Sanctions Screening and Compliance | AML, KYC & Compliance | XRP Academy - XRP Academy
XRPAcademy
Course Progress0/15
3 free lessons remaining this month

Free preview access resets monthly

Upgrade for Unlimited
Skip to main content
intermediate50 min

Sanctions Screening and Compliance

Learning Objectives

Explain the major sanctions programs including OFAC, EU, UN, and UK sanctions, and understand their jurisdictional reach

Identify who and what gets sanctioned including countries, individuals, entities, vessels, and cryptocurrency addresses

Describe sanctions screening methodology including name matching algorithms, list management, and false positive resolution

Analyze crypto-specific sanctions challenges including wallet address screening, indirect exposure, and documented enforcement cases

Evaluate sanctions compliance program requirements and understand the consequences of violations

On August 8, 2022, the U.S. Treasury's Office of Foreign Assets Control (OFAC) did something unprecedented: it sanctioned a smart contract. Tornado Cash, an Ethereum mixing service, was added to the Specially Designated Nationals (SDN) list, effectively making it illegal for any U.S. person to interact with the protocol's smart contract addresses.

  • USDC frozen in the contract ($75,000)
  • GitHub account suspended
  • Developer arrested in Netherlands
  • Every exchange scrambling to screen for Tornado Cash exposure
  • Legal challenges launched (ongoing)

This wasn't the first crypto sanctions action, and it won't be the last. But it illustrated a crucial point: sanctions compliance is not optional, and the definition of what can be sanctioned keeps expanding.

  • **HSBC:** $1.9 billion settlement (2012)
  • **BNP Paribas:** $8.9 billion penalty (2014)
  • **Standard Chartered:** $1.1 billion combined settlements
  • **ING:** $619 million (2012)

Criminal charges can apply to individuals who willfully violate sanctions.

Why this matters for XRP investors:

  1. Exchange sanctions compliance is essential. An exchange that fails sanctions screening faces regulatory action, banking loss, and potential closure.

  2. Your transactions are screened. Every withdrawal, deposit, and trade passes through sanctions checks.

  3. Indirect exposure creates risk. Receiving funds that passed through sanctioned addresses can freeze your account.

  4. ODL corridors require sanctions-clean endpoints. Institutional participants cannot operate through sanctioned jurisdictions.

Let's examine how this system works.

The Office of Foreign Assets Control administers the most consequential sanctions program globally:

OFAC SANCTIONS OVERVIEW

Administering agency: U.S. Treasury Department
Authority: International Emergency Economic Powers Act (IEEPA),
Trading with the Enemy Act (TWEA), others

  1. Specially Designated Nationals (SDN) List
  1. Sectoral Sanctions Identifications (SSI) List
  1. Foreign Sanctions Evaders (FSE) List
  1. Non-SDN Menu-Based Sanctions (NS-MBS)
  • Comprehensive: North Korea, Iran, Cuba, Syria, Crimea
  • Targeted: Russia, Venezuela, Myanmar, others
  • Various levels of restriction
  • U.S. persons anywhere in world
  • Non-U.S. persons transacting in USD
  • Non-U.S. persons using U.S. financial system
  • Secondary sanctions on non-U.S. persons dealing with SDNs
EUROPEAN UNION SANCTIONS

Legal basis: Common Foreign and Security Policy (CFSP)
Council Regulations directly applicable

  • Applies to all EU member states
  • EU persons and entities worldwide
  • Transactions within EU regardless of persons involved
  • Assets of designated persons within EU
  • All persons, entities, groups subject to financial sanctions
  • Updated regularly by Council
  • Implemented uniformly across members
  • Russia/Ukraine (expanded significantly post-2022)
  • Iran
  • North Korea
  • Syria
  • Various terrorism designations
  • Belarus
  • May differ from OFAC designations
  • Compliance required separately
  • No extraterritorial secondary sanctions (unlike OFAC)
  • But transactions with EU nexus require compliance
UNITED NATIONS SANCTIONS

