Subscribe to the Non-Human & AI Identity Journal
Home FAQ Who is accountable when sanctioned assets move through…

Who is accountable when sanctioned assets move through crypto infrastructure?

← Back to all FAQ
By NHI Mgmt Group Editorial Team Updated July 10, 2026

Accountability usually spans compliance, legal, treasury, exchange relationships, and executive oversight, because no single function can both detect and stop movement at scale. Organisations should assign clear decision rights for freezes, customer blocking, evidence preservation, and external reporting before an exposure event occurs.

Why This Matters for Security Teams

Sanctions exposure is not just a legal or compliance problem. When sanctioned assets can still move through crypto infrastructure, accountability needs to cover controls at the wallet, exchange, treasury, and reporting layers. That means clear ownership for screening, freeze decisions, evidence preservation, and escalation. Current guidance suggests that firms treating this as a single-team issue usually discover gaps only after funds, counterparties, or audit trails have already become difficult to recover.

The operational risk is amplified by the identity layer underneath crypto activity. Keys, signing services, bots, and API integrations can function like non-human identities, which makes governance discipline as important as transaction monitoring. NHI Management Group’s Ultimate Guide to NHIs highlights how excessive privilege and weak visibility create avoidable exposure across machine actors. For control design, NIST SP 800-53 Rev 5 Security and Privacy Controls remains a useful baseline for assigning responsibilities, logging, and response discipline. In practice, many security teams encounter sanctions failures only after a transfer has cleared, rather than through intentional pre-trade governance.

How It Works in Practice

Accountability usually follows the control points that can actually interrupt movement. Compliance defines the sanctions policy and escalation thresholds. Legal interprets jurisdictional exposure and reporting obligations. Treasury and operations decide whether to halt settlement or counterparties. Exchange and custody relationships determine whether a freeze is technically possible. Security owns monitoring, alerting, evidence preservation, and identity controls around signing systems and administrative access.

In a mature operating model, decision rights are pre-authorised before an incident. That usually includes who can block a wallet, who can suspend an API key, who can reject a counterparty transfer, and who can notify regulators or counterparties. The practical challenge is that crypto infrastructure is fragmented across wallets, custodians, bridges, and exchanges, so no single team sees the whole chain in real time. This is where NHI-style governance becomes relevant: signing services, automation accounts, and custody integrations should be inventoried, privilege-scoped, and monitored like other high-risk machine identities.

Useful controls include:

  • Pre-approved sanctions escalation playbooks with named decision makers.
  • Transaction screening before execution and post-execution anomaly review.
  • Logging that preserves wallet, key, operator, and counterparty context.
  • Revocation or suspension paths for compromised automation and custody access.
  • Evidence retention for legal hold, audit, and regulator engagement.

For governance structure, the Ultimate Guide to NHIs is useful for understanding how machine privilege creates downstream accountability gaps, while NIST SP 800-53 Rev 5 Security and Privacy Controls provides a control vocabulary for access control, audit logging, and incident response. These controls tend to break down when custody is outsourced across multiple jurisdictions because freeze authority, evidence access, and reporting obligations become split between parties with different legal duties.

Common Variations and Edge Cases

Tighter sanctions controls often increase operational friction, requiring organisations to balance fast settlement against stronger review, escalation, and freeze authority. That tradeoff becomes sharper in high-volume trading, DeFi workflows, and cross-border custody arrangements, where there is no universal standard for this yet and responsibility can shift by asset class, venue, or jurisdiction.

Edge cases matter. In self-custody models, the organisation may retain accountability for policy, screening, and disclosure even if it does not control the private keys. In hosted custody, the provider may execute technical freezes, but the client still owns the business decision and reporting obligation. In bridge or mixer exposure, the chain of control may be too opaque for perfect interdiction, so the right response is often containment, tracing, and escalation rather than assuming a clean block is possible.

Teams should also distinguish between “can freeze” and “must freeze.” A platform might technically be able to stop movement, but contractual, regulatory, and evidentiary requirements may force a different sequence of actions. Best practice is evolving on how much automation is appropriate for sanctions response, especially where smart contracts or programmable settlement reduce the window for human intervention. The key is to document which function owns the decision, which function executes it, and which function validates the record afterward. That distinction is where most failures are exposed during audits, not during policy drafting.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST SP 800-63 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0RS.MISanctions incidents need coordinated mitigation and containment across teams.
NIST SP 800-63Strong identity proofing supports accountability for high-risk financial actions.
OWASP Non-Human Identity Top 10Wallets, keys, and signing services behave like non-human identities.

Inventory machine identities behind crypto flows and enforce least privilege, rotation, and revocation.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org