This article was initially drafted for a Perry World House conference on “The Intersection of Sanctions and Corruption,” which was made possible in part by a generous grant from Carnegie Corporation of New York. The views expressed are solely the author’s and do not reflect those of Perry World House, the University of Pennsylvania, or Carnegie Corporation of New York.
After the February 2023 earthquake in Syria, the global effort to deliver humanitarian assistance was complicated by the sanctions still in place on the country. Multiple legal regimes moved to facilitate relief — including the United Nations’ standing humanitarian carve-out, the U.S. Treasury Department’s Office of Foreign Assets Control’s Syria General License 23, and the European Union’s parallel exemption. Yet these measures did not create a clear and reliable legal framework for humanitarian transactions. The workarounds operated on different terms and timelines, and the practical viability of any transaction still depended on judgments by regulators, counterparties, banks, insurers, and compliance actors regarding ownership, documentation, humanitarian nexus, and transactional risk. The result was a legal environment in which humanitarian transactions were formally permitted in some respects, but remained practically uncertain and difficult to operationalize. Lawful access depended not simply on what the exemptions said, but on whether fragmented public and private actors were willing to treat a transaction as cleared.
What happened in Syria is an often overlooked example of corruption risk that can arise from sanctions. Sanctions are often deployed to fight corruption, but they can sometimes create opportunities for it to flourish when sanctions leave conduct neither clearly prohibited nor clearly authorized, and when authority over lawful access is distributed across fragmented domestic, international, and private systems.
Much of the existing discussion approaches corruption mitigation as a matter of refining individual tools, such as exemptions, guidance, or monitoring. But corruption mitigation should begin one step earlier, addressing the legally structured spaces of partial restriction that sanctions regimes inevitably produce. Sanctions are built through overlapping prohibitions and systems of conditional authorization, but those restrictions are necessarily incomplete. Carve-outs, sectoral unevenness, temporal sequencing, and jurisdictional divergence create sanctions gaps, the spaces where actors compete to qualify for, interpret, or exploit available pathways.
In practice, these spaces are navigated across fragmented domestic sanctions frameworks, layered international legal regimes, and private compliance systems that exercise de facto gatekeeping authority. Where no actor can provide stable authorization and the boundaries of restriction remain uncertain, access to legally usable space becomes scarce, and influence over classification, documentation, routing, and institutional acceptance acquires value. The feasibility of corruption-sensitive sanctions design depends less on refining individual tools than on how legal regimes jointly structure prohibition, authorization, and the gaps between them. Corruption risk ultimately turns on how legal systems allocate authority over what sanctions leave unresolved.
Authorization, Legal Gaps, and Corruption Risk
Sanctions regimes are formally constructed through legal prohibitions, but they function through conditional authorization. Because economic activity must continue, sanctions law establishes when transactions may proceed and through which authorized channels. Licensing frameworks, statutory exemptions, regulatory guidance, and financial compliance rules collectively define the legal pathways through which a country’s economic activity remains permissible.
At the same time, sanctions restrictions are inherently incomplete as a matter of law and enforcement. Legal carve-outs, sectoral distinctions, temporal sequencing, and jurisdictional variation across multiple sending States create areas of partial coverage in which conduct is neither clearly prohibited nor clearly authorized. Enforcement further differentiates these boundaries. Variations in jurisdiction, regulatory authority, evidentiary standards, institutional capacity, and private liability exposure mean that sanctions rules operate unevenly across legal systems and across actors tasked with applying them.
Sanctions regimes therefore generate a layered legal environment composed not only of prohibitions and permissions but of legally ambiguous space — gaps in coverage, overlaps between regimes, and differences in enforceability that require interpretation. Economic activity reorganizes around both legally authorized pathways and the ability to operate within these gaps. Actors seek to qualify for exemptions, structure transactions to fit available carve-outs, route activity through jurisdictions where enforcement is less determinate, and rely on intermediaries able to interpret or operationalize legal ambiguity. For example, restricted goods may be rerouted through intermediaries, relabeled, or sold through black-market channels in jurisdictions where enforcement is weaker or legal coverage is less clear, as illustrated by Iraqi oil smuggling through neighboring states during the Oil-for-Food period.
Corruption risk concentrates in this space. Where authorization is gated and legal boundaries are unevenly defined or enforced — and where sanctions regimes necessarily contain natural gaps in coverage — control over pathways, and over the authority to validate whether activity falls within them, becomes a scarce legal resource.
