Warning

Please be vigilant about TRM impersonation scams, especially those claiming to assist with fund recovery. More info

Solutions
Products
RESOURCES
Customers
Company
Request a demo
en
Search
Search
Back to Glossary

Counterparty risk

Table of contents
Counterparty risk

What is counterparty risk?

Counterparty risk in the context of digital assets refers to the direct exposure an organization faces when it transacts with a wallet or entity linked to illicit activity. It represents zero-hop exposure: a one-to-one transaction between your organization and a risky actor.

When you send or receive cryptocurrency, the wallet on the other side of the transaction is your counterparty. If that counterparty has a known association with illicit activity — sanctions exposure, darknet market involvement, or fraud — your organization faces counterparty risk directly through that transaction record.

Unlike indirect risk and ownership risk, counterparty risk is the most straightforward category to identify in blockchain intelligence — and typically the highest-priority exposure to remediate.

{{36-counterparty-risk-glossary-callout-1}}

Why assessing counterparty risk is important

FATF and other national regulators increasingly expect virtual asset service providers (VASPs) to screen counterparties as a baseline crypto compliance requirement. TRM Wallet Screening and TRM Transaction Monitoring flag counterparty risk in real time, enabling VASPs to block or review high-risk transfers before they settle.

For financial institutions

Banks and payment processors with crypto exposure face regulatory scrutiny for transactions routed through high-risk crypto counterparties. TRM Transaction Monitoring surfaces counterparty exposure in line with anti-money laundering (AML) obligations, enabling timely suspicious activity report (SAR) filing.

For law enforcement and government agencies

Counterparty risk data provides investigators a direct line of sight into transactional relationships with criminal entities. TRM Forensics traces funds to and from known threat actors, supporting evidentiary chain-building and co-conspirator identification.

How to identify and assess counterparty risk

For financial institutions and crypto businesses, identifying counterparty risk starts before a transaction settles. Real-time wallet screening against a risk intelligence database — covering sanctioned wallets, darknet market addresses, fraud infrastructure, and mixing services — is the primary detection mechanism.

Key indicators of counterparty risk include a direct attribution to a sanctioned entity, a high proportion of the counterparty's historical volume linked to illicit activity, prior flagging in law enforcement databases, or known association with high-risk service categories such as mixing, unregulated peer-to-peer exchanges, or gambling platforms.

Assessing severity requires going beyond a binary risky/not-risky verdict. Compliance teams should weigh the risk category (e.g. sanctions exposure carries different regulatory consequences than darknet market exposure), the confidence score on the attribution, the recency and volume of the flagged activity, and whether your organization is on the sending or receiving side. Transparent attribution data — showing which signals and sources underlie a finding — makes this calibration possible and defensible. The outcome is a documented decision: block, flag for enhanced review, or file a suspicious activity report (SAR).

Case studies: What counterparty risk looks like in practice

Garantex

Garantex is one of the most documented examples of compliance counterparty risk at scale. OFAC first designated the Russia-based exchange in 2022, after finding it had processed transactions linked to the Conti ransomware group, the Hydra darknet market, and other illicit actors. Despite designation, Garantex continued to operate — processing over USD 60 billion in transactions between 2022 and a second OFAC designation — by building infrastructure specifically designed to prevent financial institutions from attributing wallet addresses back to the exchange.

Any organization that transacted directly with Garantex after its 2022 designation faced compliance counterparty risk in its strictest form: a direct transactional link to a designated entity, constituting a strict liability sanctions violation under OFAC rules regardless of intent.

Non-compliant and unregistered VASPs

Not all counterparty risk involves OFAC-designated entities. A direct counterparty can also be an unregistered or non-compliant VASP — one that processes transactions without AML controls, serves high-risk customers without screening, or functions as a conduit for illicit funds without appearing on any sanctions list.

Counterparty risk and the regulatory framework

Counterparty risk sits at the intersection of several overlapping regulatory obligations.

OFAC sanctions

Under US law, transacting with an OFAC-designated entity — including designated crypto exchanges — is a strict liability violation. No intent to violate is required. Compliance requires real-time sanctions screening of counterparty wallets before a transaction settles.

