In the wake of Russia’s invasion of Ukraine, sanctions have come to the forefront of economic trade with many nations adding individuals and entities to their sanctions lists in the last month.
In light of the severity of enforcement actions for those that do not comply, here, Coinfirm’s Regulatory Affairs team overviews: what sanctions are and the main regulatory bodies to be aware of, the issues around blockchain technology regarding them, how Coinfirm’s solutions can help and more.
Sanctions: an Overview
Definition of Sanctions and Regimes
Sanctions represent a wide range of political and economic restrictions, implemented against countries, entities or individuals with the aim of maintaining or restoring local and international peace and security by influencing the behaviour of a particular country’s governments, individuals or groups.
For example, various countries have imposed sanctions against Russia following the annexation of Crimea (2014) and most recently (2022) in the aftermath of the unprovoked invasion of Ukraine, in an effort to discourage Russia’s continuation of the attack.
A regime or programme is the system in which sanctions are applied in a given scenario.
For example, OFAC ‘Iran sanctions’ programme lists sanctions against Iran. On the other hand, there are 3 OFAC sanctions programmes applying to Russia: ‘Russia Harmful Foreign Activities’; ‘Ukraine/Russia Related Sanctions’ and ‘Magnitsky Sanctions’ programmes.
Why and How are Sanctions Created?
The basis of sanctions creation is the assurance of economic and political security of a jurisdiction, and/ or international security when all diplomatic attempts at resolving a conflict have failed.
This goal is secured by imposing restrictions against certain countries, entities or individuals considered to pose a certain degree of risk to political and economic stability.
Sanctions are essentially the largest firepower a country has against another country short of military force.
Who and What do Sanctions Target?
Countries: sanctions are imposed against an entire jurisdiction restricting all direct or indirect imports/exports, trade brokering, financing or facilitating against most goods, technologies and services and others. Engaging in these activities with either an individual or legal entity from a sanctioned country is prohibited, unless granted special authorisation by the sanctions regulator for specific transactions. Examples of sanctioned countries by OFAC are Cuba, North Korea, Iran and Syria.
Legal entities and groups: companies from targeted countries and other entities (such as terrorist groups) are subject to asset freezes or other targeted restrictions.
Industries, vessels and aircraft: restrictions can be linked to those related to a specific sanctioned jurisdiction.
Individuals: particular individuals or groups of individuals (such as drug traffickers, weapon proliferators and corrupt leaders) can be targeted by various measures such as financial restrictions and/or travel bans.
Types of Sanctions
On a macro level, there are sanctions agreed upon by multiple nations against the same target, which we call multilateral and those imposed by a single country, called unilateral.
On a micro level, both the multilateral and unilateral ones apply the following restrictions:
Comprehensive sanctions – sanctions of the widest range. Typically this term is used in the context of OFAC (US) comprehensive sanctions that are directed at entire countries or regions and restrict specific interactions with their general population, entities and government.
Note that this term may have a slightly different scope in the case of EU or UN sanctions. In the EU comprehensive sanctions refer to those targeting governments.
Sectoral Sanctions – prohibit specific business dealings with sanctioned subjects within a specific sector, such as financial or energy-related transactions. E.g. financial sectoral sanctions would (among others) prohibit providing financing or issuing debt for a sanctioned entity (type applied by the UK and the USA).
Targeted or Selective Sanctions directed at specific individuals, companies and organizations (type applied by most sanction issuers (type applied by UN, EU, UK and USA).
Secondary Sanctions – sanctions penalizing entities breaching sanctions, e.g. a company with high volumes frequent dealings with Iran can be sanctioned (type applied by the USA).
Regardless of the type of sanction, it is a criminal offence to breach a sanction without an appropriate licence or authorisation from the appropriate sanction regime. Fines range up to millions of dollars depending on the offence, to even prison sentences for the liable parties involved – if the breach was considered to be taken place willfully.
The main sanction regimes in the world are those of the European Union (EU), the United Nations (UN) and the US’ Office of Foreign Assets Control (OFAC).
Sanctions are introduced by legislative means (such as Acts/Executive Orders and regulations depending on the jurisdiction) and administered and enforced by sanctions bodies respective to each jurisdiction (such as OFAC in the US or OFSI in the UK).
Who Creates and Imposes Sanctions?
There is no single international regulatory body that introduces and enforces sanctions.
