Crypto sanctions compliance: five lessons from live briefing

In just six weeks, the EU, UK and US enacted major moves using sanctions against Russia and Iran, with huge consequences for the crypto industry. The EU adopted a sector-wide ban on Russian crypto platforms. Next, in an unprecedented move against such a prominent exchange, the UK designated HTX, one of the world’s ten largest. Then OFAC sanctioned Iran’s four largest exchanges in its biggest crypto action against Iranian infrastructure to date. 

03:13 – How we got here: the sanctions timeline 

On June 9, 2026, Crystal’s Chief Intelligence Officer, Nick Smart, and Compliance Advisory Manager, Irina Gorbach, hosted a live briefing on what these actions mean in practice. Nick reminded the audience that Crystal’s briefing provided general guidance on negotiating the sanctions regulation climate, not legal advice on specific cases, and that such questions were for qualified legal counsel. 

The audience was 77% compliance and AML professionals, and their poll responses told their own story: only 36% said their organization was fully prepared for the EU’s April 23 package, and 41% named detecting indirect or nested exposure on-chain as their single biggest screening challenge. 

Compliance and AML professionals made up 77% of the audience, which is a telling indicator of where exactly the pressure is being applied. Source: Crystal Intelligence 

This post distills the five lessons from that session. If you missed it, the full recording is available below. 

Key takeaways 

• Sanctions compliance is shifting from screening listed names to understanding how sanctioned actors access the financial system through intermediaries 

• Beneficial ownership tipped Nobitex from high-risk counterparty to designated entity, and regulators now expect firms to check it 

• Indicators work in combination: one weak signal rarely means anything, but five pointing the same way become intelligence 

• Nested exposure through front exchanges and OTC desks is the top screening challenge, named by 41% of our webinar audience 

• Regulators judge the quality of your decision-making, not just the existence of your screening 

06:07 – Designated vs sanctioned: what’s the difference and why it matters 

72% of respondents had preparations in place, split evenly between those who were completely ready and those who were still updating their processes weeks after the package entered into force. Source: Crystal Intelligence 

What changed across the EU, UK, and US in six weeks? 

Each jurisdiction moved differently, and each difference lands on your obligations. 

The EU’s 20th package , adopted April 23, 2026, prohibits transactions with any crypto platform established in Russia, centralized or decentralized, with effect from May 24, 2026. It banned the assets RUBx and the digital ruble, designated Meer Exchange’s Kyrgyz operator for trading the A7A5 stablecoin and activated the EU’s anti-circumvention tool at the country level for the first time against Kyrgyzstan. Our analysis of the 20th package covers the full screening implications.  

11:37 – EU 20th package: what changed on April 23, 2026 

The UK took a different route. On May 26, the FCDO designated 18 entities with immediate effect, including HTX and the A7 network that reportedly moved more than $90B last year. There was no wind-down period. We broke down what your screening list needs the day after the announcement. 

Then, on June 2, OFAC designated Nobitex, Wallex, Bitpin, and Ramzinex under counterterrorism, with strict liability and explicit secondary sanctions warnings for foreign institutions. Our OFAC action briefing maps the wallet clusters and chains to prioritize. 

Three regimes, three enforcement styles: advance notice from the EU, immediate effect from the UK, and strict liability from the US. In our audience poll, 55% said all three concern them equally. 

A clear majority (55%) of respondents were equally concerned about all three; 35% prioritized concerns about specific sets of sanctions; and 1 in 10 could not say. Source: Crystal Intelligence. 

Why is screening names no longer enough? 

Because regulators changed the question. As Irina put it during the session, the historical focus was on identifying designated individuals, blocked banks, and prohibited transactions. Today, regulators increasingly seek to understand how sanctioned persons continue to access the financial system despite existing restrictions. 

That moves enforcement attention to the mechanisms of circumvention: intermediaries, third-country structures, hidden ownership, alternative payment channels, and OTC brokers. A counterparty does not need to appear on a list to create exposure. The question is whether it facilitates access to a sanctioned jurisdiction, sector, institution, or person. 

The EU’s sectoral platform ban makes this concrete. There is no name left to screen against. Any platform established in Russia is in scope by default, which means compliance teams must assess the economic substance of transactions and relationships, not just match names. 

What tipped Nobitex from ‘risky’ to ‘designated’?

Ownership. Nobitex processed more than 50% of Iranian digital asset inflows, but it had operated inside a sanctioned jurisdiction for years. What pushed it over the edge, as a Reuters investigation reported, was its connection to one of Iran’s most powerful families. 

During the briefing, Nick walked through how Crystal independently verified the connection. Historical domain registration records show nobitex.net sharing a contact email with a charity whose board includes one of the exchange’s co-founders, with the family surname in the registrant address itself. 

