Introduction
The Office of Foreign Assets Control (OFAC) is one of the key regulatory bodies in the United States. It is responsible for enforcing economic sanctions against individuals, groups, or nations that pose a threat to the country. Central to OFAC's mission is the Specially Designated Nationals and Blocked Persons (SDN) List, a tool used to identify and penalize entities subject to sanctions.
This article explores how the SDN List intersects with the cryptocurrency industry, the consequences of transacting with sanctioned individuals or entities, and best practices for maintaining compliance.
How the OFAC SDN List Relates to Crypto
Although the SDN List wasn't explicitly designed for cryptocurrency, it holds significant implications for the industry. Crypto businesses must be aware of two key categories of risk to avoid violating sanctions:
- Users from sanctioned countries - Online businesses often identify a user's location through geolocation data, such as IP addresses, unless the user employs tools like virtual private networks (VPNs). Crypto companies must avoid conducting business with individuals residing in sanctioned countries.
A notable example occurred in October 2022 when OFAC fined Bittrex for facilitating transactions involving residents of sanctioned countries such as Iran, Syria, and Sudan. OFAC stated:
"Based on internet protocol ('IP') address information and physical address information collected about each customer at onboarding, Bittrex had reason to know that these users were located in jurisdictions subject to sanctions."
- Wallet addresses linked to sanctioned individuals or groups - Since 2018, OFAC has included wallet addresses associated with sanctioned individuals or entities on the SDN List. If a business suspects an unlisted wallet may belong to a sanctioned entity, it must report the activity to OFAC and block the transaction. Failure to do so can result in severe penalties.
Consequences of Transacting with Entities on the SDN List
Failing to comply with the SDN List is not a theoretical risk—numerous real-world cases highlight the repercussions. The consequences range from financial penalties to increased regulatory scrutiny and even sanctions.
- Fines - OFAC imposes heavy financial penalties for non-compliance. For instance, BitGo and BitPay were among the first crypto firms penalized for facilitating transactions with sanctioned individuals. In December 2020, BitGo paid a settlement of $98,830 to OFAC for facilitating transactions from residents of sanctioned markets like Iran and Syria. In February 2021, BitPay had to pay $507,375 for similar violations. Non-compliance with the SDN List is costly and avoidable with proper safeguards.
- Increased government scrutiny - Kraken provides another cautionary example. In addition to paying a $362,158.70 fine for facilitating transactions with Iranian wallets, the exchange committed to investing $100,000 in sanctions compliance measures. While compliance investments are standard, post-enforcement scrutiny from regulators adds significant operational pressure. Preventative compliance would have been a more prudent approach.
- Sanctions - OFAC can add entities that do business with sanctioned entities to the SDN List. This enforcement action occurred when coin mixer Tornado Cash was sanctioned by OFAC in August 2022, citing the coin mixer's role in helping launder funds for various sanctioned individuals and groups. This ruling blocked any US person from using Tornado Cash, effectively cutting off a significant part of their user base. While a court later said that OFAC's actions were unlawful, the fact remains: failing to comply with the SDN List can harm, if not halt, business operations.
The consequences of non-compliance are severe, underscoring the importance of adhering to the SDN List within KYC (Know Your Customer), AML (Anti-Money Laundering), and CFT (Countering the Financing of Terrorism) protocols.
Best Practices for Avoiding Sanctioned Entities
Adhering to the SDN List can be challenging due to its scale and fluidity. The list contains thousands of entries, and new names are frequently added. Manual checks are impractical, making automated tools essential for compliance.
Given these obstacles, the best way to avoid doing business with sanctioned persons is through a compliance tool. The compliance tool should have the following features:
- Automated screening - A compliance tool should automatically screen prospective accounts and transactions during KYC processes. Alerts should notify compliance teams when a match is detected.
- Frequent Updates - Given that OFAC regularly updates the SDN List, it's crucial to use tools that integrate these changes promptly. Delays in updates can expose businesses to risk, as sanctioned individuals could slip through undetected.
- Advanced Features - The SDN List is a starting point, but effective compliance also requires monitoring behavioral patterns indicative of illicit activity, such as rapid fund withdrawals. Tools with customizable rule engines can enhance risk management efforts.
By implementing these features, crypto businesses can avoid sanctioned entities and other high-risk parties.
Conclusion
Complying with the SDN List is a critical challenge for crypto businesses. Beyond adhering to the specific wallet addresses listed, companies must also account for users' geographic locations and other potential red flags. Non-compliance risks—financial penalties, regulatory scrutiny, and operational disruptions—far outweigh the costs of a robust compliance program.
A well-designed compliance tool, such as Merkle Science's Compass, offers the automation, agility, and advanced analytics necessary to navigate these challenges effectively. Contact us for a free demo to ensure your business remains compliant and secure.