The UN Security Council and the EU introduce multilateral sanctions. As they have no authority to enforce them, this responsibility falls onto the Member States. Currently, there are 193 UN Member States and 27 in the EU.
Each country has its own sanctions bodies that introduce unilateral sanctions and administer and enforce them. In the UK, the HM Treasury implements and enforces financial sanctions, through its Office of Financial Sanctions Implementation (OFSI). In the US, the Office of Foreign Assets Control (OFAC) of the US Department of the Treasury administers and enforces economic and trade sanctions.
Sanctions are created by a variety of international, regional and state bodies as follows:
- The United Nations derives its sanctions from the United Nations Security Council (UNSC) Resolutions, which all 193 Member States are advised to implement in local legislation. However, the UN has limited ability to compel states to comply, thus not all jurisdictions adopt them.
- The European Union is a regional body that employs the European Council to adopt sanctions in order to implement UNSC Resolutions, and adding an additional layer of strictness. It also adopts its own set of measures pursuant to its own independent foreign policy objectives. The European Commission ensures the uniform application of sanctions throughout the EU. Member States are responsible for implementing EU sanctions in their respective jurisdictions.
- Independent jurisdictions – will adopt UNSC Resolutions and in certain cases, add their own restrictions, or maintain only a set of sanctions that do not follow the Resolutions.
- UK – is an example of independent country that delegates sanctions pursuant to UN and EU sanctions, and the Organization for Security and Co-operation in Europe arms embargoes. The Office of Financial Sanctions Implementation (OFSI) ensures that financial sanctions are properly understood, implemented and enforced in the UK. OFSI is part of the Her Majesty’s Treasury (HMT). The Sanctions and Anti-Money Laundering Act 2018 provide the main legal basis for the UK to impose, update and lift sanctions.
- USA – issues regulations promulgated by the Secretary of the Treasury pursuant to executive orders issued by the President, International Emergency Economic Powers Act of 1977 under relevant sanctions-related Acts, e.g. the Trading with the Enemy Act of 1971. Others are issued based on regulations, and also based on United Nations and other international mandates. The Office of Foreign Assets Control (OFAC) provides general licences authorizing the performance of certain categories of transactions with certain designated entities.
Who Must Abide?
Each country must abide by the sanctions regulations imposed by the regulatory body they fall under:
All financial institutions within UN Member States must comply with UN Sanctions, thus it’s expected of them to perform UN sanctions searches as part of their AML/CFT compliance programme, as dictated by regulations developed and implemented by domestic authorities in view of UN’s lack of direct legislative power to enforce its sanctions within Member States.
EU Sanctions are binding on Member State nationals inside or outside the territory of the EU, on any legal person or entity incorporated or constituted under the law of a Member State, as well as on branches of EU companies in third countries.
UK Sanctions apply to all individuals and legal entities who are within or undertake activities within the UK’s territory, as well as all UK nationals and legal entities established under UK law, including their branches, irrespective of where their activities take place.
US Sanctions apply to all US citizens and permanent residents (irrespective of their origin) on or outside US territory, as well as to legal entities established under US law and their branches, irrespective of where they conduct business.
OFAC’s Cuba, Iran, and North Korea sanctions programmes extend sanctions prohibitions to certain foreign entities owned or controlled by U.S. persons or U.S. financial institutions. Additionally, any transaction that causes a violation — including a transaction by a non-U.S. person that causes a U.S. person to violate sanctions — is also prohibited.
All international, regional and state bodies that issue sanctions will have lists of sanctioned countries, entities and individuals these are imposed upon.
Sanctions related to countries can be found on regulators’ websites:
Lists of sanctioned entities and individuals are called Sanctions Lists of Designated Persons, Consolidated Lists, or simply Sanctions Lists:
Regulators may keep a separate list for sectoral sanctions:
Due Diligence in Relation to Sanctions
The level of due diligence obliged entities must apply to ensure no dealings with sanctioned parties are allowed, would depend on:
- Sanctions regimes they need to comply with (note that more than one may apply depending on locations/registration of your business)
- Whether or not their business is regulated (and as such required to conduct KYC and Client Due Diligence)
- The company’s risk appetite (especially with regards to indirect sanction risks, also the company may decide to follow sanction regime it does not legally fall under)
The sanctions checks would entail at minimum, the following, to identify DIRECT sanctions risk for regulated companies:
- Checking the country of registration and operations of your customer (or country of birth and citizenship as applicable)
- Screening the name of the customer AND screening the names of >50% shareholders
- Verifying the nature of business relationship with your customer against applicable sanctions lists and sanction programmes
Note the following:
– All sanctions lists are available online for free. There are many paid sanctions screening software solutions at the market. The usual benefit of using the paid ones is the fuzzy matching logic (the system can find a match even with spelling mistakes or spelling variation) and the fact that many >50% owners are included. In contrast, using a free list may be compromised by spelling variations. Also, the free list will not include many >50% owners lists that paid solutions do, based on companies’ ownership research.
