SIFMANet Virtual Asset Report

Introduction

In February 2025, the Centre for Finance and Security (CFS) at RUSI hosted a roundtable discussion with 32 participants from the public and private sectors, including blockchain analytics companies and virtual asset service providers (VASPs). The conversation focused on the challenges associated with the implementation of sanctions for the virtual asset industry. Primarily, the discussion centred on methods used by governments to target entities and individuals exploiting virtual assets for sanctions evasion. This conference report provides a summary of the key points from the roundtable discussion. None of the discussions at the event are attributable.

In summary, during the roundtable discussion, participants deconstructed the steps involved with designating and tracking virtual asset entities and individuals, as well as attributable virtual asset addresses. Based on this, the discussion identified operational and regulatory gaps that persist and undermine the effectiveness of sanctions in the virtual asset industry. These points include the need for governments to define the objective of a sanctions designation, provide clarity for VASP market participants on sanction packages, and understand the tools that may further support the process of tracking and confiscating virtual assets tied to sanctions evasion. Furthermore, the public and private sectors need to develop a system where governments can feed back information to VASPs on infrastructure changes of sanctioned entities and individuals after the initial sanctions designation, to maintain the effectiveness of the original designations.

Identifying Concerns

An opening question focused on identifying participants’ primary concerns related to sanctioned entities exploiting the virtual asset industry. To illustrate these concerns, Iran was used as a case study, with discussions centred on the increased rate of virtual asset adoption in Iran to protect wealth from hyperinflation – in particular, via the use of stablecoins – and how the country may use virtual assets for sanctions evasion as well as to fund influence operations abroad.

In addition, services have opened to support individuals to illegally access VASPs that restrict Iranian customers. This point is evidenced by a December 2024 report from Crystal Intelligence, which focuses on a service that states it “provides authentication services, free static IPs, and open-layer files for Iranian users and sanctioned platforms with 5 years of experience and specialized support”. The report further outlines that a “deepfake tool” provided by the service can help Iranians bypass facial recognition used by VASPs and subsequently set up accounts. Such tools can support the country with evading sanctions, underlining how important it is for those designing sanctions to closely monitor developments in available technology.

One participant also drew attention to Iran recently approving virtual asset regulation. The regulation highlights a focus on “building a culture of using blockchain technologies and tokens to finance production and facilitate foreign trade”. This point aligns to Iran’s statement in 2022 on using virtual assets as a form of guarantee for small and medium-sized businesses that work in counterparts in other countries. With virtual assets increasingly being integrated into credit settlement in international trade, as discussed at the roundtable, VASPs’ compliance teams may encounter challenges similar to those facing financial institutions in identifying transactions tied to high-risk goods.

Finally, one participant highlighted that, when investigators are analysing sanctions evasion activity by Iran, they are often looking for a smoking gun but, as in traditional finance, individuals abusing virtual assets can also use shell companies and integrate formal and informal networks to reduce transparency. This is evidenced by information linked to a recent US sanction designation on an Islamic Revolutionary Guard Corps-Quds Force-backed Houthi financier. A report by blockchain analytics company Chainalysis provided insight on the sanctions evasion activity, noting that the addresses on the sanctions list show “little direct exposure to mainstream services”, and instead, the individual appears “to move and launder funds through more informal networks”. Therefore, investigators need to adapt their perspective to understand the full complexity of sanction evasion networks.

Sanctions Implementation Process

The discussion then moved to how to tackle challenges with sanctions implementation. To support the dialogue, a proposed process for sanctions implementation for the virtual asset industry was developed prior to the meeting. This was shared with participants to determine additional elements that are involved and their associated challenges. Figure 1 shows this process as revised following the roundtable.

The discussion touched on the elements of the process for sanctioning an entity or individual in the industry and identifying associated virtual asset addresses. After a virtual asset address is attributed to a sanctioned actor and the information is added to a government’s sanctions list, blockchain analytics companies will update their tools to display the designation. As a result of these tools updating information, retrospective alerts may be generated for VASPs that use those products to support sanctions compliance. Based on these retrospective alerts, a VASP may or may not – depending on guidance provided by the public sector – file a suspicious transaction report (STR).

