As the FinTech industry continues to experience increased regulation across multiple jurisdictions, the focus of sanctions authorities is turning to decentralised finance (DeFi) and those operating in the crypto space. In the US we have seen a wave of recent enforcement actions against participants in the crypto sector and strong statements from authorities suggesting that more is to follow. In the UK, there has been continued activity to restrict the use of DeFi by individuals and entities targeted by sanctions and we expect to see more enforcement with the introduction of a new authority responsible for the civil enforcement of trade sanctions, the Office of Trade Sanctions Implementation (OTSI).

What are the sanctions risks for those operating in the DeFi space? This will vary depending on the participant involved and the relevant jurisdiction(s). From software engineers who develop the code for a decentralised crypto exchange, to users of DeFi platforms and holders of governance tokens relating to DeFi platforms, to investors who provide funding for its development, the sanctions risks are varied and can be wide ranging. Below we consider some of the questions commonly asked in this context and look at trends that we expect to continue:

  • My platform is decentralised – can I really be held responsible for sanctions breaches? Questions of decentralisation and permissionless DeFi platforms have been in the spotlight in the US because of recent action against Tornado Cash and Binance. We expect that UK authorities will scrutinise the extent to which a DeFi platform is “truly” decentralised in determining whether to take enforcement action, and against whom. Leaving that to one side, taking the UK sanctions regime as an example – prohibitions are drafted in broad terms and capture indirect activity. For that reason, even if you are not responsible for “governance” there is a risk that you may face some exposure to sanctions risk.
  • Which sanctions regime do I need to comply with? The nature of DeFi platforms is such that much of the trade involved will be international in nature; this means that it is more likely than not that more than one sanctions regime will be relevant to a given activity and compliance with complex and sometimes inconsistent sanctions regimes needs to be carefully considered. It is important to be aware of the factors that give rise to jurisdiction (for example, the nationality of parties/entities involved, the currency used, the location in which business is being undertaken, amongst others) when considering compliance obligations and developing appropriate risk management strategies.
  • Is screening for asset freeze targets enough? No.  In the UK there are prohibitions against “dealing” with the funds and economic resources of asset freeze targets, but also prohibitions against directly or indirectly making funds or economic resources available to asset freeze targets. For example, a sanctions authority may take the view that developing code for a DeFi platform that allows asset freeze targets to obfuscate their identity and trade may be in breach of these broad asset freeze prohibitions.
  • Are financial sanctions the only risk in this area? Increasingly, no.  We are seeing a growing focus on trade sanctions implementation and enforcement, exemplified by the announcement of the creation of OTSI in the UK which has been said to have “intangible” assets in its sights as an area of growing focus. There are risks associated with the use of DeFi platforms to facilitate the movement of prohibited goods in violation of trade sanctions, particularly if risk mitigation measures such as geo-blocking or other measures are not considered.
  • We haven’t seen much UK enforcement action to date – are risks of enforcement action still low? We expect this to change. In 2023, the US’s Office of Foreign Asset Control has been active in taking enforcement action against the crypto sector. For example, it agreed to a record-breaking settlement with Binance of approximately $968 million (as well as the imposition of obligations to adhere to “robust sanctions compliance obligations, including full cooperation with he monitorship overseen by FinCEN”). The UK’s Office of Financial Sanctions Implementation (the authority responsible for financial sanctions) has an enhanced partnership with OFAC,  and is expected to follow suit now that it has ramped up its internal resources. Similarly, as flagged above, we expect that crypto assets and other DeFi platforms will be a focus for OTSI – when it becomes active. 

As the volume and complexity of sanctions across multiple jurisdictions is only increasing, undertaking a thorough risk assessment and mitigating potential risks is an essential step. Please do contact us if you would like to discuss these issues in more detail.