Gartner identifies three mandates for legal and compliance leaders in response to Ukraine invasion

Legal involvement is critical: Gartner experts

Gartner identifies three mandates for legal and compliance leaders in response to Ukraine invasion

Legal and compliance leaders should consider their response to the Russian invasion of Ukraine in the context of three critical areas, according to research and advisory firm Gartner, Inc.

“The pressure for companies to take a firm stance on social issues has been building across the past two years, but with the Russian invasion of Ukraine there are significant operation issues to consider as well,” said Stephanie Quaranta, vice president, research in Gartner’s legal, risk and compliance practice.

To help legal and compliance leaders focus their efforts, Gartner experts have identified the following three categories where legal involvement is critical:

Complying with Complex Sanctions

Compliance with a complex and rapidly shifting network of sanctions will likely be an organizational response that is “owned” by assurance functions, so it’s critical that legal and compliance leaders play a central role in advising the C-suite on how sanctions affect their organization, and how to bring the organization into compliance. For legal departments, critical actions include:

  • Advise on how to implement sanctions requirements and best protect employees on the ground who are at risk of being held criminally liable for the organization’s response to sanctions, given the aggressive blocking legislation passed in Russia.
  • Assess sales and supplier contracts to identify those impacted by sanctions and sort those into two groups: those that can be terminated immediately and those with a wind down period. Then provide sales, service, and sourcing colleagues with appropriate scripting and procedures for informing sanctions parties that contracts will be terminated. Create real-time communications channel for sharing information among impacted partners as new sanctions are released.
  • Partner with procurement and supply chain to identify third parties that now need extended due diligence or ongoing monitoring. Further, connect with any vendors the department uses to conduct due diligence to understand how they are updating their processes to reflect new sanctions.
  • Ensure that robust due diligence is in place on any foreign entity that is a planned recipient of corporate donations to identify potential issues and determine whether it is necessary to review any charitable donations or connections (e.g., board memberships) for any relation with a sanctioned entity.

Workforce Issues

Legal and compliance leaders play a key role in shaping the organization’s response and making decisions about how to manage the workforce, including:

  • Review planned statements.
  • Advise the organization on support and communications for employees in impacted regions on things such as leave or workplace accommodation available to them.
  • Identify any employee visa implications considering recent changes and the organization’s visa sponsorship policy.
  • Proactively mitigate the potential for increased discrimination, harassment or inappropriate behavior directed at employees because of location, ethnic background, or other factors.
  • Advise employees working with sanctioned entities on what parts of their job they can still execute and how. If contracts must be terminated, evaluate the indirect impacts on employees, for example those whose compensation may depend on those contracts.
  • Review planned statements put together by the organization’s CSR or corporate communications team to identify any areas requiring guidance in light of recent events.


Legal and compliance may be involved in managing cybersecurity risks. Possible actions include:

  • Partner with information security teams to review any clauses specific to “war or hostile acts” in cyberinsurance policies, review existing arrangements with cyber incident response providers (including outside counsel), and consider putting providers on retainer if not already.
  • Ensure legal is involved in regular tabletop exercises for cybersecurity events. A scenario planning exercise will help stakeholders to identify areas of responsibility and gaps in response capability.
  • Communicate evolving standards for cybersecurity protections to third-party vendors, and ensure ongoing monitoring and action – including provisions for termination of vendor contracts if they do not meet standards.

Recent articles & video

US law firm Locke Lord to pay settlement over ex-client's alleged fraud

WarnerMedia seeks to disqualify law firm over alleged ethical breaches in mass arbitration campaign

New security law raises concerns amid decline in Hong Kong business sentiment

Perkins Coie opens London office to establish new tech-focused corporate practice

G+T guides Mitsubishi UFJ Trust and Banking on $2.1bn pickup of Link Group

HWL Ebsworth reveals new leadership and management structure

Most Read Articles

NSW Supreme Court sets trial date for landmark strip search class action

W+K adopts gen-AI tool designed for Australian legal market

K&L Gates Advises Centuria on acquisition of massive glasshouse in Victoria

Hunt & Hunt announces support for St Kilda Film Festival