TL;DR: Iran’s local exchanges continue operating while many international platforms restrict Iranian users, creating scrutiny around how these venues interact with the wider crypto ecosystem and exposure to regulated exchanges, according to Chainalysis. The governance issue is not just sanctions compliance, but the identity and transaction controls needed to trace counterparties, offboard risky access, and support AML enforcement.
At a glance
What this is: This intelligence brief examines Iran’s local cryptocurrency exchange ecosystem, with Farhad Exchange used to illustrate how domestic venues can intersect with regulated international exchanges.
Why it matters: It matters because sanctions, AML, and identity governance overlap when exchange access, counterparty screening, and transaction monitoring determine whether regulated platforms inherit hidden risk.
👉 Read Chainalysis' intelligence brief on Iran’s cryptocurrency ecosystem and Farhad Exchange
Context
Iran’s local crypto exchanges sit in a governance grey zone where sanctions pressure, AML expectations, and cross-border exposure converge. When international platforms restrict access, the compliance problem does not disappear, it shifts to how local venues interact with the broader ecosystem and how counterparties are verified and monitored.
For identity and risk teams, the relevant question is not only who can trade, but who can be trusted as a counterparty, intermediary, or indirect access path. That makes digital identity controls, transaction screening, and offboarding discipline central to the control model, especially where regulated exchanges can inherit exposure through third-party relationships.
Key questions
Q: How should sanctions teams govern exchange relationships in crypto markets?
A: Sanctions teams should govern exchange relationships as a combination of entity risk, jurisdiction exposure, and ongoing transaction behaviour. That means screening counterparties at onboarding, monitoring flows continuously, and maintaining clear offboarding records when risk changes. If a venue cannot explain who is behind a wallet or intermediary, it should be treated as unresolved exposure, not as a low-risk customer.
Q: Why do crypto exchanges create AML and sanctions risk beyond direct customers?
A: Crypto exchanges can route activity through intermediaries, wallets, and offshore touchpoints that blur the line between direct and indirect exposure. That makes them a compliance issue even when they are not the end user. The risk grows when identity resolution is weak, because suspicious activity can look ordinary unless the organisation can connect related accounts and counterparties.
Q: What do compliance teams get wrong about stopping service in risky jurisdictions?
A: Many teams stop at account blocking and miss residual exposure in linked wallets, API permissions, stored records, and downstream counterparties. A real restriction requires lifecycle control, evidence of enforcement, and review of indirect paths that can continue moving value. Without that, the organisation may still inherit regulatory risk after the apparent offboarding decision.
Q: Who is accountable when exchange exposure leads to sanctions or AML failures?
A: Accountability usually sits with the exchange operator, the compliance function, and the governance owners responsible for onboarding and transaction oversight. If third-party relationships or jurisdictional restrictions are not monitored end to end, the organisation cannot rely on informal controls. Clear ownership, documented reviews, and evidence of completed offboarding are the minimum defensible position.
Technical breakdown
Counterparty exposure in cross-border exchange networks
Cryptocurrency exchanges do not operate in isolation. Even when a local exchange is cut off from global services, it may still route value, liquidity, or user activity through indirect relationships that create compliance exposure for regulated venues. The technical issue is counterparty resolution: platforms must know whether a wallet, account, or intermediary is linked to sanctioned activity, a blocked jurisdiction, or an untrusted source of funds. This is a governance and identity problem as much as a financial crime problem, because the control objective is to establish trustworthy provenance at the point of access and transfer.
Practical implication: teams need counterparty screening and transaction monitoring that treat exchange relationships as access decisions, not just payments events.
Sanctions and AML controls depend on identity resolution
Sanctions enforcement and AML monitoring both rely on being able to resolve entities accurately across accounts, wallets, devices, and counterparties. In crypto ecosystems, that is harder because one actor can operate through multiple wallets, relays, or exchanges, which weakens simple account-based controls. Effective programmes blend customer due diligence, behavioural analytics, and transaction graph analysis to identify risk patterns that static rule sets miss. Where exchanges serve high-risk jurisdictions, identity resolution becomes the backbone of compliance because it links observed activity to a responsible entity, not just to an address.
Practical implication: build identity-linked monitoring that connects wallets, accounts, and behavioural patterns into one reviewable risk picture.
Regulated exchanges need offboarding logic for risky geographies
When a platform decides to stop serving users in a specific jurisdiction, the control challenge does not end with an account restriction. It also includes residual exposure from stored records, linked wallets, API access, and downstream counterparties that may still interact with the platform. This is where offboarding discipline matters. In practice, compliance teams need lifecycle controls that can identify lingering permissions, block new interactions, and document why access was withdrawn. Without that, a platform may appear compliant while still carrying hidden operational and regulatory risk through dormant relationships.
Practical implication: treat jurisdiction-based restriction as a lifecycle control, with verified revocation and retained evidence of the decision.
Threat narrative
Attacker objective: The objective is to move value through trusted exchange infrastructure while avoiding sanctions detection and weakening AML scrutiny.
- Entry occurs through exchange relationships that connect restricted jurisdictions to regulated venues, allowing risk to enter through counterparties rather than direct compromise.