▲ Figure 1: Simplified Process for Designation of Sanctioned Entities

In parallel with this process, the sanctioned actor may attempt to move their funds to separate themselves from links to the designated address on the sanctions list. Therefore, blockchain analytics companies and law enforcement investigate the movement of funds to identify subsequent addresses and infrastructure changes linked to the designated actor. Based on these investigations, blockchain analytics companies update their analytic tools with additional information on addresses and entities linked to the initial sanctions designation. Notably, small and medium-sized VASPs may not use blockchain analytic tools and therefore only monitor for incoming funds linked to the initial sanctions designation. Therefore, they may not detect alterations in approach by a sanctioned entity and may potentially be unaware of the risk level of incoming funds. This represents a systemic vulnerability that is further emphasised if such VASPs rely on larger VASPs to gain access to liquidity.

An example provided by one roundtable participant was that the US Specially Designated Nationals and Blocked Persons (SDN) list identified three virtual asset addresses tied to the sanctioned entity Garantex, a centralised exchange. For nearly three years after the announcement of the US designation, Garantex continued to operate and appear in public reports on financial crime investigations. This activity by Garantex was tracked closely by the public and private sectors to identify new shell companies or addresses used by the sanctioned entity. However, small and medium-sized VASPs may still have relied on monitoring for incoming transactions tied to the initial designation that did not include updated information. Solutions for such types of vulnerability are further discussed below. Notably, in the weeks after the roundtable, law enforcement seized the domain of Garantex, froze a portion of the assets, and released indictments for operators of the exchange.

Define the Objective

One theme that came up repeatedly during the roundtable was the need for the public sector to pinpoint its objective prior to designating virtual asset addresses and entities. One participant emphasised that in the virtual asset industry, sanctions are an effective tool for spotlighting services facilitating transactions for illicit actors, but do not halt the activity, merely pushing it into areas with limited or no virtual asset regulation and enforcement.

Participants also discussed the fact that sanctions designations in the virtual asset industry can have unintended consequences, and government representatives need to be aware of these and whether they might negate the intended objective of the sanctions designation. As noted at the beginning of this report, in countries experiencing hyperinflation, citizens are more inclined to convert fiat currency to virtual assets to reduce price fluctuation of held assets and retain wealth. To achieve this, services are needed to allow fiat-to-virtual asset conversion with domestic currency. For a high-risk or sanctioned country, the transfer of domestic currency into stablecoins – if options providing this service are available – can result in capital flight. Ultimately, this movement of funds out of the sanctioned country impacts its economy. However, if those citizens are cut off from purchasing virtual assets with their domestic currency due to the restrictions created by sanctions, the risk of capital flight for the sanctioned country via this route is reduced and these funds stay in the country and support the economy. Participants agreed that this balance should be considered by policymakers when determining virtual asset-related sanctions on a country such as Iran.

The discussion also outlined how government representatives can consider how stimulating the use of virtual assets via sanctions implementation can have beneficial consequences. For example, where a sanctioned entity or individual is cut off from traditional banking and turns to the virtual asset industry instead, the traceability of virtual asset transactions gives the public and private sectors insight into further sanctions evasion activity. In a case highlighted by The Wall Street Journal and discussed at the roundtable, a Russia-linked individual used stablecoins to wire funds to a supplier to pay for electronics. The individual, according to the article, used “Garantex, along with other intermediary firms, to convert customers” rubles into tether, moving the cryptocurrency on a blockchain system called Tron’. The article then notes that the individual converted the stablecoin for “yuan at over-the-counter brokers in Hong Kong, and then wired suppliers the money by a local bank transfer”. Although investigations such as this are far from simple, participants noted that the traceability of virtual assets allows a streamlined end-to-end process for detecting where funds are sent and converted to fiat currency, potentially providing sanctions policymakers with greater visibility of future sanctions targets.

Provide Clarity to Market Participants

Participants agreed that authorities need to provide clear, consistent guidance on how sanctions are applicable to the virtual asset industry. In cases where sanctions are designed as broad measures targeting specific technologies or devices, regulators must clarify the applicability of those sanctions within the diverse virtual asset ecosystem. Participants discussed the example of companies that manufacture and sell physical hardware wallets for self-custody of private keys: they may unintentionally fall within the scope of blanket sanctions, despite not offering virtual asset-related services explicitly targeted by such measures.