The lesson for compliance teams: this depth of due diligence goes well beyond what a standard KYT alert provides, which is why a blockchain analytics tool needs entity-level intelligence behind it. The EU’s 20th package now requires firms to consider beneficial ownership, directors, the source of liquidity, and the economic purpose of relationships. Jurisdictional risk was always there. Ownership was the signal. 

16:15 – Nobitex: ownership structure and what tipped the designation 

How do you spot nested exposure in practice? 

The session’s case study was a deposit alert from an unlicensed cash desk in Phuket, Thailand. On its face, a Thai counterparty. A closer look found Russian-language services, sanctioned Russian bank branding outside, reviews in Russian, and on-chain interaction with designated Russian services. 

30:48 – Case study: a Thai cash desk walkthrough 

The right question, Irina argued, is not where the desk is located. It is whether the desk acts as an independent liquidity provider or as a gateway for sanctioned activity. That assessment needs to consider ownership, customers, banking relationships, wallets, and flow patterns together. 

Her framework splits indicators into three tiers. Hard indicators, such as a sanctioned owner or wallet, trigger immediate escalation. Medium indicators, such as high-risk OTC liquidity or unusual third-country routing, trigger enhanced due diligence. Soft indicators, such as language or customer demographics, mean little on their own but become relevant in combination. 

20:43 – Soft vs hard indicators, and the medium indicators you need to know 

One caution from the session: not everyone who speaks Russian or Farsi lives in Russia or Iran. Diaspora communities are real customers, and blanket de-risking harms financial inclusion while pushing activity into less transparent channels. 

Respondents found detecting nested exposure (41%) nearly twice as difficult as either keeping up variable designations (23%) or correctly identifying evasion behavior (23%). Just 5% were most concerned about blockchain coverage. Source: Crystal Intelligence. 

What does a defensible sanctions decision look like? 

Documented, reasoned, and explainable. Regulators do not expect you to prove sanctions evasion to a criminal standard. They expect a reasonable, risk-based judgment supported by evidence. 

Irina’s test is simple: would you be comfortable explaining to a regulator tomorrow why you accepted or maintained this relationship? If the answer is no, escalate, apply enhanced due diligence, or exit. Recent Financial Conduct Authority findings reinforced the point: most sanctions failures stem from weak governance, poor alert handling, and inadequate investigations, not from missing screening tools. 

Attribution adds urgency. Designated services now rotate wallet infrastructure daily, sometimes faster. Screening built on static address lists is always already behind. Cluster-level attribution, counterparty exposure analysis, and entity intelligence close that gap. 

Frequently asked questions 

What did the EU’s 20th sanctions package change for crypto? 

It introduced a sectoral ban on all Russia-established crypto platforms from May 24, 2026; prohibited the RUBx stablecoin and the digital ruble; designated the operator of Meer Exchange; and activated the EU’s anti-circumvention tool against Kyrgyzstan for the first time. 

Is HTX sanctioned everywhere or only in the UK? 

The May 26 designation is UK-specific. UK persons must freeze assets and cease transactions immediately, and OFSI has confirmed that the designation covers the HTX exchange due to its ownership by Huobi Global S.A. Firms elsewhere should still assess exposure through UK clients or correspondent relationships. 

Which exchanges did OFAC designate on June 2, 2026? 

OFAC designated Nobitex, Wallex, Bitpin, and Ramzinex, plus four Nobitex leaders. The exchanges accounted for over 72% of Iranian digital asset inflows in 2025 alone, and the action carries secondary sanctions risk for foreign institutions. 

What is nested exposure? 

Nested exposure arises when a counterparty that looks legitimate, such as an OTC desk or a smaller exchange, sits between you and a sanctioned activity. The intermediary absorbs the risk signal, so address screening alone misses it. Counterparty and cluster analysis reveal it. 

Do compliance teams need to reject every counterparty with a soft indicator? 

No. Soft indicators, such as language support or customer demographics, carry little weight on their own. They justify enhanced due diligence when combined with stronger signals, not automatic rejection. Blanket de-risking undermines financial inclusion and rarely satisfies regulators. 

What should I do about transactions that predate a designation? 

Apply a risk-based review, document your reasoning, and seek legal counsel where exposure is material. In the US, voluntary self-disclosure to OFAC typically results in significantly lower penalties than enforcement initiated by OFAC. 

36:54 – Q&A: post-factum transactions and risk-averse compliance teams 

Conclusion 

The briefing’s enduring theme was nuance: Sanctions compliance in 2026 is no longer about finding a direct hit on a list. It is about understanding ownership, counterparties, and the networks that connect them, and being ready to defend every decision afterward. 

49:04 – Closing thoughts: the future of sanctions compliance 

DISCLAIMER: Crystal Intelligence provides this analysis for informational purposes only. It does not constitute legal advice. VASPs should seek independent legal counsel regarding their obligations under applicable sanctions regulations.