Sanctions Risks in Crypto, Stablecoins, and Layer-2 Protocols - Association of Certified Sanctions Specialists

Sanctions Risks in Crypto, Stablecoins, and Layer-2 Protocols

by Ramanathan Sivabalan

Why these matters

Crypto has moved well beyond Bitcoin. Stablecoins such as USDT and USDC and newer ‘layer-2’ rails have made transfers faster and cheaper—great for business, but also attractive to illicit actors. Here’s what’s new and how to manage the sanctions risk:

Recent developments

  • In March 2025, Treasury delisted Tornado Cash following an administrative review, as reflected in filings in Van Loon v. Department of the Treasury, No. 23-50669 (5th Cir. 2024). That reversal was headline news, but it does not mean anonymity tools are ‘safe’ to use: OFAC continues to designate other mixers (e.g., Blender, Sinbad) and warns about DPRK-linked laundering typologies.
  • Other services like Blender and Sinbad are still sanctioned. These cases remind us that anonymity-enhancing technologies are seen as high-risk.
  • In Europe, restrictions on crypto services linked to Russia continue. The EU prohibits providing crypto-asset wallets and related services to Russia, a stance reaffirmed and expanded across later packages. Even if you sit outside the EU, if your counterparties have European connections, those rules can still matter.

Stablecoins: double-edged swords

Stablecoins are digital tokens pegged to traditional currencies like the U.S. dollar. Their design makes them popular for cross-border payments. The advantage for compliance teams is that the issuers can “freeze” addresses — Circle (USDC) and Tether (USDT) already do this when regulators ask.

But that same programmability means sanctioned actors may also try to exploit stablecoins. Reports already show Russian firms experimenting with ruble-linked stablecoins to get around banking restrictions.

Layer-2 protocols and bridges

Layer-2 networks (such as rollups or sidechains) sit on top of blockchains like Ethereum. They speed up transactions and cut costs. Bridges move assets from one chain to another.

For compliance, these tools create new blind spots. Funds can be moved quickly across networks, often without the same visibility you have on the “main” blockchain. This chain-hopping is now a common red flag in investigations.

What regulators expect

The message is clear: it doesn’t matter if a transaction happens on Bitcoin, Ethereum, a bridge, or a layer-2. If you fall under U.S. or EU jurisdiction, you are expected to block sanctioned parties and report them. The U.S. Treasury has published guidance for virtual currencies, and Europe has tied crypto directly into its sanctions rules.

Practical steps for compliance officers

  1. Educate yourself and your team: Sanctions and technology are both diverging and converging. More than ever, compliance officers need to deepen their knowledge of both. Meanwhile, many staff still think crypto equals Bitcoin. Bring them up to speed on stablecoins and new rails.
  2. Watch for suspicious patterns: Multiple quick swaps across different networks or small delays between hops can signal laundering.
  3. Follow issuer actions: If Tether or Circle freeze an address, treat that as a red flag even if it isn’t yet on an official list.
  4. Document decisions: Regulators want to see how you reached a conclusion, especially if you allowed a transaction to continue.
  5. Train your teams:

Final thoughts

Crypto isn’t going away. Stablecoins and layer-2s will likely power the next stage of digital payments. But just as payments evolve, so do sanctions risks. The strongest compliance programs will be those that adapt quickly, stay curious, and explain these risks in plain language to business partners.