Authority: UN Security Council (Chapter VII)
Binding on all UN member states

  • Minimum standard for member states
  • Often implemented through regional/national law
  • Typically most limited scope
  • But universally applicable
  • DPRK (North Korea) - comprehensive
  • Iran (nuclear-related)
  • Various terrorism designations
  • Country-specific (Mali, Central African Republic, etc.)
  • Individuals and entities
  • Maintained by Security Council committees
  • National implementation varies
  • North Korea sanctions directly relevant
  • Documented DPRK use of crypto for sanctions evasion
  • UN reports cite crypto in sanctions circumvention
OTHER SANCTIONS PROGRAMS
  • Post-Brexit separate regime
  • Office of Financial Sanctions Implementation (OFSI)
  • UK Sanctions List
  • Close alignment with EU/US but independent
  • Special Economic Measures Act (SEMA)
  • Justice for Victims of Corrupt Foreign Officials Act
  • Autonomous but often coordinated
  • Generally follows UN/EU
  • Implements through ordinances
  • Important for banking/crypto
  • Monetary Authority of Singapore (MAS) administers
  • Generally follows UN
  • Important for Asia-Pacific crypto
  • Ministry of Finance administers
  • Important for XRP given SBI relationship
  • Follows UN, often coordinates with allies
WHO/WHAT CAN BE SANCTIONED
  • Government officials of sanctioned regimes
  • Oligarchs associated with regimes
  • Terrorists and terrorist supporters
  • Drug traffickers (Kingpin Act)
  • Human rights abusers
  • Cyber actors (hackers)
  • Sanctions evaders
  • Government agencies of sanctioned countries
  • State-owned enterprises
  • Companies supporting designated individuals
  • Front companies
  • Terrorist organizations
  • Criminal organizations
  • Comprehensive sanctions (entire country)
  • Sectoral sanctions (specific industries)
  • Geographic regions (Crimea)
  • Vessels (ships)
  • Aircraft
  • Real estate
  • Bank accounts
  • Cryptocurrency wallet addresses
  • Smart contracts
  • Associated infrastructure

OFAC has specifically designated crypto addresses:

CRYPTO-SPECIFIC OFAC DESIGNATIONS

- Two Iranian individuals
- Bitcoin addresses listed on SDN
- Precedent: Crypto addresses can be sanctioned

- Russian malicious cyber actors
- North Korean Lazarus Group
- Various ransomware operators
- Tornado Cash (August 2022)
- Sinbad mixer (November 2023)
- Crypto exchanges (Garantex, SUEX)

- 100+ cryptocurrency addresses
- Multiple blockchains (BTC, ETH, others)
- Mixing services
- Specific wallets of designated persons

- Transactions with listed addresses prohibited
- Exchanges must screen addresses against SDN list
- Users cannot send to/receive from listed addresses
- Violation = sanctions violation

WHY PARTIES GET SANCTIONED
  • Weapons proliferation
  • Terrorism support
  • Hostile cyber activity
  • Election interference
  • Gross human rights violations
  • Corruption enabling
  • Authoritarian support
  • Sanctions evasion facilitation
  • Money laundering for designated parties
  • Providing material support
  • Ransomware payment facilitation
  • Mixing services used by sanctioned actors
  • Exchange facilitating sanctions evasion
  • Hacking for sanctioned governments
NAME MATCHING CHALLENGES

The problem:
"John Smith" appears on sanctions list
You have customer "Jon Smyth"
Is this a match?

  1. Exact match: Must be identical
  1. Fuzzy match: Similarity scoring
  1. Token matching: Word-by-word
  • Common names
  • Transliteration variations (Arabic, Cyrillic)
  • Name order differences (given/surname)
  • Business name similarities
  • Spelling variations
  • "Mohammed" has 30+ spelling variations
  • Chinese names: Order varies by context
  • Russian names: Multiple transliterations
  • "International Trading Company" matches many businesses
SANCTIONS SCREENING WORKFLOW
  1. List Management
  1. Transaction Screening
  1. Matching Engine
  1. Hit Handling
  1. False Positive Resolution
  1. True Positive Handling
  1. Record Retention
THE FALSE POSITIVE BURDEN
  • Common names generate many hits
  • "Mohammed Al-" matches hundreds of designees
  • "Industrial Trading Company" matches many entities
  • Major banks: Millions of false positive alerts annually
  1. Compare all available data points:
  1. Gather additional information if needed:
  1. Make determination:
  1. Quality control:
  • Why each alert was cleared
  • What information was compared
  • Who made determination
  • Date and time
CRYPTOCURRENCY ADDRESS SCREENING
  • Deposit addresses (incoming funds)
  • Withdrawal addresses (where customer sends)
  • Counterparty addresses in trades
  • Internal addresses on same chain
  • Specific addresses on SDN list
  • Must screen against these
  • Direct transaction = violation
  1. Maintain database of sanctioned addresses
  2. Screen every transaction address
  3. Exact match required (addresses are precise)
  4. Updates required as new addresses designated
  • Blockchain analytics providers include sanctions screening
  • Chainalysis KYT screens against OFAC list
  • Elliptic, TRM similar functionality
  • Exchange-built solutions also exist
INDIRECT SANCTIONS EXPOSURE

