What is Global Ledger?

Global Ledger is a blockchain analytics company delivering fast, end-to-end AML compliance and investigation tools. Founded in 2019, we support over 2,000 digital assets and manage a database of over 700 million attributed addresses, updated daily. We perform 250,000 AML checks and monitor 30 million wallets every day. With an average response time of just 500ms and private server deployment options, Global Ledger combines speed, scale, and security.

Which blockchains does Global Ledger analyse?

Currently, the following blockchains are supported: Bitcoin (BTC) Bitcoin Satoshi Vision (BSV) Litecoin (LTC) Ethereum (ETH), including top tokens Tron (TRX), including top tokens Binance Coin (BNB) Polygon (MATIC) Arbitrum (ARB) Base (ETH) Avalanche (AVAX) Moonbeam (GLMR) Polkadot (DOT) Solana (SOL) TON.

How is the GL Score calculated?

The GL Score is a number from 0 to 100 that shows the degree of risk: low, medium, and high. Each score is represented by a corresponding color: green indicates low risk, yellow indicates medium risk, and red — high risk. The risk score is derived from the assessment of the riskiness of sources contributing to a requested address or transaction. To calculate the score, the algorithm analyzes incoming transactions, assesses the risk of identified sources, and calculates a score on a scale from 0 to 100. This score provides an indication of the potential level of risk associated with the address or transaction based on the evaluated sources and their associated activities. Learn more about risk score calculation from our blog article.

What are your data sources?

The Global Ledger team regularly collects and constantly analyses publicly available information, open data from the top blockchains, replenishes the internal information base by conducting its own investigations, as well as data purchased from reliable vendors.

What if I need help ASAP?

Our support team stays in touch 24/7 to provide clients with the most comfortable service and experience in case of unexpected hacks or cyberattacks. Please send your request with a brief description of your case to contact@globalledger.io, and our manager will reach you shortly.

Crypto Sanctions Screening: A Practical Guide for Compliance Teams

Sanctions screening in crypto gets complicated at the point where traditional name and list checks are not enough to stay compliant. A wallet may not appear on a sanctions list or a customer may pass name screening, yet the funds can still carry sanctions exposure.

Gaps in sanctions screening create serious risks for crypto-related businesses. Weak controls can lead to blocked or rejected transactions, banking restrictions, issues with regulators and partners, or even forced suspension of services.

That’s why crypto sanctions screening requires more than static wallet checks. Compliance teams need to understand what kind of exposure a wallet or crypto transaction may bring, what action an alert can trigger, and what evidence is needed to support a decision.

This guide covers who needs crypto sanctions screening, what should be screened, which practices make screening more result-driven, and how compliance teams can document and defend their decisions.

Key Takeaways

Crypto sanctions screening should be treated as an end-to-end compliance control. The points below summarize the main actions compliance teams need to take when assessing wallet, transaction, counterparty, and sanctions exposure across digital asset activity.
Screen the full digital asset lifecycle. Apply crypto sanctions screening at onboarding, before deposits and withdrawals, during payouts, in counterparty review, and throughout ongoing transaction monitoring.
Include sanctions-list matches and broader risk signals. Effective screening covers customers, beneficial owners, wallets, transactions, counterparties, Travel Rule data, jurisdictions, blockchain services, and high-risk networks.
Separate direct, ownership/control, and indirect exposure. A direct match, an ownership-linked exposure, and historical fund-flow exposure require different escalation logic and evidence.
Use blockchain analytics to explain wallet risk. Wallet attribution, exposure paths, transaction graphs, hop distance, transaction value, dates, direction of funds, and cross-chain movement help analysts understand how sanctions risk entered the case.
Prioritize alerts with risk-based thresholds. Alert rules should consider exposure type, amount, recency, counterparty risk, jurisdiction, attribution confidence, and whether funds touched mixers, bridges, DEXs, gambling platforms, or other high-risk services.
Document every compliance decision. Defensible case files should include timestamped screening results, sanctions lists checked, risk scores, transaction graphs, analyst notes, approvals, rationale, and final action.
Match controls to the sector. VASPs, financial institutions, fintechs, payment processors, and gaming or gambling platforms need screening controls that reflect where they touch customer funds, stablecoins, wallets, and payout flows.
Choose tools that support live operations. A useful sanctions screening tool should provide sanctions-list coverage, direct and indirect exposure detection, cross-chain visibility, alert prioritization, API integration, case management, and audit-ready reporting.

