The latest guidance underlines the fact that financial sanctions regulations do not differentiate between cryptoassets and other forms of assets.

In a joint statement from the Office of Financial Sanctions Implementation (OFSI), the Financial Conduct Authority (FCA) and the Bank of England, businesses have been given additional guidance regarding sanctions evasion.

This follows the sweeping sanctions imposed on Russia and Belarus and the fear that attempts may be made to circumvent sanctions using crypto currencies and assets.

As a result, the UK financial regulatory authorities repeated their assertion that all UK financial firms must take every possible precaution to ensure that they comply with sanctions, but this time targeted the crypto sector.

A stark warning to all cryptoasset firms

Placing cryptoassets firmly in their sights, the joint statement declared:

“We are working closely with partners in government and law enforcement both here and abroad, including regulatory authorities, to share intelligence and act to prevent sanctions evasion, including through cryptoassets. We also remain ready to act in the event of sanctions breaches”.

The fears are well grounded as there is evidence that sanctioned individuals and entities have already started to use crypto to hide their assets, causing the global Financial Stability Board to closely scrutinise this potential loophole.

Calls that digital asset companies are simply not up to the task of complying with sanctions have been met with firm denials. While some in the sector have gone on the defensive and rejected out of hand calls to cut off all Russian users.

But the UK financial authorities have underlined the fact that financial sanctions regulations do not differentiate between cryptoassets and other forms of assets.

As a result, the use of cryptoassets to circumvent economic sanctions is equally a criminal offence under the Money Laundering Regulations 2017 and regulations made under the Sanctions and Anti-Money Laundering Act 2018.

The steps cryptoasset firms must take to ensure they comply with their legal obligations

As detailed in the new guidance, the practical steps to reduce the risk of sanctions evasion via crypto currencies or assets include:

  • Updating business-wide and customer risk assessments to account for changes in the nature and type of sanctions measures
  • Ensuring that customer onboarding and due diligence processes identify customers who make use of corporate vehicles to obscure ownership or source of funds
  • Ensuring that customers and their transactions are screened against relevant updated sanctions lists and that effective re-screening is in place to identify activity that may indicate sanctions breaches
  • Identifying activity that is not in line with the customer profile or is otherwise suspicious and ensuring that these are reported quickly to the nominated officer for timely consideration
  • Where blockchain analytics solutions are deployed, ensuring that compliance teams understand how these capabilities can be best used to identify transactions linked to higher risk wallet addresses
  • Engage with public-private partnerships and private-private partnerships to gather insights on the latest typologies and additional controls that might be relevant and share their own best practice examples

The Red Flags that suggest an increased risk of sanctions evasion

Every firm should keep a close watch for red flag indicators that suggest an increased risk of sanctions evasion.

Any Red flag indicator should always be reviewed in context. As what may seem innocent in isolation, when considered alongside other red flag indicators or contextual information, may be indicative of sanctions evasion.

Red Flags may include (but are not limited to) the following:

  • Customers who are resident in or conducting transactions to or from a jurisdiction which is subject to sanctions, or which is on the UK’s High Risk Third Countries list, or jurisdiction identified as posing an increased risk of illicit financial activity
  • Any transactions to or from a wallet address associated with a sanctioned entity, or deemed to be high-risk, based on its transaction history or that of associated addresses, or other factors
  • Transactions involving a cryptoasset exchange or custodian wallet provider known to have poor customer due diligence procedures or which is otherwise deemed high-risk
  • The use of tools designed to obfuscate the location of the customer (such as an IP address associated with a VPN or proxy) or the source of cryptoassets (such as mixers and tumblers)
  • Any other red flag indicators where the aim of the illicit actor is to make an illegal transaction appear legitimate

What to do if suspicious activity is detected

The FCA has written to all registered cryptoasset firms and those holding temporary registration status and delivered the following forewarning.

If any firm has ‘reasonable cause to suspect’ they are in possession, in control of, or dealing with the funds or economic resources of a sanctioned individual, they must adhere to the following: they must freeze them, not deal with them or make them available to the designated person, unless there is an exception in the current legislation or have a license from the OFSI.

The regulators also reminded financial institutions to check the FCA register to identify whether any cryptoasset firms they do business with are registered, or to check the equivalent register of the jurisdiction in which the cryptoasset firm is based.

Both the FCA and the Prudential Regulation Authority (PRA) have stated that they will act if they see authorised financial institutions supporting cryptoasset firms operating in the UK illegally.

Where transactions give rise to concern, firms should report their findings to the UK Financial Intelligence Unit (UKFIU) at the National Crime Agency under the Proceeds of Crime Act 2002. The UKFIU has issued guidance together with a Suspicious Activity Reports (SARs) glossary code to be used when reporting suspicious activity.

Full guidance can be found on OFSI’s website, and any suspicions must be reported immediately to the OFSI by contacting: [email protected]

How to ensure you comply fully with the new guidance on crypto sanctions evasion

The move to evade sanctions via crypto currencies and assets has further highlighted the need to be ever vigilant and plug all customer due diligence gaps.

And vigilance is the watchword, as new innovations are transforming the cryptoasset space, with developments such as decentralised finance (DeFi), non-fungible-tokens (NFTs), stablecoins, and other new facets of the crypto ecosystem. Together they are providing alternative mechanisms for individuals and entities to engage with cryptoassets.

Thankfully, this isn’t the enormous challenge that it may initially present, as the automated technology now exists that will provide you with the ability to comprehensively identify and remediate any gaps.

For the full picture on how best to go about ensuring you comply with Russia sanctions, regardless of the method of evasion, discover the 3 key steps that will go a long way toward protecting your business from punitive fines and damage to its reputation.

3 key steps that will ensure you comply with Russia sanctions [5 minute read] – RiskScreen




Most Popular

The latest in AML & KYC

Subscribe: Weekly AML Round-up

The latest financial crime and compliance content that matters, direct to your inbox.

More from the Blog

Fintechs: Know your AML vulnerabilities!

As regulators increase their scrutiny of fintechs, not only does this raise the risk of regulatory action and punitive fines, it can also lead to reputational damage and even prevent an otherwise promising early-stage business from fulfilling its potential.

At RiskScreen we work with hundreds of companies around the world from a wide range of sectors – both regulated and unregulated.

Any screening technology is only as good as its underlying data. That’s why we work to find the best providers, ensuring you get screening matches you can trust.


The latest news, commentary and events from RiskScreen. For industry insight, visit our AML insight hub, KYC360.

Used by over 30,000 compliance professionals for AML news & analysis. Free CPD wallet.


RiskScreen was founded by experts in financial crime. It’s because of this unrivalled subject matter expertise that companies choose to partner with us.