Sanctions screening

Table of contents

What is sanctions screening?

Sanctions screening is the process of checking whether a person, wallet address, entity, or transaction is linked to individuals or organizations on government-issued sanctions lists. It’s a foundational component of financial crime control frameworks across both traditional finance and the crypto ecosystem.

In crypto, sanctions screening plays a critical role in helping regulated institutions — from crypto-native businesses to financial institutions to detect and prevent illicit activity involving sanctioned actors. This is particularly important for crypto, as blockchain technology enables fast, pseudonymous, cross-border transfers.

‍

How did sanctions screening emerge as a compliance practice?

Sanctions screening emerged as a compliance practice in response to regulations requiring financial institutions to block transactions involving sanctioned entities. In the United States, this obligation is primarily enforced by the Office of Foreign Assets Control (OFAC), which maintains a range of sanctions programs and lists (e.g. the Specially Designated Nationals [SDN] list).

In crypto, sanctions screening tools are adapted to screen blockchain addresses, virtual asset services providers (VASPs), and counterparties. Screening often happens in real-time: at onboarding, during transactions, and continuously. For information exchanged under the Travel Rule, list-based screening akin to that seen in the traditional finance sector is also often adopted, using systems that rely on name matching and fuzzy logic.

Different jurisdictions maintain their own sanctions regimes, including the United Nations, European Union, and UK Treasury.

‍

What are the major global and international bodies that issue sanctions designations or maintain official sanctions lists?

1. United Nations Security Council (UNSC)

List: UN Consolidated Sanctions List
Mandate: Issues sanctions to maintain or restore international peace and security
Types of designations: Individuals, groups, vessels, and entities involved in terrorism, nuclear proliferation, and violations of international law

2. United States Department of the Treasury – Office of Foreign Assets Control (OFAC)

List: Specially Designated Nationals and Blocked Persons List (SDN), Non-SDN Lists (e.g. CAPTA, SSI, NS-PLC)
Mandate: Administers and enforces US economic and trade sanctions
Scope: Targets terrorism, narcotics trafficking, cybercrime, human rights abuses, and foreign policy threats

3. European Union (EU)

List: Consolidated List of Persons, Groups, and Entities Subject to EU Financial Sanctions
Mandate: Implements sanctions for foreign policy and security objectives
Coverage: Human rights violations, terrorism, cyberattacks, conflict zones (e.g. Russia, Iran, Syria)

4. United Kingdom: HM Treasury Office of Financial Sanctions Implementation (OFSI)

List: Consolidated List of Financial Sanctions Targets
Mandate: Administers UK sanctions post-Brexit under the Sanctions and Anti-Money Laundering Act 2018
Focus: Aligns with UN and EU in many areas, but can act independently (e.g. designations related to Russia, cybercrime)

5. Canada: Global Affairs Canada

List: Consolidated Canadian Autonomous Sanctions List
Mandate: Implements the Special Economic Measures Act (SEMA), Justice for Victims of Corrupt Foreign Officials Act (Magnitsky Act), and others
Targets: Human rights violations, corruption, security threats

6. Australia: Department of Foreign Affairs and Trade (DFAT)

List: Consolidated List of Sanctioned Entities and Individuals
Mandate: Implements UN sanctions and autonomous Australian sanctions
Focus: Global conflict zones, human rights, proliferation

7. Japan: Ministry of Foreign Affairs

Mandate: Implements both UN and autonomous sanctions under Foreign Exchange and Foreign Trade Act
Coverage: Proliferation threats (DPRK, Iran), financial crime

8. Switzerland: State Secretariat for Economic Affairs (SECO)

List: SECO Sanctions List
Mandate: Implements UN and autonomous Swiss sanctions under the Embargo Act

Additionally, while not a sanctions body, it’s important to note the Financial Action Task Force (FATF), which issues “blacklists” (High-Risk Jurisdictions Subject to a Call for Action) and “graylists” (Jurisdictions Under Increased Monitoring).

‍

Why is sanctions screening so important in crypto and digital assets?

