Crypto Sanctions Screening Checklist

Specific controls for crypto exchanges, wallets, and DeFi protocols to avoid OFAC penalties.

How to use: work through each section in order. Don't skip steps — the order matters.

Wallet screening

User controls

Transaction monitoring

Reporting

Why this checklist exists

This checklist was built for teams handling OFAC screening API. Each item addresses a common failure mode we've seen in real workflows. Skipping a step doesn't save time — it creates rework, disputes, or missed signals downstream.

Automate it: SanctionsAI handles most of these checklist items automatically through its OFAC screening API workflow.

If your product processes crypto payments, OFAC enforcement applies directly. Below are the crypto-specific compliance steps every operator should verify before deployment.

1. Screen wallet addresses before every transaction

OFAC has sanctioned 782+ specific crypto wallet addresses across EVM chains, Bitcoin, Solana, and Tron. Before your agent or platform signs any on-chain transaction, check the destination address against the full SDN wallet list. One payment to a sanctioned wallet is a separate violation with a base penalty of $330,944.

2. Do not rely on protocol-level screening

Smart contracts, bridges, and DEX routers do not screen counterparties. OFAC has sanctioned Tornado Cash smart contract addresses — demonstrating that protocol-level interaction is not exempt. Your application layer is responsible for screening before invoking any contract or transfer function.

3. Screen across all chains your product touches

OFAC sanctions lists cover addresses on Ethereum, Bitcoin, Tron, and Solana. If your product supports multiple chains, you must screen against the full multi-chain list. Screening only EVM addresses while allowing Bitcoin transfers creates a compliance gap.

4. Implement geo-blocking for embargoed jurisdictions

OFAC comprehensively sanctions 16 jurisdictions including Iran, North Korea, Cuba, Syria, Crimea, and others. If your product is accessible from these regions, implement IP-based or wallet-based geo-blocking in addition to counterparty screening. An agent that correctly screens the wallet but accepts transactions from an embargoed IP still carries exposure.

5. Maintain an audit trail

Record every screen result: wallet address, timestamp, match status, OFAC list version, and which agent/user initiated the check. In a voluntary self-disclosure scenario, this audit trail is your evidence that screening was in place. SanctionsAI provides automatic audit logging on paid plans.

Try SanctionsAI

Free OFAC sanctions screening API.

Get started →