Tuesday, May 26, 2026
UK Russia Crypto Sanctions: HTX A7 Network and What Compliance Teams Must Do
Global News.png){kind=logo}
On 26 May 2026, the UK Foreign, Commonwealth and Development Office announced what it described as a crackdown on “backdoor Russian sanctions evasion.” The package includes 18 designations targeting cryptocurrency exchanges, the Kremlin-backed A7 network, and the financial infrastructure that has emerged to channel funds into Russia’s war economy.
The official UK government announcement makes the intent explicit. Foreign Secretary Yvette Cooper said:
"If the Kremlin thinks it can evade our sanctions by hiding behind crypto networks and shadow financial systems, it is gravely mistaken. The UK is adapting and strengthening our approach to target the evolving tactics Russia is using to evade restrictions."
— Foreign Secretary Yvette Cooper, GOV.UK, 26 May 2026
This is not the UK’s first cryptoasset designation. It is, however, the first time Regulation 17A of the Russia (Sanctions) (EU Exit) Regulations 2019 has been applied to cryptoasset exchanges. That choice of legal instrument is the structural shift compliance teams need to understand.
This guide draws directly on two primary sources: the UK government’s 26 May 2026 announcement, and the official list of designations published the same day on GOV.UK. It walks through what is in the package, how Regulation 17A operates, and what every global compliance team in the UK, EU, and US needs to do this week.
The Foreign, Commonwealth and Development Office, with Foreign Secretary Yvette Cooper as the named principal, published the announcement on 26 May 2026 at 13:13 BST. The press release is titled “UK cracks down on backdoor Russian sanctions evasion with tough new measures.”
The UK government frames the package around three points:
The announcement also defines the scope of the A7 network in its own words: “The A7 network is a Kremlin-backed system designed to bypass Western sanctions, finance military procurement, and process funds from the sale of oil to fund its war economy.”
Two specific operational targets stand out from the official text. The first is a Kyrgyz bank “suspected of facilitating payments” for A7, named in the designation list as Open Joint Stock Company “Eurasian Savings Bank.” The second is “a major global cryptocurrency exchange that we suspect has channelled over $1.5 billion back into the Kremlin’s hands,” named in the designation list as Huobi Global S.A., the entity operating HTX.
The UK government press release names “tough new measures” but does not, in the headline text, walk through the legal instrument being used. That detail sits in the underlying designation list and the supporting OFSI documentation. The instrument is Regulation 17A of the Russia (Sanctions) (EU Exit) Regulations 2019, and its application to cryptoasset exchanges is the part of this story compliance teams cannot afford to miss.
Regulation 17A was originally drafted to sever correspondent banking relationships with designated Russian banks. Its use against cryptoasset exchanges on 26 May 2026 is a first. Three specific obligations flow from this:
UK credit and financial institutions cannot establish or continue correspondent banking relationships with designated persons, or with any UK or non-UK institution owned or controlled by them. For UK VASPs that maintain liquidity, settlement, or operational relationships with the designated exchanges (including HTX and EXMO), these relationships must be wound down immediately.
This is the change. UK firms cannot process any payment, regardless of currency, where the funds have been previously processed by, or are intended for, an entity designated under Regulation 17A.
The phrase “previously processed by” is the operative one. It captures funds that have passed through a designated exchange at any point in the payment chain, not just funds being sent directly to or received directly from one. Applied to on-chain activity, that logic forces compliance teams beyond direct counterparty screening and into multi-hop tracing.
The prohibition applies even where the sender and recipient are not themselves sanctioned. If a designated exchange appears anywhere in the payment chain as remitter, intermediary, or ultimate recipient, the transaction is prohibited.
Regulations 11 and 12 of the same instrument apply to today’s designations alongside Regulation 17A. These create a standing asset freeze: UK persons cannot deal with funds or economic resources owned, held, or controlled by a designated person, and the prohibition applies extraterritorially to UK persons wherever they are in the world. For UK VASPs, any funds held that are owned or controlled by a designated entity must be frozen immediately. This is a legal obligation, not a discretionary judgement.
