OFAC sanctions screening for crypto — a primer

The Office of Foreign Assets Control (OFAC) publishes the Specially Designated Nationals (SDN) list, which includes individuals, entities, aircraft, vessels — and since 2018, crypto wallet addresses. Addresses are listed on the public SDN under the Digital Currency Address (DCA) tag.

Not every sanctioned person has a published address. Many designations carry "wallets controlled by X" language without specific addresses, leaving chain-analysis firms to resolve the cluster.

At minimum, every transaction involving a US person or US touchpoint should be screened against the SDN list at transaction time. Daily refreshes are the floor; intraday refreshes are increasingly the norm.

Cluster-level attribution is critical. A wallet one hop from a listed address is not automatically sanctioned, but is high-risk in most compliance frameworks. Document your threshold.

Address reuse is the biggest false-positive source. A wallet that received funds from a listed address years ago, before the designation, may now be controlled by a different party. Match on direct ownership signals (co-spend heuristics, exchange disclosure) where possible.

Mixed-output transactions (CoinJoins) create ambiguity. A post-CoinJoin address may have "touched" a sanctioned cluster probabilistically without any direct control relationship.

Confirmed matches require action: the funds must be blocked or rejected per OFAC rules. Reports to OFAC are typically required within 10 business days.

Partial or ambiguous matches require documentation. Firms that can show a reasoned analysis behind a "cleared" finding fare far better in examinations than firms that show no analysis at all.

Our sanctions category ingests the OFAC SDN list daily, OFSI's Consolidated List daily, the EU Financial Sanctions List daily, and UN Security Council lists on update. We resolve cluster-level attribution and score accordingly.