Sanctions Screening

Embedding compliance logic directly into DeFi protocol smart contracts using oracles or on-chain registries. This enables programmable compliance where transactions can be conditionally blocked or allowed.

• Implementation: A lending protocol's borrow() function calls an oracle to screen the borrower's address.
• Benefit: Creates autonomous compliance, reducing reliance on off-chain manual reviews.

Assigning a risk score to wallets and transactions based on multiple factors beyond simple list matching. This enables proportional controls.

• Factors: Transaction history, counterparty risk, geographic jurisdictional risk, and association with high-risk protocols.
• Outcome: A wallet with multiple interactions with sanctioned clusters receives a high score, triggering enhanced due diligence.

Generating immutable, auditable records of screening decisions and risk assessments for regulators. Leverages blockchain's inherent audit trail.

• Mechanism: Logging screening results, risk scores, and blocked transactions to an immutable ledger or secure off-chain database with cryptographic proof.
• Purpose: Provides regulatory auditability, demonstrating a VASP's adherence to Travel Rule (FATF Recommendation 16) and other obligations.

Banks are legally required to screen all cross-border payments via the SWIFT network against sanctions lists like OFAC's SDN List. This involves checking the sender, receiver, and intermediary banks for matches. A failure in this process can result in massive fines, as seen in cases where banks processed payments for entities in comprehensively sanctioned countries like Iran or North Korea.

Centralized exchanges (CEXs) like Coinbase and Binance implement sanctions screening at user onboarding (Know Your Customer) and during transaction monitoring. They use blockchain analytics tools to screen wallet addresses, ensuring they do not facilitate deposits or withdrawals from wallets linked to sanctioned entities, terrorist financing, or ransomware attacks. Non-compliance can lead to enforcement actions, as with the $24 million OFAC settlement with Bittrex in 2022.

Companies involved in international trade use sanctions screening to vet all parties in a supply chain, including manufacturers, shippers, and end buyers. In trade finance, banks screen letters of credit and the associated entities to ensure goods are not being shipped to or from a sanctioned jurisdiction. This prevents the use of the global financial system to fund prohibited trade activities.

Major NFT marketplaces screen users and transactions to prevent sanctioned individuals from buying, selling, or transferring digital collectibles. This involves screening wallet addresses upon connection and monitoring secondary market sales. The goal is to prevent the use of high-value NFTs as a means to store or transfer value in evasion of sanctions regimes.

The primary reference for sanctions screening is the Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) List. This list includes individuals, entities, and cryptocurrency addresses (e.g., OFAC SDN Bitcoin addresses) associated with sanctioned jurisdictions or activities. Screening involves real-time or batch comparison of transaction counterparties against this list to block or flag prohibited interactions.

Sanctions evasion often involves complex transaction paths. Screening systems use address clustering and heuristic analysis to link multiple addresses to a single sanctioned entity. This involves analyzing patterns like:

• Common input ownership (addresses used as inputs to the same transaction)
• Change address identification
• Funds flow to known service providers (exchanges, mixers)

DeFi protocols must implement sanctions screening at the smart contract level or via off-chain services to remain compliant. Key challenges include:

• Screening the originator and beneficiary of cross-chain asset transfers.
• Handling flash loans and complex, multi-step transactions that may obscure the ultimate beneficiary.
• Integrating real-time screening oracles or blocklist modules that can pause or revert non-compliant transactions.

Overly broad screening can generate false positives, blocking legitimate users. A risk-based approach is essential, involving:

• Tiered screening: Applying stricter checks based on transaction value, jurisdiction, or counterparty type.
• Customer Due Diligence (CDD): Correlating on-chain activity with off-chain identity verification.
• Whitelisting: Allowing pre-vetted addresses to bypass certain checks, reducing friction.

Compliance extends beyond OFAC. Protocols must consider multiple jurisdictions:

• Financial Action Task Force (FATF) Travel Rule requirements for VASPs.
• European Union's MiCA regulations for crypto-asset service providers.
• National lists from jurisdictions like the UK, Singapore, and Japan. Screening solutions must aggregate and update these lists continuously.

KYT is a real-time, transaction-focused approach to compliance that analyzes the flow of funds for illicit activity. Unlike traditional KYC, which focuses on customer identity, KYT monitors transaction patterns, counterparties, and behavioral anomalies.

• Purpose: Detect money laundering, terrorist financing, and sanctions evasion as it happens.
• Key Features: Real-time risk scoring, network analysis, and automated alerting for suspicious transactions.
• Blockchain Context: Essential for VASPs and DeFi protocols to monitor on-chain activity beyond simple address screening.

A Politically Exposed Person is an individual who is or has been entrusted with a prominent public function, presenting a higher risk for potential involvement in bribery, corruption, or money laundering. While not automatically sanctioned, PEPs require Enhanced Due Diligence (EDD).

• Categories: Heads of state, senior government officials, military officers, senior executives of state-owned enterprises, and their immediate family/close associates.
• Screening Relevance: PEP screening is a core component of Anti-Money Laundering (AML) programs and is often integrated with sanctions screening solutions to provide a holistic risk profile.

Adverse Media Screening (or Negative News Screening) is the process of scanning news sources, regulatory publications, and other public data for negative information about a client or counterparty that may indicate financial crime risk.

• Purpose: Identify risks not yet formalized on official sanctions lists, such as involvement in fraud, corruption, or organized crime.
• Methodology: Uses Natural Language Processing (NLP) and web scraping to analyze unstructured data from global media outlets.
• Integration: Works alongside sanctions and PEP screening to provide a 360-degree risk view, catching 'sanctions evasion by other means'.

A Virtual Asset Service Provider is any business that offers services related to virtual assets (cryptocurrencies). This includes exchanges, custodial wallets, and some DeFi protocols. VASPs are primary targets for Travel Rule and sanctions compliance regulations.

• Regulatory Obligations: Required to implement AML/CFT programs, including sanctions screening for customers and transactions.
• Key Challenge: Screening pseudonymous blockchain addresses against dynamic sanctions lists, requiring specialized blockchain analytics tools.
• Global Standards: Defined by the Financial Action Task Force (FATF) and enforced by national regulators.

A False Positive is an alert generated by a screening system that incorrectly flags a legitimate customer or transaction as a potential sanctions or AML risk. High false positive rates are a major operational cost and efficiency drain.

• Causes: Name similarities (e.g., common names), outdated list data, or overly broad matching logic.
• Impact: Requires manual review by compliance analysts, increasing costs and slowing down legitimate transactions.
• Mitigation: Advanced screening systems use fuzzy matching, contextual analysis, and machine learning to reduce false positives while maintaining detection accuracy.