- Escalation happens when weak identity resolution or insufficient screening allows suspicious wallets, accounts, or intermediaries to blend into normal transaction flow.
- Impact is regulatory and financial, with sanctions violations, AML failures, or exposure to enforcement action if risky flows remain uncontained.
NHI Mgmt Group analysis
Sanctions compliance in crypto is an identity governance problem, not only a legal one. The article shows how exchange access, counterparties, and transaction provenance define the real control boundary. If a platform cannot resolve who is behind a wallet or intermediary, its AML and sanctions posture is already incomplete. Practitioners should treat identity resolution as a core control objective.
Identity-linked access patterns are the same governance issue that appears in NHI programs. In both cases, the organisation is managing who or what can act on behalf of a trusted entity, and how that access is revoked when risk changes. Crypto exchanges may not be NHI systems, but they still depend on persistent trust relationships that need lifecycle control. Practitioners should map these relationships explicitly.
Jurisdictional offboarding creates a residual-risk problem unless access and records are revoked together. Cutting off service in one country does not eliminate exposure if linked wallets, API permissions, or historical relationships remain active in the environment. The control gap is not just permissioning, but evidence of completion. Practitioners should require verifiable offboarding for high-risk geographies.
Transaction monitoring is strongest when it is paired with entity-level governance. Graph analytics and rules can detect patterns, but they still depend on the organisation knowing which accounts, wallets, and counterparties belong together. That means sanctions, AML, and fraud teams need a shared entity model, not separate reports. Practitioners should align monitoring around the entity, not just the event.
Crypto exchanges increasingly sit at the edge of broader trust and safety governance. The more an exchange touches regulated infrastructure, the more its controls resemble identity assurance, third-party risk management, and access governance. That shifts the category from a niche compliance issue to an enterprise control problem. Practitioners should update risk models accordingly.
What this signals
Crypto compliance teams should expect regulators to focus more on entity resolution than on surface-level account blocking. The practical shift is toward tracing who controls a wallet, who benefits from a transfer, and whether the organisation can prove that a restriction was enforced across the full relationship chain.
For identity and fraud practitioners, the useful lesson is that access control logic now extends into financial networks. When trust boundaries are porous, governance has to follow the entity, the route, and the lifecycle of the relationship, not just the transaction itself.
For practitioners
- Map entity resolution across wallets and accounts Create a shared entity model that links wallets, accounts, IP patterns, and counterparties so sanctions and AML teams can review risk at the entity level rather than at a single address or login.
- Apply jurisdictional offboarding controls When service is withdrawn from a geography, revoke related access, disable linked API paths, and retain evidence that the restriction was enforced across all connected systems.
- Screen exchange relationships as access decisions Treat counterparty onboarding, clearing relationships, and liquidity routes as policy-controlled access decisions, with enhanced review for exposed jurisdictions and high-risk transaction paths.
- Unify sanctions and AML monitoring Merge sanctions screening, blockchain analytics, and behavioural alerts into one operating view so investigators can connect suspicious flows to the responsible entity faster.
Key takeaways
- Iran’s local exchange ecosystem illustrates how sanctions and AML risk often enters through relationship pathways rather than direct compromise.
- Identity resolution, counterparty screening, and lifecycle offboarding are the controls that make exchange restrictions defensible.
- Practitioners should treat regulated crypto exposure as a trust-governance problem that spans compliance, fraud, and identity oversight.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST SP 800-63 and NIST CSF 2.0 set the technical controls, while GDPR define the regulatory obligations.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST SP 800-63 | SP 800-63C | Federation and identity proofing matter where counterparties must be resolved across systems. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access and controlled trust relationships align with exchange governance. |
| GDPR | The article touches identity-linked monitoring and data handling across jurisdictions. |
Review cross-border data handling and retention where identity-linked exchange monitoring processes personal data.
Key terms
- Counterparty Exposure: Counterparty exposure is the risk created when one organisation relies on another entity whose identity, jurisdiction, or control environment is not fully trusted. In crypto compliance, this can include exchanges, wallets, intermediaries, and service providers that create indirect sanctions or AML risk through connected activity.
- Entity Resolution: Entity resolution is the process of determining which accounts, wallets, devices, or records belong to the same real-world actor. It is essential for sanctions and AML programmes because transaction data alone often hides related activity unless it is linked back to a trusted identity model.
- Jurisdictional Offboarding: Jurisdictional offboarding is the controlled removal of service, access, and related dependencies for users or counterparties in a restricted geography. The control is only complete when permissions, routes, records, and indirect relationships are all reviewed and documented as closed.
What's in the full report
Chainalysis' full brief covers the operational detail this post intentionally leaves for the source:
- Exchange-specific intelligence on Farhad Exchange and how it interacts with the broader crypto ecosystem.
- Jurisdiction and counterparty exposure detail that supports sanctions review and investigations.
- Context on how Iranian exchanges are viewed by international regulators and compliance teams.
- Operational indicators that investigators can use to trace regulated-exchange exposure.
Deepen your knowledge
NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, identity lifecycle, and secrets management. It gives security and identity practitioners a common control language for managing trust relationships across modern systems.
Published by the NHIMG editorial team on 2026-05-07.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org