CryptaCount
EN
EnglishENDeutschDEEspañolESFrançaisFRItalianoIT日本語JA한국어KONederlandsNLPolskiPLPortuguêsPT
Log in Start Free

OFAC SDN Cryptocurrency Addresses: Compliance Priorities for Firms

CryptaCount Editorial · · 4 min read
AML / KYC / LICENSING OFAC SDN Cryptocurrency Addresses:Compliance Priorities for Firms

The US Office of Foreign Assets Control publishes a Specially Designated Nationals and Blocked Persons list that is, at its core, a counterparty prohibition register. What has changed is that OFAC now routinely appends identified blockchain addresses to SDN entries, turning a name-and-entity list into a live on-chain screening tool. For accounting firms, auditors, and corporate treasury teams, the practical implication is immediate: a transaction involving a flagged address carries the same legal exposure as one involving a flagged legal name, regardless of whether your client knew.

OFAC SDN Cryptocurrency Addresses: Compliance Priorities for Firms

What the SDN List Now Contains for Crypto

On-chain address identifiers alongside entity names

OFAC has been appending digital currency addresses to SDN entries for several years, but the scope has grown considerably. Entries now span a range of actors, from ransomware operators and darknet market administrators to state-linked threat actors and sanctions evaders. Each entry can carry multiple wallet addresses across different networks. When a new designation drops, those addresses become instantly prohibited for US persons, and for any non-US firm with US-dollar clearing relationships or US-person exposure.

Address types covered

Designations are not limited to a single chain. OFAC has attached addresses on Bitcoin, Ethereum, Tron, Litecoin, and other networks across its various SDN entries. The mix of address types means a firm's screening programme needs multi-chain coverage, not just a Bitcoin watchlist.

Why This Raises the Compliance Bar

Strict liability and the knowledge gap

OFAC sanctions are strict liability in the US context. A firm does not need to have known it was dealing with a designated party to face a civil penalty. The SDN address data closes one of the classic knowledge gaps: even if a counterparty obscures its legal identity, the on-chain address can still trigger a match. That cuts both ways. It makes screening more powerful, but it also means that a failure to screen at the address level is harder to defend.

The timing problem

Addresses can be added to the SDN list at any time. A wallet that was clean yesterday may be designated today. Firms relying on periodic or manual screening processes face a window of exposure between updates. Real-time or near-real-time screening against the official OFAC SDN data feed is the only reliable approach. Our earlier analysis of pre- and post-designation sanctions screening for crypto firms sets out why that timing gap matters operationally.

Operational Steps for Accounting and Audit Teams

Screen at the address level, not just the entity level

Client onboarding KYC that checks names and legal entities but ignores blockchain addresses is incomplete for any client holding or transacting in crypto assets. The screening layer needs to match incoming and outgoing addresses against the current OFAC SDN list before settlement, not after.

Maintain an audit trail

For audit purposes, firms need to be able to demonstrate that screening occurred, when it occurred, which version of the SDN list was used, and what the result was. That documentation is relevant both to your own regulatory obligations and to any client attestation work you perform over crypto asset balances or transaction flows.

Escalation protocols for potential matches

A potential match against an SDN address is not automatically a confirmed hit, but it cannot be ignored. Firms need a documented escalation path: who reviews the match, what evidence is gathered, and when a transaction is blocked or reported. The OFAC guidance on the factors it considers when assessing penalties is publicly available and should inform how those protocols are designed.

For a broader look at how these obligations intersect with accounting software workflows, see our coverage of OFAC sanctions and crypto accounting software compliance.

OFAC SDN Cryptocurrency Addresses: Compliance Priorities for Firms

Frequently Asked Questions

Does OFAC publish the blockchain addresses it has identified for SDN entries?

Yes. OFAC publishes identified digital currency addresses as part of the official SDN list data, including machine-readable formats available through its website. Firms should draw from the official OFAC data feed rather than secondary sources to ensure they are working from the current list.

Are non-US firms required to comply with OFAC SDN obligations?

Non-US firms are not directly subject to US primary sanctions in the same way as US persons, but secondary sanctions risk and correspondent banking relationships with US institutions create strong practical incentives to screen against the SDN list. Many non-US firms adopt OFAC screening as a baseline standard for this reason.

How often is the SDN list updated?

OFAC updates the SDN list on an ad hoc basis as new designations are made or existing ones are amended. There is no fixed schedule. Firms should subscribe to OFAC's update notifications and ensure their screening systems pull the latest data continuously or at very frequent intervals.

What happens if a client's wallet address is later added to the SDN list after onboarding?

Post-designation exposure is a real risk. If a wallet that was clean at onboarding is subsequently designated, any transactions processed after that designation date could constitute a sanctions violation. This is why ongoing monitoring, not just point-in-time onboarding checks, is essential.

Does an SDN address match always mean a transaction must be blocked?

A confirmed match against an SDN entry generally requires the transaction to be rejected or frozen and, in many cases, reported to OFAC. A potential match that cannot be confirmed requires investigation before proceeding. Firms should not process the transaction while a potential match is unresolved.

Source: Chainalysis

USGLOBALGeneralEnforcementAML/KYC & Licensing

FAQ

Does OFAC publish the blockchain addresses it has identified for SDN entries?

Yes. OFAC publishes identified digital currency addresses as part of the official SDN list data, including machine-readable formats available through its website. Firms should draw from the official OFAC data feed rather than secondary sources to ensure they are working from the current list.

Are non-US firms required to comply with OFAC SDN obligations?

Non-US firms are not directly subject to US primary sanctions in the same way as US persons, but secondary sanctions risk and correspondent banking relationships with US institutions create strong practical incentives to screen against the SDN list. Many non-US firms adopt OFAC screening as a baseline standard for this reason.

How often is the SDN list updated?

OFAC updates the SDN list on an ad hoc basis as new designations are made or existing ones are amended. There is no fixed schedule. Firms should subscribe to OFAC's update notifications and ensure their screening systems pull the latest data continuously or at very frequent intervals.

What happens if a client's wallet address is later added to the SDN list after onboarding?

Post-designation exposure is a real risk. If a wallet that was clean at onboarding is subsequently designated, any transactions processed after that designation date could constitute a sanctions violation. This is why ongoing monitoring, not just point-in-time onboarding checks, is essential.

Does an SDN address match always mean a transaction must be blocked?

A confirmed match against an SDN entry generally requires the transaction to be rejected or frozen and, in many cases, reported to OFAC. A potential match that cannot be confirmed requires investigation before proceeding. Firms should not process the transaction while a potential match is unresolved.

Related articles

AML/KYC & Licensing
Huione Group: World's Largest Illicit Marketplace and the USDH Stablecoin Risk
AML/KYC & Licensing
FBI vs Huione Group: The $134B Illicit Marketplace Case
AML/KYC & Licensing
Chainalysis Publishes Formal Ontology for Blockchain Analytics Data Quality
AML/KYC & Licensing
UBS and Nethermind Push Blockchain Compliance Below the Smart Contract Layer