Sanctions Screening for Digital Assets: OFAC Compliance Guide

Sanctions compliance is the most absolute obligation in the digital asset compliance landscape. Unlike AML requirements, which operate on a risk-based continuum, sanctions law operates as a strict liability regime. Any transaction involving a sanctioned party, sanctioned jurisdiction, or sanctioned blockchain address violates US law regardless of the VASP’s intent or knowledge. The penalties are severe: OFAC civil penalties can reach the greater of $356,579 per violation or twice the transaction value, and willful violations carry criminal penalties of up to $1 million and 20 years imprisonment per violation under the International Emergency Economic Powers Act.

The digital asset industry faces unique sanctions compliance challenges. OFAC has actively designated blockchain addresses on the Specially Designated Nationals (SDN) list, sanctioned entire protocols (Tornado Cash), and imposed comprehensive sanctions programs that affect crypto transactions across multiple blockchains. The intersection of pseudonymous blockchain activity, cross-chain transfers, and rapidly evolving sanctions designations creates a compliance environment that demands real-time screening, sophisticated blockchain analytics, and robust operational procedures.

The OFAC Framework for Digital Assets

Sanctioned Blockchain Addresses

OFAC first added blockchain addresses to the SDN list in November 2018, designating two Bitcoin addresses associated with two Iranian individuals accused of facilitating ransomware payments. Since then, OFAC has designated hundreds of blockchain addresses across Bitcoin, Ethereum, and other blockchains. These addresses are associated with:

• North Korean-linked cybercriminals (Lazarus Group addresses)
• Russian entities and individuals subject to the Russia/Ukraine sanctions program
• Iranian government-affiliated entities
• Ransomware operators (including addresses linked to REvil, Conti, and other groups)
• Darknet market operators
• Tornado Cash smart contract addresses (sanctioned August 2022)
• Narcotics trafficking organizations

Sanctions Programs Affecting Crypto

Comprehensive Sanctions Programs: Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine are subject to comprehensive sanctions that prohibit virtually all transactions with those jurisdictions. VASPs must block transactions from IP addresses in sanctioned countries, screen customer information for connections to sanctioned jurisdictions, and monitor blockchain transactions for exposure to addresses in sanctioned regions.

Sectoral Sanctions: Russia-related sanctions include sectoral restrictions on certain financial services. VASPs must screen Russian customers and transactions against the Sectoral Sanctions Identifications (SSI) List in addition to the SDN list.

Secondary Sanctions: Certain sanctions programs carry secondary sanctions risk, meaning non-US persons who facilitate transactions for sanctioned parties may themselves face sanctions. This affects non-US VASPs that process transactions involving US-sanctioned entities.

OFAC Compliance Guidance for Virtual Currency

OFAC has published specific guidance for the virtual currency industry, most notably the “Sanctions Compliance Guidance for the Virtual Currency Industry” (October 2021). Key requirements include:

1. Sanctions Compliance Program: VASPs should develop a tailored, risk-based sanctions compliance program that includes management commitment, risk assessment, internal controls, testing and auditing, and training.
2. Screening Requirements: Screen all customers, transactions, and counterparties against the SDN list, the SSI List, and other OFAC sanctions lists (the Consolidated Sanctions List).
3. IP Blocking: Implement geofencing to prevent access from sanctioned jurisdictions.
4. Blockchain Screening: Use blockchain analytics tools to screen transactions for exposure to sanctioned addresses, including indirect exposure through intermediary addresses.
5. Recordkeeping: Maintain records of blocked or rejected transactions for a minimum of five years.

