OFAC vs FATF: What Crypto Users Need to Know

Q: Do I need to worry about OFAC if I am not American?

Yes. OFAC has secondary sanctions, meaning non-U.S. persons who conduct significant transactions with sanctioned parties can also face U.S. penalties, including being cut off from the U.S. financial system. Additionally, the EU, UK, and UN maintain their own equivalent lists. Most exchanges screen against all of these regardless of where the customer is located.

Q: What does FATF Travel Rule mean for me as an individual?

If you send or receive more than $1,000 (the FATF-recommended threshold, though some jurisdictions set it lower) between virtual asset service providers, the VASP is required to collect and transmit information about the originator and beneficiary. This means exchanges may ask for your counterparty information before processing large transfers.

Two acronyms that appear in every serious AML report. They come from different institutions, work through different mechanisms, and produce very different consequences when triggered. Most crypto users mix them up. Here is what each one actually means for your transactions.

OFAC: the blacklist with teeth

OFAC stands for the Office of Foreign Assets Control, a division of the U.S. Treasury Department. Its job is to administer and enforce economic and trade sanctions. The SDN list, which stands for Specially Designated Nationals and Blocked Persons, is the main output. It is a list of specific individuals, companies, and, since 2018, specific cryptocurrency wallet addresses that U.S. persons are prohibited from transacting with.

The consequences of an OFAC violation are not theoretical. They are criminal. Penalties can reach $20 million per violation. Individuals face up to 20 years in prison. Binance paid $968 million in 2023 to resolve OFAC violations. BitGo paid $29 million. Kraken paid $362,000 for transactions with sanctioned jurisdictions.

The key word in OFAC is "binary." Either the address is on the list or it is not. There is no score, no spectrum of risk. On the list: do not transact. Not on the list: proceed (from an OFAC perspective).

What OFAC-listed crypto addresses look like in an AML report

When CryptoAML.ai shows an OFAC flag, it means either the wallet address itself appears on the SDN list, or a direct counterparty of that wallet is on the SDN list. Both are scored at 90 or above. The report will show the specific entity name the address is associated with: an Iranian oil trader, a North Korean hacking group, a Russian oligarch, a specific darknet market operator.

Secondary sanctions risk: Non-U.S. persons are not automatically exempt from OFAC. Secondary sanctions can apply to anyone who conducts significant transactions with listed parties. And the EU, UK, and UN publish their own equivalent lists. Exchanges screen against all of them simultaneously.

FATF: the standards body, not the blacklist

FATF stands for the Financial Action Task Force. It was established in 1989 and currently has 39 member countries plus the European Commission. FATF does not maintain a list of individuals. It does not have enforcement power. What it does is publish standards, called Recommendations, that define what a compliant AML program looks like.

For crypto specifically, the relevant document is the FATF Guidance on Virtual Assets and Virtual Asset Service Providers, first published in 2019 and updated in 2021. Recommendation 16, known as the Travel Rule, is the most practically important: it requires VASPs to collect and transmit originator and beneficiary information for transactions above $1,000.

FATF compliance is enforced indirectly. Countries that do not implement FATF recommendations get put on the grey list or black list. Their banks get cut off from correspondent banking relationships. Their exchanges get delisted or restricted by international platforms.

What FATF exposure means in an AML report

When an AML check shows FATF typology exposure, it does not mean the wallet is on any list. It means the wallet's transaction behavior matches patterns that FATF identifies as money laundering methods, such as rapid fund movement, structuring transactions just below reporting thresholds, interaction with mixing services, or receiving funds from high-risk jurisdictions.

This type of flag adds to the risk score but does not produce the same automatic consequence as an OFAC hit. A typology flag at 40 points is a caution signal. An OFAC direct hit at 95 is a stop signal.

Side-by-side comparison

Dimension	OFAC	FATF
What it is	U.S. government sanctions enforcement	Intergovernmental standards body
Output	SDN list of specific entities and addresses	Recommendations, guidance, country assessments
Risk logic	Binary: listed or not listed	Typology-based: behavior matches known patterns
Legal consequence	Direct: civil and criminal penalties for violations	Indirect: via national laws implementing FATF standards
Geographic scope	U.S. persons + secondary sanctions exposure	Global, via member-country adoption
In an AML score	Direct hit: score 90-100	Typology exposure: score contribution 10-40

Why both appear in the same report

A well-built AML check uses all available data. OFAC gives you the definitive legal blacklist. FATF typologies give you the behavioral pattern layer. Together they cover the two main failure modes: transacting with a known sanctioned party, and transacting with someone who behaves like a money launderer even if they are not yet on any list.

The second failure mode, behavioral exposure, is how most exchange freezes actually happen. An address is not on any list. But it has moved large amounts through multiple wallets quickly, used a mixer, and received funds from a jurisdiction on the FATF grey list. The behavioral profile is consistent with layering. An exchange's compliance team flags it.

What this means for your P2P or OTC trades

Before accepting a payment from an unknown counterparty, check the sending wallet against both layers. An OFAC hit means you need to decline immediately and report the attempted transaction if you are in a regulated context. A FATF typology flag means you should ask for source-of-funds documentation before proceeding with a significant amount.

You can check both simultaneously with a single AML lookup on this site or through @scorechain_amlbot. The report shows OFAC status, sanctions list coverage from EU/UN/UK, and typology exposure flags as separate line items.

Frequently asked questions

Do I need to worry about OFAC if I am not American?

Yes. OFAC secondary sanctions can apply to non-U.S. persons who conduct significant transactions with sanctioned parties. Additionally, the EU, UK, and UN maintain equivalent lists. Most exchanges screen against all of these regardless of where the customer is located.

What is the FATF grey list and why does it matter for crypto?

The FATF grey list names jurisdictions under increased monitoring for AML deficiencies. Exchanges frequently apply enhanced due diligence or restrictions to customers from grey-listed countries. In some cases, exchanges delist trading pairs or restrict withdrawals entirely.

Does OFAC flag specific wallet addresses?

Yes. Since 2018, OFAC has added specific cryptocurrency wallet addresses to SDN list entries. These addresses are published alongside the named individual or entity. Transacting with a listed address carries the same legal exposure as transacting with the person behind it.

What does FATF Travel Rule mean for me as an individual?

For transfers above $1,000 between regulated exchanges, your exchange may be required to collect and transmit information about the origin and destination of the funds. This is why exchanges increasingly ask for counterparty wallet information before processing large transfers.

Check for OFAC and sanctions exposure in 8 seconds

Paste any wallet address into @scorechain_amlbot. Covers OFAC SDN, EU, UN, UK, and FATF typologies.

Open @scorechain_amlbot

Alex Morgan

Blockchain compliance analyst, co-founder of CryptoAML.ai. 7+ years in OFAC/FATF screenings and financial crime investigations. View all articles