Close Protection in Russia: Risk Landscape and Operating Constraints

Russia presents a categorically different operating environment to most other markets where close protection is deployed. Since February 2022, the risk calculus for foreign nationals and for the Western firms that might support them has shifted in ways that make standard CP protocols inadequate without specific adaptation. This article sets out the current threat landscape, the constraints on Western operators, and the duty of care obligations for organisations that still have personnel or interests in Russia.

The Baseline Advisory Position

The UK Foreign, Commonwealth and Development Office advises against all travel to Russia (FCDO Russia Travel Advice, April 2026). The US State Department has maintained a Level 4: Do Not Travel advisory since early 2022. The Australian Department of Foreign Affairs and Trade, along with most EU member state foreign ministries, has issued equivalent warnings. These are the most serious advisory categories in each system.

The primary stated reasons include the risk of arbitrary detention, broadly drafted laws that can criminalise ordinary behaviour including discussing the conflict in Ukraine, the suspension of direct flights between Russia and most Western countries, and the reduced capacity of foreign embassies to provide consular assistance. The British Embassy in Moscow operates with significantly reduced staffing. The US Embassy ceased routine consular services for US citizens in 2022.

For security planning purposes, the advisory position defines the starting point for any duty of care analysis. Any organisation sending personnel to Russia against this advice takes on substantial liability. Legal advice from specialist travel risk counsel is essential before any deployment decision is finalised.

What Changed in February 2022

Prior to 2022, Russia was a manageable high-risk environment. Moscow and St Petersburg supported active CP deployments for senior executives in the energy sector, mining, and financial services. Western risk management firms maintained in-country offices. Trained CP operatives with appropriate credentials operated routinely.

Following the invasion of Ukraine, most Western risk and security firms closed their Russia operations. Those that remained faced immediate sanctions exposure under OFSI (UK) and OFAC (US) frameworks, as well as Russian counter-sanctions legislation that created legal risk for companies continuing to operate. International banking restrictions meant that payments for in-country services became legally and practically difficult. Several major insurers withdrew Russia cover entirely.

The departure of Western firms left a gap. What remained were Russian-licensed private security companies, operating under the regulatory oversight of the Interior Ministry and, in practice, subject to FSB monitoring.

The FSB and State Security Apparatus

Russia’s security architecture is layered and overlapping. The Federal Security Service (FSB) is the primary domestic intelligence and counterintelligence agency, with broad authority to monitor communications, investigate foreign nationals, and detain persons of interest. The Federal Protective Service (FSO) provides protection for senior state officials. Rosgvardiya (the National Guard) oversees private security licensing.

For foreign executives, the relevant concern is FSB monitoring authority. Unlike most Western jurisdictions, FSB access to communications and private data does not require a court order in most circumstances. Under SORM, the surveillance infrastructure legally obliges all telecommunications providers to give the FSB unrestricted access to traffic. This covers voice calls, emails, messaging applications, and metadata.

End-to-end encrypted applications provide some protection against passive interception but cannot be considered fully secure against a state-level adversary with access to the device endpoint. Any device brought into Russia should be treated as potentially compromised. Clean device protocol – purpose-bought devices, no personal accounts, no sensitive corporate data, factory reset on departure – is the minimum standard. The guide to executive digital security for international travel sets out the full clean device framework.

ChOPs: The Trust Problem at the Heart of Russian CP

Russian private security companies (chastnye okhrannye predpriyatiya) operate under licences issued by Rosgvardiya. Their activities are governed by the Law on Private Detective and Security Activity in the Russian Federation. As legal entities operating in Russia, they are subject to requests from law enforcement and intelligence services. They cannot legally refuse to cooperate with FSB requests.

This creates a fundamental trust problem. A CP team operating under a ChOP licence owes legal obligations to Russian state authorities that take precedence over obligations to a foreign principal. In practice, this means a CP operative sourced through a Russian licensed company may be required to report on their principal’s movements, contacts, and communications. This is not a theoretical risk – it is a structural feature of the legal framework.

For organisations considering in-country security support in Russia, this constraint must be central to planning. The protective relationship that close protection is designed to create is compromised at its foundation when the CP provider operates under legal obligations that run to a potentially adversarial state.

Physical Security Risks: The Current Picture

Criminal violence in Moscow and St Petersburg is not the primary concern for most Western executives. Violent crime rates in Russian cities, while higher than Western European comparators, are not in the range seen in Lagos, Karachi, or Bogota. The KFR risk that drives CP deployments in much of Latin America and West Africa is relatively low in Russian major cities.

