Navigating The Crypto Compliance Minefield: OFSI's 2025 Threat Assessment

This article was first published by Compliance Monitor and i-law.

On 21 July 2025, the UK's Office of Financial Sanctions Implementation (OFSI) published a sector-specific Cryptoassets Threat Assessment ("the Report"), shedding light on the evolving risks and vulnerabilities in the crypto sector related to financial sanctions. As the crypto landscape continues to expand, this report serves as a critical resource for UK cryptoasset firms and stakeholders aiming to strengthen compliance and mitigate exposure to illicit activity.

The Report is part of a series of similar assessments that OFSI has published in 2025 with other reports covering financial, legal, and property related services, as well as art market participants and high value dealers.¹

Cryptoassets: The Regulatory Landscape

Under UK law, cryptoassets are treated like any other asset class in the context of financial sanctions. The Money Laundering Regulations (MLRs) and the Sanctions and Anti-Money Laundering Act 2018 (SAMLA) apply equally to digital assets. Since January 2020, cryptoasset firms must register with the Financial Conduct Authority (FCA) for AML supervision.

The Report, covering data from January 2022 to May 2025, reflects the growing momentum behind regulation of the sector:

• September 2023: The FCA introduces the 'Travel Rule', requiring cryptoasset businesses to collect, verify and share information about cryptoasset transfers.²
• October 2023: The FCA introduces the cryptoasset financial promotions regime for all firms promoting cryptoassets in the UK.³
• November 2023: The FCA issues a discussion paper on the regulation of stablecoins.⁴
• December 2024: The FCA publishes a discussion paper on the future market abuse regime for cryptoassets and the cryptoasset admissions and disclosures regime.⁵
• April 2025: The UK Government publishes draft legislation aimed at bringing the operation of a cryptoasset trading platform, intermediation, cryptoasset lending and borrowing, staking and decentralised finance (DeFi) within the FCA's remit.⁶
• May 2025: The FCA publishes a discussion paper on the regulation of cryptoasset activities.⁷

The FCA's roadmap, published in November 2024, anticipates the publication of all policy statements and final rules in 2026, after which firms will be given time to prepare before the regime goes live.⁸ Regulation of cryptoassets is essential, but the pace at which the FCA is moving suggests it will struggle to keep up with the constantly evolving threats described in the Report.

The OFSI Report: Key Judgments

The report outlines five core judgements concerning sanctions threats relevant to UK cryptoasset-related services firms:

1. Underreporting of Breaches: In the period covered by the report, over 7% of all reports to OFSI of suspected sanctions breaches involved crypto firms, with almost all of those reports being made since April 2024. Despite this, OFSI asserts it is almost certain that UK cryptoasset firms have underreported suspected breaches since August 2022.
2. Inadvertent Non-Compliance: Most breaches likely stem from indirect exposure to Designated Persons (DPs) and suspected breaches being identified after a delay in attribution, with attribution delays also contributing to failures to implement asset freezes.
3. Exposure to Russian Entities: It is highly likely UK cryptoasset firms have been directly or indirectly exposed to the designated Russian exchange Garantex since its designation in 2023, resulting in breaches of UK financial sanctions. Over 90% of crypto-related suspected breach reports submitted to OFSI since 2022 involve Russia.
4. North Korean Cyber Threats: It is highly likely UK cryptoasset firms are at risk of being targeted by DPRK-linked hackers and IT workers seeking to steal or obtain funds through illicit means.
5. Iranian Connections: It is likely that UK cryptoasset firms are currently facilitating transfers to Iranian cryptoasset firms with suspected links to DPs.

These findings reflect the geopolitical use of cryptoassets to bypass traditional financial systems and underscore the urgent need for enhanced due diligence, reporting, and technological vigilance.

Threat Overview: Common Vulnerabilities

The Report delves deeper into several risk areas and common typologies used to evade sanctions:

Cross-border payments: Cryptocurrencies enable DPs to circumvent financial channels and sanctions compliance mechanisms, including through VPNs, to obscure the true location of individuals involved in a transaction, complicating KYC efforts.

Centralised Exchanges with Links to DPs: Certain crypto trading platforms may share infrastructure with designated exchanges, despite sanctions levelled against them. These links can be disguised by the use of intermediary wallets, to separate incoming deposits from withdrawals and circumvent compliance software that flags links to a DP.