To ensure that sanctions regimes achieve their intended objectives without creating unnecessary uncertainty, greater clarity from the public sector is essential. One participant gave the example of the lack of clear guidance on the implications of sanctions imposed on Russia for businesses selling virtual asset-related hardware. Without explicit direction, such companies face challenges in adapting their supply chains and business practices to remain compliant.

Participants also discussed the additional layer of complexity in the EU arising from differences in how individual member states interpret and implement sanctions. Even slight variations in wording between national approaches can lead to significant inconsistencies, making it difficult for businesses operating across multiple jurisdictions to maintain compliance. These discrepancies not only increase regulatory burdens, but also create loopholes that could be exploited by entities seeking to evade sanctions.

Next, participants discussed the fact that countries often do not provide guidance on whether a VASP is required to file an STR if direct or indirect exposure is flagged from before the designation of the entity or individual and associated virtual addresses. One example that was raised centred on the fact that when blockchain analytic tools update to show activity tied to new sanctions designations, flags for previous direct or indirect exposure prior to the designation may be generated. In this case, the VASP needs clarity on whether it needs to file an STR with the designated authority in the jurisdiction.

Participants also discussed how policymakers can support the private sector by providing clear guidance on sanctions implementation that reflects the difference between the virtual asset industry and the traditional financial system. One example discussed was that for financial institutions in the EU, for example, guidance for financial institutions that detect incoming funds tied to sanctions states that banks should not accept the deposit. However, due to the nature of the technology supporting virtual assets, VASPs cannot reject or block incoming virtual assets, so their main option is to return the funds, while using company assets to pay for transaction fees. Of course, in the case of sanctions, returning funds is not an option. Instead, VASPs restrict the user from accessing or transferring those assets further when activity linked to a sanctioned actor is detected. This means that the VASP has to hold custody of virtual assets tied to sanctions activity while waiting for law enforcement to respond with the necessary legal orders. VASPs need guidance on what to do with those assets after restricting the user’s access and while waiting for a response from authorities; some jurisdictions do not provide such guidance.

Understand – but do not Overuse – the Available Tools

Participants at the roundtable discussed how VASPs can monitor for sanctions evasion activity, including through scanning unilateral sanctions designations and UN-listed indicators (related to North Korea specifically), using geolocation tools and cross-checking devices. If any indication of sanctions evasion is shown, VASPs can file the necessary report to the necessary authority, which ultimately supports investigations into suspicious activity linked to, or indicative of, sanctions evasion. To carry out this process, law enforcement analyses data and works with VASPs to confiscate assets.

Participants discussed additional tools to consider that can support authorities with improving detection and confiscation of virtual assets tied to sanctions evasion.

Freezing Stablecoins

One participant shared the example of a prominent stablecoin issuer working with law enforcement in different jurisdictions to freeze stablecoins. Building on this, another participant developed a hypothetical scenario to show the consequences of overusing this access. If a government wanted to get rid of a VASP in a sanctioned or high-risk country, they could attempt to cut off their liquidity, thus neutering their ability to act as an exchange – for example by working with a stablecoin issuer to freeze stablecoins held by the sanctioned VASP. However, this may have severe second order consequences.

First, the reputation of the stablecoin issuer would degrade and sanctions evasion would likely shift from stablecoins to virtual assets such as Bitcoin. When law enforcement looks to confiscate virtual assets such as Bitcoin, they need to work with centralised VASPs or identify private key information with a search warrant. This process does occur, but challenges persist, as the slow speed of bureaucratic procedures does not align with the quick pace of virtual asset cross-border transactions. Second, the sanctions evader may shift its money-laundering approach to incorporate new entities, requiring investigators to dig deeper and monitor platforms to identify infrastructure changes.

Of course, this is not to argue that sanctions should not be used in such a case, but all participants agreed that it is important to work through the longer-term implications of the actions policymakers and law enforcement agencies choose to take. Notably, the approach of authorities working with stablecoin issuers to freeze assets of Garantex took place in the weeks following the roundtable. On 7 March 2025, a stablecoin issuer announced that they had assisted the US Secret Service in freezing $23 million in illicit funds tied to Garantex. However, law enforcement also took down the domain of Garantex and released indictments to strengthen enforcement.