The problem:
Customer receives 1 BTC
That BTC passed through Tornado Cash
Or originated from sanctioned address 3 hops ago

  • Is customer now "dealing with" sanctioned property?
  • Must exchange reject these funds?
  • How many hops matter?
  • Direct transactions clearly prohibited
  • Indirect exposure: Risk-based approach
  • No clear "safe harbor" for specific hop count
  • Willfulness matters for penalties
  • Block direct transactions with sanctioned addresses
  • Flag high-risk indirect exposure (1-2 hops)
  • Enhanced review for indirect exposure
  • Risk-based decision (not automatic block)
  • Difficult to trace all history
  • "Tainted" coins spread widely
  • Legitimate users unknowingly receive
  • False positive rate extremely high for indirect
  • Direct exposure: Block
  • Material indirect exposure (recent, high %): Flag for review
  • De minimis indirect exposure: Often cleared with documentation
MIXING SERVICES AND SANCTIONS
  • Tornado Cash (OFAC designated August 2022)
  • Sinbad (OFAC designated November 2023)
  • Blender.io (OFAC designated May 2022)
  • Used by sanctioned actors (North Korea, etc.)
  • Material support to sanctions evasion
  • Facilitated laundering of stolen funds
  • Interaction with these services = sanctions violation
  • Receiving funds that passed through = risk
  • Must screen for mixer interaction
  • Blockchain analytics identify mixer transactions
  • Pattern recognition for mixing behavior
  • Attribution of mixer addresses
  • Flagging of mixer-exposed funds
  • Not all mixers sanctioned
  • But mixer interaction is AML red flag
  • Enhanced due diligence appropriate
  • May trigger SAR regardless
ENFORCEMENT ACTIONS IN CRYPTO
  • $98,830 settlement with OFAC
  • Allowed persons in sanctioned jurisdictions to use platform
  • Geographic screening failures
  • Lesson: Geographic controls essential
  • $362,158.70 settlement
  • Processed transactions for users in Iran
  • Failed to maintain effective compliance
  • Lesson: Controls must actually work
  • Settled potential violations
  • Related to user in sanctioned regions
  • Details limited but confirms enforcement active
  • Developers arrested
  • Criminal charges for sanctions facilitation
  • Legal challenges to designation ongoing
  • Constitutional questions raised
  • Russia-based exchange
  • First exchange to be fully designated
  • Facilitated ransomware payments
  • Complete prohibition on interaction
  • Russia-based exchange
  • Designated for sanctions evasion
  • Continued operating despite designation
  • Exchanges must refuse Garantex funds
OFAC COMPLIANCE PROGRAM FRAMEWORK

OFAC's Five Essential Components:

