Webinar Recap: Trends and Tactics to Strengthen Your Sanctions Program

Last week, TRM Labs’ Isabella Chase (Senior Policy Advisor) and Tom Armstrong (Compliance Advisor) teamed up with Sophie Bowler (Chief Compliance Officer and MLRO at Zodia Custody) and Crystal Noe (Head of Global Sanctions Compliance at Kraken) for an in-depth and actionable discussion about how compliance teams within crypto businesses can strengthen their sanctions programs. 

The conversation included guidance for organizations of all sizes, maturities, and geographies—with perspectives from experts with three distinct backgrounds in sanctions compliance. Read on for highlights and key takeaways from the session, or watch the full recording below.

Recent sanctions policies affecting crypto businesses

First, the panel set the stage with an overview of recent sanctions policy changes and developments that have affected their organizations and the broader cryptocurrency sector.

Armstrong kicked off the conversation by highlighting the recent extension of the statute of limitations for sanctions violations from five to ten years, as stipulated in a bill signed into law by President Biden in the United States. Armstrong explained that this extension—combined with an increase in Department of Justice prosecutors focusing on sanctions—signals an increasing trend towards more rigorous enforcement. He also noted that this extended timeframe will allow regulators and prosecutors more leeway to investigate potential violations—which could affect record-keeping, voluntary disclosures, and US-based firms’ overall approach to sanctions compliance.

Next, Noe discussed the increasing technical complexity of sanctions enforcement. She noted a shift from focusing solely on operational and policy failures to scrutinizing the technical aspects of compliance. She noted that the EU’s proposed directive on restrictive measures is helping to underscore this trend, requiring firms to have a deep understanding of their technical risks and controls. This evolution reflects a broader regulatory focus on how technical layers and controls are integrated into a company’s operations, highlighting the need for technical acumen in leadership roles within sanctions compliance teams.

Finally, Bowler explained that recent designations of high-risk wallets and exchanges have become more prevalent. She also highlighted the EU’s 14th package of sanctions against Russia, which introduces new provisions affecting transactions related to the war effort. Bowler also noted an increase in enforcement activities by regulatory bodies like the Financial Conduct Authority (FCA), reflecting a broader trend of intensified scrutiny and enforcement across jurisdictions, including the UK and EU.

Overcoming common crypto compliance challenges

The panel next sought to debunk the myth that sanctions compliance is difficult to enforce when it comes to cryptocurrencies.

Armstrong pointed out that both crypto and traditional financial sectors face similar enforcement issues. However, he did point out several challenges unique to transactions on the blockchain: For instance, how crypto businesses should handle incoming deposits from sanctioned actors who already know the business’ wallet address. Armstrong also noted the expansive nature of blockchain intelligence tools, which often rely on different heuristics and attribution models to identify sanctioned addresses. Despite these challenges, Armstrong emphasized that effective sanctions compliance is achievable in crypto, and that the richness of data available in blockchain transactions can enhance compliance efforts when used effectively.

Bowler provided practical tips for addressing sanctions compliance challenges, especially for smaller and medium-sized businesses. She stressed the importance of robust “know your customer” (KYC) processes and counterparty due diligence to mitigate risks associated with new and innovative crypto products. She also highlighted the need for accurate wallet and transaction screening, cautioning against common mistakes such as focusing solely on wallet addresses rather than the names of the entities involved.

Noe added a perspective for entrepreneurs and startups in the blockchain space—advising teams to focus on foundational compliance measures such as name screening, transaction screening, and geo-blocking. She also emphasized the importance of maintaining high data quality to avoid long-term regulatory issues. And for those new to sanctions compliance, she suggested regular review of enforcement actions and conducting risk analysis exercises to stay informed and prepared.

How crypto businesses should be thinking about indirect exposure

Next, the panel explored the critical issue of indirect exposure for crypto businesses. Indirect exposure refers to risks associated with transactions on the blockchain that are not directly linked to a customer, but could still be related. The challenge lies in tracing these risks through multiple wallet addresses or "hops," and determining the connectivity between your customer and the attenuated risk. 

Bowler noted that while there is no specific regulatory guidance for handling indirect exposure, institutions are working to define industry best practices. She suggested setting clear risk thresholds, aligning on your organization’s risk appetite, and documenting decisions carefully.

With her technical background, Noe explained the practical challenges of managing high volumes of data and alerts, as they relate to indirect exposure. She advised taking a risk-based approach and focusing resources on high-value data, while also keeping an eye on national security implications. Armstrong also noted that we may one day see an emerging regulatory expectation that institutions utilize indirect risk, and could achieve this by leveraging the enhanced transparency of blockchain intelligence in ad-hoc investigative reviews. 

Useful resources for guidance, training, and sanctions information

Finally, the speakers wrapped up the webinar by emphasizing the importance of nurturing relationships in the industry and building networks with which you can share knowledge and best practice. They also shared a few of their favorite educational resources to help crypto businesses stay in the know about sanctions, including:

• Notifications from global and local regulatory bodies
• Reports, guides, and other resources from blockchain intelligence firms like TRM Labs
• The TL;DR Crypto newsletter
• The Unchained newsletter
• The eusanctions.com website
• The globalsanctions.co.uk website

Want to dig even deeper into common sanctions evasion techniques used by illicit actors and how blockchain intelligence helps crypto businesses identify, trace, and block sanctioned activity? Check out our latest guide for crypto compliance teams, Detecting Five Common Sanctions Evasion Techniques.

‍