Press Release


STAMFORD Conn., 7 April 2022

Gartner Identifies Three Mandates for Legal and Compliance Leaders Following the Russian Invasion of Ukraine

Three Areas Should Frame the Legal & Compliance Response

Legal and compliance leaders should consider their response to the Russian invasion of Ukraine in the context of three critical areas, according to Gartner, Inc.

“The pressure for companies to take a firm stance on social issues has been building across the past two years, but with the Russian invasion of Ukraine there are significant operation issues to consider as well,” said Stephanie Quaranta, vice president, Research in the Gartner Legal, Risk and Compliance practice.

To help legal and compliance leaders focus their efforts, Gartner experts have identified the following three categories where legal involvement is critical:

Complying with Complex Sanctions
Compliance with a complex and rapidly shifting network of sanctions will likely be an organizational response that is “owned” by assurance functions, so it’s critical that legal and compliance leaders play a central role in advising the C-suite on how sanctions affect their organization, and how to bring the organization into compliance. For legal departments, critical actions include:

  • Advise on how to implement sanctions requirements and best protect employees on the ground who are at risk of being held criminally liable for the organization’s response to sanctions, given the aggressive blocking legislation passed in Russia.
  • Assess sales and supplier contracts to identify those impacted by sanctions and sort those into two groups: those that can be terminated immediately and those with a wind down period. Then provide sales, service, and sourcing colleagues with appropriate scripting and procedures for informing sanctions parties that contracts will be terminated. Create real-time communications channel for sharing information among impacted partners as new sanctions are released.
  • Partner with procurement and supply chain to identify third parties that now need extended due diligence or ongoing monitoring. Further, connect with any vendors the department uses to conduct due diligence to understand how they are updating their processes to reflect new sanctions.
  • Ensure that robust due diligence is in place on any foreign entity that is a planned recipient of corporate donations to identify potential issues and determine whether it is necessary to review any charitable donations or connections (e.g., board memberships) for any relation with a sanctioned entity.

Workforce Issues
Legal and compliance leaders play a key role in shaping the organization’s response and making decisions about how to manage the workforce, including:

  • Review planned statements.
  • Advise the organization on support and communications for employees in impacted regions on things such as leave or workplace accommodation available to them.
  •  Identify any employee visa implications considering recent changes and the organization’s visa sponsorship policy.
  • Proactively mitigate the potential for increased discrimination, harassment or inappropriate behavior directed at employees because of location, ethnic background, or other factors.
  • Advise employees working with sanctioned entities on what parts of their job they can still execute and how. If contracts must be terminated, evaluate the indirect impacts on employees, for example those whose compensation may depend on those contracts.
  • Review planned statements put together by the organization’s CSR or corporate communications team to identify any areas requiring guidance in light of recent events.

This is unlikely a domain that is owned by legal and compliance, but it embodies risks that they must manage, so it is best to be involved in any response.

  • Partner with information security teams to review any clauses specific to “war or hostile acts” in cyberinsurance policies, review existing arrangements with cyber incident response providers (including outside counsel), and consider putting providers on retainer if not already.
  • Ensure legal is involved in regular tabletop exercises for cybersecurity events. A scenario planning exercise will help stakeholders to identify areas of responsibility and gaps in response capability.
  • Communicate evolving standards for cybersecurity protections to third-party vendors, and ensure ongoing monitoring and action – including provisions for termination of vendor contracts if they do not meet standards.

Gartner clients can find more details on the specific risks, implications, and suggested actions to manage these hot spots in Responding to the Russian Invasion of Ukraine: A Guide for Legal and Compliance Leaders. Non clients can find more related content at: Resources for Executives and Their Teams Amid Russia’s Invasion of Ukraine.

About Gartner for Legal, Risk & Compliance Leaders
Gartner for Legal, Risk and Compliance Leaders provides expert guidance and tools to help leaders across legal, risk, audit and compliance departments more effectively manage an increasingly complex risk landscape and build next-generation functions. Additional information is available at and Follow news and updates on LinkedIn and Twitter. Visit the Gartner Legal and Compliance Newsroom for more information and insights.


About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight to executives and their teams. Our expert guidance and tools enable faster, smarter decisions and stronger performance on an organization’s mission critical priorities. To learn more, visit