AML-related regulations

The Bank Secrecy Act (BSA) requires financial institutions and money services businesses — including VASPs operating in the US under FinCEN guidance — to maintain AML programs that include counterparty screening and suspicious activity reporting. VASPs that fail to screen counterparties adequately face civil penalties, license revocation, and in severe cases, criminal referral.

FATF Travel Rule (Recommendation 16)

The FATF Travel Rule introduces a distinct counterparty risk obligation beyond transaction screening. VASPs are required to identify, assess the AML practices of, and verify the regulatory status of their counterparty VASP before transmitting customer information as part of a virtual asset transfer. FATF's 2024 targeted update identified counterparty VASP identification and due diligence as one of the most significant Travel Rule implementation challenges globally.

MiCA (EU)

Under the EU's Markets in Crypto Assets Regulation, crypto asset service providers must screen counterparty addresses and entities as part of their AML/CFT obligations. MiCA's phased implementation through 2024–2025 raised the compliance baseline for EU-registered exchanges and introduced counterparty due diligence requirements aligned with FATF standards.

Stablecoins and counterparty risk

Stablecoins have introduced a new dimension to counterparty risk in crypto compliance — and one that is moving to the center of the regulatory conversation.

US dollar-backed stablecoins surpassed USD 300 billion in 2025, with Tether's USDT holding a 58.7% market share. At this scale, stablecoins are no longer a niche consideration in counterparty risk frameworks — they're a primary vector for both legitimate settlement activity and illicit finance.

Three dynamics make stablecoin counterparty risk distinct from other crypto assets.

Regulatory obligations under the GENIUS Act

The GENIUS Act, signed into US law in July 2025, established the first comprehensive federal framework for payment stablecoins and explicitly brought stablecoin issuers under Bank Secrecy Act requirements — the same AML obligations that apply to banks and traditional money services businesses. Critically, GENIUS Act-compliant stablecoin issuers are required to maintain the ability to freeze tokens linked to illicit activity, including tokens held in non-custodial wallets with no prior relationship to the issuer.

For VASPs and financial institutions transacting in stablecoins, this creates a new layer of counterparty due diligence: assessing not just the wallet sending funds, but the compliance posture and freeze capabilities of the stablecoin issuer itself. An issuer that cannot or will not act on freeze requests when illicit activity is identified represents a structural compliance gap.

Multi-chain complexity

Major stablecoins like USDT operate simultaneously across multiple blockchain networks — Ethereum, TRON, Solana, and others — each with different transaction patterns, fee structures, and risk characteristics. A compliance team monitoring counterparty exposure for stablecoin transactions needs visibility across all of those networks. Operating on a single-chain view while the same asset moves freely across others creates blind spots that sophisticated illicit actors exploit deliberately, shifting between chains to break the transaction trail.

Illicit use at scale

Stablecoins have become a preferred vehicle for sanctions evasion, darknet market settlements, and ransomware payments precisely because of their stability and liquidity. The same properties that make USDT attractive for legitimate cross-border payments — speed, low cost, and dollar-denominated value — also make it attractive for moving illicit funds at scale. For any organization accepting stablecoin deposits, counterparty risk screening is the frontline of AML compliance, not an optional layer.

TRM's wallet screening and transaction monitoring capabilities cover stablecoin transactions across chains, applying the same attribution depth and risk signals as for native crypto assets — giving compliance teams consistent counterparty visibility regardless of which network a transaction occurs on.

{{horizontal-line}}

Frequently asked questions (FAQs)

1. What is counterparty risk in crypto?

Counterparty risk in crypto has two distinct meanings. In the compliance and AML context, it refers to the direct exposure an organization faces when it transacts with a wallet linked to illicit activity — such as a sanctioned exchange, a darknet market, or a money laundering service. In the traditional finance context, it refers to the risk that an exchange or custodian will fail to fulfill its obligations, as occurred with FTX in 2022. This entry covers the compliance definition.