What Is Crypto Sanctions Screening

Crypto sanctions screening is a due diligence control. It checks customers, wallets, transactions, counterparties, and blockchain-based services for actual or potential links with sanctioned entities or those associated with illicit activity.

In the crypto industry, sanctions screening focuses on three types of risk:

Direct sanctions match.

The screened wallet, entity, person, service, or listed identifier appears on a relevant sanctions list, or the activity involves a comprehensively sanctioned jurisdiction.

Ownership or control exposure.

The screened address is linked to a payment service that is owned 50% or more, directly or indirectly, by one or more blocked persons.
Indirect exposure.

Funds connected to the screened wallet or transaction have previously moved through sanctioned or high-risk wallets, services, or counterparties and need further review.

Why Sanctions Screening Matters

Effective crypto sanctions compliance screening helps organizations catch potential exposure before funds are transferred, withdrawn, or paid out. It reduces the risk of processing assets linked to illicit activities and helps prevent the business from inadvertently facilitating money laundering.

Strong screening also supports relationships with banking partners, payment providers, auditors, and regulators. A firm needs to show not only that it detected an alert, but also how it assessed the risk and why it took a specific action.

Sanctions obligations also vary by jurisdiction. OFAC, EU, UK, UN, and local regimes may define restricted parties, prohibited activity, reporting duties, and asset-freezing obligations differently. Screening logic and escalation procedures therefore need to reflect where the business operates, which customers it serves, and which sanctions rules apply.

VASP Regulatory Compliance: Checklist 2026

Get the latest 2026 crypto regulation updates – from MiCA and 1099-DA to the Travel Rule – with a compliance checklist inside.

Get the Checklist

Who Needs Crypto Sanctions Screening?

Different organizations face crypto sanctions risk at different points in the transaction lifecycle. The screening approach should reflect where each organization touches the flow of funds and what evidence it needs when a risk signal appears.

Virtual Asset Service Providers (VASPs)

VASPs and crypto exchanges use sanctions screening to detect funds with sanctions exposure before they are credited, transferred, or withdrawn, including exposure hidden through mixers, bridges, nested services, or intermediary wallets.

Critical data required: wallet attribution, exposure paths, counterparty risk, sanctions-list matches, transaction history, and evidence that can be shared with auditors, regulators, and banking partners.

Failure to meet these obligations may lead to:

Problems with regulators.
License suspension or restrictions.
Service disruptions.
Lost access to banking and fintech tools.
Reputational damage.

Financial Institutions and Fintechs

Traditional financial institutions and fintechs use cryptocurrency sanctions compliance screening to assess digital-asset clients, monitor crypto-linked payment flows, and avoid exposure through fiat on- and off-ramps, stablecoins, or payments connected to cryptocurrency wallets.

Critical data required: counterparty VASP information, wallet attribution, source and destination of funds, sanctions-list matches, stablecoin flow data, transaction history, and audit-ready evidence for regulators, banking partners, and internal risk teams.

Weak fintech sanctions screening may lead to:

Sanctions exposure.
Problems with regulators.
Issues with banking or correspondent relationships.

Gaming Platforms that Work with Digital Assets

Gambling and gaming platforms use crypto sanctions screening to identify risky users, wallets, jurisdictions, deposits, withdrawals, and payout flows before sanctioned exposure enters or leaves the platform. Sanctions screening for casinos that handle digital assets should be calibrated to the same sanctions risks that apply to crypto deposits, withdrawals, wallets, and payout flows.

Critical data required: player wallet attribution, source and destination of funds, sanctions-list matches, jurisdiction indicators, exposure to mixers or anonymity tools, transaction history, and evidence for regulators, payment partners, and internal compliance teams.

Failures in sanctions screening for gaming may lead to:

Direct or indirect sanctions exposure.
Risk of being used to move or disguise sanctioned crypto.
Loss of payment or banking partners.
Problems with regulators.