High-Risk and Non-KYC Services: Instant exchanges services, which do not collect customer information, are used to convert standard currencies into cryptoassets to facilitate the transfer of funds from DPs (including sanctioned banks) to specified crypto wallets, evading sanctions screening.

Layering, Mixing and Anonymity Enhancing Techniques: The decentralised nature of cryptoassets facilitates the obfuscation of transaction pathways and payment structures, including through the use of anonymous private wallets. Cryptoassets can also be layered by moving them between different blockchain networks, increasing the complexity of tracing illicit cryptoassets.

Exchanges Operating through Darknet Marketplaces: Individuals can use platforms on the dark web to discuss, sell, and promote illicit activity, including sanctions evasion, anonymously.

Over the Counter (OTC) Trades: Peer-to-peer trading, and the use of direct brokers can take place outside of the supervision of an exchange, making it more difficult to regulate. OTC trades operate internationally and can be used by sanctions evaders to exchange cash in one jurisdiction and access it in another.

Decentralised Exchanges (DEXs): DEXs are trading platforms that often operate without a single controlling entity and do not require identity checks, making them attractive to sanctions evaders.

Nested Exchanges: Also known as parasite exchanges, these use the infrastructure of more established exchanges without the latter's awareness or approval. Nested exchanges handle illicit cryptoassets at much higher rates than legitimate platforms.

These methods highlight the complexity of tracing illicit crypto activity and the need for robust monitoring tools.

Identifying Red Flags

The Report identifies several red flags common in the crypto sector and urges UK firms to conduct robust due diligence to identify these issues. OFSI states that the presence of two or more red flags should trigger enhanced due diligence. Common red flags include:

• Large or unusual transactions following sanctions announcements;
• Exposure to known DPs or associated entities;
• Sudden changes in transaction patterns;
• Repeated payments from individual addresses for very low amounts;
• Rapid movement of assets through multiple addresses;
• Multiple wallets controlled by the same entity (address clustering);
• Use of privacy coins, mixers, or VPNs; and
• Transactions involving sanctioned jurisdictions.

Strengthening Compliance

The Report outlines several considerations for crypto firms and stakeholders aiming to enhance sanctions compliance, using a risk-based approach to assess exposure based on transaction patterns, jurisdiction, and service type. Recommendations include:

1. Check the FCA register to identify whether any cryptoasset firms they do business with are registered,⁹ or check the equivalent register of the jurisdiction in which the cryptoasset firm is based.
2. Improve detection through the use of transaction screening and blockchain analytics to monitor crypto flows and identify any new addresses linked to DPs. Firms should consider the use of specialised software for this purpose.
3. Consider counterparty risk, behavioural patterns and transaction history depth based on the number of individual transactions ("hops") used as part of an overall transaction.
4. Conduct lookback exercises to identify any past suspected breaches involving cryptoassets which might not have been reported to OFSI.
5. Report suspicious transaction chains to OFSI as soon as they are discovered.
6. Report any suspected illicit activity involving cryptoassets to the NCA and the FCA where relevant, as per their legal obligations.

Key Takeaways

The Report is a wake-up call. As the UK grapples with the rising adoption of cryptoassets and an evolving sanctions regime, firms face immediate compliance pressures even as the regulatory environment struggles to keep pace with the developing threat. The vulnerabilities identified in the Report are active potential vectors for sanctions circumvention, exposing firms to significant risks. Firms should be proactive in updating systems, training and policies to account for the emerging threats; vigilant in screening for transaction and counterparty risks; and cooperative with their regulators and with OFSI in reporting suspected sanctions breaches.

Footnotes

1. https://www.gov.uk/government/publications/ofsi-threat-assessment-reports

2. https://www.fca.org.uk/news/statements/fca-sets-out-expectations-uk-cryptoasset-businesses-complying-travel-rule

3. See: https://www.wilmerhale.com/en/insights/blogs/wilmerhale-w-i-r-e-uk/20230711-digital-assets-consultation-offers-first-step-in-regulation

4. https://www.fca.org.uk/publications/discussion-papers/dp23-4-regulating-cryptoassets-phase-1-stablecoins

5. https://www.fca.org.uk/publication/discussion/dp24-4.pdf

6. https://assets.publishing.service.gov.uk/media/680f6387faff81833fcae94b/0302425_draft_RAO_SI.pdf

7. https://www.fca.org.uk/publication/discussion/dp25-1.pdf

8. https://www.fca.org.uk/publication/documents/crypto-roadmap.pdf

9. https://register.fca.org.uk/s/search?predefined=CA