2. What's the difference between counterparty risk and custodial risk in crypto?

Custodial risk is a specific form of counterparty risk: the risk that the exchange or wallet provider holding your funds will fail through insolvency, fraud, or a security breach. Compliance counterparty risk is different: it's the risk that your direct transaction partner has ties to illicit activity, creating sanctions exposure or AML liability. Both types matter for crypto businesses, but they require different risk management approaches.

3. How is counterparty risk different from indirect risk?

Counterparty risk is direct: zero hops between your wallet and the risky entity. Indirect risk involves exposure through one or more intermediary addresses. Both carry compliance and investigative significance, but they differ in how they're detected and weighted in risk frameworks.

4. What happens if you transact with a sanctioned crypto exchange?

Under OFAC regulations, transacting with a designated entity — including sanctioned crypto exchanges — is a strict liability violation. Intent is not required. Potential consequences include civil penalties, mandatory self-disclosure, and in severe cases, criminal referral. Organizations that transacted with Garantex after its 2022 OFAC designation faced regulatory scrutiny and potential sanctions violations regardless of their knowledge of the designation.

5. What does the Travel Rule have to do with counterparty risk?

The FATF Travel Rule (Recommendation 16) requires VASPs to identify, screen, and conduct due diligence on their counterparty VASP before transmitting customer information as part of a virtual asset transfer. In practice, this extends counterparty risk management beyond wallet-level screening — it requires assessing the AML practices, regulatory status, and compliance posture of the VASP on the other side of the transaction.

6. Does counterparty risk apply to stablecoin transactions?

Yes. Stablecoin transactions carry the same counterparty risk as any other crypto transaction — if the wallet sending USDT or USDC is linked to illicit activity, the receiving organization faces direct exposure. The GENIUS Act (2025) adds a stablecoin-specific layer: issuers are now required to freeze tokens linked to illicit activity, making the compliance posture of the issuer itself a factor in counterparty due diligence.

7. What types of exposure create counterparty risk?

Common sources include direct transactions with sanctioned entities, darknet market operators or customers, money laundering services, fraud platforms, and wallets previously identified in crypto crime investigations.

8. How do crypto businesses screen for counterparty risk?

Most VASPs use wallet screening to assess counterparty addresses before processing a transaction. TRM Wallet Screening provides real-time risk signals based on counterparty transaction history and attribution data, with source-level transparency for every finding.

9. Is counterparty risk screening a regulatory requirement?

Yes, in most jurisdictions. FATF guidance and national AML frameworks require VASPs to assess counterparty exposure. Sanctions screening for direct counterparties is mandatory under OFAC and equivalent regulatory regimes globally. The GENIU

Keep learning

Indirect risk

Indirect risk describes a wallet's exposure to illicit activity traced through intermediate blockchain addresses. Learn how FIs and crypto businesses assess and manage it.

Learn more

Ownership risk

Ownership risk arises when a wallet is owned or controlled by a sanctioned entity. Learn how FIs and crypto businesses detect and respond to it.

Learn more

Wallet screening

Learn what wallet screening is and its role in cryptocurrency compliance. Discover how law enforcement, crypto businesses, and regulators use wallet screening to detect risks and ensure security in blockchain transactions.

Learn more
Subscribe and stay up to date with our insights

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

"Counterparty risk" means different things depending on context, and both definitions are common in the context of digital assets.

The first is a traditional finance concept: The risk that the party you're dealing with will fail to fulfill its obligations — through insolvency, default, or fraud. In crypto, this is often called custodial risk: the risk of losing funds if the exchange or wallet provider holding them collapses. The FTX bankruptcy in 2022 is the most cited example.

The second is a compliance and AML concept: The risk that your direct transaction counterparty has ties to illicit activity — sanctions exposure, darknet market involvement, or money laundering — creating legal and regulatory liability. This is the definition that applies to blockchain intelligence and anti-money laundering (AML) compliance, and the one this entry addresses.

Both types require different responses. Custodial and default risk calls for due diligence on the solvency and security posture of the entity holding your assets. Compliance counterparty risk calls for wallet screening and transaction monitoring at the point of transaction.