The UK government published the full list as “List of Russia sanctions designations, 26 May 2026” on GOV.UK. The package contains 18 designations, grouped by the UK government into three legal categories. The grouping matters: it tells compliance teams which Schedule of the Russia (Sanctions) (EU Exit) Regulations 2019 each designation sits under.
Entities and individuals involved in supporting the Russian financial sector:
The three categories map to distinct legal grounds in the Russia (Sanctions) (EU Exit) Regulations 2019. Compliance teams should not treat the 18 designations as a flat list. Each category carries its own predicate, which affects how OFSI guidance will likely treat scope, exemptions, and reporting obligations. The Regulation 17A correspondent banking prohibition applies to designations across all three categories where the designated entity is a credit or financial institution, which now includes cryptoasset exchanges.
The UK government announcement states sanctions “came into force immediately.” That is the operational starting point. Below is the practical sequence.
Pull the updated UK Sanctions List from the OFSI consolidated list and refresh internal sanctions screening systems. Run a screening pass against the full customer base and counterparty register. Document the run and any matches. Confirm screening covers all 18 designations across the three categories. EXMO, Sooty Ltd, and Eurasian Savings Bank in particular were not widely reported in the immediate vendor coverage and may be missed if relying on summaries.
For any customer accounts or counterparty balances connected to a designated entity, freeze the funds. Notify OFSI within the reporting timelines specified in the regulation. File a Suspicious Activity Report with the National Crime Agency where required. Do not pre-judge whether the connection is direct or indirect; freeze first, assess in parallel.
Name screening cannot solve this. Compliance teams need wallet-level attribution for each designated exchange. HTX, EXMO, ABCEX, Aifory, Arvix, Bitpapa, the USDKG issuer, and the A7 cluster all operate identifiable on-chain footprints, but those footprints span multiple chains, deposit address clusters, and hot wallet rotations. Without authoritative attribution, multi-hop tracing produces noise rather than signal.
For every customer wallet on the books, run a backward trace through prior hops and a forward exposure check on recent outbound transactions. Flag any wallet with proximity to a designated exchange entity for review. Set the hop depth based on the firm’s risk appetite and the eventual OFSI guidance. Until that guidance lands, multi-hop tracing of two to three hops is a defensible baseline.
Add rules that flag any inbound or outbound transaction with exposure to a Regulation 17A designated entity. The flag should fire at the screening layer so the compliance team can resolve quickly without escalating every alert to investigation. Build the rule to handle stablecoin flows specifically: A7A5, USDKG, and any successor tokens will be primary vectors.
VASP due diligence questionnaires need updating to ask explicitly about exposure to Regulation 17A designated entities, including indirect exposure. Bank and payment processor counterparties should be reassessed for their own controls around the new perimeter.
OFSI has not yet issued cryptoasset-specific guidance on how Regulation 17A should be operationalised in the digital asset context. The novelty of the application means that guidance is likely to follow. Compliance teams should monitor OFSI publications and build flexibility into rule configuration rather than hard-coding interpretations that may need rework.
The UK government press release describes today’s action as taken “alongside our allies.” That framing matters. The 26 May 2026 package is the latest move in a coordinated UK, EU, and US pattern aimed at the same target: the offshore exchange and stablecoin infrastructure that Russia has built to bypass sanctions. The mechanics differ in revealing ways.
Three observations matter for global compliance teams:
The UK government announcement is clear on intent. The operational detail will follow. Three open questions will shape how this regulation actually lands in practice.
OFSI has not specified how many hops back through the chain compliance teams need to look. The regulation says “previously processed by” a designated entity. That phrase is silent on temporal or hop limits. The most likely interpretation is risk-based: firms set a depth that reflects their exposure profile and document the methodology. The least likely interpretation is unlimited, which would be operationally impossible. Expect OFSI guidance to clarify.
