On 21 July 2025, the UK Office for Financial Sanctions Implementation (OFSI) published its latest sector-specific threat assessment focusing on UK crypto-asset firms’ exposure to financial sanctions breaches, covering activity from January 2022 to May 2025 (the Assessment). 

Why Did OFSI Focus on Crypto-Assets?

OFSI’s decision to prioritise crypto-assets reflects OFSI’s view that crypto-assets are increasingly being misused for sanctions evasion and financial crime purposes. Under the Financial Services and Markets Act 2000, FCA-registered crypto-asset firms include those offering exchange services, operating crypto ATMs, or providing custodian wallet services (see here for a full list of registered firms). The rapid growth and borderless nature of these services have heightened the risk of exposure to designated persons (DPs) and sanctioned jurisdictions. 

OFSI’s Key Findings

The Assessment sets out OFSI’s key findings which would trigger enhanced due diligence and the requirement to report to OFSI. These include:

Incomplete Self-Disclosure of Breaches

OFSI found it is almost certain that some UK crypto-asset firms, including banks and nonbank financial institutions, may not be fully reporting suspected sanctions breaches due to detection failures, misunderstanding of reporting obligations or hesitation to self-disclose. 

Strengthening Compliance

It is likely that most non-compliance by UK crypto-asset firms has occurred inadvertently due to the common issues listed below:

Direct or indirect exposure to a DP

Direct exposure to a DP through crypto-assets includes transacting with addresses known to belong to DPs or by sending or receiving crypto-assets owned, held or controlled by a person on the OFSI Consolidated List (see here). Indirect exposure arises when crypto-assets pass through one or more intermediaries after originating from a DP’s wallet (sometimes called “layering”), or by receiving crypto-assets that have been mixed or tumbled, making it difficult to trace their origin back to a DP. 

Retrospective discovery of suspected breaches

OFSI has seen that UK crypto-asset firms sometimes identify transactions made to sanctioned entities sometime after they have occurred or retrospectively once a firm gains access to blockchain analytics software. This has resulted in delays in making reports to OFSI. 

Management of frozen funds or economic resources

Unlike banks, crypto-asset firms cannot reject incoming transactions. When incoming crypto-assets are linked to suspected sanctions evasion or contravention activities, including (but not limited to) where firms suspect that transfers have been made so as to ultimately provide funds or economic resources to a DP, UK crypto-asset firms must freeze the crypto, restrict access and report to OFSI.

Notable Threats

Garantex and Grinex (Russia)

OFSI found it is highly likely that UK cryptoasset firms have been directly or indirectly exposed to the designated Russian exchange Garantex since its designation in 2023, resulting in breaches of UK financial sanctions. Despite its designation and takedown, successor entities such as Grinex may still be active. On-chain analysis showed extensive links to ransomware and Hydra Market: the Russian-language darknet marketplace. 

North Korea

OFSI found it is highly likely that UK-based crypto-asset firms are currently at risk of being targeted by North Korea-linked hackers and IT workers seeking to steal or obtain funds through illicit means. In February 2025, DPRK-linked actors were responsible for the theft of approximately US$1.5 billion in crypto-assets from the exchange Bybit, representing the largest ever crypto-asset exploit.

Iran

OFSI has found it is likely that UK crypto-asset firms have facilitated transactions involving Nobitex, an Iranian crypto-asset exchange with suspected links to the Islamic Revolutionary Guard Corps, a designated entity. 

Red Flags to Monitor

• OFSI’s Assessment also sets out red flags for potential sanctions evasion which crypto-asset firms should ensure they seek to prevent, including:
• Counterparties with known associations to DPs.
• Unusual or sudden transaction activity (e.g., dormant wallets becoming active).
• High-volume microtransactions (<£10,000).
• Activity linked to sanctions jurisdictions or involving Specifically Designated Nations.

Reporting

Crypto-asset firms classified as “relevant firms” under UK sanctions regulation are legally required to report to OFSI when (1) they know or suspect they have dealt with a DP and (2) a breach of sanctions has occurred or is suspected. 
Firms must also file Suspicious Activity Reports to the National Crime Agency (NCA) under AML and terrorist financing laws. Further information about reporting to the NCA and OFSI can be found here and here.

When reporting, it is important to: 

• Group related small transactions (if not delaying reporting). 
• Include wallet addresses, transaction hashes and values.
• Link addresses to DPs using analytical tools and explain any delay in discovery.

Practical Steps

OFSI urges crypto-asset firms to take a risk-based approach to compliance, considering relevant factors including counterparty risk, behavioural patterns and transaction history depth. 

Recommended actions include:

• Train staff to recognise and report sanctions risks using OFSI’s red flags.
• Use blockchain analytics to scan through many different transactions and potential layering.
• Review controls for handling frozen assets, including license tracking. 
• Improve due diligence on beneficial ownership and counterparty structures.
• Enhanced transaction monitoring for signs of proxy payments, mixing and suspicious trends. 
• Update compliance frameworks in line with OFSI’s evolving guidance. 

Conclusion

OFSI’s message is clear: passive compliance is no longer sufficient. Sanctions regulations treat crypto-assets like any other assets—circumvention using crypto-assets is a serious criminal offence. As such, UK crypto-asset firms must proactively upgrade their systems to detect, prevent and report sanctions breaches. Tools like blockchain analytics and real-time monitoring are no longer optional but essential to avoid regulatory and criminal liability.