Sanctions screening and compliance controls for crypto assets
Reading time: 3 mins

Sanctions screening and compliance controls for crypto assets

Ami  Abraham

Ami Abraham

Senior product manager

Virtual currencies have started to play a prominent role in the global economy. In 2022, there were around 10,000 cryptocurrencies and over 84 million crypto wallet holders around the world. On a typical day in November 2022, there were over 10 million daily transactions involving virtual currencies. And when a crypto transaction takes just minutes as opposed to a wire transfer which can take days, the appeal of speedy digital currency transactions around the world remains clear.

Cryptocurrency regulation and fraud prevention

As the popularity of virtual currency as a payment method has grown, however, so too have concerns that crypto transactions may be used for sanctions evasion and money laundering. Calls for tighter regulation of the trade in virtual assets have increased across global markets. As governments move to extend controls and scrutiny over virtual currencies, crypto exchanges will need to demonstrate more responsibility for managing risks and greater openness to scrutiny in their trading operations.

In June 2022, plans were announced to extend the EU’s legal framework for cryptocurrencies in its Markets in Cryptoassets (MiCA) regulation, part of the EU’s latest anti-money laundering package. Existing travel rules, where payer and payee identity data must ‘travel’ with the transaction and be stored by both sides, will now also cover crypto-to-crypto transfers, preventing anonymous crypto transactions and mitigating concerns as to the ease with which virtual assets may be used for sanctions evasion and money laundering.

In the USA, rather than regulating cryptocurrencies themselves, the U.S. authorities are beginning to clamp down on crypto-related money laundering and tighten up on sanctions enforcement. In August 2022, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the virtual currency mixer Tornado Cash for failing to impose effective controls to stop funds from being laundered by malicious cyber actors.

Money laundering in the mix

Coin mixers are designed to anonymize crypto transactions. Ethereum coin mixing service, Tornado Cash has ‘mixed’ more than $7bn in virtual currency since it began operating in 2019, much of it for money laundering purposes.  

Of that sum, reports suggest, $455m was stolen by the North Korean Lazarus Group, sanctioned by the U.S. for cybercrimes in 2019, and $96m was laundered from the Horizon Bridge heist, also by North Korean hackers.  

What are sanctions?

Government sanctions prohibit or restrict commercial activity and financial transactions with another country, entity, or individual. They can also include travel bans, asset freezes, arms embargoes, and trade restrictions.

“Even in those markets where virtual currencies remain unregulated, any crypto transactions involving a sanctioned person or entities must be blocked.”


Primary sanctions require compliance from all persons and entities within the issuing country. Secondary sanctions aim to prevent third parties from trading with countries or companies that are subject to sanctions issued by another country.  For example, following the invasion of Ukraine in 2022, Russia became one of the world’s most sanctioned countries, with embargoes imposed by the United States, the United Kingdom, the European Union, Canada, Japan, Switzerland, and Australia. Any country, entity, or individual breaking these sanctions may face severe penalties.

There are many global watchlists for sanctions, but the most common are published by OFAC (United States), OSFI (Canada), the EU, HM Treasury (UK) and the United Nations.   

KYC for crypto-asset service providers

When the European Union’s MiCA regulation comes into force in 2024-25, crypto-asset service providers (CASPs), like exchanges and wallets, will need to verify customer identities for crypto transfers between two regulated digital wallet providers and run know your customer (KYC) checks for payments from exchanges to unhosted private wallets for transfers exceeding €1,000. Effectively ending anonymous crypto trades.

However, even in those markets where virtual currencies remain unregulated, any crypto transactions involving a sanctioned person or entity must be blocked.

Sanctions screening for crypto customers

Information on individuals (name, date of birth, physical address etc.) and entities (the type of business, beneficial owners etc.), which regulated businesses are required to collect as part of customer due diligence (CDD), can also be useful for any crypto-asset service provider in mitigating sanctions-related risks and avoiding sanction-busting penalties.

“Customer due diligence can also be useful for any crypto-asset service provider in mitigating sanctions-related risks and avoiding sanction-busting penalties.”


