Skip to content
AuditFront
WHY.4 EU Sanctions DD

EU Sanctions DD WHY.4: Business Rationale Assessment

What This Control Requires

Does the transaction have a clear, documented business rationale?

In Plain Language

Transactions without clear economic logic - orders that do not fit the buyer's business profile, unusual quantities, or mismatched specifications - are a red flag for front purchases or goods diversion.

This is sometimes called the 'does this make sense?' test, and it is one of the most effective compliance tools available. A bakery ordering high-end electronics does not make sense. A small trading company ordering industrial quantities of restricted goods does not make sense. A customer who shows no interest in price or delivery terms but insists on a specific product does not make sense.

The business rationale assessment bridges all other checks: even if the WHO, WHAT, and WHERE all look clean on paper, a transaction that lacks basic commercial logic should not proceed without further investigation.

How to Implement

For each material transaction, document the business rationale:

1. What is being sold - specific product, quantity, and specifications 2. To whom - the buyer's business profile and industry 3. For what purpose - the stated application or end-use 4. Why this specific product/quantity/specification - does the order match the buyer's needs?

Red flags that indicate a missing or fabricated business rationale: - A company's order does not match its stated industry (a bakery ordering semiconductors) - Quantities that are inconsistent with the buyer's apparent scale or stated application - Product specifications that do not match the stated end-use - Customer shows unusual urgency without commercial justification - Customer is unusually disinterested in price, warranty, or after-sales support - Orders for spare parts or maintenance items when the customer has no installed base - Declining standard features (training, support, warranty) that legitimate users would want

The 'does this make sense?' test should be applied by everyone who touches the transaction: sales, operations, logistics, and finance. Train staff to flag transactions that feel wrong even if they cannot articulate the specific concern.

Document the business rationale assessment for all transactions above your materiality threshold and all transactions with higher-risk counterparties regardless of value.

Evidence Your Auditor Will Request

  • Business rationale documentation for material and higher-risk transactions
  • Staff training records on the 'does this make sense?' assessment
  • Escalation records for transactions with questionable business rationale
  • Records of transactions declined or investigated due to rationale concerns
  • Cross-reference checks between customer profile and order characteristics

Common Mistakes

  • Treating the business rationale check as a compliance formality rather than genuine assessment
  • Not training front-line staff (sales, logistics, finance) to apply the 'does this make sense?' test
  • Focusing only on counterparty screening while ignoring whether the transaction itself makes sense
  • No documentation of business rationale for routine transactions that may carry hidden risk
  • Commercial pressure overriding compliance concerns when a transaction seems profitable

Related Controls Across Frameworks

Framework Control ID Relationship
EU Sanctions DD EU Sanctions DD WHY.1 (related mapping) Related
EU Sanctions DD EU Sanctions DD WHAT.3 (related mapping) Related
EU Sanctions DD EU Sanctions DD WHAT.4 (related mapping) Related

Frequently Asked Questions

How do we apply this test without slowing down every transaction?
Not every transaction needs a detailed rationale assessment. Focus on: transactions above a materiality threshold, transactions with new or higher-risk counterparties, orders that deviate from the counterparty's normal pattern, and any transaction where other red flags have been identified. For routine repeat orders from established low-risk customers, a lighter touch is appropriate. The goal is risk-proportionate assessment, not bureaucratic box-ticking.
What if the transaction is commercially attractive but the rationale is weak?
Commercial attractiveness does not override compliance risk. In fact, unusually profitable transactions should attract more scrutiny, not less - sanctions evaders often pay above-market rates to incentivise cooperation. If the business rationale is weak and cannot be strengthened through additional due diligence, the transaction should not proceed. The reputational, legal, and criminal consequences of a sanctions violation far outweigh any single transaction's profit.
Should we document the business rationale for every transaction?
For every material transaction and every transaction with higher-risk counterparties, yes. For low-value routine transactions with established low-risk customers, formal documentation is not necessary. Define your materiality threshold and risk criteria clearly so staff know which transactions require formal rationale documentation. When in doubt, document - it takes minutes and could save you in an investigation.

Track EU Sanctions DD compliance in one place

AuditFront helps you manage every EU Sanctions DD control, collect evidence, and stay audit-ready.

Start Free Assessment