Maritime Compliance Is Broken. A 1,500-Vessel Shadow Fleet and Fractured Sanctions Regimes Are Making It Worse.

Credit: Marcura (report cover)

Estimated reading time: 10 minutes

A new industry report from maritime technology group Marcura has laid bare the scale of the compliance crisis facing shipping operators globally, finding that diverging sanctions regimes, a shadow fleet exceeding 1,500 vessels, rampant payment fraud, and deeply fragmented verification infrastructure are pushing compliance teams to a breaking point that no single tool or regulation can easily fix.

The 2026 report, titled “The Fragmentation Problem in Maritime Compliance,” draws on survey data from senior maritime leaders and firsthand accounts from operators including Pacific Basin Shipping, Emirates Shipping Line, and Enesel Group. It presents a sector where 82% of professionals say compliance demands are growing, 86% fear undetected risks are slipping through, and the combined cost of onboarding and know-your-customer checks per counterparty has reached between $1,500 and $3,500, a structural drain that scales painfully in fragmented markets such as dry bulk where new counterparties must be onboarded constantly.

The Sanctions Landscape Has Fundamentally Shifted

At the core of the compliance challenge is a sanctions environment that has moved from broadly coordinated to actively divergent. When the United States, United Kingdom, and European Union aligned their measures against Russia following the 2022 invasion of Ukraine, compliance teams built frameworks around a shared risk perimeter. That assumption no longer holds.

The EU is now advancing a 20th package of Russia-focused sanctions, including measures that could effectively end the G7 oil price cap and impose a full ban on maritime services for Russian tankers. The US, meanwhile, has maintained its own priorities, keeping strict liability and secondary sanctions in place while placing growing emphasis on Iran alongside Russia. Venezuela presents yet another variable, with a recent authorisation allowing US companies to buy, sell, transport, and store Venezuelan crude oil suggesting a potential broader easing that could shift trade dynamics without notice.

The practical consequence, as one senior compliance officer at a global commodities trading house explained in the report, is that compliance teams must now decide which regimes they will abide by in addition to their own regulatory authority’s requirements. Trading in US dollars places an organisation under OFAC jurisdiction. Employing EU nationals creates EU obligations, even for firms based in Asia. Compliance exposure is no longer singular. It is layered.

Regulators have also changed what they expect. Enforcement has shifted from reacting to clear violations toward demanding that organisations identify and manage exposure before transactions occur. Authorities are actively pursuing willful blindness cases, holding firms accountable for control gaps that should have detected risk. Ignorance, the report states plainly, is not a defence when risk was discoverable. Periodic or static screening is increasingly insufficient in an industry that moves fast and operates across dozens of jurisdictions simultaneously.

Enforcement no longer stops at the named counterparty either. It extends through ownership and control. A company not appearing on any sanctions list can still be restricted if it is owned or controlled by a designated person. Vessels are frequently held through layered structures and special purpose vehicles, charterers may operate through newly formed entities, and cargo interests can sit behind corporate chains invisible in the contract itself. Screening the named counterparty, the report concludes, is no longer sufficient.

A Shadow Fleet That Reconstitutes Faster Than Regulators Can Act

Running parallel to the enforcement shift is the expansion of the shadow fleet, a constellation of vessels operating outside legitimate insurance, classification, and flag frameworks to move cargo that cannot travel through normal channels.

Figures cited from Clarksons Research put the shadow fleet at 1,578 ships. Analysis by the Center for Strategic and International Studies estimates that Russia’s shadow fleet alone moves approximately 3.7 million barrels of oil per day, representing 65% of Russia’s seaborne oil trade and generating between $87 billion and $100 billion in annual revenue.

In 2025, regulators moved with force. More than 700 vessels were sanctioned across US, EU, and UK actions. Panama removed almost 70 ships from its register. Barbados struck 46. Comoros began purging vessels falsely claiming its flag. Yet the fleet has repeatedly reconstituted. Sovcomflot tankers stripped of Liberian registration reappeared under Gabon’s flag within days. Gambia and Sierra Leone have emerged as new havens. A study by S&P Global in late 2025 found more than 370 vessels flying a false or fraudulent flag, up from 223 at the start of that year.