Sanctions screening plays a critical role in managing risk and maintaining trust across the crypto ecosystem. As digital assets move across borders and blockchains in seconds, sanctioned entities have increasingly turned to crypto to circumvent traditional financial controls. Effective screening helps prevent illicit actors — including nation-state adversaries, terrorist groups, and ransomware operators — from accessing financial services or laundering proceeds through virtual assets.

In this environment, the speed, pseudonymity, and programmability of crypto make real-time screening essential. Traditional name-based controls alone are no longer sufficient. Compliance teams need screening tools that combine sanctions list data with blockchain intelligence to surface both direct and indirect exposure — even when actors attempt to obfuscate their identities or cover their tracks on the blockchain.

For regulated institutions, sanctions screening is not just a regulatory requirement — it’s a frontline defense against abuse of the financial system.

In recent years, high-profile cases involving North Korea’s Lazarus Group, ransomware attackers, and mixers like Tornado Cash have made sanctions compliance a key area of focus for regulators and policymakers globally.

‍

How does sanctions screening work?

Sanctions screening typically includes:

List matching: Comparing names, wallet addresses, or customer identifiers against official lists like those provided by the bodies noted above (e.g. OFAC, EU, UN).
Fuzzy logic: Identifying near-matches to catch aliasing, misspellings, or naming variations.
Continuous screening: Monitoring parties over time, including after onboarding or during product use.
Behavioral screening: Identifying wallet addresses or clusters likely controlled by sanctioned entities, even if not explicitly listed.

In crypto, addresses directly listed by authorities can be screened easily. The harder challenge is identifying indirect exposure — such as wallets interacting with mixers, bridges, or intermediary entities with known ties to sanctioned groups.

‍

What techniques do bad actors commonly use to evade sanctions?

Sanctioned actors increasingly exploit the unique properties of crypto to bypass traditional financial controls. Here are some of the most common sanctions evasion techniques TRM tracks across investigations:

1. Chain hopping (cross-chain swaps)

Bad actors move funds between different blockchains (e.g. Ethereum → Bitcoin → Tron) to complicate tracing and reduce detection by screening tools that focus on single-chain visibility.

For example, the Lazarus Group has used cross-chain swaps via decentralized platforms to obscure stolen funds across multiple chains.

2. Mixers and privacy protocols

Bad actors send funds through services like mixers (e.g. Tornado Cash) or privacy coins (e.g. Monero, Zcash) to break the transactional trail and hide the source of funds.

Mixing obfuscates the link between sender and recipient, making it harder to connect funds to a sanctioned entity.

3. Use of new or dormant wallets (peel chains)

Sanctioned actors frequently rotate wallets or activate dormant addresses to avoid exposure tied to previously blacklisted wallets.

Wallet screening tools that only use static lists may miss these newer addresses if not paired with behavioral or attribution intelligence.

4. Decentralized finance (DeFi) protocols

Sanctioned actors use decentralized exchanges (DEXs), bridges, and lending platforms to move or convert assets without relying on centralized intermediaries that typically perform sanctions screening.

Unlike centralized exchanges, DeFi protocols often operate without Know Your Customer (KYC) or blacklisting functionality — creating a gap in enforcement.

5. Fronts and shell entities

Sanctioned actors may route funds through front companies or affiliated individuals not yet designated, relying on weak due diligence by counterparties.

Without entity-level intelligence, some compliance programs may miss high-risk connections beyond the wallet level.

6. Anonymity-enhancing services

Bad actors may use VPNs, TOR, or infrastructure providers to hide IP addresses or obfuscate jurisdictional ties to sanctioned regions.

‍

How does sanctions screening support compliance teams and regulators in creating a safer financial system?

Compliance (FIs, crypto businesses, VASPs)

For compliance teams, sanctions screening is both a regulatory obligation and a foundational layer of risk management. Financial institutions and VASPs are required under global anti-money laundering (AML) regimes to block or reject transactions involving sanctioned parties. Without effective screening, these businesses risk facilitating prohibited transactions — and incurring severe penalties.

