‘It is almost certain that UK cryptoasset firms have under-reported suspected breaches of financial sanctions to OFSI since August 2022,’ with most violations occurring through exposure to Russian exchange Garantex and North Korean cyber threats, the British Treasury’s sanctions watchdog warned in a comprehensive threat assessment published this week.
The Office of Financial Sanctions Implementation said over 90% of crypto-related breach reports since January 2022 involved Russia sanctions, with the remainder linked to Iran, while just 7% of all suspected breach reports to OFSI involved cryptocurrency firms despite the sector’s rapid growth.
The 34-page threat assessment warns ‘it is highly likely that UK cryptoasset firms have been directly or indirectly exposed to the designated Russian exchange Garantex’ since its designation in May 2022, resulting in breaches of UK financial sanctions.
The legal implications for firms could be severe, even for unknowing violations.
Konstantin Bureiko, Counsel at law firm Debevoise & Plimpton in London, explained that UK financial sanctions breaches can be enforced on a ‘strict liability’ basis by OFSI. ‘The fact that you did not know — or even if you had no way of knowing — that you were “indirectly” undertaking a prohibited transaction with a sanctioned crypto exchange would not provide a defence,’ he said.
However, Bureiko noted that OFSI’s enforcement guidelines suggest that enforcement action is unlikely where a business inadvertently breaches sanctions and ‘discloses that breach and cooperates with OFSI’ while showing ‘it had sufficiently robust sanctions compliance systems and controls in place — even if those failed in that instance’.
According to the threat assessment, since its designation, ‘it is highly likely that at least one successor organisation has been set up and is currently operating as a direct continuation of Garantex’. The Treasury identified Grinex, a Kyrgyz-registered service, as likely continuing Garantex operations using similar interfaces and serving Russian clients, with transaction volumes exceeding $1.2 billion in stablecoin transfers by May 2025.
OFSI recommended that UK firms scan ‘3-5 hops minimum in transaction history’ to detect indirect exposure to sanctioned entities.
Bureiko said OFSI’s reference to a specific number of ‘hops’ goes beyond previous UK and US guidance and ‘will likely be viewed as setting a new compliance benchmark’. However, the expert noted there can be ‘practical and implementation issues to these types of transaction checks, including due to the varying levels of attribution information available through analytics providers’.
‘A failure to check 3-5 transaction hops is not a legal requirement, and will not – in isolation – represent a UK sanctions breach,’ Bureiko noted. ‘However, a failure to meet this standard where a sanctions breach is in fact later identified could end up being viewed as an aggravating factor, making enforcement action more likely and any penalty potentially higher.’
North Korean threats dominate the assessment’s security warnings, with OFSI stating ‘it is highly likely that UK-based cryptoasset firms are currently at risk of being targeted by DPRK-linked hackers and IT workers seeking to steal or obtain funds through illicit means’.
The report highlights major UK crypto heists including the April 2023 attack on Merlin Dex that stole $1.8 million and the June 2024 compromise of Lykke exchange resulting in approximately $19.5 million losses, both attributed to North Korean actors.
Iranian cryptocurrency firms also pose compliance risks, with OFSI finding ‘it is likely that UK cryptoasset firms are currently facilitating transfers to Iranian cryptoasset firms with suspected links to DPs’, or designated persons, particularly through Nobitex exchange which has ‘suspected links to the Islamic Revolutionary Guard Corps’.
The assessment identifies multiple sanctions evasion typologies including cross-border payments bypassing traditional financial channels, mixing services to obscure transaction pathways, and peer-to-peer trading platforms avoiding direct transactions with designated exchanges.
Regarding high-volume stablecoin transfers from jurisdictions like Kyrgyzstan or Russia, Bureiko said UK firms should ensure their compliance systems ‘are suitably attuned to, and are able to adequately deal with, the higher risks presented by transactions from these jurisdictions’. In some cases, he noted, ‘this may mean that it’s not practical to continue allowing these types of transactions’ given the very high sanctions evasion risks.
‘Successor exchanges complicate the issue further, as although their status can sometimes be a technical grey area from a sanctions law perspective, they clearly present significant sanctions circumvention and money laundering risks,’ Bureiko added.
The Treasury said cryptoasset firms showed ‘inconsistent’ reporting with ‘significant delays in both identifying suspected breaches and subsequently making reports to OFSI’, particularly where ‘delayed attribution of recipients is leading to delayed reporting’.
Since August 2022, cryptocurrency firms became obligated to report suspected sanctions breaches and encounters with designated persons, though the assessment notes most reporting occurred only since April 2024 despite the earlier requirement.
The sanctions warning comes as the UK’s broader cryptocurrency money laundering risks have escalated significantly, with the National Crime Agency estimating $1.7-5.1 billion in illicit cryptocurrency transactions link to the UK annually. The Treasury’s National Risk Assessment published last week increased the cryptoasset sector’s money laundering risk rating from medium to high, citing rapid growth and exposure to high-risk jurisdictions.
OFSI urged firms to conduct lookback exercises identifying unreported historical breaches while emphasising that ‘retrospective discovery of suspected breaches’ should still be reported even when identified significantly after occurrence.
In an email to WorldECR‘s sister publication Risk Journal, Grimex said it ‘is an independent platform with no affiliation to Garantex’. It added: ‘All claims regarding “succession” or “rebranding” are speculative and factually unsubstantiated.’
The statement did acknowledge that ‘Grinex has entered into an agreement with the management of Garantex – Russia’s largest cryptocurrency exchange, which was blocked due to international sanctions’, but added that Grinex ‘strictly complies with international sanctions regimes and does not conduct business with restricted jurisdictions or sanctioned entities’.
English (US) ·