  1. Management Commitment

  2. Risk Assessment

  3. Internal Controls

  4. Testing and Auditing

  5. Training

SANCTIONS VIOLATION HANDLING
  • Internal detection
  • Customer complaint
  • Regulatory inquiry
  • Third-party notification
  • Stop the transaction (if possible)
  • Preserve records
  • Engage legal counsel
  • Assess scope
  • OFAC: File blocking report within 10 days
  • Other jurisdictions: Varies
  • May need to self-disclose violation
  • Willfulness vs. negligence
  • Compliance program quality
  • Self-disclosure
  • Cooperation
  • Remediation
  • Size and sophistication of entity
  • Civil penalties: Up to ~$350,000+ per violation
  • Criminal penalties: Up to $1 million and 20 years per violation
  • Statutory maximum for many programs
  • But most settlements are negotiated
  • Most cases resolve through settlement
  • Compliance commitments
  • Monetary penalty
  • Sometimes no admission of liability
WHAT HAPPENS TO NON-COMPLIANT BUSINESSES
  • OFAC enforcement action
  • Fines/penalties
  • Required compliance improvements
  • Ongoing monitoring
  • Banks may terminate relationship
  • Payment processor restrictions
  • Unable to operate fiat on/off ramps
  • Effective business death for exchange
  • Public enforcement action
  • Customer loss
  • Partner abandonment
  • Difficulty hiring
  • Individual criminal liability
  • Potential imprisonment
  • Career destruction
  • Multiple banks paid billion-dollar settlements
  • Individuals imprisoned for willful violations
  • Crypto exchanges shut down
  • Mixing service operators arrested
PERSONAL SANCTIONS COMPLIANCE
  • Cannot transact with sanctioned persons/entities
  • Cannot send to sanctioned addresses
  • Cannot use sanctioned services
  • Applies if you're a U.S. person (anywhere)
  • Applies if using U.S. financial system
  1. Know if you're sending to sanctioned address
  1. Avoid sanctioned services
  1. Know your counterparties
  1. Be wary of unknown incoming funds
  • Consult legal counsel
  • Consider voluntary disclosure
  • Document circumstances
  • Don't compound by further transactions
EXCHANGE SANCTIONS COMPLIANCE INDICATORS

Strong indicators:
✓ Clear sanctions policy published
✓ Geographic restrictions enforced
✓ Blockchain analytics integration
✓ Address screening confirmed
✓ No history of sanctions violations
✓ Major jurisdiction licenses (shows compliance)

Weak indicators:
✗ No published sanctions policy
✗ Serves users in sanctioned jurisdictions
✗ No apparent geographic controls
✗ History of sanctions issues
✗ Unclear about screening practices
✗ No major jurisdiction licenses

  • Does the exchange block sanctioned countries?
  • Do they screen wallet addresses?
  • How do they handle indirect exposure?
  • What blockchain analytics do they use?
  • Any history of sanctions violations?
  • Exchange with sanctions issues may face shutdown
  • Your funds at risk if exchange is designated
  • Banking relationships at risk
  • Regulatory action risk
ODL CORRIDOR SANCTIONS CONSIDERATIONS
  • Neither corridor endpoint in sanctioned jurisdiction
  • Partners at both ends sanctions-compliant
  • Transaction counterparties screened
  • Ongoing monitoring in place
  • No ODL to Iran, North Korea, Cuba, Syria, Crimea
  • Russian corridors essentially impossible
  • Venezuela corridors restricted
  • These markets excluded from XRP utility value
  • Banks/FIs at both ends must be compliant
  • Any sanctions exposure = corridor failure
  • Ripple's partners vetted for compliance
  • Ongoing monitoring required
  • Sanctioned markets not part of ODL TAM
  • Compliance burden is real but manageable
  • Sanctions screening is standard practice
  • XRP's institutional focus = compliance investment

Sanctions violations have severe consequences. Multi-billion dollar settlements at major banks. Criminal charges for individuals. Business closure for crypto companies. The penalties are real and significant.

OFAC has established precedent for crypto-specific sanctions. Wallet addresses on SDN list. Mixing services designated. Exchanges fully sanctioned. The legal framework now explicitly covers crypto.

Screening technology exists and works. Blockchain analytics providers offer sanctions screening. Address matching is precise (unlike name matching). Integration into compliance programs is standard.

Geographic restrictions are enforced. Exchanges block users from sanctioned jurisdictions. IP screening, identity verification used. Not perfect but meaningful barrier.

⚠️ Indirect exposure standards. How many "hops" from a sanctioned address create liability? OFAC hasn't provided clear guidance. Industry approaches vary.

⚠️ Smart contract designation legality. Tornado Cash designation legally challenged. Can code be sanctioned? Constitutional questions unresolved.

⚠️ Future designation targets. Will more protocols be designated? Privacy coins? DEXs? Trajectory unclear.

⚠️ Secondary sanctions application to crypto. Will non-U.S. persons face secondary sanctions for crypto transactions with sanctioned parties? Limited guidance.

🔴 "Crypto is outside sanctions law." It's not. OFAC explicitly applies sanctions to crypto. Violations are enforced. Ignorance is not a defense.

🔴 "Small transactions don't matter." No threshold for sanctions violations. Even small transactions with sanctioned parties are violations.

🔴 "Using VPN makes me safe." Geographic screening is one control. KYC, IP analysis, and transaction monitoring all apply. VPN usage itself is a red flag.

