Crypto Sanctions Screening Checklist
Specific controls for crypto exchanges, wallets, and DeFi protocols to avoid OFAC penalties.
Wallet screening
- Screen every deposit and withdrawal address
- Use both SDN and supplementary lists (e.g., OFAC crypto-specific designations)
- Monitor for mixer and taint exposure
- Flag sanctioned jurisdiction wallet patterns
User controls
- IP geolocation on every session
- VPN and proxy detection
- Enhanced due diligence for high-risk jurisdictions
- Sanctions questionnaire for corporate accounts
Transaction monitoring
- Real-time screening pre-execution
- Post-trade surveillance alerts
- Chain-hopping detection
- Mixer interaction flagging
Reporting
- Suspicious Activity Reports (SARs) within 30 days
- OFAC blocking reports within 10 days
- Annual OFAC compliance program review
Why this checklist exists
This checklist was built for teams handling OFAC screening API. Each item addresses a common failure mode we've seen in real workflows. Skipping a step doesn't save time — it creates rework, disputes, or missed signals downstream.
Related resources
- Sanctions Risk Assessment Checklist [2026 Checklist]
- OFAC Sanctions Compliance Checklist [2026 Checklist]
- Shipping & Trade OFAC Compliance Checklist [2026 Checklist]
- How Much Does Chainalysis Cost? [2026 Pricing]
- Kraken OFAC Penalty (2022) — $362,158 [Case Study]
- Do cryptocurrency exchanges need OFAC screening? [2026 Guide]
If your product processes crypto payments, OFAC enforcement applies directly. Below are the crypto-specific compliance steps every operator should verify before deployment.
1. Screen wallet addresses before every transaction
OFAC has sanctioned 782+ specific crypto wallet addresses across EVM chains, Bitcoin, Solana, and Tron. Before your agent or platform signs any on-chain transaction, check the destination address against the full SDN wallet list. One payment to a sanctioned wallet is a separate violation with a base penalty of $330,944.
2. Do not rely on protocol-level screening
Smart contracts, bridges, and DEX routers do not screen counterparties. OFAC has sanctioned Tornado Cash smart contract addresses — demonstrating that protocol-level interaction is not exempt. Your application layer is responsible for screening before invoking any contract or transfer function.
3. Screen across all chains your product touches
OFAC sanctions lists cover addresses on Ethereum, Bitcoin, Tron, and Solana. If your product supports multiple chains, you must screen against the full multi-chain list. Screening only EVM addresses while allowing Bitcoin transfers creates a compliance gap.
4. Implement geo-blocking for embargoed jurisdictions
OFAC comprehensively sanctions 16 jurisdictions including Iran, North Korea, Cuba, Syria, Crimea, and others. If your product is accessible from these regions, implement IP-based or wallet-based geo-blocking in addition to counterparty screening. An agent that correctly screens the wallet but accepts transactions from an embargoed IP still carries exposure.
5. Maintain an audit trail
Record every screen result: wallet address, timestamp, match status, OFAC list version, and which agent/user initiated the check. In a voluntary self-disclosure scenario, this audit trail is your evidence that screening was in place. SanctionsAI provides automatic audit logging on paid plans.