Depending on the company’s business profile, regulated status and risk appetite, it may also consider the introduction of *mitigating measures for INDIRECT sanctions risks. Some examples of such measures are:
- Checking the country of registration and operations of your customer’s subsidiaries, affiliates and joint venture
- Screening the name of your customer’s shareholders and beneficial owners >50%
- Screening the names of customer’s directors/ day to day controllers
- Searching for potential adverse media regarding your customer’s sanction evasion
- If your customer is a shipping company- screen the name of the companies’ vessels
- If your customer is a regulated business- check their sanctions policy
*Please note these are only illustrative examples and the list is not exhaustive.
Sanction checks should not constitute a one-off exercise done only at the time of the customer onboarding. Relevant sanctions checks should be repeated throughout the duration of the customer relationship to identify any changes to the customer profile that may change sanctions risk assessment. For regulated businesses, this is an integral part of meeting the obligations of ongoing monitoring of customers.
Moreover, sanctions lists are updated on an ongoing basis and therefore ongoing monitoring for sanction lists additions is required to ensure that if your customer is added to the sanction list, this new sanction risk is identified immediately.
Each obliged entity must abide by the reporting obligation regulations imposed by the regulatory body they fall under:
In the EU, economic operators are required to freeze funds and report any sanctions breech immediately after they are aware of the situation, to the competent authorities of the Member State where they are resident or located, and to transmit the information, directly or through the relevant Member States, to the Commission.
Financial entities who become aware of a legal person or entity being owned or controlled by a sanctioned person or entity must inform the competent authority of the relevant Member State and the Commission either directly or through the Member State.
Member States may apply additional reporting requirements under AML regulations.
Information on how to directly report sanctions violations to the Commission can be found here.
In the UK, reporting obligations fall on ‘relevant firms’ (i.e. mostly regulated firms) and individuals working for them.
Reporting must be done to OFSI ‘as soon as practicable’ when there is knowledge or reasonable cause to suspect that a person is designated or has committed an offense under the regulations.
More details on reporting obligations under UK law can be found by accessing this link.
In the US, any transactions that indicate sanctions breach or attempt to do so must be blocked and placed into an interest-bearing account on the company’s books from which only OFAC-authorized debits may be made.
The blocking also must be reported to OFAC within 10 business days.
Independent jurisdictions may have different sanctions reporting obligations as stated in their local regulations.
Apart from sanctions-related reporting obligations, regulated businesses must consider other applicable reporting requirements for sanctions-related cases.
You identified an indirect de minimis (i.e. very small) sanction risk on your customer – a shareholder owning 2% of your customer entity is sanctioned. Through your risk analysis at the time of onboarding, you concluded that the shareholder has no control of the company and got comfortable with the risk. However, later ongoing monitoring reveals that the customer ownership structure got more complex and opaque. Based on the facts collected, you formulate a suspicion that the company is being used by the 2% shareholder to evade sanctions. This suspicion must be reported as a SAR to the relevant authority – even though you may not be in breach of sanctions, you need to report the suspicion of potential sanction evasion.
Businesses Owned/Controlled by Designated Persons – the 50% Rule
The 50 percent rule considers scenarios where entities owned in excess of 50%, directly or indirectly, by a person subject to asset freeze – financial sanctions will apply to the entity as well and shall be considered blocked.
This rule is imposed by the US’ OFAC, the UK and EU.
Links to Official Sanctions Pages of the UNSC, EU, HMT and OFAC
Sanctions in Crypto
Sanctions Obligations in Crypto
Regulated entities in the crypto space (VASPs and traditional FIs with exposure to crypto) are required under AML laws to perform KYC verification and other forms of Due Diligence (DD) on their crypto users. As part of this verification process, sanctions checks apply as well, and the process remains the same as that employed by the fiat/traditional financial industry.
