Does Your SaaS Startup Have Clients in Russia? Here's What You Need to Know About The Latest Round of Sanctions and How It May Effect Your Business

On February 21, 2022 the US imposed a new round of sanctions against Russia prohibiting all new investment, trade, and financing to from “so-called Donetsk People’s Republic (DNR) or Luhansk People’s Republic (LNR) regions” of eastern Ukraine. While the Sanctions are vast in scope for the purposes of this update we'll focus on the parts that may directly effect SaaS companies operating in the US whom have clients in Russia.

Among other things the new sanctions prohibit: the export, reexport, sale, or supply, directly or indirectly, from the United States, or by a U.S. person or entity, of any goods, services, or technology to the DNR or LNR regions. Services being the operative word. So if your company is providing services, including software or software-as-a-service (SaaS), to Russian clients what does this mean for you? The ban currently applies to the DNR and LNR regions. So if any of your clients are located there its imperative that you wind down any activities with said clients.

But what if your client is located outside those regions, e.g., Moscow? Trouble may still loom. The sanctions are focused not only on the location of the client but on the location of the client's end users. So even in this scenario you may still be effected provided that said client has any of its employees in the prohibited regions.

What steps should your SaaS take? Companies should implement measures to prevent transactions with individuals and entities located in the prohibited regions. One such measure, as utilized by many following sanctions imposed against Russia for its annexation of the Crimea in 2014, is to utilize geolocation tools and IP address controls to block access to anyone in the DNR and LNR regions.

The situation is rapidly evolving. Many are estimating that these sanctions may increase in scope past the DNR and LNR regions. The EU is also strongly considering kicking Russia out of SWIFT, the financial-messaging infrastructure that links the world’s banks. If this happens then collecting invoices from clients located in Russia may be a whole other problem your SaaS will have to deal with. For now mitigation is the name of the game. Companies should lean heavily on their compliance teams to ensure that they have taken all precautions to identify and block transactions with restricted parties.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.