New Ban on Russia-Established Crypto Service Providers and Prohibited Crypto Assets

The Council of the European Union adopted the 20th package of sanctions against Russia. For crypto asset businesses and compliance officers, one question matters: does your AML programme cover what's now prohibited before it becomes a regulatory problem?

Read the Article

What Should Be Screened? An Overview Table

Crypto sanctions compliance screening does not look the same for every organization. Still, most programs rely on a common set of screening targets. The table below summarizes the core targets that apply across crypto-exposed organizations.

Core Screening Targets Across Crypto Sanctions Compliance

Screening target	What to check	When to screen	Why it matters
Customers and beneficial owners	Sanctions-list matches, ownership/control links, jurisdiction, risk profile	At onboarding and periodic review	Sanctioned actors may use companies, intermediaries, or false identities to access crypto services
Wallets	Wallet attribution, historical exposure, linked entities, interaction with high-risk services	At onboarding, before transactions, and during monitoring	Wallet activity can reveal sanctions risk that name screening may miss
Transactions	Sender, receiver, asset, amount, timing, risk score, exposure path	In real time or near real time	Sanctions risk can appear at the transaction level, even when the customer appears low risk
Counterparties and services	Exchanges, custodians, mixers, bridges, DEXs, gambling platforms, payment processors	Before interaction and during monitoring	Risk can enter through third-party platforms and services
Jurisdictions and networks	Customer location, restricted regions, asset type, blockchain, cross-chain movement	At onboarding, transaction points, and review points	Sanctions exposure can depend on location, asset, network, and movement across chains
Travel Rule data	Originator and beneficiary details, counterparty VASP information, wallet ownership or control signals, missing data, and sanctions matches	Before qualifying transfers and during counterparty review	It connects wallet activity to sender and recipient data, helping teams detect sanctions risk and maintain regulatory records
Ongoing activity	New counterparties, behavioral changes, updated sanctions designations, repeated alerts	Continuously	Sanctions risk changes over time and can emerge after onboarding

How Screening Targets Differ by Sector And Organization Type

Sector	Extra screening focus
VASPs	Deposits, withdrawals, customer wallets, Travel Rule data, counterparty VASPs, exposure paths, and wallet attribution
Financial institutions and fintechs	Crypto-linked clients, fiat on- and off-ramps, stablecoin flows, merchant activity, payment counterparties, and digital-asset business due diligence
Gaming and gambling platforms	Player wallets, deposits, withdrawals, payouts, affiliates, in-game assets, high-risk jurisdictions, and exposure to mixers or anonymity tools
Regulators and law enforcement	Entity attribution, transaction graphs, exposure paths, typologies, wallet clusters, cross-chain movement, and case evidence

These targets identify where sanctions exposure can appear, but each organization has a different point of control. The screening framework should therefore connect each target to the decisions the organization actually has to make.

What a Sanctions Screening Workflow Looks Like

A crypto sanctions screening workflow should give compliance teams a clear, auditable sequence of actions from initial data collection through final case documentation. The steps below describe a typical process.

Collect customer, wallet, and transaction data. This may include KYC/KYB information, wallet addresses, transaction history, counterparties, jurisdictions, IP or geolocation data, and blockchain services used.
Screen and score risk. Use sanctions lists, internal rules, risk-based parameters, blockchain analytics, and automated tools to identify direct matches, indirect exposure, and other sanctions risk indicators.
Generate and prioritize alerts. Apply predefined thresholds to flag potential exposure, rank alerts by severity, and route them for appropriate review.
Investigate exposure. Analyze alerts to confirm or rule out a sanctions connection, assess the nature and level of risk, and determine whether additional information or escalation is required.
Decide and act. Based on the investigation and applicable legal obligations, determine whether to approve, hold, reject, restrict, block or freeze assets, offboard a customer, escalate internally, or report to the relevant authority.
Document the case. Record the findings, evidence, rationale, approvals, and actions taken for internal records, audits, regulatory reporting, and banking-partner review.

The workflow sets the sequence of control points. The next step is to turn that sequence into repeatable operating rules so analysts apply the same logic across onboarding, deposits, withdrawals, monitoring, investigations, and reporting.