Although non-regulated entities would not have the same AML/CDD obligations, some sanctions programmes also apply to them (i.e. they impose obligations on any person within a given country, regulated or non-regulated). Moreover, the sanctions body with the biggest enforcement effectiveness (OFAC) applies a so-called ‘strict liability’. What that means in practice is that a person/entity obliged to comply with sanctions can be made liable for a sanction breach even if they had absolutely no knowledge of being in the breach.
On top of the above, there are reputational considerations. While sanction fines may be settled with money, damaged reputation of your business may take years to be re-built.
Some sanctions-related obligations may pose more difficulties in the crypto industry. OFAC’s sanctions regulations require restricting access to virtual assets when a client is discovered to be a designated person and block the assets.
However, as one of the inherent natures of blockchain technology is the swiftness of transactions, with the impossibility to stop them once initiated, crypto business may need to consider alternative sanction mitigating measures on top of ‘traditional’ ones applied in fiat finance.
An example is automatic blocking of transactions in decentralised finance (DeFi) through an API call to a sanctions oracle (e.g. Coinfirm’s AMLT Oracle) embedded in a DeFi smart contract.
What are the differences between sanction obligations in fiat/traditional finance and crypto?
The short answer is none, bar some minor detail differences*. In the recent climate of unprecedented sanctions imposed on Russia and the threat of sanctions evasions using crypto, there has been a set of guidance papers and reminders issued by the regulators and sanction bodies emphasising that sanction programmes apply to crypto in the same way as they do to traditional finance.
Some examples of such statements:
*E.g. under OFAC programmes, changes from sanctions regulations in the fiat industry involve:
- US persons are not required to hold blocked assets in an interest-bearing account.
The nascent character of the crypto assets industry, developing regulatory framework and some characteristics of crypto assets technology may create an increase of sanctions non-compliance.
In order to properly address and mitigate these risks, the first step is the awareness and understanding of their nature. Recently, with the increased focus on sanctions in crypto, there have been a few papers published pointing out what these vulnerable areas are:
Knowing the Shortcomings: Circumvention Enablers
The President of the United States, in the Executive Order issued March 9, 2022, on Ensuring Responsible Development of Digital Assets, recognised the benefits of adopting digital assets and modernise the public payment systems, and has also addressed certain risks that come with it, such as ‘’digital assets [being] used as a tool to circumvent United States and foreign financial sanctions regimes and other tools and authorities‘’, especially in view of VASPs’ hardships in adopting parts of the imposed measures.
In this respect, the President adds that ‘’the new and unique uses and functions that digital assets can facilitate may create additional economic and financial risks requiring an evolution to a regulatory approach that adequately addresses those risks.’’
Regulators have not overlooked this aspect and have started to take a deep dive into how to better assist financial system players in the crypto sphere, to implement proper mitigating procedures while avoiding disruption of business.
Some root causes identified by OFAC for sanctions compliance violations, which VASPs need to be mindful of, are:
- Misinterpreting, or failing to understand the applicability of regulations
- Decentralised compliance functions, inconsistent application of a formal sanctions compliance programme and lack thereof
- Sanctions screening software or filter faults
- Improper Due Diligence on clients
The full list, as part of the Framework for OFAC Compliance document, can be found here.
Other factors, in addition to OFAC’s findings, aiding to circumvent sanctions are:
- Lack of regulations in specific jurisdictions/improper application thereof – Not all jurisdictions have issued regulations for VAs, allowing VASPs to operate without a licence and improper or non-existent AML procedures. Most regulated VASPs are still figuring out how to best apply regulations so it does not hinder their business activity.
- The nature of blockchain technology – Anonymizing techniques, such as the use of mixers, Peer-to-Peer transactions, cross-chain transfers employing privacy coins, and others, pose significant threats to identifying the end-user.
- Unverifiable SoF (e.g. Cash) – The use of cash as Source of Funds (SoF) in purchasing VAs is allowed by certain VASPs.
- Complex transactions – Complex transactions passed through a variety of VASPs and financial institutions with the intent to hide the original sender.
