Warning

Please be vigilant about TRM impersonation scams, especially those claiming to assist with fund recovery. More info

Solutions
Products
RESOURCES
Customers
Company
Request a demo
en
Search
Search
Insights
June 16, 2026

UK Designates HTX: What the Biggest Crypto Sanctions Action Yet Means for Compliance Teams

TRM Team
UK Designates HTX: What the Biggest Crypto Sanctions Action Yet Means for Compliance Teams

Last week, TRM Labs convened a live webinar featuring TRM subject matter experts to break down the UK's sanctions package targeting HTX and the A7 network. With questions coming in from compliance professionals across the industry, TRM’s Tom Armstrong (Head of Compliance Advisory), Luke Dufour (Compliance Advisor, EMEA), Isabella Chase (Head of Policy, EMEA), and Kiera Sibřina (Senior Blockchain Intelligence Analyst) covered the designation in detail, what it means for firms subject to UK sanctions obligations, and how to structure both an immediate and longer-term response.

Key takeaways

  • The UK's Foreign, Commonwealth, and Development Office (FCDO) designated HTX and 17 other entities — the first time a crypto exchange of this scale has been sanctioned
  • UK-regulated firms must immediately block transactions with designated entities, freeze associated funds, and report to OFSI
  • Regulators expect look-back exercises; segment customers by exposure level and use a consistent review framework tied to sanctions evasion typologies
  • OFSI's three-to-five hop guidance is a minimum requirement; look at the frequency and pattern of indirect risk paths, in addition to hop count
  • Pre-designation transactions may not require OFSI reporting, but could trigger SAR obligations to the NCA under POCA if sanctions evasion activity is identified

{{horizontal-line}}

Designation details

The UK's Foreign, Commonwealth, and Development Office (FCDO) designated 18 entities and individuals as part of a package targeting crypto networks used to evade sanctions by Russia. HTX — formerly known as Huobi and one of the world's five largest crypto exchanges — drew a significant amount of attention due to both its size and significant connectivity to other services in the crypto ecosystem. 

The FCDO alleges HTX moved approximately USD 1.5 billion for Kremlin-aligned entities. The broader A7 network is alleged to have absorbed roughly USD 838 million after the Garantex takedown in March 2025. Four individuals were also named, including Sergei Mendeleev, co-founder of Garantex.

For a full breakdown of who was designated, read: UK Designates Huobi, Exmo, Bitpapa, and 11 Other Entities for Russian Crypto Sanctions Evasion

Understanding the A7 network

A7 is a centrally coordinated sanctions evasion tool with well-established connections to the Kremlin that gained prominence in the years following Russia's full-scale invasion of Ukraine in 2022. A7 LLC, one of the primary A7 sanctioned entities is owned by Moldovan oligarch Ilan Shor and Promsvyazbank (PSB) — a sanctioned bank that finances Russia's military — and has been used to fund military procurement, channel proceeds from oil sales, and absorb illicit flows following the Garantex takedown. The A7 network relies on a network of different services and entities to move value.

Two entities beyond HTX also deserve attention:

  • Rapira: A Georgia-based payment processor with an exchange office in Moscow. Rapira has moved hundreds of millions of dollars alongside other entities in the A7 network.
  • ABCEX: A Russia-based exchange with a Georgian legal entity. It has been central to the post-Garantex ecosystem and, along with Rapira, TRM tracked as a potential Garantex replacement prior to this designation.

Firms without direct on-chain activity still face compliance exposure. The designation explicitly prohibits correspondent banking and payment processing services to the named entities, covering both fiat and crypto flows.

Where compliance teams should focus now

For firms subject to UK sanctions obligations, there are three things to address immediately.

1. Stop new exposure

Wallet screening and transaction monitoring controls should already be blocking transactions to or from any of the designated entities. Firms with sanctions rules covering ownership risk, counterparty risk, and indirect risk categories should find their existing controls cover this exposure from designation date forward. In addition to direct transactions, this package also prohibits offering correspondent relationships or processing payments to the designated entities. 

2. Freeze funds

Any balances attributable to designated persons must be frozen in line with UK sanctions obligations. This applies to both crypto and fiat holdings.

3. File reports

Firms must report frozen assets to the Office of Financial Sanctions Implementation (OFSI). Depending on what a look-back surfaces, there may also be a Suspicious Activity Report (SAR) requirement with the National Crime Agency (NCA).

For firms without direct on-chain transaction flows — banks with virtual asset service provider (VASP) relationships, non-custodial wallets, or other intermediaries — entity monitoring tracks counterparty risk profiles automatically, alerting when risk scores shift materially.

