Knogin
[Developers]

Blockchain Sanctions Screening

When OFAC designated a North Korean cryptocurrency mixer in 2022, exchanges that had integrated real-time sanctions screening blocked interactions with associated addresses within minutes of the designation going live. T

Back to All Modules
Category: BlockchainLast Updated: Feb 5, 2026
blockchainaireal-timecompliance

Overview#

When OFAC designated a North Korean cryptocurrency mixer in 2022, exchanges that had integrated real-time sanctions screening blocked interactions with associated addresses within minutes of the designation going live. Those that relied on manual list updates or infrequent batch screening continued processing transactions for hours. The gap between those two outcomes is what real-time sanctions screening infrastructure is built to close.

The Blockchain Sanctions Screening system provides real-time detection and blocking of transactions involving sanctioned entities across all major blockchain networks. Processing millions of addresses from OFAC, EU, UN, and additional sanctions lists, it screens transactions with high accuracy, preventing regulatory violations before they occur. Advanced graph analysis detects indirect exposure through transaction networks, identifying when apparently clean addresses interact with sanctioned entities at multiple degrees of separation. Exchange compliance officers, AML compliance teams, payment processors, and DeFi protocols all depend on this capability for sanctions enforcement.

Key Features#

  • Real-Time Sanctions List Integration: Aggregates and normalises sanctions data from 25+ global regulatory sources with automated refresh cycles ensuring compliance within minutes of regulatory publication. Powered by OpenSanctions integration
  • Multi-Hop Indirect Exposure Analysis: Graph analysis algorithms detect indirect exposure through transaction networks, identifying potential sanctions evasion schemes, front companies, and layering operations
  • Risk-Based Scoring Engine: Dynamic risk scores (0-100) combine sanctions list matches, indirect exposure, behavioural patterns, and contextual risk factors for nuanced policy decisions beyond binary block/allow
  • Pre-Transaction Blocking: Integrates at the transaction submission layer to prevent sanctions violations before they occur, with screening fast enough to maintain a seamless user experience
  • Continuous Monitoring: Ongoing monitoring of existing user addresses and historical transactions, with automatic retroactive screening when new sanctions designations occur
  • Compliance Reporting: Automated generation of blocking reports, SAR templates, and compliance packages meeting OFAC, FinCEN, and international regulator requirements
  • Investigation Workflow: Structured workflow guiding compliance teams through determination, documentation, and regulatory response for sanctions hits

Sanctions List Coverage#

  • OFAC (US Treasury): Office of Foreign Assets Control SDN, non-SDN, and sectoral sanctions
  • EU Sanctions: European Union consolidated list with entity and address coverage
  • UN Security Council: United Nations sanctions regimes and associated addresses
  • UK OFSI: Office of Financial Sanctions Implementation requirements
  • FATF: Financial Action Task Force high-risk jurisdictions and guidance
  • Regional Lists: Canadian, Australian, Japanese, Swiss, and 21+ additional jurisdictions
  • Custom Lists: Organization-specific blocklists and high-risk entity definitions

Supported Networks#

  • Major Blockchains: Bitcoin, Ethereum, Tron, BNB Chain, Solana, Cardano, Polkadot, Avalanche
  • Stablecoins: USDT, USDC, DAI addresses across multiple chains
  • Layer 2 Solutions: Polygon, Arbitrum, Optimism, Base, and more
  • Privacy Coins: Known sanctioned addresses for Monero, Zcash
  • NFT Contracts: Contract addresses and token IDs associated with sanctioned entities

Risk Score Categories#

  • Critical (90-100): Immediate block required; direct sanctions list matches or confirmed sanctioned entity control
  • High (70-89): Manual review required; significant indirect exposure or entity association
  • Medium (40-69): Enhanced due diligence; moderate indirect connections or behavioural risk
  • Low (20-39): Standard processing with logged risk indicators
  • Minimal (0-19): Normal processing; no elevated sanctions risk detected

Investigation Use Cases#

Exchange Compliance#

  • Screen all incoming deposits and outgoing withdrawals against comprehensive sanctions lists
  • Block sanctioned entity wallet creation and trade matching
  • Configure risk-tiered responses from automatic blocking to enhanced review

DeFi Protocol Compliance#

  • Screen smart contract interactions before allowing protocol participation
  • Detect sanctioned entity interaction across decentralized exchange and lending operations
  • Integrate sanctions compliance into smart contract workflows

Payment Processing#

  • Pre-transaction screening for cryptocurrency payment service providers
  • Geographic blocking for sanctioned jurisdictions based on contextual intelligence
  • Value-threshold based controls for medium-risk addresses

Retroactive Compliance#

  • Automatic re-screening of all historical transactions when new designations occur
  • Identification of users who previously transacted with newly-sanctioned addresses
  • Generation of investigation cases for material retroactive exposures

Ongoing Monitoring#

  • Continuous surveillance of user wallet addresses for new sanctions designations
  • Behavioural change detection when low-risk addresses begin using evasion techniques
  • Cumulative exposure tracking when aggregate sanctioned entity interaction exceeds thresholds

Open Standards#

  • FATF Recommendation 16 (Travel Rule): Beneficiary and originator screening for cross-border virtual asset transfers is implemented in accordance with FATF Recommendation 16, ensuring VASP-to-VASP transactions are checked against sanctions lists before settlement.
  • FATF 40 Recommendations (AML/CFT framework): Sanctions list coverage, risk-based scoring, SAR generation, and ongoing monitoring are all structured around FATF's 40 Recommendations for anti-money laundering and counter-terrorist financing programmes.
  • OpenSanctions FollowTheMoney (FtM) data model: Bulk sanctions datasets are downloaded and parsed in the FollowTheMoney newline-delimited JSON format, the open data model published by OpenSanctions and the OCCRP for cross-jurisdictional entity data.
  • ISO 3166-1 alpha-3: Three-letter country codes are used to store and query nationality and jurisdiction attributes on sanctioned entities across all regulatory lists.
  • ISO 8601: Date and timestamp fields throughout the screening pipeline, including sanctions record dates, last-change markers, and audit log entries, are encoded in ISO 8601 format.
  • GraphQL (June 2018 specification): All query, mutation, and subscription operations for sanctions screening, investigation workflows, and compliance reporting are exposed through a GraphQL API layer.
  • TLS 1.3 (RFC 8446): All data in transit between clients, the screening engine, and external data sources is encrypted using TLS 1.3.
  • GDPR (EU Regulation 2016/679): Personal data arising from sanctions screening and investigation records is handled under GDPR principles, with regional deployment options and documented retention policies to meet data-subject rights obligations.

Compliance#

  • Full compliance with OFAC, FinCEN, EU Sanctions, UK OFSI, and FATF requirements
  • Supports Bank Secrecy Act and AML/CTF program requirements
  • FATF Travel Rule support for beneficiary screening in cross-border crypto transfers
  • Automated OFAC blocking reports generated within required timelines
  • SAR filing support with structured data exports and transaction narratives
  • 7-10 year data retention for screening logs, sanctions matches, and manual reviews
  • Complete audit trail of all screening events, decisions, and report generation
  • Role-based access control with multi-factor authentication for compliance functions
  • Encryption at rest and in transit (TLS 1.3)
  • SOC 2 Type II certified infrastructure
  • GDPR-compliant data handling with regional deployment options
  • Regular third-party penetration testing

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.