The Travel Rule

Participants discussed whether further adoption of the “travel rule” (the Financial Action Task Force’s requirement to collect information on the originator and beneficiary of transactions) would meaningfully impact detection of sanctions evasion. Consensus emerged that the travel rule may only have a minimal impact on identification of sanctions evasion activity while there are still some jurisdictions that lack regulatory framework for the industry and where enforcement for non-compliance is low. Under the travel rule, regulated entities share associated information, but currently any individual who owns virtual assets can continue to operate without touching VASPs that are compliant with such requirements, by taking advantage of services in jurisdictions without a regulatory framework for the industry and/or with unregulated services.

To further emphasise that the travel rule will not act as a key tool in supporting sanctions detection, one participant stressed that VASPs are only as good as their last counterparty – that is, if the previous counterparty did not collect verified information for the travel rule or implement strong compliance controls, the information chain will run cold for the subsequent services involved. Addressing this “weakest link” issue was an important vulnerability raised by participants, who suggested that government authorities could improve the process by issuing statements of non-compliance by VASPs that wittingly facilitate transactions for sanctioned entities and are unresponsive to law enforcement requests.

Look at Where the Funds End Up

According to one participant, challenges are amplified by the fact that funds tied to sanctions evasion activity often end up in jurisdictions that are under-resourced, with limited capacity to investigate foreign requests for information, or those that do not have regulations specific to the virtual asset industry. In 2024, for example, the UN Office on Drugs and Crime highlighted that a payment company associated with a business headquartered in one Mekong country had engaged with Garantex. The movement of funds to countries with no regulatory framework has a negative impact on efforts to recover virtual assets tied to sanctions evasion activity. Therefore, governments can focus on supporting these jurisdictions with necessary resources to build a regulatory framework for the virtual asset industry and develop capacity to enforce legislation.

Balance the Responsibility

Participants at the roundtable noted that the private sector takes on responsibility for identifying other entities, individuals and virtual asset addresses tied to sanctioned entities, and agreed this a very challenging task. This point was evidenced by the current approach to restricting activity by Garantex. A RUSI roundtable in May 2024 noted that Garantex set up shell companies in jurisdictions with limited virtual asset regulation to continue operations. In addition, the company produced “new virtual assets within a five-day period to move funds” and operated by using the services of VASPs that have higher liquidity, attendees noted. Participants in this latest roundtable underlined the need for VASPs and blockchain analytics firms to be constantly scanning the ecosystem to identify new entities linked to Garantex. As noted, a stablecoin issuer froze a percentage of funds tied to Garantex in the weeks following the roundtable discussion and the US released indictments for two individuals believed to act as controllers for the exchange.

This burden on the private sector can be alleviated by governments making updates to sanctions designations to reflect new virtual asset addresses and infrastructure changes. For example, on 14 April 2022, the US attributed a virtual asset address to a North Korean entity, and eight days later, authorities updated the list to add more addresses. Governments providing such rapid updates is, however, not common practice. Consequently, participants felt that a heavy reliance falls on the private sector to investigate and monitor shell companies set up by the designated actor to obfuscate continued activity.

Furthermore, as identified earlier, small to medium-sized VASPs may have neither capacity nor resources to detect updated information tied to sanctions, and therefore, rely on monitoring transactions tied to the initial sanctions designation. Participants recommended designing a process that balances the system by allowing for a consistently active role by the public sector. When designing the procedure, government authorities can take a similar approach to the process of designing the Russian oil price cap: government authorities met with representatives from the industry to define what needed to be achieved and how the process could be devised to ensure the objective was achieved while limiting unintended consequences.

Participants agreed that governments should consider how they can take a more active role in relaying updated information linked back to the sanctions actor to the private sector, whether through updated virtual asset addresses or new entity information. It was acknowledged that updating the relevant sanctions list with every subsequent address is probably not sustainable, but a focus on a strong partnership with blockchain analytics companies can support the identification of new shell companies, which can subsequently be flagged by the public sector to VASPs. One participant mentioned the possibility for governments to develop, operate and update a database of new virtual asset addresses tied to a sanctioned actor with an application programming interface (API) for VASPs to cross-check.