Conducting a look-back exercise

The Office of Foreign Assets Control (OFAC)'s 2021 virtual currency guidance — which TRM's compliance advisory team reads as establishing look-backs as a compliance best practice — and OFSI has conveyed similar expectations to VASPs operating in the UK. Even absent explicit regulatory direction, firms running sound programs will want to know whether any customers had meaningful connectivity to the designated entities before the designation date.

Drawing on the Panama Papers response as an analogy, TRM's compliance advisory team recommended a structured approach over case-by-case triage:

1. Map your blast radius

Identify all points of connectivity to the designated entities, including transactional exposure, customers who are the subject of the designation, structural integrations (such as tokenization projects or consortium memberships), and shared networks.

2. Segment by risk

Not every customer with any HTX connection warrants a line-by-line review. Group customers into cohorts by exposure level, transaction volume, frequency, and counterparty characteristics. Retail customers with small, infrequent transactions form one population; institutional-sized flows showing classic sanctions evasion patterns form another.

3. Use a consistent review framework

For higher-risk cohorts, run each case against the same set of factors — a Know Your Customer (KYC) check, jurisdictional check, transactional check, and indirect risk check — so analysts across the first and second line can work cases consistently and at scale.

4. Document your decisions

Document the scope of the look-back, the rationale for each scoping decision, and any pivots made along the way. That documentation will matter in supervisory examinations.

The factors you're looking for should reflect the actual typology you're investigating: sanctions evasion. That means prioritizing transaction size (TRM data shows A7-linked settlements running from USD 2 million to USD 40 million per transaction), connections to high-risk jurisdictions, shell company structures, and intermediary addresses flagged as conduits.

The three-to-five hop question

OFSI's 2024 guidance specifying three to five hops as the threshold for indirect risk in transaction monitoring came up repeatedly. But looking at frequency and pattern is more useful than counting hops alone. 

TRM's platform captures not just aggregate indirect risk exposure, but the number of distinct indirect risk paths between a wallet and a sanctioned entity. A wallet with three or four indirect risk paths to HTX looks very different from one with dozens or hundreds of recurring paths. Starting from the frequency and systemic nature of indirect risk — rather than a fixed hop ceiling — produces a more defensible and accurate risk picture. Compliance programs that rely solely on a fixed hop count may systematically miss evasion patterns specifically designed to stay within the three-to-five hop threshold.

Reporting obligations: OFSI and beyond

Two separate reporting obligations apply here, and they're often conflated.

OFSI reporting is required for frozen assets. For pre-designation transactions — those that were fully permissible when they occurred — OFSI has indicated there may not be a reporting requirement, provided no post-designation transactions are also involved. Where activity spans both sides of the designation date, all of it should be reported.

SAR obligations require separate consideration. Sanctions evasion is a predicate offense to money laundering under the UK's Proceeds of Crime Act (POCA). A firm may not have breached sanctions regulations itself, but if a look-back surfaces activity consistent with facilitating sanctions evasion — rapid movement through intermediary addresses, use of cross-chain swaps, use of location-obfuscating technology — a SAR filing obligation to the National Crime Agency may apply.

The typologies to watch for in HTX-related activity are large transaction sizes, rapid movement of funds through intermediary addresses, use of privacy-enhancing tools, and cross-chain swapping behavior consistent with layering.

Future-proofing your controls

This designation will not be the last. The UK enforcement approach explicitly connects HTX and the A7 network to Operation Destabilize, the NCA-led operation targeting Russian money laundering infrastructure. As the panelists noted, the pace of designations targeting crypto infrastructure suggests more are likely — something TRM also observed in the recent OFAC action against Iran's domestic crypto exchanges.

The compliance teams best positioned for what comes next treat each designation as an input into an ongoing controls improvement cycle.

  • Review transaction monitoring and wallet screening rules to understand what the controls did and did not catch before the designation date, and why.
  • Update Know Your Customer (KYC) and Know Your Business (KYB) programs to capture risk factors consistent with the HTX pattern, including exposure to high-risk jurisdictions, shell company use, and intermediary addresses with no clear legitimate purpose.
  • Building a proactive threat intelligence function oriented toward identifying the next HTX before the designation arrives — entities with systemic indirect exposure to sanctioned actors, operating in high-risk third-country jurisdictions, with on-chain behavior consistent with evasion typologies.

Peer benchmarking is a useful tool here. Comparing a counterparty VASP's total illicit exposure against similar entities can surface whether a pattern reflects a control weakness or something more systemic, and help firms make better-informed decisions about counterparty due diligence. The FCA also published its sanctions review paper the same week as this designation — a useful broader reference on what good sanctions programs look like across regulated financial services.

Tell us how you’re operationalizing sanctions risk on-chain

TRM is gathering insights from VASPs and crypto asset service providers on how firms are operationalizing sanctions risk on-chain — including how they're applying the three-to-five hop guidance in practice. If you're interested in contributing to this research, contact Luke Dufour at TRM Labs.

