Overview
The Office of Financial Sanctions Implementation (“OFSI”) released its Cryptoassets Threat Assessment in July 2025, highlighting the risks posed to UK financial sanctions compliance by cryptoasset firms. This report, part of a series of sector-specific assessments, focuses on the period from January 2022 to May 2025 and underscores the evolving challenges in the cryptoasset sector.
With the Financial Conduct Authority (“FCA”) as the primary regulator for anti-money laundering (“AML”) and counter-terrorist financing (“CTF”) for cryptoasset firms, and the Prudential Regulation Authority (“PRA”) overseeing prudential regulation, the report provides critical insights for UK cryptoasset firms and the broader financial services sector. The assessment is part of a series of sector-specific reports aimed at helping firms prioritise compliance efforts in response to the changing sanctions landscape.
Key Take Aways
The OFSI assessment identifies several critical threats to sanctions compliance within the UK cryptoasset sector:
- Under-reporting of breaches;
- Exposure to sanctioned entities;
- There is a high likelihood that UK cryptoasset firms are at risk of being targeted by North Korean-linked hackers and IT workers seeking to steal or launder funds through illicit means, including high-value thefts such as the $1.5 billion Bybit hack in February 2025; and
- Delayed attribution and reporting long after transactions occur, often due to reliance on blockchain analytics tools that attribute addresses to designated persons (“DP”) retrospectively.
These findings highlight the transnational nature of cryptoasset risks and the need for robust compliance measures.
Impact to the Financial Services Sector
The findings have significant implications for the UK financial services sector, particularly for firms interacting with cryptoassets including but not limited to:
- Increased compliance burden
- Systemic risks
- Cybersecurity threats
- Increased regulatory scrutiny
Illicit activities involving cryptoassets pose risks not only to cryptoasset firms but also to financial institutions interacting with such firms, necessitating enhanced due diligence and blockchain analytics to track illicit transactions.
Best Practices for Sanctions Compliance
To address these challenges and align with regulatory and legislative expectations, firms can adopt the following recommendations to strengthen their financial crime and sanctions controls:
- Timely reporting of suspected breaches to OFSI, with full details of transactions, associated addresses and any delays in detection.
- Use of blockchain analytics to identify DP-linked addresses and ensure compliance with the OFSI Consolidated List.
- Robust KYC, due diligence and enhanced due diligence procedures, particularly for transactions involving high-risk jurisdictions.
- Freezing assets linked to DPs and providing explanations for any failures in sanctions screening processes.
- Conducting lessons learned exercises to identify previously unreported breaches and promote proactive engagement with regulators.
OFSI encourages lessons learned exercises to identify unreported breaches and proactive engagement with regulators.
Looking Ahead: Cryptoassets on the Horizon
The cryptoasset sector will continue to face evolving compliance challenges as its role in global finance expands. The FCA’s Crypto Roadmap and the Data (Use and Access) Act 2025 aim to strengthen regulatory oversight, with the Future Entity for open banking potentially setting standards for cryptoasset payment institutions.
However, the cross-border nature of crypto markets and the emergence of intermediary jurisdictions with weaker regulatory regimes will sustain existing risks. Close collaboration between OFSI, the FCA, the National Crime Agency (NCA), and international partners will remain vital to address these threats.
Firms must stay vigilant, adopting advanced analytics and compliance frameworks to navigate the dynamic landscape of cryptoasset regulation and sanctions enforcement.
How Complyport Can Help
Our experienced team closely monitor the regulatory landscape and help our clients to maintain the highest levels of regulatory compliance with crypto asset support for:
- Digital assets
- Cryptocurrencies
- Crypto exchanges
Our crypto assets service offering includes:
- Developing and implementing appropriate regulatory policies and procedures.
- Developing AML and KYC frameworks as well as business wide risk assessments.
- Compliance support by offering comprehensive regulatory compliance audits, risk assessment services, and tailored guidance on implementing the necessary controls and disclosures.
- AML Audits
- AML Training
- Ongoing Support
Book a meeting with one of our KYC/AML compliance experts to ensure you remain compliant and well-positioned in the evolving UK regulatory landscape.
Ask ViCA, your Virtual Compliance Assistant. Claim your complimentary 20 queries today! Register here: https://vica.chat