🔴 "Indirect exposure is someone else's problem." Receiving funds with sanctions taint can freeze your account and create legal exposure.

Sanctions compliance is absolute—there's no risk-based flexibility or de minimis exception. For crypto, this means screening every address, enforcing geographic controls, and maintaining comprehensive records. For XRP investors, this means your exchange must have robust sanctions compliance or face existential risk. Sanctions-compliant infrastructure is essential for legitimate institutional adoption, which is ultimately positive for the XRP use case even as it constrains which markets can be served.

Assignment: Create a sanctions risk assessment for an ODL corridor of your choice, identifying sanctioned countries/entities connected to corridor endpoints, screening requirements, high-risk scenarios, and mitigation measures.

Requirements:

Part 1: Corridor Selection (100 words)

  • Origin and destination countries
  • Why you selected this corridor
  • General XRP/ODL use case it serves

Part 2: Sanctions Analysis (250-300 words)

  • Applicable sanctions programs (OFAC, EU, UN, local)
  • Any direct sanctions exposure (is either country partially sanctioned?)
  • Adjacent sanctions risks (neighboring sanctioned countries, transshipment concerns)
  • Industry-specific sanctions considerations
  • Historical sanctions issues in corridor

Part 3: Screening Requirements (150-200 words)

  • What lists must be screened?
  • What must be screened (names, addresses, geographies)?
  • Screening frequency requirements
  • False positive management considerations

Part 4: High-Risk Scenarios (150 words)

  • What could go wrong?
  • What sanctions violations are most likely?
  • What triggers enhanced scrutiny?

Part 5: Mitigation Measures (150 words)

  • Specific controls to implement

  • Monitoring enhancements

  • Documentation requirements

  • Escalation procedures

  • Maximum 2 pages

  • Professional assessment format

  • Clear section headers

  • Suitable for compliance documentation

  • Sanctions program accuracy (25%): Are applicable programs correctly identified?

  • Analysis depth (25%): Is the assessment thorough?

  • Risk identification (25%): Are realistic risks identified?

  • Practical mitigation (25%): Are recommendations actionable?

Time investment: 2 hours
Value: Develops practical skill in sanctions risk assessment for cross-border crypto operations

Knowledge Check

Question 1 of 4

(Tests Knowledge):

  • OFAC SDN List (treasury.gov/ofac)
  • OFAC FAQ on Virtual Currency
  • OFAC Sanctions Compliance Guidance for the Virtual Currency Industry
  • OFAC Framework for Compliance Commitments
  • OFAC Enforcement Releases
  • FinCEN Enforcement Actions
  • DOJ Press Releases (sanctions-related)
  • EU Sanctions Map (sanctionsmap.eu)
  • European Commission Financial Sanctions
  • EU Consolidated List
  • Chainalysis Sanctions Compliance Guide
  • Elliptic Sanctions Screening Guide
  • Wolfsberg Group Sanctions Guidance
  • Law firm client alerts on Tornado Cash
  • Academic papers on sanctions and crypto
  • Congressional Research Service reports

For Next Lesson:
Lesson 5 examines Suspicious Activity Reporting (SAR/STR)—the primary output of financial crime compliance. We'll detail SAR requirements, what triggers filing obligations, how to write effective SAR narratives, and crypto-specific typologies that warrant reporting. Understanding SARs completes the core compliance operations picture.

End of Lesson 4

Total words: ~5,500
Estimated completion time: 50 minutes reading + 2 hours for deliverable

Key Takeaways

1

Sanctions are zero-tolerance compliance.

Unlike other AML areas where risk-based approaches allow flexibility, sanctions require absolute prohibition. No transaction with sanctioned parties, period.

2

OFAC has jurisdiction over more than U.S. persons.

USD transactions, U.S. financial system usage, and secondary sanctions create global reach. Non-U.S. entities cannot ignore OFAC.

3

Crypto addresses can be and are sanctioned.

OFAC has designated specific wallet addresses. Interaction with these addresses is a sanctions violation. Mixing services have been designated.

4

Indirect exposure creates compliance complexity.

Funds that passed through sanctioned addresses create risk. Industry standards for "how many hops" are still evolving. Risk-based approach with documentation is current practice.

5

Exchange sanctions compliance is existential.

Sanctions failures can result in banking loss, regulatory action, and business closure. Evaluating exchange sanctions compliance is essential due diligence. ---