Fragmentation and the Production of Legal Gaps
Sanctions rarely operate through a single legal regime. Instead, multiple sanctioning States construct parallel domestic sanctions frameworks that govern the same actors, sectors, and transactions. These frameworks differ in scope, definitions, licensing structures, humanitarian carve-outs, evidentiary thresholds, and enforcement design. Although often directed toward similar policy objectives, they produce non-identical legal environments in which the boundaries of restriction vary across jurisdictions. Fragmentation arises from three sources: divergence across domestic sanctions regimes, the absence of governance mechanisms to manage their interaction, and the discretionary translation of international obligations into domestic law.
This divergence is compounded by the absence of governance across jurisdictions. Sanctions regimes operate simultaneously but are administered through separate legislative authorities, regulators, and compliance systems. No institution is responsible for reconciling how overlapping regimes interact in practice. As a result, identical conduct may be clearly prohibited in one jurisdiction, fall within a carve-out in another, or occupy an area of interpretive uncertainty across several. These cross-jurisdictional gaps are not transitional; they reflect persistent differences in how legal authority is exercised. Responsibility for resolving these inconsistencies is therefore displaced onto regulators, financial institutions, and intermediaries operating without a shared legal framework.
The interaction between domestic and international law further expands this space. U.N. Security Council sanctions establish baseline obligations but leave substantial discretion regarding implementation, including the design of exemptions, authorization mechanisms, and enforcement priorities. As States translate these obligations into domestic law, differences in institutional capacity, legal drafting, and policy emphasis generate additional variation. Even coordinated sanctions among partners remain legally distinct measures administered through separate authorities, preserving the possibility of inconsistent coverage.
Together, these dynamics produce layered legal gaps. Divergent domestic rules, the lack of cross-jurisdictional governance, and discretionary implementation of international obligations create areas of partial restriction in which conduct is neither clearly prohibited nor clearly authorized. In the Syrian earthquake context, for example, a relief shipment might be formally permitted under OFAC’s temporary humanitarian authorization, but still be delayed or blocked if European counterparties, banks, or insurers applied different ownership-control rules, documentation standards, or risk thresholds. These gaps are not merely technical inconsistencies; they structure how activity can be classified, routed, and validated across legal systems. Fragmentation therefore does not simply expand ambiguity; it determines who controls access to legally usable pathways.
Sanctions regimes rely on processes of authorization, classification, and verification to translate legal rules into operational permission. Licensing decisions, ownership and control determinations, humanitarian eligibility assessments, and documentation requirements function as decision points through which actors seek entry into areas of partial restriction. Because these determinations are interpreted across fragmented regimes and institutions, access to legally usable pathways depends on actors capable of navigating — or influencing — how gaps are applied.
Corruption risk arises from this interaction between fragmentation and authorization. Where domestic regimes differ, where no authority governs how those differences interact, and where international obligations are implemented unevenly, influence over classification, documentation, routing, and timing becomes valuable. Sanctions gaps therefore persist not only because rules are incomplete, but because the legal architecture of sanctions tolerates divergence without allocating responsibility for managing it. It is within this unallocated governance space that corruption risk concentrates.
Why International Anti-Corruption Law Misses Sanctions Gaps
Sanctions gaps persist because legal systems define, implement, and enforce restrictions inconsistently. These gaps generate value by enabling actors to position conduct within uneven patterns of prohibition, authorization, and practical enforceability. The resulting risk, however, does not map neatly onto the conduct international anti-corruption law is designed to prohibit. This reflects not a deficiency in anti-corruption law’s substantive prohibitions, but a difference in regulatory target.
International anti-corruption frameworks — most prominently the U.N. Convention against Corruption — focus on misuse of entrusted authority: bribery, abuse of office, illicit enrichment, and related offenses. Their regulatory logic is actor-based and transactional. These frameworks identify prohibited exchanges, attribute responsibility, and impose consequences once misconduct can be linked to a public or private actor. Anti-corruption law is therefore oriented toward detecting and sanctioning corrupt exercises of authority after they occur.
Sanctions law operates differently. Rather than focusing primarily on misconduct after the fact, it organizes economic activity in advance by deciding which transactions are barred, which may proceed, and which require further authorization or compliance approval. The relevant conduct is therefore often not bribery or abuse of office, but legal positioning: structuring a transaction to fit an exemption, obtaining documentation that satisfies counterparties, or routing activity through an intermediary willing to treat the transaction as permissible.
The distinction becomes especially clear where formally authorized trade is routed through controlled channels. The Iraq Oil-for-Food Programme offers a stark illustration. Security Council Resolution 986 did not simply prohibit trade with Iraq or restore ordinary commerce. It established a regime of tightly controlled humanitarian exchange in which oil sales, escrowed proceeds, supplier contracts, and imports were routed through institutional approval and review mechanisms. But the same managed channels that made trade legally possible also concentrated authority over pricing, contracting, certification, and access. Those bottlenecks, in turn, became vulnerable to capture. As the Volcker inquiry, created by the U.N. to investigate mismanagement of the program, later found, the Iraqi regime extracted roughly $1.8 billion through illegal oil surcharges and supplier kickbacks. The significance of the episode is not merely historical or scandal-driven. It demonstrates that corruption risk may arise not only from sanctions evasion, scarcity, or administrative discretion in the abstract, but from the concentration of practical authority over the terms on which authorized trade may proceed.