The dominant physical risk for Western nationals is state-directed. Since 2022, several Western citizens have been detained in Russia on charges that independent observers widely regard as pretextual. Evan Gershkovich, the Wall Street Journal journalist detained in March 2023 on espionage charges and released in August 2024 as part of a prisoner exchange, is the highest-profile recent case. Paul Whelan, detained in 2018 and released in the same 2024 exchange, had been held for six years. Several other Western nationals with lower public profiles have been detained and remain in custody.

Detention risk is not confined to journalists or those engaged in sensitive commercial activity. Individuals discussing the war in Ukraine, possessing materials deemed to discredit the Russian armed forces, or engaging with organisations Russia has designated as undesirable can face criminal exposure under laws carrying substantial custodial sentences (OSAC Russia Country Security Report 2024).

Sanctions Compliance for Western Organisations

Any Western organisation deploying security personnel to Russia or contracting with Russian security providers needs a full sanctions screening exercise before proceeding. OFAC (US), OFSI (UK), and EU Consolidated List sanctions cover a wide range of Russian entities including financial institutions, energy companies, and individuals connected to state security services.

Paying a Russian security company that has ownership ties to a designated entity – even if the company itself is not directly named – can create secondary sanctions exposure. The due diligence burden sits with the organisation engaging the services. Control Risks and other specialist firms offer Russia-specific sanctions screening as a standalone service (OFSI Financial Sanctions Guidance, HM Treasury, 2024; OFAC Russia-related Sanctions, US Treasury, 2025).

The UK Bribery Act 2010 applies extraterritorially to UK-incorporated organisations and their employees operating globally. Relying on facilitators in Russia who operate in legally opaque ways creates bribery risk that extends to corporate officers personally.

Duty of Care for Organisations with Remaining Russia Exposure

Some organisations cannot fully disengage from Russia. They may have Russian national employees, ongoing legal proceedings, remaining asset positions, or contractual obligations under Russian law. For these organisations, duty of care obligations do not disappear because the operating environment is severe – if anything, they intensify.

ISO 31030:2021 Travel Risk Management provides the standard framework. For Russia specifically, this means: maintaining current risk assessments reviewed at least monthly given how rapidly the situation can change; ensuring all in-country personnel are registered with their embassy where possible; having a clear detention response protocol covering which law firm to call, which crisis management service to engage, and how to communicate with an employee who has been detained and cannot communicate directly; and having a clear escalation path that does not depend on the detained person triggering it.

FCDO LOCATE registration remains active for Russia even under the all-travel advisory. Registration costs nothing and ensures the embassy has contact details if a consular situation arises. The country evacuation planning guide covers extraction and crisis response protocol design in detail.

Political Risk and the Intelligence Picture

Russia’s political environment is not static. Internal power dynamics, particularly around the siloviki (security services-connected elite), create unpredictable shifts in who is exposed to state targeting. Executives with commercial exposure to Russia should monitor Control Risks RiskMap 2025, Oxford Analytica, and ACLED for regime stability indicators and any shifts in enforcement priority.

The political risk guide for corporate travellers covers the broader framework for monitoring state-directed risk, including the distinction between general security risk and targeted political risk that Russia specifically exemplifies.

When Close Protection Is Still Deployed

Despite the constraints, there are circumstances where CP continues to operate in Russia: accredited journalists maintaining bureaus with the understanding that their Russian CP team operates under the structural constraints described above; legal teams involved in arbitration or asset recovery proceedings under Russian court supervision; individuals with compelling personal circumstances such as family emergencies; and diplomatic support functions for non-Western-aligned organisations.

In these cases, CP provision is typically structured around non-Russian nationals from countries with more normalised relations with Russia, or Russian nationals whose background and motivations have been independently assessed to the greatest extent possible. No arrangement eliminates the structural risks described here. The most valuable security service for most Russia-exposed organisations is not in-country CP but remote support: intelligence monitoring, communications security consulting, crisis protocol design, and detention response planning delivered from outside Russia by Western firms without the legal and operational complications of in-country deployment.

For the security environment in Russia’s post-Soviet neighbours – Kazakhstan, Uzbekistan, Tajikistan, Kyrgyzstan, and Turkmenistan – where similar authoritarian surveillance, legal risk categories, and licensing constraints apply, see our close protection in Central Asia guide. For the South Caucasus states – Georgia, Armenia, and Azerbaijan – where Russian influence intersects with Western and Turkish interests and where the aftermath of the 2020 and 2023 Nagorno-Karabakh conflicts continues to shape the security environment, see our close protection in the Caucasus guide.

Sources

FCDO Russia Travel Advice, April 2026. US State Department Russia Travel Advisory Level 4, 2025. OSAC Russia Country Security Report 2024. Control Risks RiskMap 2025. Human Rights Watch World Report 2025, Russia chapter. OFSI Financial Sanctions Guidance, HM Treasury, 2024. OFAC Russia-related Sanctions, US Treasury, 2025. ISO 31030:2021 Travel Risk Management.