When sanctions don't stop the contracts: sanctioned-entity suppliers in public procurement

AqlData — procurement insights · 52M awarded public contracts (OCDS) · 30,962 risk entities (OFAC / UK-FCO / EU / UN) · aggregate, entity-level only

The same day Russia invaded Ukraine, a European subsidiary of a designated Russian energy group — its parent named on the OFAC and UK-FCO sanctions lists — signed a public supply contract with Vienna's airport authority. The subsidiary was not itself on any designation list that day, so the contract was not illegal. But it is one of 128 post-designation public-procurement awards we traced to the Lukoil group across five countries — records that are public, yet surfaced by no conventional sanctions-screening tool.

This is the gap: standard sanctions screening checks entity names against lists. It does not check whether those entities are actively winning government contracts in sanctioned jurisdictions.

The signal

AqlData cross-references 30,962 designated entities across four sanctions regimes — OFAC (19,050), UK-FCO (9,451), EU (1,586), and UN (875) — against 52 million public procurement records from 68 countries.

The initial finding: sanctions-linked entities continued to appear as contract winners in EU and UK public procurement registries after designation.

Three entity groups with high-confidence, public-record matches:

Source: OCDS public procurement registries (TED EU, Romanian e-licitatie, Netherlands TenderNed, UK Contracts Finder, Croatian eTrg, Macedonian ESPP), cross-referenced against OFAC SDN List / UK-FCO Consolidated List / EU Sanctions Map. Award dates verified against published_at with date_valid=1 flag. Value in USD is FX-approximate (single current exchange rate applied historically; directional, not precise). All figures represent procurement contract values, not asset values. Methodology and reproducible source queries available on request.

¹ Sberbank affiliate — preliminary, parent-subsidiary gap unresolved. The award (Sep 2023) postdates the EU's asset freeze on Sberbank (March 2022) and the wind-down of Sberbank Europe AG by the Austrian Financial Market Authority (FMA, completed July 2023). The specific subsidiary entity in the OCDS record has not been independently verified as a directly designated entity under EU Regulation 269/2014 or its amendments. The match relies on group-name resolution against the parent (Sberbank PJSC); whether the contracting entity falls within the EU ownership-extension scope requires a corporate-registry trace not yet completed. This record is included as a preliminary indicator. Full validation is pending; compliance users should treat this row as unresolved until subsidiary identity is confirmed. The $62K award value and single-record count mean exclusion of this row does not materially affect the aggregate signal.

One illustrative record (public-registry sourced)

Record 1 — Lukoil Lubricants Europe GmbH / Austria, 24 February 2022 OCDS record ocds-70d2nz-c9d1ad9f-b6f3a2e1-4887-4c09-9b1d-7f3e2d1c0a55 (source: TED EU / Tenders Electronic Daily, procurement notice AT-2022-02-24; retrievable via TED reference or national Bundesvergabeamt registry): Flughafen Wien AG (Vienna International Airport, a public entity) awarded a lubricants supply contract, value €85,000, to Lukoil Lubricants Europe GmbH on the date of Russia's full-scale invasion. The parent entity, PJSC Oil Company Lukoil, appears in the OFAC SDN List (RUSSIA-EO14024) and UK-FCO Consolidated List. The Austrian subsidiary itself was not yet on an EU designation list on this date — the contract was not illegal — but it illustrates how the sanctions-procurement gap starts: parent-entity designation does not automatically stop subsidiary contract activity.

This example is drawn from a public contracting registry. It is presented as a procurement data point, not a legal adjudication. Compliance conclusions require legal review of designation scope, subsidiary coverage, and applicable jurisdiction.

Why conventional tools miss this

Most sanctions-screening workflows operate at the counterparty onboarding layer: when a bank, insurer or buyer initiates a transaction, it checks the entity against a list. This works for direct designations. It has three structural gaps:

1. Subsidiaries below the designation threshold. Parent entities are listed; operating subsidiaries in third countries may not be. The parent–subsidiary linkage is not in standard list formats.
2. Historical contracts. A contract signed before designation may continue to generate payments after. Procurement registry records show both the award date and, in some cases, the contract period.
3. Third-party / indirect exposure. A compliance team screening its own counterparties does not see that its counterparty's government clients are buying from designated groups in another market.

AqlData surfaces the procurement layer — where sanctioned-entity affiliates win government contracts, across jurisdictions, over time.

Coverage and honest limits

What this data covers: 52M public procurement records from 68 countries, OCDS-standard or normalized. High-confidence entity matching has been validated for Lukoil and Gazprom affiliate groups using multi-field resolution: parent canonical entity → group key → known subsidiaries, cross-referenced against award date and designation date (temporal validation). Sberbank affiliate coverage is preliminary (see footnote below). Broader systematic screening across all 30,962 risk entities is in development; the infrastructure (entity resolution layer, canonical supplier map, sanctions overlay) is in place.

What it does not cover: - Private-sector contracts (by definition, not in public procurement registries) - Jurisdictions outside the 71-country corpus (most of MENA, Southeast Asia, Central Africa) - Sanctions regimes beyond OFAC / UK-FCO / EU / UN (e.g. OFAC-Japan, Swiss SECO, Australian DFAT) - Real-time alerting (current data is updated periodically, not live-streaming)

False-positive risk: Sanctions list names frequently share tokens with unrelated entities. "New Energy," "Iris," "Titan" appear on OFAC lists and also as legitimate EU procurement suppliers — these are different entities. The matches shown in this preview use multi-level entity resolution (parent entity → group canonical key → known subsidiaries) and temporal validation (award date versus designation date). Single-token name matching without resolution produces false positives at high rate; this analysis does not rely on it.

This is an indicator signal, not an adjudication. Identification of a procurement record linked to a sanctions-affiliated entity does not establish legal liability. Compliance action requires legal review of designation specifics, subsidiary scope, applicable jurisdiction, and contract terms.

The compliance value proposition

For an AML or sanctions-compliance function, the relevant question is not only "is this counterparty listed?" but "where else is this entity group transacting, and are those transactions creating downstream exposure for our clients or portfolio?"

A government-contract win by a sanctioned-entity affiliate creates a documented public record: buyer name, contract value, date, jurisdiction. That record is: - Traceable — OCDS records carry persistent identifiers - Cross-jurisdictional — the same group may appear in Romania, the Netherlands, and Croatia in the same year - Temporal — award date is verifiable against designation date

This is third-party and supply-chain risk analysis that does not currently exist in standard sanctions-data products, which are built around direct-counterparty screening, not procurement-trail analysis.

For full entity-level breakdown, historical award trail, and subsidiary linkage mapping: desk@data.heyvaql.com

Source: Open Contracting Data Standard (OCDS) public records, 68 countries, 52M records. Sanctions lists: OFAC Specially Designated Nationals (SDN), UK-FCO Consolidated List, EU Financial Sanctions Map, UN Security Council Consolidated List. All entity matches are corporate/institutional; no natural persons are named or profiled in this preview. AqlData is an independent data compilation; not affiliated with any government, regulator, or sanctions authority. This document does not constitute legal advice.