Digital Asset Sanctions Screening Best Practices Checklist

The checklist below translates the workflow into practical controls. It focuses on the practices that prevent sanctions risk from being missed, delayed, or handled without enough evidence.

Best practice	What it means	Why it matters
Screen customers, wallets, and transactions	Do not rely only on customer name screening	Crypto sanctions risk can appear through wallet activity and transaction exposure
Screen before deposits and withdrawals	Check incoming and outgoing transfers before assets are credited or released	Platforms need to prevent both receiving and sending funds with sanctions exposure
Detect direct and indirect exposure	Look beyond exact wallet matches to exposure paths, counterparties, and services	Sanctions evasion often uses intermediary wallets and platforms
Monitor continuously	Rescreen wallets, customers, and transactions after onboarding	Risk can change after new sanctions designations or new blockchain intelligence
Use risk-based thresholds	Set alert rules by exposure type, value, recency, and counterparty risk	This reduces false positives without weakening the screening process
Investigate before deciding	Review attribution, exposure path, transaction context, and customer profile	Poorly reviewed alerts create both compliance and operational risk
Document every decision	Keep screening results, risk scores, graphs, notes, and escalation history	Evidence is needed for audits, banking partners, regulators, and internal review
Test and tune the program	Review alert quality, missed risks, false positives, and workflow efficiency	Screening controls become weak if they are not updated and tested

A checklist defines the control standard. But what determines how reliably that standard holds up in live operations is the screening tool your team will≠ use in daily operations. It’s especially crucial when alerts are noisy, funds move across chains, and decisions must be documented quickly.

How to Choose a Sanctions Screening Tool?

A useful sanctions screening tool should help compliance teams move from an alert to “we understand the risk, we know what action to take, and we can explain the decision later.”

Here’s what to look for.

Wallet attribution:

Identify whether a wallet is linked to a sanctioned entity, high-risk service, centralized exchange, decentralized protocol, crypto mixer, bridge, or known counterparty.
Include an attribution confidence level.

Exposure path:

Show how the wallet or transaction ties into potential sanctions risk.
Distinguish between direct risk exposure and indirect risk, such as funds previously moving through mixers, bridges, decentralized services, or high-risk entities.
Include the number of hops, transaction value, dates, and direction of funds sent or received.

Risk score:

Provide a clear risk score for the wallet, transaction, customer, or counterparty.
Explain the factors behind that score: type of exposure (direct/indirect), amount, recency, counterparty risk, and confidence level.

Transaction graph:

Visualize fund flow between wallets, entities, services, and blockchains.
Highlight links to sanctioned or high-risk entities.

Timestamped screening result:

Record when the screening was performed and its outcome.
Show sanctions lists, data sources, and risk parameters checked at that time.

Analyst decision log:

Record notes, investigation steps, and the decision based on the screening result.
Include final action: approved, held, rejected, frozen, blocked, escalated, or reported.

Sanctions-list coverage:

Show which lists are checked: OFAC, EU, UN, UK, other jurisdictions, and customer-specified lists.
Support rescreening of historical data when sanctions lists are updated.

Direct and indirect exposure detection:

Detect exact matches with sanctions lists and exposure to sanctioned or high-risk entities, services, or protocols.
Investigate exposure through intermediary wallets, mixers, bridges, exchanges, DeFi protocols, or gambling platforms.

Cross-chain visibility:

Track sanctions risk across multiple blockchains, tokens, stablecoins, and bridges.
Reduce blind spots from chain-hopping or bridge usage by monitored entities

Alert prioritization:

Rank alerts by severity based on risk score, exposure type, and context.
Help compliance teams focus on highest-risk cases first.

Case documentation and audit-ready reporting:

In each case file, document all elements: wallet attribution, exposure paths, transaction graphs, risk scores, notes, and decisions.
Produce audit-ready reports for internal audits, regulators, banking partners, or internal case reviews.

API integration:

Connect screening results to key workflows: onboarding, deposits, withdrawals, transaction monitoring, and case management.
Facilitate manual and automated workflows for documentation and follow-up actions.