Automated KYC compliance solutions can rapidly screen prospects against global sanctions and PEPs (Politically Exposed Persons) lists to identify high-risk individuals and businesses engaging in illegal activities.  Extended due diligence (EDD) should be conducted by all regulated businesses on customers from high-risk industries and countries. Identity and transaction history checks will flag connections to sanctioned jurisdictions, individuals or entities, and help to inform a decision to do business with this customer.

Cost of crypto sanctions violations

In 2022, OFAC and the U.S. Financial Crime Enforcement Network (FinCEN) fined two virtual currency exchanges over $53 million for sanctions violations.

Payward Inc. failed to implement IP geolocation blocking on their digital currency exchange, Kraken, permitting transactions from persons in U.S.-sanctioned Iran.  Meanwhile,  despite collecting addresses and IP addresses from its customers, Bittrex failed to block trades from sanctioned jurisdictions, including, Cuba, Iran, Sudan, and Syria. It paid a big price.


Even for digital currencies, pinpointing geolocation is essential to avoid sanctions violations.    

Virtual currency service providers are well advised to install IP geolocation and IP address blocking on their platforms. These tools help to identify and bar sanctioned jurisdictions at customer onboarding or at the time of the transaction, preventing persons or entities in the wrong places from conducting transactions on your platform and mitigating the risk of fines for failure to comply with sanctions on financial transactions.

Virtual currency exchanges operating around the world need to know their customers and where they are located, whether they are regulated or not. Any virtual currency firms that fail to implement effective sanctions compliance controls will be held accountable.


“Virtual currency exchanges operating around the world need to know their customers and where they are located, whether they are regulated or not.”


Taking action to mitigate risk  

Around the world, whether governments are regulating cryptocurrencies or clamping down on crypto-related money laundering, it’s safe to predict that increased scrutiny of virtual currencies will continue. State agencies increasingly expect crypto companies to take proactive measures to screen and block users and transactions that are prohibited by ongoing sanctions.  Enforcement actions against platforms that fail to prevent transactions with sanctioned jurisdictions, entities, or individuals will surely increase.

Virtual currency service providers should audit their platforms for potential exposure to sanctions violations and, if necessary, implement new sanctions compliance controls to mitigate risk, blocking bad actors and illicit activities. These actions may include:

  • Conducting ongoing team training for sanctions compliance
  • Hiring additional team members for sanction monitoring
  • Screening users against all major sanctions and PEPs watchlists
  • Running geolocation checks to restrict sanctioned jurisdictions
  • Running keyword checks to identify sanctioned jurisdiction’s cities and regions
  • Periodically rescreening all users


Trust-building solutions for virtual currencies

Our solutions are designed to ensure your business knows exactly who you are permitting to transact on your currency platform, screening for sanctions and preventing fraud.

Sanctions screening

Our sanctions and PEPs (Politically Exposed Persons) screening solutions run at customer onboarding and, or at the time of transaction. Sanctions screening runs checks on your prospective customer’s name, address, date of birth, email address, and virtual currency address(es) against enabled sanctions and PEPs watchlists.

Lists include OFAC (United States), the European Union, HM Treasury (UK) and many others from around the world. All lists are updated daily which allows our solutions to rescreen at regular intervals for ongoing monitoring and risk mitigation.

Geolocation solutions

Our geolocation solutions detect IP addresses and geolocation at customer onboarding and, or at the time of transaction. These solutions can help track and block activity from high-risk and sanctioned jurisdictions, even when a user attempts to hide their true location with a proxy, tor browser or other masking technologies.

Virtual currency risk assessment

Virtual currency risk assessment (VCRA) assesses the risk of virtual currency transactions and associated virtual currency addresses recorded in a public blockchain.

The assessment tracks and profiles hundreds of good addresses, including regulated global currency exchanges and providers, as well as flagging bad addresses, such as tumblers, ransomware, known money laundering and criminal addresses.


Sign up for more expert insight

Hear from us when we launch new research, guides and reports.