# Office of Foreign Assets Control (OFAC) ## [Sanctions Compliance Guidance for the Virtual Currency Industry](https://ofac.treasury.gov/media/913571/download?inline) October 2021 ## [OFAC FAQ: Questions on Virtual Currency](https://ofac.treasury.gov/faqs/topic/1626#:~:text=As%20a%20general%20matter%2C%20U.S.,by%20OFAC%20sanctions%2C%20such%20as) **560. Are my OFAC compliance obligations the same, regardless of whether a transaction is denominated in digital currency or traditional fiat currency?** > >Yes, the obligations are the same. U.S. persons (and persons otherwise subject to OFAC jurisdiction) must ensure that they block the property and interests in property of persons named on [OFAC’s SDN List](https://ofac.treasury.gov/specially-designated-nationals-and-blocked-persons-list-sdn-human-readable-lists) or any entity owned in the aggregate, directly or indirectly, 50 percent or more by one or more blocked persons, and that they do not engage in trade or other transactions with such persons. > >As a general matter, U.S. persons and persons otherwise subject to OFAC jurisdiction, including firms that facilitate or engage in online commerce or process transactions using digital currency, are responsible for ensuring that they do not engage in unauthorized transactions prohibited by OFAC sanctions, such as dealings with blocked persons or property, or engaging in prohibited trade or investment-related transactions. Prohibited transactions include transactions that evade or avoid, have the purpose of evading or avoiding, cause a violation of, or attempt to violate prohibitions imposed by OFAC under various sanctions authorities. Additionally, persons that provide financial, material, or technological support for or to a designated person may be designated by OFAC under the relevant sanctions authority. > >Persons including technology companies; administrators, exchangers, and users of digital currencies; and other payment processors should develop a tailored, risk-based compliance program, which generally should include sanctions list screening and other appropriate measures. An adequate compliance solution will depend on a variety of factors, including the type of business involved. There is no single compliance program or solution suitable for every circumstance. **594. Is it possible to query a digital currency address using OFAC’s Sanctions List Search tool?** > >Yes, it is possible to query for digital currency addresses using OFAC’s Sanctions List Search tool. Users of the tool may search for digital currency addresses by inputting the hash value into the "ID #" field and then clicking "Search." The ID # field does not use fuzzy logic, so only exact matches will be returned when searching for digital currency addresses with the Sanctions List Search tool. > >Alternatively, OFAC’s [SDN List](https://ofac.treasury.gov/specially-designated-nationals-and-blocked-persons-list-sdn-human-readable-lists) and [other OFAC sanctions](https://ofac.treasury.gov/other-ofac-sanctions-lists) lists are available in a number of file formats and downloads, which can be used to identify and screen for listed digital currency addresses. Additional information on OFAC's list file formats and downloads, can be accessed by visiting the FAQ Topic titled "[Information on list file formats and downloads](https://ofac.treasury.gov/faqs/topic/1641)." **646. How do I block digital currency?** >Once a U.S. person determines that they hold virtual currency that is required to be blocked pursuant to OFAC's regulations, the U.S. person must deny all parties access to that virtual currency, ensure that they comply with OFAC regulations related to the holding and reporting of blocked assets, and implement controls that align with a risk-based approach. (See [31 C.F.R. 501.603](https://www.ecfr.gov/current/title-31/subtitle-B/chapter-V/part-501/subpart-C/section-501.603) for reporting requirements related to blocked and unblocked property.) > >For example, a U.S. virtual currency company that maintains multiple virtual currency wallets in which a blocked person has an interest may choose to block each virtual currency wallet or opt to consolidate wallets that contain blocked virtual currency (similar to an omnibus account).  Each of these solutions is consistent with OFAC requirements for holding blocked property, so long as there are controls that will allow the virtual currency to be unblocked and returned to its owner only pursuant to an OFAC authorization or when the legal prohibition requiring the blocking of the virtual currency ceases to apply.  For those with questions about blocking funds related to traditional funds transfers, see [FAQ 32](https://ofac.treasury.gov/faqs/32). > >U.S. persons are not obligated to convert the blocked virtual currency into traditional fiat currency (e.g., U.S. dollars), and are not required to hold such blocked property in an interest-bearing account.  