‘It is almost certain that UK cryptoasset firms have under-reported suspected breaches of financial sanctions to OFSI since August 2022,’ with most violations occurring through exposure to Russian exchange Garantex and North Korean cyber threats, the British Treasury’s sanctions watchdog warned in a comprehensive threat assessment published this week.
The Office of Financial Sanctions Implementation said over 90% of crypto-related breach reports since January 2022 involved Russia sanctions, with the remainder linked to Iran, while just 7% of all suspected breach reports to OFSI involved cryptocurrency firms despite the sector’s rapid growth.
The 34-page threat assessment warns ‘it is highly likely that UK cryptoasset firms have been directly or indirectly exposed to the designated Russian exchange Garantex’ since its designation in May 2022, resulting in breaches of UK financial sanctions.
The legal implications for firms could be severe, even for unknowing violations.
Konstantin Bureiko, Counsel at law firm Debevoise & Plimpton in London, explained that UK financial sanctions breaches can be enforced on a ‘strict liability’ basis by OFSI. ‘The fact that you did not know — or even if you had no way of knowing — that you were “indirectly” undertaking a prohibited transaction with a sanctioned crypto exchange would not provide a defence,’ he said.
However, Bureiko noted that OFSI’s enforcement guidelines suggest that enforcement action is unlikely where a business inadvertently breaches sanctions and ‘discloses that breach and cooperates with OFSI’ while showing ‘it had sufficiently robust sanctions compliance systems and controls in place — even if those failed in that instance’.
According to the threat assessment, since its designation, ‘it is highly likely that at least one successor organisation has been set up and is currently operating as a direct continuation of Garantex’. The Treasury identified Grinex, a Kyrgyz-registered service, as likely continuing Garantex operations using similar interfaces and serving Russian clients, with transaction volumes exceeding $1.2 billion in stablecoin transfers by May 2025.
OFSI recommended that UK firms scan ‘3-5 hops minimum in transaction history’ to detect indirect exposure to sanctioned entities.
Bureiko said OFSI’s reference to a specific number of ‘hops’ goes beyond previous UK and US guidance and ‘will likely be viewed as setting a new compliance benchmark’. However, the expert noted there can be ‘practical and implementation issues to these types of transaction checks, including due to the varying levels of attribution information available through analytics providers’.
‘A failure to check 3-5 transaction hops is not a legal requirement, and will not – in isolation – represent a UK sanctions breach,’ Bureiko noted. ‘However, a failure to meet this standard where a sanctions…
Read More: WorldECR | OFSI: UK cryptocurrency firms face ‘almost certain’ sanctions