For questions about how TRM's platform can support your response to this designation — including wallet screening, transaction monitoring, and entity due diligence — visit our sanctions compliance page or reach out to your customer success team.

{{horizontal-line}}

Frequently asked questions (FAQs)

1. What did the UK's HTX sanctions designation cover? 

The UK's Foreign, Commonwealth and Development Office (FCDO) designated 18 entities and individuals as part of a package targeting crypto networks used to evade Russia sanctions. HTX — formerly known as Huobi and one of the world's largest crypto exchanges — is the largest entity by volume in the package. The FCDO alleges HTX moved approximately USD 1.5 billion for Kremlin-aligned entities. This is the first time a crypto exchange of this volume has been sanctioned.

2. What must UK-regulated crypto firms do immediately after the HTX designation?

UK-regulated firms subject to the FCDO designation must take three immediate steps. First, block new transactions: wallet screening and transaction monitoring controls should be blocking transactions to or from any designated entity from the designation date forward. Second, freeze funds: any balances attributable to designated persons must be frozen, covering both crypto and fiat holdings. Third, report to OFSI: firms must notify the Office of Financial Sanctions Implementation of frozen assets. Depending on what a subsequent look-back exercise surfaces, there may also be a Suspicious Activity Report (SAR) obligation with the National Crime Agency under POCA.

3. Is a look-back exercise required after a crypto sanctions designation?

Yes. Regulators treat look-back exercises as a compliance expectation, not an optional step. OFAC's 2021 virtual currency guidance establishes look-backs as a compliance best practice, and OFSI has conveyed similar expectations to VASPs operating in the UK. A structured approach — mapping connectivity to designated entities, segmenting customers by exposure level, applying a consistent review framework, and documenting decisions — is recommended over case-by-case triage. The review should focus on sanctions evasion typologies, including large transaction sizes, connections to high-risk jurisdictions, shell company structures, and intermediary addresses flagged as conduits.

4. How should compliance teams apply OFSI's three-to-five hop guidance for indirect risk?

OFSI's three-to-five hop threshold for indirect risk is a minimum floor. Compliance programs that rely solely on a fixed hop count risk missing evasion patterns specifically designed to stay within the published threshold, because sophisticated actors read the guidance too. A more defensible approach focuses on the frequency and pattern of indirect risk paths (e.g. a wallet with dozens or hundreds of recurring indirect paths to a sanctioned entity carries materially different risk than one with three or four). TRM's platform captures the number of distinct indirect risk paths between a wallet and a sanctioned entity, not just aggregate exposure, to support this kind of analysis.

5. What is the difference between OFSI reporting and SAR obligations after the HTX designation? 

OFSI reporting applies to frozen assets. For pre-designation transactions — those that were fully permissible when they occurred — OFSI has indicated a reporting requirement may not apply, provided no post-designation transactions are also involved. Where activity spans both sides of the designation date, all of it should be reported. SAR obligations are distinct: sanctions evasion is a predicate offense to money laundering under the UK's Proceeds of Crime Act (POCA). Even if a firm did not breach sanctions regulations, a look-back that surfaces activity consistent with facilitating sanctions evasion — rapid fund movement, cross-chain swaps, privacy-enhancing tools — may trigger a SAR filing obligation to the National Crime Agency.

This is some text inside of a div block.

Related posts

arrow right
BLOG
May 26, 2026

UK Designates Huobi, Exmo, Bitpapa, and 11 Other Entities for Russian Crypto Sanctions Evasion

arrow right
BLOG
April 16, 2026

Sanctioned Russian Exchange Grinex and Kyrgyzstani Exchange TokenSpot Hit in USD 15 Million Theft

