, structuring, logistics, or advisory support.

Recent actions illustrate this shift. The US sanctioned a cyber exploit brokerage network distributing stolen US tools. The EU’s proposed 20th sanctions package against Russia places strong emphasis on anti-circumvention, including talk of potential restrictions on certain intermediaries and third-country hubs, such as ports handling Russian oil.

Put simply, enforcement isn’t stopping at the surface — it’s moving upstream.

For investors and advisors, exposure increasingly arises through ownership layers, minority stakes, service relationships, and complex cross-border networks. Sanctions risk must now be embedded into client selection, investment committee review, and ongoing portfolio monitoring — not treated as a final-stage screening exercise.

‍

A New Wave of Digital Evasion

Technology is accelerating both enforcement and evasion.

Regulators now use advanced analytics, network mapping, and cross-border data integration to detect illicit activity. But state and non-state actors are deploying increasingly sophisticated tools in response.

AI is beginning to reshape evasion tactics. Synthetic identities, automated transaction structuring, and convincingly fabricated documentation can make illicit flows appear routine. North Korean networks have drawn attention for deploying deepfake IT workers to generate revenue for the regime.

Less discussed is how AI could transform shell company ecosystems. Traditionally, shell networks are built manually across jurisdictions to obscure ownership and control. AI could dramatically accelerate this process, modelling how corporate structures might appear to compliance systems and iteratively refining them to reduce scrutiny. In effect, static shell entities could evolve into adaptive, predictive networks.

At the same time, crypto and digital assets have moved from a secondary workaround to a core sanctions circumvention tool. In 2025, Russia-linked networks moved billions on-chain, while Iranian and Venezuelan actors used digital assets to sustain trade flows and maintain market access. Reports that $1.7 billion flowed from Binance-linked accounts to Iranian entities underscore the scale of exposure.

Regulators are responding forcefully. The EU is proposing expanded measures targeting crypto platforms and stablecoins and has sanctioned specific crypto networks. The UK is also strengthening its response to crypto-enabled sanctions evasion, signaling it will be a priority this year. And the US continues to designate exchanges, wallet addresses, and state-sponsored cyber actors.

For investment and professional services firms, the implications are tangible:

• Investments in digital asset platforms may carry latent sanctions exposure.

• Advisory work involving tokenized assets or cross-border crypto flows may trigger enhanced scrutiny.

• Portfolio valuations and exit strategies can be affected by sudden designations or regulatory shifts.

• Digital innovation remains legitimate and valuable — but the compliance expectations surrounding it are intensifying rapidly.

‍

‍

Shadow Fleets and the Trade Risk Ecosystem

Sanctions risk is equally pronounced in physical trade networks.

Shadow fleets, vessels using misleading flags, opaque ownership structures, and deceptive routing tactics, have evolved into a transnational sanctions-evasion ecosystem. Russian, Iranian, and Venezuelan networks increasingly draw from overlapping pools of ships, insurers, intermediaries, and financiers to move oil, metals, weapons, and other restricted goods.

The January seizure of the crude oil tanker Marinera, a crusting ship linked to Russian evasion and Hezbollah smuggling, exemplifies a broader enforcement push. Western authorities are also no longer targeting vessels alone — they are sanctioning operators, corporate networks, insurers, and service providers.

So far this year, the UK has sanctioned tankers and corporate networks such as 2Rivers. The US has blacklisted dozens of individuals, entities, and vessels linked to illicit petroleum trafficking and proliferation financing. The EU’s proposed package includes sanctions on identified shadow fleet vessels and a potential maritime services ban affecting LNG tankers.

The enforcement perimeter is in effect widening.

For investors in maritime, commodities, and logistics sectors, exposure is operational as well as reputational. Hidden links to shadow fleet activity can affect valuations, financing arrangements, insurance coverage, and exit timelines. Enhanced due diligence, vessel tracking, beneficial ownership mapping, and legal reviews all add significant cost.

Operational disruption is also real: port delays, revoked insurance, frozen payments, and increased borrowing costs can materially impact margins and liquidity.

Corporate service providers face particular scrutiny. Company formation agents, nominee director services, and structuring advisors may inadvertently facilitate entities used to purchase or manage shadow fleet vessels. With regulators targeting enablers, weak beneficial ownership controls can translate directly into liability.

Trade finance providers are similarly exposed. Letters of credit, structured commodity financing, and shipping insurance can all be embedded within evasive trade flows. A single overlooked connection can trigger enforcement action and reputational fallout.

‍

Sanctions Risk Is Now Structural

The rules haven’t just tightened in 2026; the entire risk landscape has shifted.

The boundaries of risk don't just stop at sanctioned names. They run through crypto markets, digital platforms, shell networks, foreign flagged ships, ports, and logistical hubs.

For investment and professional services firms, this means sanctions risk is structural. It impacts how deals are sourced, how clients are onboarded, how portfolios are shaped, and how risk appetite is defined.

Three themes stand out:

• Indirect exposure is the new frontier.

• Technology is a multiplier for both evasion and enforcement.

• Global trade networks carry embedded, operational sanctions risk.

Firms that continue to treat sanctions as a static compliance checklist will increasingly find themselves exposed. Those that integrate sanctions intelligence into strategic decision-making, such as investment committees or client advisory frameworks, will be better positioned to manage risk in a world where geopolitics, technology, and global commerce are permanently intertwined.

In 2026, sanctions are no longer just a compliance issue. They are a core business risk —and for some firms, a defining test of governance and resilience.