Screening Technology and Procedures

Real-Time Transaction Screening

Every transaction processed by a VASP must be screened against sanctions lists and sanctioned blockchain addresses before execution. The screening workflow includes:

Pre-Transaction Screening:

1. Screen the destination address against the SDN list and known sanctioned blockchain addresses
2. Analyze the destination address using blockchain analytics to identify indirect exposure to sanctioned addresses
3. If the address is directly sanctioned: block the transaction immediately, freeze any associated customer funds, and file a blocked transaction report with OFAC within 10 business days
4. If the address has indirect exposure: assess the degree of exposure and apply risk-based decision-making (see risk scoring below)
5. If the address is clear: proceed with the transaction

Post-Transaction Screening:

1. Screen incoming deposits against sanctioned addresses
2. If funds are received from a sanctioned address: quarantine the funds immediately and file a blocked transaction report
3. Conduct periodic re-screening of customer addresses when OFAC updates the SDN list

Customer Screening

In addition to transaction screening, VASPs must screen all customers against sanctions lists:

At Onboarding:

• Screen customer name, aliases, date of birth, and nationality against the SDN list and other OFAC sanctions lists
• Screen against EU sanctions lists, UK sanctions lists, and other relevant jurisdictional lists
• Use fuzzy matching to catch name variations, transliterations, and aliases
• Verify that the customer’s country of residence and citizenship are not subject to comprehensive sanctions

Ongoing:

• Re-screen all customers when OFAC publishes new designations (SDN list updates occur frequently, sometimes multiple times per week)
• Automated re-screening through sanctions screening providers eliminates the manual burden

Blockchain Analytics for Sanctions

Blockchain analytics platforms provide critical sanctions screening capabilities:

Direct Exposure: Identifying transactions where the counterparty address is directly listed on the SDN list. This is the simplest screening scenario and must result in immediate blocking.

Indirect Exposure: Identifying transactions where the counterparty address has received funds from sanctioned addresses, even through multiple intermediate hops. Blockchain analytics platforms assign exposure scores based on the distance (number of hops), the amount of tainted funds, and the proportion of the address’s total activity that involves sanctioned sources.

Cluster Analysis: Grouping addresses that are controlled by the same entity. If one address in a cluster is sanctioned, all addresses in the cluster should be treated as sanctioned for screening purposes.

Cross-Chain Tracing: Tracing funds that move across blockchains through bridges or wrapped tokens. Sanctioned entities may attempt to obfuscate fund flows by moving assets from one blockchain to another.

Risk Scoring for Indirect Exposure

Not every address with some distant connection to a sanctioned address warrants blocking. A risk-based approach requires clear thresholds:

High Risk (Block or Escalate):

• Direct sanctions match: immediate blocking required
• One-hop exposure above 25% of address value from sanctioned sources
• Any exposure to OFAC-designated mixer or protocol addresses (e.g., Tornado Cash)
• Exposure to addresses associated with known North Korean or ransomware campaigns

Medium Risk (Enhanced Review):

• Two-hop exposure with significant volume from sanctioned sources
• Exposure to addresses in sanctioned jurisdictions without direct SDN match
• Pattern of transactions suggesting deliberate sanctions evasion (structuring, layering)

Low Risk (Monitor):

• Distant, minimal indirect exposure (e.g., five+ hops, less than 1% of total address value)
• Exposure through major exchanges or services that have their own sanctions screening
• Isolated small-value transactions with no pattern suggesting intentional sanctions evasion

Document the risk-based approach methodology, review it annually, and ensure it is approved by senior compliance management.

Tornado Cash Compliance Implications

OFAC’s designation of Tornado Cash in August 2022 created unprecedented compliance challenges for the digital asset industry. The designation sanctioned the smart contract addresses themselves – immutable code on the Ethereum blockchain that cannot be modified or removed. Key compliance implications:

