Global Sanctions Enter a New Era as Digital Assets and Iran Dominate the 2025 Enforcement Landscape

Castellum AI’s 2025 Sanctions Year In Review reveals that regulators around the world dramatically intensified their attention on digital currencies and Iranian-linked networks over the past year. Banks and other financial institutions found themselves navigating an increasingly intricate compliance environment marked by rapidly shifting enforcement priorities and widening differences between major geopolitical powers. During the period under review, the United States Office of Foreign Assets Control added 2,223 new names and entities to its sanctions lists, while the United Nations reinstated nuclear proliferation penalties aimed at Tehran. As cross-border financial technology continues to evolve, compliance teams are now working in a world where traditional jurisdictional lines are becoming harder to define.

The international sanctions regime underwent a fundamental shift in how economic penalties are imposed on both governments and non-state actors. Although the United States continued to lead global enforcement activity, the number of new U.S. designations fell by 30 percent compared with the previous year as Washington redirected its focus toward themes such as narcotics trafficking, organized crime and counterterrorism. At the same time, countries including Canada and Switzerland, along with the European Union, either sustained or increased their own sanctions activity, adding new layers of complexity for multinational banks. The United Kingdom also showed its willingness to act independently by sanctioning certain political figures in Latin America, underscoring the need for firms to track multiple regimes at once. The United Nations was particularly active, adding more than one hundred new entries to its consolidated list after years of relative quiet, largely because of the automatic reimposition of penalties following the end of earlier nuclear agreements.

According to Castellum AI’s data, the total number of active sanctions worldwide has reached record levels, forcing companies to rethink how their screening systems operate. Switzerland and Canada posted the fastest growth in their domestic lists, frequently aligning with European Union priorities, while the United States adjusted its own approach under new executive leadership. This growing divide between transatlantic authorities has created specific headaches for firms operating on both sides of the ocean, since a person or company may be blacklisted in Brussels but not in Washington, or the other way around. The European Union, for example, sanctioned certain individuals over actions connected to destabilizing Eastern Europe that were not mirrored elsewhere. By contrast, the United States took the controversial step of sanctioning members of the International Criminal Court, a move that France and Canada did not follow. These inconsistencies mean that banks and corporations must rely on sophisticated legal interpretation and local risk analysis to avoid breaching one jurisdiction’s rules while complying with another’s.

Cryptocurrency enforcement also reached a turning point. Digital assets are no longer treated as a fringe concern but are now seen as one of the main channels for large-scale sanctions evasion and illicit financing. Regulators responded by targeting blockchain addresses directly, pushing the total number of sanctioned crypto identifiers beyond one thousand for the first time. The European Union, France and Switzerland joined the United States in issuing their first sanctions specifically against digital wallets, signaling a coordinated international stance against the misuse of decentralized finance. As a result, any institution that provides crypto on-ramps or off-ramps must now apply the same scrutiny to these transactions as it would to a traditional wire transfer. This challenge is compounded by the fact that many sanctioned addresses are migrating away from well-known blockchains like Bitcoin and Ethereum.

Roughly 30 percent of the newly sanctioned digital wallets are now found on alternative networks such as Tron and Monero, which are popular with bad actors because they offer greater anonymity or lower transaction costs. The rise of privacy coins and secondary-layer protocols means that screening only the most visible Bitcoin addresses is no longer enough to control risk. The U.S. GENIUS Act has further reshaped the landscape by bringing stablecoins firmly under regulatory oversight. Under this law, issuers must hold specific reserves and follow strict anti-money-laundering rules, effectively putting stablecoins on the same footing as conventional payment tools. For banks and fintech firms, that means every party involved in a stablecoin transaction has to be vetted just as thoroughly as a correspondent banking partner. The regulatory focus has shifted from simply identifying sanctioned individuals to understanding and monitoring the entire technological framework that allows them to move money.

Iran stood out as the main target of sanctions activity during the year, with a dramatic rise in the number of designations across all major jurisdictions. The United States alone imposed more than 800 new Iran-related sanctions, nearly seventeen times the total from the year before. A key feature of this campaign is its focus on facilitation networks operating outside Iran’s borders. More than half of those sanctioned for Iranian ties are based in third countries such as China, India and the United Arab Emirates. The goal is to cut off the logistical and financial lifelines that allow Tehran to obtain industrial supplies, sell energy products and bankroll its proxy forces throughout the Middle East. By hitting foreign intermediaries, regulators hope to make doing business with Iran prohibitively expensive for international traders and shipping companies.

China and the UAE have emerged as major hubs in these networks, with hundreds of sanctions aimed at front companies and procurement agents. These firms often hide behind elaborate corporate structures and frequent vessel reflagging to disguise where goods really come from and where they are headed. Banks now have to conduct deep due diligence on trade finance linked to these high-risk regions, digging past their immediate clients to identify beneficial owners and shipping routes. The collapse of the Joint Comprehensive Plan of Action triggered the return of snapback sanctions focused on nuclear and weapons development, creating an environment in which almost any meaningful commercial link to Iran risks triggering secondary penalties. Compliance teams must therefore watch not only the direct parties to a deal but also the entire supply chain, from payment agents to the maritime firms moving the cargo.

Castellum AI’s report makes clear that simple list-based screening is no longer enough for today’s financial institutions. The new reality calls for intelligence-driven compliance strategies that can keep pace with shifting government priorities and rapid technological change. Companies need advanced analytics to spot the behavioral patterns of enablement networks, especially those operating through digital assets or in key transshipment zones. The growing trend toward holding compliance officers personally liable further raises the stakes, as regulators look to punish individuals for systemic failures. That push for personal accountability means policies must be strong, transparent and applied consistently across every branch worldwide. Training must also evolve to cover stablecoin rules and the warning signs of Iranian procurement activity in Asia and the Middle East.

Looking forward, the split between the United States and other major economies is expected to continue, locking firms into a constant state of regulatory tension. Businesses will need the ability to juggle conflicting legal obligations and make risk-based choices that protect their reputations. The rise of thematic sanctions aimed at issues such as human rights abuses and cybercrime adds yet another layer of difficulty, as these designations often depend on unconventional data sources. To stay compliant, organizations must integrate high-quality, real-time information into their screening systems and build a culture of vigilance that stretches from frontline staff to senior leadership. In a world where evasion techniques are growing ever more sophisticated, regulators are only intensifying their response, leaving no room for complacency in the global fight against financial crime.

By fLEXI tEAM