UK sanctions on HTX and A7: a step-by-step OFSI compliance guide

Following the United Kingdom's sweeping sanctions against the major crypto exchange HTX and the A7 infrastructure, many financial companies have run into difficulties. Compliance professionals are finding the new rules hard to apply in practice. GetBlock AML Research has put together a roadmap for compliance teams to help them set up effective financial controls under the new conditions.

Key points:

• The UK's Foreign, Commonwealth and Development Office (FCDO) has added HTX and 17 other entities and individuals to the sanctions list. This is the first time a cryptocurrency exchange of this size has been hit with UK sanctions.
• Companies operating under UK jurisdiction are required to immediately halt any operations involving the sanctioned entities, freeze any related assets, and notify the UK's Office of Financial Sanctions Implementation (OFSI).
• Regulators expect companies to conduct a retrospective review of their client base and past transactions. Clients should be sorted into risk tiers, with a consistent methodology applied to the analysis of activity potentially tied to sanctions evasion.
• OFSI's guidance on analyzing transactions three to five intermediary hops out should be treated as a minimum requirement. Beyond the number of intermediate transfers, the frequency and nature of indirect connections also need to be taken into account.
• Operations carried out before the sanctions came into force do not always require a notification to OFSI, but they may be grounds for filing a Suspicious Activity Report (SAR) with the UK's National Crime Agency (NCA) if signs of sanctions evasion are identified.

FCDO sanctions against HTX and A7: 18 entities and $1.5 billion in turnover

The UK's Foreign, Commonwealth and Development Office (FCDO) has added 18 companies and individuals to the sanctions list as part of a campaign targeting cryptocurrency networks that, according to British authorities, have been used to evade the sanctions imposed against Russia.

The greatest attention has been drawn by the cryptocurrency exchange HTX, formerly known as Huobi. It is one of the largest crypto exchanges in the world and ranks among the industry's leading trading venues. The scale of its operations and its close ties to numerous services across the cryptocurrency ecosystem have made it a central topic of discussion since the sanctions were announced.

British authorities allege that around $1.5 billion was channeled through HTX to structures linked to Russian state interests.

One System, Four Major Wallets: What’s Really Going On with DAI and USDS Stablecoins

Despite generating more than $350 billion in transaction volume over the past 90 days, most USDS activity appears to stem from internal ecosystem operations. Retail users—the audience targeted by the yield-bearing sUSDS product—control less than 1% of the funds deposited in the system.

Читать дальше

As for the A7 network, British authorities say it took in around $838 million following the shutdown of the Garantex crypto exchange in March 2025. Four individuals have also been sanctioned, including Garantex co-founder Sergey Mendeleyev.

What makes the A7 network dangerous: ties to Ilan Shor, PSB, and Garantex's legacy

A7 is a centrally coordinated infrastructure that Western authorities consider a tool for sanctions evasion. The network rose to particular prominence after the start of the full-scale conflict between Russia and Ukraine in 2022.

One of the key companies in the network, A7 LLC, is owned by Moldovan businessman Ilan Shor and the bank PSB, which is already under international sanctions and is considered one of the financial institutions servicing Russia's military-industrial sector.

According to British authorities, the structure has been used to finance military procurement, conduct operations involving oil sale proceeds, and reroute financial flows following the closure of Garantex.

The A7 network is not a single platform. It operates through a web of interconnected companies and services used to move funds between various participants.

How Garantex helped create a shadow crypto network for sanctions evasion

The United Kingdom has imposed sanctions on a range of crypto exchanges, banks, and companies that authorities believe helped facilitate transactions supporting the Russian economy. The investigation reveals how, within months of the collapse of one major platform, a new network of financial routes emerged to take its place.

Читать дальше

Rapira and ABCEX: Garantex's successors inside the A7 network

Rapira is a payment service registered in Georgia with an exchange office in Moscow. According to investigations, hundreds of millions of dollars passed through it alongside other A7 participants.

ABCEX is a cryptocurrency exchange operating in Russia through a legal entity registered in Georgia. After the shutdown of Garantex, it became one of the key elements of the new infrastructure for cryptocurrency settlements. Many specialists had already identified ABCEX and Rapira as likely successors to Garantex even before the sanctions were imposed.

It is important to note that risks arise even for companies that do not carry out transactions directly on the blockchain. The sanctions package explicitly prohibits the provision of correspondent banking and payment processing services to the listed entities, regardless of whether traditional money or cryptocurrencies are involved.

Three immediate priorities for compliance teams after the HTX sanctions

For organizations required to comply with UK sanctions law, three priorities stand out.

How to handle suspicious transactions: A complete guide for crypto companies

FinCEN requires crypto companies to provide authorities with detailed information about suspicious activity — from wallet addresses to users’ IP data. Regulators are increasingly focusing not on the number of reports filed, but on the quality and investigative value of those reports.

Читать дальше

Step 1: block operations involving HTX, A7, and related addresses

Cryptocurrency address screening and transaction monitoring systems must immediately block any transfers to or from organizations on the sanctions list.

Companies already using mechanisms for asset ownership controls, counterparty analysis, and indirect connection screening are generally able to automatically detect most such risks once the sanctions take effect.

In addition to direct transfers, the new sanctions package prohibits providing correspondent banking relationships and payment processing to the listed entities.