Figure 2 shows how, as new entities and virtual asset addresses are identified, the government can issue updated guidance or announcements to the private sector on linked shell companies and attributed addresses. According to the roundtable discussion, this would reduce the private sector liability for determining subsequent sanctioned activity after the initial sanctions designation. One participant said that a verification procedure needs to be implemented for listing a sanctioned entity or individual and associated virtual asset addresses that is evidence-based and impartial. A detailed reasoning procedure is needed, as a defective process can leave the government open to substantial legal liability.

▲ Figure 2: Process Flowchart with Feedback Loop for Updated Sanctions Listings

Reflecting on this discussion, one participant argued that a database or guidance reflecting updated sanctions information provided by the public sector to the private sector may not be inclusive of all information, and thus generate a false sense of security for operators. Furthermore, such statements would not remove the requirement that VASPs need to implement a risk-based approach to detect and monitor sanctions evasion activity. Therefore, the only difference between the public sector providing updated information on new information on sanction designations versus the private sector investigating and listing risk information, according to the participant, would be a shift in liability when monitoring sanctions compliance.

Recommendations

Participants proposed four recommendations that reflect the specific nature of the virtual asset industry, and can thus increase the effectiveness of sanctions.

Recommendation 1: Sanctions policymakers should consider providing updated guidance or developing a database with an API that accounts for new virtual asset addresses and/or entities linked to a sanctioned actor.

While a constant adding of virtual asset addresses to a sanctions list is not sustainable, governments can consider releasing updated guidance or developing a database with an API to support the private sector with identifying shell companies tied to sanctioned VASPs and new addresses attributed to the entity. This process could be supported by a strong public–private partnership between government authorities, law enforcement and blockchain analytics providers.

Importantly, one participant highlighted that an evidence-based, impartial verification procedure needs to be implemented prior to publicly identifying a VASP that may be directly linked to a sanctioned entity. A defective process could leave the government open to substantial legal liability.

Recommendation 2: Governments should provide further guidance to VASPs on what to do with frozen assets tied to sanctioned actors.

As mentioned, VASPs fundamentally cannot, unlike traditional financial institutions, reject incoming virtual assets, so to “reject” funds tied to high-risk activity, their primary option would be to return the funds while using company assets to pay for transaction fees. If the incoming funds are linked to sanctions, VASPs restrict users from accessing an account and transferring those assets. That leaves the VASP holding custody of virtual assets tied to sanctions activity while waiting for a law enforcement response. Some jurisdictions do not provide guidance to VASPs on what to do with assets tied to sanctioned activity after restricting the user’s access.

VASPs should not be liable for holding custody of sanctioned assets without clear instructions and documentation from government authorities on how to proceed after restricting access to such assets from the sanctioned entity.

Recommendation 3: Governments should provide guidance on whether VASPs need to retrospectively file STRs if activity is detected on their platform prior to the sanctions designation.

For example, if an individual moved funds through an exchange prior to being sanctioned, that exchange then needs guidance on whether that activity should be reported after the designation. Such reports might help authorities to understand the wider sanctions evasion networks used by designated individuals and entities and lead to further sanctions activity and/or asset confiscation for facilitating sanctions evasion.

Recommendation 4: The public and private sectors should prioritise building capacity in under-resourced jurisdictions which have limited investigation capability and/or lack virtual asset regulatory frameworks, in order to build a stronger ecosystem.

The financial system is only as strong as its weakest link, and many weak links remain in the virtual asset arena. Funds from sanctioned entities often ends up in jurisdictions with limited capacity to investigate such activity, or those with no regulatory frameworks. This regulatory arbitrage can be mitigated by supporting such countries with building capabilities related to virtual asset recovery.

In summary, the roundtable highlighted fundamental gaps in operational and regulatory capacities in both government and the private sector that undermine the effectiveness of sanctions related to virtual assets. As one participant put it “the authorities are applying an offline strategy to the online world without adapting their policies to reflect some fundamental differences”. By working with the private sector, sanctions policymakers can ensure that their use of sanctions is more clearly defined and, ultimately, impactful.