OFAC’s Sanctions Compliance Best Practices for the Virtual Currency Industry mentions that:
‘’All companies in the virtual currency industry, including technology companies, exchangers, administrators, miners, and wallet providers, as well as more traditional financial institutions that may have exposure to virtual currencies or their service providers, are encouraged to develop, implement, and routinely update, a tailored, risk-based sanctions compliance program. Such compliance programs generally should include sanctions list and geographic screening and other appropriate measures as determined by the company’s unique risk profile.’’
In order to address sanctions risks, a VASP must first identify them. An effective sanctions compliance programme is the first step in the right direction as this entails:
- Performing a Business Risk Assessment (BRA), including an assessment of sanctions risks
- Adopting policies and procedures meant to address the identified risks in the BRA
- Applying in practice proper due diligence on customers, monitoring of transactions with identification of indicators of illicit activity
Further, to mitigate risks, VASPs should implement internal controls based on:
- Products and services the company offers
- Where the company operates
- Geolocation of its users
- Sanctions-specific risks identified in the BRA
Remedial measures in identifying weaknesses in internal controls and implementing of new ones to prevent future violations can include among others:
- Having a dedicated compliance team and a chief or sanctions compliance officer
- Implementing sanctions trainings for employees
- Retrospective batch screening of all users and their crypto addresses
- Implementing IP address blocking and email-related restrictions for sanctioned jurisdictions
- Independent testing and auditing of programmes’ performance, highlighting what aspects need to be updated, enhanced, or recalibrated to account for a changing risk assessment or sanctions environment
Due to the nature of transactions performed on blockchains, internal controls would require:
- Proper due diligence at onboarding and throughout the lifecycle of the business relationship
- The use of dedicated software combined with
- Any other information a VASP can obtain from and about the customer which can be used to prevent sanctions violations (irrespective of the reason it was collected)
Examples of information from Know Your Customer (KYC) that may support sanctions controls:
Individuals: legal name, date of birth, nationality, ID, physical and email address, IP addresses associated with transactions and logins, banking information.
Legal Entities: line of business, trade and legal name, physical and email address, ownership information, jurisdictions where the entity does business, IP addresses associated with transactions and logins, banking information, any other relevant official documents.
Software can be used for: screening, conducting investigations, transaction monitoring, geolocation tracking and IP address blocking, among others.
VASPs are at liberty to develop their own in-house software, or make use of third-party ones.
Blockchain Transaction Monitoring and Investigation software can:
- Be used to identify the participating addresses to transactions, sender and beneficiary address owners, and underlying transactional data.
- Prevent and identify transfers to addresses associated with sanctioned persons and avoid violations of sanctions.
- Review historical information for such addresses or other identifying information to better understand their exposure to sanctions risks and identify sanctions compliance programme deficiencies.
- Any other information a VASP can obtain from and about the customer which can be used to prevent sanctions violations (irrespective of the reason it was collected).
In 2018 OFAC began including on the SDN List certain known virtual currency addresses related to listed persons and entities.
Some blockchain analytics tools (e.g. Coinfirm’s) can identify unlisted addresses that appear to be controlled by the same person controlling a listed address, thus allowing for increased sanctions controls.
Non-exhaustive list of red flags on spotting suspicious activity potentially related to sanctions circumvention as indicated by FinCEN, OFAC and the Financial Conduct Authority (FCA):
- Provision of inaccurate or incomplete KYC information when attempting to open an account.
- Clients are non-responsive or refuse to provide updated customer identification or KYC information.
- Clients attempt to access a virtual currency exchange from an IP address, connected to a sanctioned jurisdiction.
- Clients make use of VPN or proxy in an attempt to obfuscate their location.
- Clients who reside or conduct transactions to or from a jurisdiction subject to sanctions.
- Clients attempt to transact with a virtual currency address associated with a blocked person or sanctioned jurisdiction.
- Clients are non-responsive or refuse to provide additional transaction information in response to a virtual currency company’s request.
- Clients’ transactions involve exchanges or custodian wallet providers with poor customer due diligence procedures or high risk.
- Clients engage in the transaction flow the services of mixers and tumblers in an attempt to obfuscate the source of crypto assets.
- Customer’s transactions are initiated from or sent to wallets linked to IP addresses previously flagged as suspicious.
In addition, “red flags” indicative of money laundering or other illicit activity which may also be indicative of potential sanctions evasion.