1. Direct interaction prohibition: Any transaction that interacts with a designated Tornado Cash smart contract violates OFAC sanctions. VASPs must block deposits and withdrawals involving Tornado Cash addresses.
2. Tainted funds: Funds that have passed through Tornado Cash prior to the designation may or may not be considered tainted depending on the specific facts and circumstances. OFAC has issued some limited licenses for certain interactions.
3. Dusting attacks: Malicious actors have sent small amounts of Tornado Cash-processed ETH to high-profile addresses (including celebrity wallets and corporate treasury addresses) in an attempt to create compliance complications. VASPs should distinguish between solicited and unsolicited interactions with sanctioned addresses in their risk assessment.
4. Ongoing legal challenges: The legal status of the Tornado Cash designation remains subject to litigation. The Fifth Circuit ruled in 2024 that certain aspects of the designation exceeded OFAC’s authority. VASPs should monitor legal developments and adjust their compliance approach accordingly, while erring on the side of caution until the legal landscape is fully resolved.

Blocked Transaction Reporting

When a VASP identifies and blocks a transaction involving a sanctioned party or address:

1. Immediately block or reject the transaction – do not process the transfer under any circumstances
2. Quarantine associated funds – place a hold on the customer’s account pending investigation
3. File a blocked transaction report with OFAC within 10 business days using the OFAC Reporting System (ORS)
4. Include in the report: the name and identifying information of the sanctioned party, the nature and amount of the blocked property, the date of blocking, and the sanctions program under which the blocking occurred
5. Maintain the block until OFAC issues a specific license authorizing release or the designation is removed
6. Annual reporting: OFAC requires annual reports of all blocked property maintained during the year, due by September 30 of the following year

Compliance Program Design

Essential Components

A sanctions compliance program for a digital asset business should include:

1. Management Commitment: Senior management and the Board must be informed of sanctions obligations and provide adequate resources for compliance. A designated sanctions compliance officer should have direct reporting access to senior management.

2. Risk Assessment: Conduct a sanctions risk assessment evaluating the firm’s exposure based on customer base geography, transaction volume by jurisdiction, supported blockchains and assets, and the types of services offered. Update the risk assessment annually or when significant changes occur.

3. Internal Controls:

• Real-time transaction screening against OFAC lists and sanctioned blockchain addresses
• Customer screening at onboarding and on an ongoing basis
• IP geofencing for sanctioned jurisdictions
• Blockchain analytics integration for indirect exposure detection
• Escalation procedures for potential sanctions matches
• Blocked transaction procedures and reporting

4. Testing and Auditing: Conduct annual independent testing of the sanctions compliance program, including testing the effectiveness of screening systems, reviewing blocked transaction reports, and evaluating the firm’s response to OFAC guidance and enforcement actions.

5. Training: All relevant staff must receive sanctions compliance training covering OFAC requirements, the firm’s sanctions screening procedures, escalation protocols, and the consequences of violations. Training should be updated when new sanctions designations or guidance are issued.

Enforcement Trends

OFAC enforcement in the digital asset space has intensified:

• Bittrex (2022): $29.3 million settlement for apparent violations involving transactions with sanctioned jurisdictions. For more context on enforcement actions, see our enforcement action tracker (Crimea, Cuba, Iran, Syria) and sanctioned individuals. OFAC found that Bittrex did not screen customers using available geolocation information and failed to prevent transactions with sanctioned persons.
• BitGo (2023): $98,830 settlement for apparent violations involving 183 transactions with individuals in sanctioned jurisdictions. Even though the transactions were small in aggregate, OFAC pursued enforcement.
• CoinList (2024): Settlement for apparent violations related to allowing transactions from users in sanctioned jurisdictions.

These enforcement actions demonstrate that OFAC actively monitors the digital asset industry and will pursue violations regardless of size. The key lessons: IP geofencing is expected, customer geographic screening is mandatory, and ignorance of a customer’s location is not a defense.

Cost of Sanctions Compliance

For blockchain analytics platforms used in sanctions screening, see the Chainalysis profile and TRM Labs profile. For the SAR filing requirements when sanctions issues are detected, see the SAR guide. For the AML program framework, see the AML program guide. For the enforcement tracker, see the Enforcement Tracker. For official guidance, see OFAC sanctions lists and FinCEN sanctions advisories.