Final Thoughts

Crypto sanctions screening fails when it is treated as a checkbox control. The real challenge is to understand how funds moved, which wallet, service, or counterparty created the exposure, and what decision the compliance team can justify.

For VASPs, financial institutions, fintechs, and gaming platforms, this means screening needs to work at the points where decisions are made: onboarding, deposits, withdrawals, payouts, counterparty review, transaction monitoring, and investigations.

Global Ledger helps teams turn sanctions alerts into usable risk intelligence. Our tools give compliance teams the data they need to detect exposure faster, investigate wallet relationships, document decisions, and produce evidence.

Turn sanctions alerts
into defensible decisions

Schedule a Call

FAQ

What is crypto sanctions screening?

Crypto sanctions screening is the process of checking customers, wallets, transactions, counterparties, and blockchain services for links to sanctioned individuals, entities, jurisdictions, or digital asset addresses. It helps compliance teams identify direct sanctions matches, ownership or control exposure, and indirect exposure through fund flows or wallet activity.

Who needs crypto sanctions screening?

Crypto sanctions screening is relevant for VASPs, CASPs, crypto exchanges, financial institutions, fintechs, payment processors, gaming platforms, gambling platforms, and other businesses with exposure to digital assets. The need depends on the firm’s activities, jurisdictions, customers, counterparties, and applicable sanctions obligations.

Why is sanctions list screening not enough for crypto?

Sanctions list screening alone is insufficient because crypto sanctions risk can appear outside listed names and addresses. Risk may arise from wallet behavior, transaction history, fund-flow patterns, cross-chain movement, mixers, bridges, decentralized exchanges, counterparties, and services connected to sanctioned or high-risk activity.

What is the difference between direct and indirect sanctions exposure?

Direct sanctions exposure usually means a customer, wallet, counterparty, or entity matches a sanctions list or is owned by a blocked person under applicable rules. Indirect exposure means funds or wallet activity have a connection to sanctioned or high-risk actors through prior transactions, intermediaries, services, or exposure paths.

Does indirect sanctions exposure mean blocked accounts?

Indirect sanctions exposure does not automatically mean a transaction is prohibited. It usually requires investigation, risk assessment, and a documented compliance decision. The required response depends on the sanctions regime, exposure type, timing, transaction value, counterparty risk, ownership or control links, and the firm’s internal policy.

What should be screened in crypto sanctions compliance?

Crypto sanctions screening should cover customers, beneficial owners, customer wallets, deposits, withdrawals, transactions, counterparties, blockchain services, jurisdictions, networks, ongoing activity, and Travel Rule data where applicable. Screening should occur at onboarding, before key transfers, during transaction monitoring, and after sanctions-list updates.

When should crypto transactions be screened?

Crypto transactions should be screened before funds are credited, transferred, withdrawn, exchanged, or paid out. Screening only at onboarding leaves gaps because wallet activity, counterparties, sanctions lists, blockchain intelligence, and exposure paths can change after the customer relationship begins.

How does blockchain analytics support sanctions screening?

Blockchain analytics supports sanctions screening by identifying wallet attribution, exposure paths, transaction history, fund-flow patterns, cross-chain activity, and links to high-risk services. It helps compliance teams assess whether a wallet or transaction has direct or indirect exposure to sanctioned entities, mixers, bridges, exchanges, or other risky services.

What are common crypto sanctions screening failures?

Common crypto sanctions screening failures include relying only on sanctions list checks, screening only at onboarding, checking only direct wallet matches, missing cross-chain exposure, failing to rescreen after sanctions-list updates, using unclear escalation rules, and keeping weak alert documentation.

How should compliance teams handle a sanctions alert?

Compliance teams should investigate the alert, confirm or rule out a sanctions nexus, review the exposure path, assess the risk level, consider jurisdiction-specific obligations, decide whether to approve, hold, reject, restrict, block or freeze assets, escalate, or report, and document the rationale and evidence.

What is OFAC’s 50 Percent Rule and why does it matter?

OFAC’s 50 Percent Rule means that entities owned 50% or more, directly or indirectly and in the aggregate, by one or more blocked persons are generally treated as blocked, even if they are not separately listed. Control without 50% ownership is not automatically covered by the rule, although it may still create risk.