Step 2: freeze assets in line with UK legal requirements

Any funds belonging to individuals and entities on the sanctions list must be frozen immediately under UK law. This applies to both cryptocurrency assets and traditional money.

Step 3: reporting to OFSI and NCA

Companies are required to report all frozen assets to OFSI. If a subsequent review uncovers suspicious activity, there may be a further obligation to file a Suspicious Activity Report with the National Crime Agency.

Even organizations that do not carry out blockchain transactions themselves remain exposed to risk. This applies to banks working with crypto service providers, developers of non-custodial wallets, and a range of financial intermediaries.

Retrospective client base review: how to look for links to HTX and A7

UK regulators expect companies to review past activity and establish whether clients had meaningful ties to the sanctioned entities before the date the sanctions took effect. Rather than examining individual cases on an ad hoc basis, a structured approach is recommended.

Stage 1: assessing the scale of links to sanctioned structures

It is necessary to identify all potential points of contact with sanctioned structures. These can be transactions, clients directly linked to sanctioned individuals, technology integrations, joint projects, or participation in the same financial networks.

Stage 2: sorting clients into risk tiers

Not every client who has ever interacted with HTX requires a deep investigation. Clients should be grouped by transaction volume, transaction frequency, transfer size, and the characteristics of their counterparties.

Small, infrequent retail transactions present one level of risk, while large institutional transfers with signs of sanctions evasion are an entirely different matter.

Stage 3: a single methodology for KYC and counterparty checks

For clients in higher-risk tiers, the same set of checks should be applied. It should include Know Your Customer (KYC) procedures, analysis of the country of origin and activity, review of the nature of operations, and assessment of indirect ties to sanctioned structures.

Stage 4: documenting decisions for regulatory inspections

Every step of the review must be documented in detail. The reasons for including clients in the review, the basis for decisions taken, and any changes to the methodology along the way all need to be recorded.

Documentation of this kind can play an important role in subsequent regulatory inspections.

Signs of sanctions evasion: transfers from $2 million to $40 million and shell companies

When reviewing transactions, particular attention should be paid to signs characteristic of sanctions evasion schemes.

These include:

• unusually large transfer amounts;
• links to higher-risk jurisdictions;
• the use of companies with no real business activity;
• the use of multiple intermediaries to move funds.

Available data shows that individual transactions within the A7 network ran from $2 million to $40 million per transfer.

OFSI's three-to-five-hop rule: why it isn't enough

One of the most widely discussed topics has been OFSI's guidance on tracing indirect connections through three to five intermediary hops. But simply counting the number of intermediate addresses isn't enough. What matters far more is the frequency of such connections and how they arise.

A wallet with a few random indirect links to a sanctioned entity is fundamentally different from a wallet that interacts regularly with dozens or hundreds of routes leading to the same organization.

Companies that rely solely on a three-to-five-hop threshold risk missing schemes specifically designed to circumvent that kind of check.

When to notify OFSI, and when to file a report with the NCA

Two different types of reporting come into play here, and the two are often confused. A report to OFSI is required when assets are frozen.

As for operations conducted before the sanctions took effect, the British authorities indicate that a separate notification may not be required if no new activity has taken place since the sanctions came into force.

Inside Nobitex: U.S. slaps sanctions on 4 Iranian crypto exchanges with $7.7 billion in turnover

Four Iranian cryptocurrency exchanges accounted for roughly 78% of all digital asset volume tied to the country in 2025. They have now become the focal point of the largest U.S. sanctions campaign against Iran's cryptocurrency infrastructure.

Читать дальше

If the activity spans both before and after the imposition of sanctions, the information must be disclosed in full. The requirements for filing Suspicious Activity Reports are a separate matter. Under UK law, sanctions evasion is treated as one of the offenses linked to money laundering.

Even if a company has not formally breached the sanctions regime itself, an obligation to report suspicious activity may arise if signs of facilitating sanctions evasion are identified.

Such signs include:

• the rapid movement of funds through chains of intermediaries;
• the use of technology to conceal a user's location;
• the use of cross-chain asset swaps between different blockchains;
• multi-stage movement of funds intended to obscure the origin of the assets.

Operation Destabilise and the expansion of sanctions: how compliance teams should prepare

The current sanctions package is unlikely to be the last. British authorities have explicitly tied the sanctions against HTX and the A7 network to Operation Destabilise — an international investigation targeting the infrastructure used for money laundering.

In the coming years, further sanctions can be expected against cryptocurrency services and the financial structures connected to them. The companies best prepared for such developments treat every new sanctions decision as an opportunity to strengthen their own control systems.

To that end, it is advisable to regularly review transaction monitoring rules and cryptocurrency address screening, and to analyze which risks the existing mechanisms have managed to flag and which have slipped through.

It is also worth updating client and corporate due diligence procedures, paying closer attention to ties with higher-risk jurisdictions, the use of nominee companies, and intermediary addresses with no obvious economic purpose.

Building out an in-house analytics and threat-monitoring capability that can flag potentially dangerous structures before they end up on sanctions lists is also becoming an important part of the picture.

A comparative analysis of counterparties against other market participants can also help determine whether an identified risk is the result of internal control weaknesses or reflects a broader industry-wide problem.

That same week, the UK's financial regulator, the FCA, published a separate review of sanctions controls in the financial sector, which many specialists view as an additional point of reference for building effective sanctions compliance programs.