arrow right
BLOG
July 31, 2023

OFAC Sanctions Crypto Address Associated With ISIS

No posts to show
No posts to show
No posts to show
No posts to show
No posts to show
Subscribe and stay up to date with our insights
No items found.
Digital illustration showing a pie chart, masked criminal figure, and crypto coin symbol on a data grid background—representing crypto crime analytics.
REPORT
See the trends and typologies that shaped the illicit crypto ecosystem in 2025
READ THE REPORT →
Blue diamond with a circle overlayed in white on a dark blue background
REPORT
Unlocking more clarity for institutional adoption with key crypto policy shifts in 2025
READ THE REPORT →
3D illustration of a blue magnifying glass hovering over a digital fingerprint on a dark background, symbolizing crypto investigations or forensic analysis.
FLIP BOOK
Learn more about common crypto-enabled scam typologies in our "Investigating Crypto Scams" flip book
Get your copy →
Illustration of a stablecoin represented by a dollar symbol surrounded by icons for growth, risk alert, user profiles, and a security shield with a target, connected through a network of hexagons — symbolizing the interconnected risks and compliance considerations in digital asset ecosystems.
USE CASE
Learn how TRM helps compliance teams monitor exposure, detect threats, and safeguard their organizations
TRM for stablecoin risk management →
A worn silver wrench tool on a brown-red background, as a metaphor for violent crime
BLOG
Learn about the recent rise of "wrench attacks" and crypto-related violent crime
Read the post →
Illustration of a financial institution icon and a compliance document with checkboxes, symbolizing regulatory due diligence and financial compliance in the digital asset ecosystem.
GUIDE
Learn best practices for evaluating the legal, operational, and financial integrity of crypto entities before engagement
Get the guide →
A judge's gavel rests beside a stack of gold-colored cryptocurrency tokens, including Bitcoin, Dogecoin, Ethereum, and others, symbolizing the intersection of digital assets and regulatory or legal oversight.
REGULATORY ACTION TRACKER
Stay updated on the latest crypto-linked regulatory actions available in the public domain
Check it out →
Screenshot of the splash page used by law enforcement agencies following the takedown of Garantex, with bold red lettering reading, "This domain has been seized," along with the logos of various international law enforcement agencies involved in the action.
BLOG
Learn more about the global law enforcement operation that took down Garantex
Read the post →
Illustration of cryptocurrency crime on a dark blue background featuring bright blue and white blockchain symbols (including Bitcoin and TRON), financial graphs, and a hacker icon.
REPORT
2025 Crypto Crime Report: Explore how the crypto crime landscape evolved over the past year
DIG IN NOW →
Bright blue fiber optic cables on a dark blue background, with flashes of white sparks interspersed throughout.
REPORT
As AI technology becomes more sophisticated, so will the ways in which criminals use it. See what TRM is doing to counter AI-enabled crime.
FIGHT AI WITH AI →
Illustration of cryptocurrency crime on a dark blue background featuring bright blue and white blockchain symbols (including Bitcoin and TRON), financial graphs, and a hacker icon.
REPORT
The crypto crime landscape saw significant shifts in 2024, including decreases in illicit volumes. Dig into the data here.
PREVIEW THE CRYPTO CRIME REPORT →
Cork board with mugshots of Heather "Razzlekhan" Morgan and Ilya Lichtenstein, with their names written in handwritten script below their photos, and push pins on the board connected by red string.
DOCUMENTARY
Stream “Biggest Heist Ever” and get a behind-the-scenes peek from the TRM team
CHECK IT OUT →
A light blue two dimensional circle (representing a stablecoin) floating against dark blue and white curved lines (representing waves), with thin dotted blue and white lines overhead to represent wind.
REPORT
Explore the macro trends and jurisdictional developments that shaped the global crypto policy landscape in 2024
READ THE REPORT →
Illustration on a dark blue background showing a bug and exclamation mark (representing illicit activity), a globe with pin points, a coin, and a bar chart.
REPORT
See the countries with the highest rates of crypto adoption — and the highest rates of exposure to illicit activity
READ THE REPORT NOW →
A blue rectangle with geometric shapes in the background and dots connected by thin lines in the foreground, representing connections on the bockchain.
WHITE PAPER
Explore four ways TRM improves compliance in the modern sanctions enforcement era
Download the white paper →
Illustration of a pig butchering chart featuring various cryptocurrency logos in each section, with a bright blue sheriff's badge on top, symbolizing law enforcement's role in combating fraud.
CASE STUDY
See how Deputy District Attorney Erin West and the REACT Task Force are fighting back against pig butchering
WATCH THE VIDEO →
Illustration of an eye, skull and crossbones, and a pie chart on a light blue background, symbolizing the dangers of crypto scams and financial fraud.
REPORT
Explore the key trends that shaped that the illicit crypto economy in 2023
GET THE REPORT →
Close-up photograph of the United States Capitol building with snow falling
BLOG
Learn why cryptocurrency has become a central issue in the 2024 US election
READ THE POST
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Take a deep-dive into the Russian-speaking illicit crypto ecosystem
READ THE FULL REPORT
Outline of pig with law enforcement shield overlaid
Case Study
Learn more about how the REACT Task Force is tackling pig butchering
Read the case study
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Explore recent ransomware trends in the Russian-speaking crypto ecosystem—including the role of ransomware groups in cybercrime around the world
GET THE REPORT
Person typing on a laptop keyboard with dark blue filtered overlay
BLOG POST
Learn about summer 2024’s spate of ransomware attacks, and the proliferation of RaaS around the world
READ THE POST
REPORT
Learn about cryptocurrency’s role in the international synthetic drug precursor market
GET THE REPORT