Blocked virtual currency must be reported to OFAC within 10 business days, and thereafter on an annual basis, so long as the virtual currency remains blocked.  Questions about whether a transaction should be blocked may be directed to OFAC at 202-622-2490 or [[email protected]](mailto:[email protected]).  Owners of blocked virtual currency may also contact OFAC regarding the treatment of their virtual currency pursuant to this guidance. **647. Should an institution tell its customer that it blocked access to their digital currency and, if so, how does the institution explain it to the customer?** > An institution may notify its customer that it has blocked digital currency pursuant to OFAC regulations. The customer has the right to apply for the unblocking and release of the digital currency. ## Is it possible to comply with OFAC regulations without collecting the personal information of the counterparties you transact with using cryptocurrencies? For example, this might apply to [[Lightning]] businesses which operate under the LSP model, who may wish to screen the addresses that users are using to fund their channels. ### GPT-4 seems to agree: >Q: Suppose an entrepreneur sets up an online website which sells digital items and takes only cryptocurrency as payment. The entrepreneur does not require the name or address of its customers since they can pay in Bitcoin, which doesn't require any revealing personal details. However, it is possible that some of his customers are sanctioned entities under OFAC. Is it possible for him to comply with OFAC regulations without collecting the names and addresses of his customers, for example by checking to see that the bitcoins received don't originate from sanctioned addresses? Or is collecting personal information a hard requirement for OFAC compliance? > >A: To comply with the regulations set forth by the Office of Foreign Assets Control (OFAC) in the United States, businesses must take reasonable steps to ensure they are not transacting with individuals, organizations, or entities that are on OFAC's Specially Designated Nationals (SDN) list or are otherwise sanctioned. This compliance is crucial for any business, including those operating online and accepting cryptocurrencies like Bitcoin. > >In the context of an online business accepting Bitcoin without collecting personal details like names or addresses, there are several considerations: > >1. **Address Screening:** It is possible to screen Bitcoin addresses against known addresses of sanctioned entities. Tools and services are available that maintain databases of Bitcoin addresses linked to sanctioned entities. If a business receives Bitcoin from an address that is on a sanctions list, it could potentially be violating OFAC regulations. >2. **Transactional Analysis:** Cryptocurrencies like Bitcoin have a public ledger that records all transactions. Businesses can use blockchain analysis tools to trace the origin of the funds. This analysis can help identify if the funds have passed through addresses that are linked to sanctioned entities. >3. **Due Diligence and KYC Procedures:** While cryptocurrencies offer a degree of anonymity, many regulatory bodies expect businesses to perform due diligence and Know Your Customer (KYC) procedures. This usually involves collecting personal information to ensure that customers are not engaged in illegal activities, including sanctions violations. >4. **Limitations of Anonymity in Bitcoin:** Bitcoin is pseudonymous, not completely anonymous. While names and personal details are not directly linked to Bitcoin addresses, various methods can potentially link Bitcoin transactions to real-world identities. >5. **Policy and Risk Assessment:** Each business should have a policy in place for handling transactions with sanctioned entities. This policy should be based on a risk assessment that considers the nature of the business, the type of customers it serves, and the potential for transactions with sanctioned entities. >6. **Legal Consultation:** It's important for the entrepreneur to consult with legal experts specializing in OFAC compliance and cryptocurrency regulations. Compliance requirements can be complex and vary based on the specifics of the business model and the jurisdictions in which the business operates. > In summary, while it is theoretically possible to comply with OFAC regulations without collecting personal information by using tools to screen Bitcoin addresses and analyze transactions, it is a complex area with significant legal implications. The business must carefully consider its approach to compliance, potentially integrating some level of customer identification and due diligence into its operations, and should seek expert legal advice to navigate these requirements effectively.