In the first quarter of 2026, the combined OFAC, OFSI, and EU Financial Sanctions Lists added 1,240 crypto-related designations — the highest quarterly total ever recorded. This reflects a combination of geopolitical pressure, operational maturation in the sanctions enforcement community, and a shift from individual to cluster-level designations.
The cluster shift is particularly interesting. Historically, a sanctions designation named a specific address. Increasingly, designations name "wallets controlled by X" with a pointer to a curated attribution set, leaving the boundary of the cluster to chain-analysis providers to interpret. This gives authorities flexibility but puts significant pressure on attribution quality — a mis-clustered address becomes an un-named-but-sanctioned address in practice.
OFAC accounted for 68% of the Q1 volume. OFSI, which lagged behind for years, is now the fastest-growing list, with 190 additions in March alone. The EU has been relatively quiet since the December 2025 MiCA list consolidation but is expected to ramp up in Q2.
The geographic distribution of designations is also shifting. Russia-related designations remain dominant but their share has declined from 61% (2024) to 42% (Q1 2026). DPRK-related designations have grown to 23%, Iran to 14%, and the balance covers ransomware operators, scam networks, and terrorism financing entities with no single geographic concentration.
For screening programmes, the implications are operational. First, refresh frequency matters more than ever. Weekly refreshes are no longer sufficient for firms operating in sectors with high sanctions exposure. We recommend a minimum of daily, and where feasible, real-time on-list-update notifications.
Second, clusters over individuals. If your attribution database does not identify clusters — only individual addresses — you will miss a growing fraction of sanctioned activity. AMLRegister maintains cluster-level attribution as a first-class feature; we track 3,200+ clusters with over 180,000 individual addresses.
Third, false-positive management. Cluster-level attribution produces more candidates per query, which can increase false-positive rates if not paired with strong resolution tooling. Our April release added cluster-conf scores to the API response, letting you tune your own threshold for conservative vs liberal triggering.
Fourth, keep evidentiary records. As enforcement actions become more frequent, the ability to show that you screened, what you found, and how you responded is becoming a legal necessity. We retain every screening decision for the configurable retention period and make the audit trail exportable for any legal response.
Finally, train your analysts. The volume increase is not going to reverse, and the nature of designations (clusters, conditional attribution) is getting more nuanced. Investing in analyst capability is the highest-leverage thing most firms can do right now.
