Author: Felipe Villasuso Lago, Governance and Compliance leader, PhD Research, London South Bank University
Sanctions and export controls are routinely presented as decisive instruments of state power, yet in the energy sector their enforcement is structurally constrained by the very security imperatives that motivate them. Regulators enact the rules; private gatekeepers — banks, insurers, shipowners, classification societies, and energy companies — operationalise them. In moments of supply stress, that division of responsibility is tested: shipping becomes less predictable, insurance capacity contracts, counterparties and trade routes shift rapidly, and emergency procurement compresses diligence timelines. The result is heightened compliance risk at precisely the moment regulators face pressure to avoid policy measures that worsen supply and price shocks.
This article argues that the enforcement constraint operates through two channels. First, regulators calibrate enforcement strategy during energy shocks by prioritising evasion typologies while deploying targeted stabilisation tools — notably licensing corridors — to prevent systemic market harm. Second, effective enforcement depends on corporate compliance architectures that are specifically stressed by chokepoint disruption and crisis procurement. The Strait of Hormuz serves as the paradigmatic case study: a narrow corridor through which a significant share of global hydrocarbon flows passes, where legal transit entitlements can become commercially irrelevant once war-risk insurance collapses.
Enforcement Calibration: Licensing as a Stabilisation Tool
Crisis conditions do not suspend sanctions obligations — they reconfigure how those obligations are implemented. OFAC’s General License U illustrates this dynamic clearly. Issued in response to the Iran-war disruption, it authorises the delivery and sale of Iranian-origin crude and petroleum products loaded on vessels as of 20 March 2026, and expressly includes enabling services such as insurance, classification, bunkering, and salvage. Rather than providing blanket relief, the licence creates a bounded corridor: corporates must establish that cargo meets the temporal criterion, that services are ordinarily incident and necessary, and that no other prohibitions apply. Compliance burden increases, not decreases.
A parallel measure — a 60-day Jones Act waiver allowing foreign vessels to transport energy goods between US ports — illustrates how domestic energy-security measures can rapidly reshape compliance exposure. Though not a sanctions instrument, the waiver altered routing, vessel availability, and counterparty patterns, compressing classification and end-use checks for shipping and technical services. The consistent lesson across both measures is that stabilisation instruments intensify evidentiary and governance demands rather than alleviating them. Corporates that cannot produce audit-ready documentation of eligibility and enabling-service scope cannot safely rely on the licences that regulators issue.
Ownership Opacity and the Affiliates Problem
Crisis conditions also increase incentives for evasion. OFAC’s guidance on sham transactions emphasises that blocked interests persist despite formal transfers where economic reality is unchanged — proxies, straw owners, and opaque legal structures are core enforcement risks. The same logic applies under export controls. BIS’s 2025 interim final rule extended end-user restrictions to foreign affiliates at least 50% owned, directly or indirectly, by listed entities. While the rule’s enforcement was postponed by one year — with provisions scheduled for reintroduction from November 2026 — the underlying compliance requirement is clear: list screening alone is an insufficient safe harbour in joint venture and consortium structures.
For energy JVs, the compliance burden is shifting materially from basic list screening towards ownership and control mapping, enhanced due diligence on affiliates, and contractually enforceable transparency obligations. This shift becomes sharper under disruption: emergency rerouting and intra-group restructuring make ownership visibility hardest to obtain precisely when it is most legally consequential.
Contractual Governance as Compliance Infrastructure
Energy projects are governed through layered contractual arrangements — NDAs, joint study and bidding agreements, farmouts, and long-term joint operating agreements — that allocate risk and structure decision-making under stress. A recurring governance tension is that operators control day-to-day operations while operating committees supervise at a higher level; under energy-security shocks, speed pressures intensify, but sanctions and export-control obligations demand disciplined screening, auditable approvals, and clear authority chains.
Force majeure doctrine compounds this tension. In energy markets, chokepoint disruption affects thousands of contracts simultaneously, making force majeure a systemic shock-absorption mechanism rather than a bilateral contractual remedy. Mitigation efforts — rerouting, supplier substitution, agent changes — can increase exposure to ownership opacity and circumvention typologies at the very moment compliance capacity is strained. Best practice integrates force majeure decision-making with sanctions and export-control controls, maintaining contemporaneous audit-ready records of insurer war-risk positions, rerouting feasibility, screening outcomes, and end-use diligence.
Policy Recommendations
For Regulators
In a chokepoint shock, enforcement credibility is best preserved by combining tight targeting of evasion typologies with narrow, auditable stabilisation corridors. Authorisations should be carefully scoped to preserve essential market functionality — particularly the enabling infrastructure of shipping, insurance, and classification — while maintaining focus on hidden control structures and circumvention. Eligibility criteria and documentation expectations should be time-bound and explicit: crisis conditions amplify ambiguity and create incentives for compliance shortcuts. Clear evidentiary expectations also align with enforcement reality, since authorities assess the quality of systems, controls, and cooperation when determining penalties.
For Energy-Sector Corporates
Compliance programmes must be designed for operational stress, not steady-state transactions. In contracting, firms should use disciplined ‘applicable law’ drafting to capture genuine extraterritorial exposure without over-committing to inapplicable regimes. Ownership visibility should be treated as a frontline control, with disclosure obligations, change-in-control triggers, and remedies built into joint venture agreements from inception. Export controls should be operationalised through controlled-items identification, licensing workflows, and crisis procurement playbooks that recognise compressed review windows during emergencies.
Compliance obligations should extend across subcontractors and intermediaries, with audit rights designed to capture compliance evidence — screening outputs, ownership records, licences, and end-use restrictions — rather than costs alone. Remedies should preserve continuity through payment suspension, cure periods, step-in, and termination for cause, since relying on force majeure for sanctions non-compliance is often slower and less effective than bespoke compliance remedies. Finally, firms should maintain a dedicated licensing and emergency-measures layer to track general licences, tag transactions to relevant legal authorities, and preserve audit-ready evidence in real time.
Conclusion
Energy security constrains sanctions and export-control enforcement not as a peripheral political consideration, but as a structural feature of the energy system itself. Disruption at chokepoints and insurance-driven limits on commercial feasibility reshape compliance on the ground, turning enforcement from a static legal exercise into a practical governance challenge. Crisis-era stabilisation tools demonstrate that enforcement can be recalibrated to safeguard systemic stability without diluting core anti-evasion objectives — but only where corporate compliance architectures are robust enough to meet the heightened evidentiary demands those tools impose.
The central implication is that energy-sector compliance must be conceived as resilience governance: integrating ownership and control transparency, controlled-items and licensing workflows, shipping and insurance dependencies, audit-ready evidence, and operational remedies that preserve continuity under stress without compromising legality.
Author Bio
