Exploring the Complexities in Cryptocurrency Regulation: Overview of the OFSI Threat Assessment for 2025
UK's Cryptoasset Threat Assessment Highlights Compliance Risks
In a critical move to strengthen compliance and mitigate exposure to illicit activity, the UK's Office of Financial Sanctions Implementation (OFSI) published a sector-specific Cryptoassets Threat Assessment on 21 July 2025. This report serves as a vital resource for UK cryptoasset firms and stakeholders.
Since January 2020, cryptoasset firms must register with the Financial Conduct Authority (FCA) for anti-money laundering (AML) supervision. The FCA's roadmap anticipates the publication of all policy statements and final rules in 2026. Furthermore, the UK FCA has proposed new rules to establish a more secure and stable regulatory regime for digital assets, with implementation expected to begin in mid-2026.
The OFSI report outlines five core judgements concerning sanctions threats relevant to UK cryptoasset-related services firms. Key threats and vulnerabilities include exposure to sanctioned or designated persons and entities, risks arising from indirect or direct transactions with these parties via cryptoasset platforms, and inconsistent and delayed reporting of suspected sanctions breaches to OFSI by crypto firms.
Exposure to designated persons and entities is a significant concern. For instance, the Russian crypto exchange Garantex, Iranian firms linked to designated persons, and hackers linked to the North Korean government pose risks. Certain crypto trading platforms may share infrastructure with designated exchanges, despite sanctions levelled against them. These links can be disguised by the use of intermediary wallets.
To address these risks, the OFSI report urges cryptoasset firms in the UK to conduct enhanced due diligence, particularly monitoring for newly identified wallet addresses linked to sanctioned individuals or entities. They are also advised to report suspicious transactions and breaches to OFSI promptly following a risk-based compliance approach. The report emphasizes the need for crypto firms and stakeholders to be proactive in updating systems, training, and policies to account for the emerging threats; vigilant in screening for transaction and counterparty risks; and cooperative with their regulators and with OFSI in reporting suspected sanctions breaches.
Over 90% of crypto-related suspected breach reports submitted to OFSI since 2022 involve Russia. It is highly likely UK cryptoasset firms have been directly or indirectly exposed to the designated Russian exchange Garantex since its designation in 2023, resulting in breaches of UK financial sanctions. Most breaches likely stem from indirect exposure to Designated Persons (DPs) and suspected breaches being identified after a delay in attribution.
The report also highlights the use of platforms on the dark web to discuss, sell, and promote illicit activity, including sanctions evasion, anonymously. Decentralised Exchanges (DEXs) do not require identity checks, making them attractive to sanctions evaders. Over-the-counter (OTC) trades operate internationally and can be used by sanctions evaders to exchange cash in one jurisdiction and access it in another.
The report covers the evolving risks and vulnerabilities in the crypto sector related to financial sanctions. It reflects the growing momentum behind regulation of the sector, with several regulatory measures introduced by the FCA between September 2023 and April 2025. The current regulatory landscape for cryptoassets in the UK treats cryptoassets as regular asset classes under existing financial sanctions frameworks, primarily governed by the Money Laundering Regulations (MLRs) and the Sanctions and Anti-Money Laundering Act 2018 (SAMLA). Under UK law, cryptoassets are treated like any other asset class in the context of financial sanctions.
In summary, the UK regulatory framework for cryptoassets is evolving toward comprehensive supervision and stricter compliance obligations, especially concerning financial sanctions. The OFSI’s assessment reveals critical sector-specific threats such as exposure to designated persons, nation-state hackers, and inconsistent reporting practices, prompting urgent calls for enhanced monitoring, due diligence, and transparent sanctions reporting in the crypto sector.
- The UK's cryptoasset firms should prioritize education and self-development, especially in regard to identifying and managing financial risks, as highlighted in the Cryptoassets Threat Assessment.
- In light of the increasing use of technology in business, it is crucial for UK cryptoasset firms to stay updated with the latest developments in anti-money laundering (AML) compliance and sanctions regulations, such as the new rules proposed by the UK FCA.
- General news outlets should monitor the sports sector alongside the crypto sector, paying attention to instances where sports-related events are used for illicit activities, as exemplified by the repeated sanctions breaches involving the designated Russian exchange Garantex.