The risk for legitimate operators is twofold. The regulatory exposure is clear: any brush with the shadow fleet risks cascading consequences through insurance, banking, and counterparty relationships, potentially including exclusion from the US dollar payment system if designated by OFAC, multi-million dollar fines, and asset seizures. The physical risk is less often discussed but equally serious. Over 1,500 poorly maintained vessels operating outside classification and insurance frameworks share the same sea lanes as legitimately operated ships. A collision or incident involving a shadow vessel poses a direct threat to assets a compliant organisation depends on.

Payment Fraud, ESG Pressures, and Corruption Add Further Layers

Sanctions are only one dimension of what the report describes as a converging risk universe. Payment fraud targeting maritime organisations runs three to five times higher than traditional banking when adjusted for transaction volume, according to the report. The structural explanation is straightforward. Shipping combines high-value transactions with decentralised decision-making, limited bank verification infrastructure, and vendor relationships where counterparties frequently change bank details for legitimate operational reasons.

Attacks have evolved well beyond crude phishing. Adversaries now deploy approaches that mimic legitimate vendor communication patterns, timed to align with known vessel schedules. Port agents are identified as particularly vulnerable because most are small operations using free email providers without adequate security infrastructure. A cloned website, the report notes, can be created in seconds using freely available AI tools. Once funds clear, recovery is rare.

Marcura’s own payment infrastructure, through its MarTrust platform, prevented five fraud attempts in 2025 alone, protecting approximately $2.4 million in customer funds. Over nine years, the system has blocked roughly 190 attempted frauds worth $10 million in total.

Environmental, social, and governance obligations are adding another layer. The Hong Kong Convention, which entered force in June 2025, requires every vessel trading internationally to maintain an up-to-date Inventory of Hazardous Materials throughout its operational life. One seven-vessel fleet cited in the report estimated it was spending more than 4,000 hours per year on this administration alone. The IMO’s Net-Zero Framework, approved in principle at MEPC 83 in April 2025, introduces mandatory greenhouse gas fuel intensity targets and a two-tier pricing mechanism. Ships missing the base emissions target face charges of $380 per tonne of CO₂ equivalent. Formal adoption, originally expected in October 2025, has been deferred by one year.

Corruption compounds the picture at the operational level. The Maritime Anti-Corruption Network (MACN), which brings together approximately 230 companies across the maritime value chain, has documented over 70,000 corruption-related reports from more than 1,000 ports across 150 countries. In 2025 alone, the network received 4,347 reports of extortion, often described by perpetrators as gratuities. In Nigeria alone, a case study cited in the report, corruption adds close to 15% to total transport and logistics costs for food and bulk imports, amounting to $147,000 per grain shipment and more than $178,000 per petrol import. The report cites MACN data suggesting that under a zero-tolerance scenario, the cost of corruption to the maritime industry drops by over 62%, saving more than $100,000 per import shipment.

Cecilia Müller Torbrand, CEO of MACN, contributed a forward-looking insight to the report arguing that standardisation alone will not fix maritime compliance. Questionnaires sent, policies uploaded, and boxes ticked demonstrate effort, she wrote, but they do not necessarily change behaviour. Meaningful risk reduction requires dialogue, trust, and engagement with the pressures suppliers face in high-risk markets.

The Fragmentation Problem Is Structural, Not Incidental

What makes all of these challenges worse is that they are being managed in isolation. Organisations typically use several screening platforms simultaneously, sanctions databases, beneficial ownership tools, vessel tracking systems, PEP and adverse media lists. Different platforms routinely return different results on the same counterparty. One clears, another flags amber, a third returns inconclusive. The compliance team becomes the manual integration layer, attempting to construct a coherent risk picture from fragments.