Because anti-corruption law targets corrupt transactions rather than the governance of inconsistent restriction, it does not directly address much of the conduct through which sanctions gaps generate value. Influence over interpretation, classification, routing, timing, or operational clearance may determine whether activity proceeds without necessarily constituting bribery or abuse of office. The regulatory problem is thus structural before it becomes criminal.
This separation is reinforced institutionally. Anti-corruption regimes operate primarily through criminalization, enforcement cooperation, and attribution of responsibility for misconduct, while sanctions regimes operate through administrative authorization, licensing architecture, and distributed interpretive guidance across public and private actors. Decisions that determine access to areas of partial restriction are frequently decentralized, jurisdictionally fragmented, and mediated by compliance intermediaries rather than centralized enforcement bodies. As a result, the points at which corruption risk emerges — classification, validation of eligibility, documentation, and routing — often sit outside the institutional mechanisms through which anti-corruption law operates. The resulting divergence leaves the governance of sanctions gaps largely unaddressed.
Governing Inconsistency: Legal Paths Forward
Sanctions regimes are often assessed through the lens of compliance and enforcement. Yet, the corruption risks associated with sanctions gaps arise earlier, in the way legal authority over areas of partial restriction is distributed across fragmented regimes. Because sanctions are negotiated, implemented, and enforced through politically independent legal systems, inconsistency is a structural feature of sanctions architecture. The task, therefore, is not to imagine a sanctions system without gaps, but to determine how responsibility for interpreting and managing those gaps should be allocated.
A first step is to recognize sanctions gaps as sites of contested legal authority. Areas of partial restriction operate as legally under-allocated governance zones in which domestic regulators, international obligations, and private gatekeepers apply non-identical standards without clear responsibility for classification, validation, or oversight. Corruption risk arises not from ambiguity alone, but from the value attached to managing it. Mitigation therefore begins with identifying where authority is fragmented and establishing baseline procedural expectations for how conduct within these zones is assessed. The objective is not to eliminate ambiguity altogether, but to allocate responsibility for managing it more transparently and predictably.
A second step is selective alignment of the legal rules that make gap exploitation possible. Full harmonization of sanctions policy is neither likely nor necessary. What matters is narrower convergence around the legal elements that determine whether activity can be positioned within operationally usable pathways: ownership and control, facilitation, humanitarian eligibility, documentation standards, and financial intermediation. Coordination through plurilateral forums such as the G7 or G20 can reduce divergence in the treatment of comparable conduct without requiring uniformity on sanctions targets themselves. That form of alignment would not eliminate political autonomy. It would, however, reduce the rents generated by legally structured inconsistency.
A third step is to embed anti-corruption principles more directly into sanctions regime design. Anti-corruption frameworks should not function only as enforcement overlays that respond once bribery, kickbacks, or abuse have occurred. They should also inform how sanctions regimes allocate discretion, structure authorization, and manage inconsistency ex ante. Principles of transparency, procedural regularity, reviewability, and accountability can shape licensing architecture, interpretive guidance, documentary requirements, and the administration of exceptions. The aim is to move anti-corruption intervention upstream: from policing misconduct within sanctions gaps to shaping the conditions under which those gaps operate.
Taken together, these moves reframe corruption mitigation as a problem of sanctions design under conditions of persistent legal divergence. The point is not simply to make sanctions more precise in the abstract, but to change how they operate in moments of real-world pressure. In Syria, clearer recognition of the gap between formal humanitarian permission and operational clearance, combined with closer alignment among U.N., U.S., and EU rules on ownership, documentation, financial processing, and end-use assurances, could have reduced the need for banks, insurers, and counterparties to make fragmented risk judgments transaction by transaction. Relief would still have required safeguards, but fewer actors would have been able to convert uncertainty over clearance into delay, leverage, or selective access. In Iraq, where the Oil-for-Food Programme created controlled channels for authorized trade, embedding anti-corruption principles into contracting, pricing, auditing, and approval processes from the start would have made those channels harder to capture through surcharges, kickbacks, and political gatekeeping. Sanctions regimes cannot eliminate gaps without sacrificing flexibility. But they can decide whether those gaps become informal markets in access or governed pathways through which lawful activity can proceed without empowering the actors best positioned to exploit uncertainty.