Modern screening solutions go beyond static list matching. TRM Wallet Screening, for example, surfaces both direct and indirect exposure to sanctioned wallets across chains, allowing compliance teams to:

Detect obfuscated ties to sanctioned entities through transaction history
Reduce false positives with context-rich, behavior-aware alerts
Maintain up-to-date coverage as new sanctions are issued or updated

By integrating these tools into their workflows, compliance teams can move faster, make more informed decisions, and demonstrate strong controls to auditors and regulators.

Regulators and policymakers

Sanctions screening plays an essential role in enforcing global norms and advancing national security objectives in the crypto ecosystem. Regulators rely on it to assess whether firms are effectively managing risk — and whether existing frameworks are keeping pace with technological change. It also supports supervisory efforts to prevent sanctions evasion by nation-states, terrorist groups, and transnational criminal networks.

Policymakers use sanctions designations as a strategic tool — and screening is what makes that tool enforceable in practice. Effective programs rely on accurate screening systems that can adapt to decentralized technologies, detect indirect exposure, and link pseudonymous wallets to real-world actors.

TRM supports this mission by offering regulators and supervisors access to intelligence that helps quantify risk, monitor industry controls, and shape effective policy responses that preserve financial integrity while enabling innovation.

‍

How does TRM Labs support effective sanctions screening?

Comprehensive blockchain coverage and attribution

Effective crypto sanctions screening requires more than list-matching — it demands breadth, speed, and precision. TRM Labs offers the industry’s most comprehensive blockchain coverage, scanning across 134+ networks and 640+ bridges to detect cross-chain evasion tactics. TRM goes beyond surface-level screening with network-level attribution, linking wallets to real-world entities and uncovering hidden connections through advanced heuristics.

Key capabilities include:

Blockchain-wide and cross-chain detection
Entity due diligence with licensing and jurisdiction data
Continuous monitoring of wallet behavior and sanctions list updates
Real-time risk alerts that adapt to evolving typologies

Built for compliance, with “glass box” transparency

TRM’s risk scoring engine is fully transparent, offering explainable attribution and confidence levels — not “black box” outputs. This helps teams understand, document, and defend decisions in audits, reports, or enforcement scenarios.

What matters:

Glass-box attribution with traceable evidence
Configurable rules and risk thresholds to fit your program
Low-latency, high-scale performance to meet growing transaction volumes
Audit-ready outputs that stand up to regulatory scrutiny

Collaboration with real-world impact

TRM supports real-time public–private collaboration through multiple industry-first initiatives, including Beacon Network — which helps law enforcement, crypto exchanges, DeFi services, and stablecoin issuers block illicit funds before they exit the ecosystem. Beyond the platform, TRM Academy and expert advisory services empower compliance teams with tailored training and regulatory insight.

Added value:

Real-time enforcement via Beacon Network
Sanctions screening learning paths through TRM Academy
Direct access to TRM’s global compliance and regulatory experts

‍

Frequently asked questions (FAQs)

What’s the difference between sanctions screening and transaction monitoring?

Sanctions screening checks entities or addresses against sanctions lists (e.g. OFAC, EU), often before or during onboarding or transfers. Transaction monitoring, by contrast, evaluates behaviors and patterns over time to detect broader AML risks like fraud or layering. Both are core parts of a crypto compliance program.

Is it illegal to interact with a sanctioned wallet address?

Yes, in many jurisdictions (especially the US), transacting with or facilitating access for a sanctioned entity is illegal. Even unintentional facilitation can trigger penalties, especially if firms fail to block or report the exposure.

What tools help screen crypto wallets for sanctions risk?

TRM Wallet Screening checks wallet addresses against global sanctions lists in real time. It also evaluates indirect exposure through mixers, bridges, and suspicious counterparties — critical given how often sanctioned actors use obfuscation techniques.

Do regulators require crypto firms to screen for sanctions?

Yes. In the US, OFAC expects crypto firms to implement a risk-based sanctions compliance program. Other countries, including those in the EU and APAC, have issued similar expectations.