Links to red flags non-exhaustive lists:
At the moment of publication of this content (March 2022), the only sanctions enforcement actions and sanctions designation in the crypto space have been taken by OFAC. Considering the current sanctions-focused climate, it is reasonable to expect that the number of crypto-related designations and enforcement actions will significantly increase.
As of March 2022, OFAC has so far:
- Designated a number of ransomware groups and individuals connected with those groups as sanctioned parties;
- Designated a few cryptocurrency exchanges as sanctioned in the light of the volumes of illicit assets they have been accepting;
- Concluded sanction compliance enforcement action (resolved with settlement) with crypto asset custodian for allowing customers from comprehensive sanctioned jurisdictions.
OFAC Designations: Ransomware Groups
The US Department of Treasury issued on September 21, 2021, an Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.
It emphasizes the implications of financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response in facilitating ransomware payments to cyber actors on behalf of victims, such as encouraging future ransomware payment demands and violating OFAC regulations.
Potential sanctions risks associated with making and facilitating ransomware payments is that Illicit gains stemming from ransomware may aid individuals/entities with sanctions nexus to profit and advance their illicit aims.
The message that this OFAC paper is sending to the crypto industry is: if you handle ransomware payments or proceeds, you may be in breach of sanctions given a number of ransomware parties are subject to sanctions. Considering OFAC’s strict liability, sanction breach occurs even if you are not aware of the breach.
OFAC Enforcement Action: BitGo, Inc.
Context: Violations of Multiple Sanctions Programmes Related to Digital Currency Transactions
BitGo knowingly allowed users, between 2015 and 2019, located in sanctioned jurisdictions to access their services, as they had visibility over the Internet Protocol (IP) address data associated with devices used to log in to the platform.
The users logged in from the Crimea region of Ukraine, Cuba, Iran, Sudan, and Syria.
BitGo failed to implement controls designed to prevent such users from accessing its services.
Resolution: OFAC determined that BitGo did not voluntarily self-disclose the Apparent Violations and that the Apparent Violations constitute a non-egregious case and the statutory maximum civil monetary penalty applicable in this matter is over $53 million.
Case source: Treasury Press Release
OFAC Designation: Suex – Ransomware
Context: SUEX OTC, S.R.O. (SUEX), a virtual currency exchange, which facilitated financial transactions for ransomware actors for their own illicit gain.
The company facilitated transactions involving illicit proceeds from at least eight ransomware variants totalling to over 40% of their known transaction history, leading it to now being a designated entity by OFAC.
Resolution: The company was designated on September 21, 2021, and all property and interests in property of the designated target that is subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them.
Case source: Treasury Press Release
OFAC Designation: Chatex – Ransomware
Context: designation of Chatex, a virtual currency exchange, and its associated support network, for facilitating financial transactions for ransomware actors.
Analysis of Chatex’s known transactions indicated that over half are directly traced to illicit or high-risk activities such as darknet markets, high-risk exchanges, and ransomware.
Chatex has direct ties with SUEX OTC, S.R.O. (Suex), using Suex’s function as a ‘nested’ exchange to conduct transactions.
Resolution: Chatex was designated on November 8, 2021, for providing material support to Suex and the threat posed by criminal ransomware actors.
Case source: Treasury Press Release
OFAC Designations: Izibits Ou, Chatextech Sia, and Hightrade Finance Ltd
Context: IZIBITS OU, Chatextech SIA, and Hightrade Finance Ltd provided material support and assistance to Chatex – designated entity.
These three companies set up infrastructure for Chatex, enabling their operations.
- On November 8, 2021, all three companies have been designated by OFAC.
- The Estonian Financial Intelligence Unit has revoked the licence of Izibits OU after working with the United States to identify the activities of designated entities.
- Latvian government authorities have:
- Suspended with immediate effect the operations of Chatextech;
- Assessed a fine for breaches of company registration and business conduct laws and regulations;
- Included Chatextech board members in Latvia’s registry of high-risk individuals.
Case source: Treasury Press Release
Regulators take non-compliance with sanctions stipulations extremely seriously.
Coinfirm was founded with the mission to make the blockchain economy a safer space and to prove the technology promises an improvement to the traditional financial system. And the open-source nature of blockchain means that it is generally easier – and cheaper – to ascertain illicit fund flows.
So don’t delay.