The talent required to do this work is scarce and difficult to retain. Compliance headcount cannot scale proportionally with complexity. Teams spend growing amounts of time proving checks were performed to insurers, banks, and P&I clubs, each demanding evidence in different formats against different standards, rather than focusing on material risk assessment.

Suppliers suffer equally. The same information requests arrive from every customer, each with different questionnaires, different formats, different portals. Questionnaire fatigue sets in. Forms are completed carelessly. Data quality falls. The system demands maximum effort from all parties and delivers minimum collective benefit.

The result, as Bianca Knight, General Manager for Commercial Claims at Pacific Basin Shipping, described it, is that everyone is running their own checks with their own risk matrix, their own risk appetite, and their own interpretations. There is no industry-wide standard for what constitutes acceptable due diligence. Knight noted that a recurring friction point arises when banks delay payments to investigate counterparties that Pacific Basin has already screened and cleared, because the banks operate their own separate processes on parallel timelines.

Mike Gerasymov, Global Head of Corporate Risk at Enesel Group, described building an AI-powered chatbot as a first step toward reducing internal friction in compliance workflows. Staff paste counterparty information directly into the chatbot interface, which validates entity names, flags missing legal suffixes, and structures data into clean lists before passing it for screening. He estimated that 80 to 95% of previously manual compliance work can now be automated at minimal cost. The barriers to full automation, he argued, are human rather than technical: trust, resistance to change, and decisions about which projects to prioritise.

Fieke Nijland, Vice President and Legal Counsel at Emirates Shipping Line, highlighted the time pressure inherent in container operations. A single vessel may carry 5,000 containers. The full identity of the shipper is often only known when cargo is presented at the port, leaving minimal time for due diligence before loading begins. ESL addresses this by working with Marcura to screen bill of lading data, configuring the system to reflect only the sanctions regimes relevant to its trade lanes, and escalating genuine flags to a small team with authority to make compliance decisions.

Shared Infrastructure as the Path Forward

The report’s central argument is that the industry cannot screen its way out of a structural fragmentation problem by adding more tools. What is required is a shift from parallel, isolated verification toward shared compliance infrastructure, where counterparties are verified once and that verification is recognised across the ecosystem.

Marcura describes this vision under the label of Unified Compliance, built around a Maritime Entity Record Number that links entities, ownership structures, and transaction history across platforms. The model envisions a compliance passport that travels with a counterparty, allowing verification performed in one context to be recognised by participating organisations without requiring each to repeat the full process independently.

The economic logic is clear even before the technology is fully mature. Every organisation maintaining parallel verification infrastructure, vetting the same counterparties dozens of times, is bearing the full cost alone while learning nothing from what others have already discovered. When one organisation identifies a compromised supplier or a fraudulent payment pattern, that intelligence stays locked inside its walls. The next organisation encounters the same threat and falls for it.

Industry bodies have made progress in targeted areas. MACN coordinates anti-corruption efforts. Classification societies maintain vessel standards. P&I clubs share claims data within their membership. Commercial counterparty screening, however, remains almost entirely siloed. The data to change this, the report argues, already exists scattered across thousands of transactions, port calls, and payments processed every day. The question is whether the industry can aggregate it into shared infrastructure that benefits everyone who contributes to it.

The direction, according to Marcura, is set: from fragmented verification toward connected assurance, from duplicated effort toward collective intelligence, and from compliance as a bottleneck toward compliance as design.

Breakbulk.News publishes editorial content, including news, features and press releases supplied by third‑party companies, institutions and PR agencies. Third parties who submit material to us are solely responsible for ensuring that all text, images, logos and other content they provide are accurate and that they hold all necessary rights, licences and permissions for news use. By submitting content to Breakbulk.News, contributors represent and warrant that their material does not infringe the rights (including copyright and related rights) of any third party and agree to indemnify Breakbulk.News in respect of any claims arising from their submissions. If you believe any content on our site infringes your rights, please contact us at [email protected] with full details and we will investigate promptly..

×