OJSC Virtual Asset Issuer (USDKG) is a designated entity. A7A5 is associated with multiple designated entities. But the question of how stablecoin issuers, as opposed to stablecoin tokens, should be screened in a Regulation 17A context has no settled answer. EU practice has been to designate the token directly. The UK has designated the issuer. The compliance implications differ: a designated token is detectable on-chain in real time; a designated issuer requires attribution work.
Regulation 11 asset freezes apply to UK persons globally. Regulation 17A applies to UK credit and financial institutions and their payment processing. Where a non-UK subsidiary of a UK-headquartered VASP processes a transaction with a designated exchange, the reach is unsettled. Conservative interpretation: assume the prohibition applies. Defensive position: apply the freeze and screening across the global group.
The Foreign Secretary’s closing remark in the announcement points forward: “As long as the killing in Ukraine continues, the UK and its allies stand ready to ratchet up pressure on Russia and will continue to strengthen sanctions at every opportunity.” Three forward-looking developments are worth tracking.
The UK Foreign, Commonwealth and Development Office announced 18 sanctions designations targeting cryptoasset exchanges, the A7 network, and Russia-adjacent financial infrastructure. The announcement was titled “UK cracks down on backdoor Russian sanctions evasion with tough new measures” and was published on GOV.UK at 13:13 BST on 26 May 2026. The sanctions came into force immediately.
The UK designated 18 entities and individuals across three legal categories. Cryptoasset exchanges and platforms include: Huobi Global S.A. (HTX), EXMO Exchange Limited, Bitpapa IC FZC LLC, Arvix LLC, Rapira Group LLC, Aifory LLC, and Nueva Cryptologia S.A.S. de C.V. (ABCEX). The A7 network is targeted through OJSC State Brokerage Company, Diamond Estate LLC, Trace Road LLC, Alistera Limited, Sooty Ltd, and individuals Igor Gorin, Irina Akopyan, Liran Cohen, and Sergey Mendeleev. The Kyrgyz state-backed stablecoin issuer OJSC Virtual Asset Issuer (USDKG) and the Kyrgyz bank Open Joint Stock Company “Eurasian Savings Bank” are also designated.
Regulation 17A of the Russia (Sanctions) (EU Exit) Regulations 2019 prohibits UK credit and financial institutions from maintaining correspondent banking relationships with designated entities, and from processing any payment where funds have previously been processed by or are intended for a designated entity. On 26 May 2026, the UK applied Regulation 17A to cryptoasset exchanges for the first time.
UK VASPs must immediately update sanctions screening, freeze any funds connected to designated entities, terminate correspondent and operational relationships with the designated exchanges, run multi-hop on-chain tracing to identify indirect exposure, file Suspicious Activity Reports with the National Crime Agency where applicable, and notify OFSI of frozen funds and prevented transactions.
Indirectly, yes. Non-UK firms with payment relationships with UK firms, or that operate as counterparties to UK VASPs, will see their UK partners require updated due diligence. EU firms also face the parallel EU 20th package, which targets similar infrastructure through different mechanics. US firms with UK exposure should expect UK partners to ask about their controls.
Per the UK government announcement, A7 is a Kremlin-backed payments system designed to bypass Western sanctions, finance military procurement, and process funds from the sale of oil to fund Russia’s war economy. The UK government states the network claimed to have moved more than $90 billion last year, equivalent to roughly half of Russia’s annual military expenditure. A7 is the entity behind the A7A5 ruble-backed stablecoin.
No. Regulation 17A captures any payment chain that includes a designated entity at any hop. Direct counterparty name screening misses indirect exposure. Compliance teams need wallet attribution and multi-hop on-chain tracing to meet the new bar.
Scorechain’s transaction monitoring, wallet screening and investigation services are built for exactly the kind of multi-hop, multi-chain compliance that Regulation 17A now demands.
If your team is working through the operational implications of the 26 May 2026 package, our compliance specialists can walk through how Scorechain’s tools map to the Regulation 17A requirements. Get in touch via the contact form.
This article is informed by official UK government sanctions notices, regulatory guidance, and publicly available compliance resources.
