On Feb. 28, US and Israeli forces launched coordinated strikes on Iran, killing Supreme Leader Ali Khamenei and triggering retaliatory attacks across the Gulf region. Within minutes of the initial strikes on Tehran, cryptocurrency outflows from Iran spiked 700%. Nick Henderson-Mayo of VinciWorks argues that such speed is the story: Sanctions lists, supply chains and high-risk jurisdictions are all in flux, and the OFAC statute of limitations recently doubled to 10 years. That means the decisions compliance teams make now will be scrutinized long after the conflict resolves.
Early on a Saturday morning, as air raid sirens wailed across Tehran and precision missiles eliminated the country’s supreme leader, a curious incident took place. In the minutes after the strike, cryptocurrency outflows from Iran spiked 700%. Nobitex, a crypto exchange widely used by Islamic Revolutionary Guard Corps-linked networks, had previously seen spikes in January as protests gripped the country. Like the thousands of missiles and drones the dying regime has launched, this capital outflow represents a clear and present danger to financial systems around the world.
When regimes destabilize, officials and their networks often attempt to move assets beyond the reach of domestic upheaval or foreign asset freezes. In a heavily sanctioned environment such as Iran’s, cryptocurrency offers a uniquely attractive escape valve.
Given the quick-moving and unpredictable nature of the rapidly expanding conflict in the Middle East, compliance teams should stay alert to the evolving situation and be ready to take rapid action across a range of business-critical areas, from sanctions to supply chains.
There are precedents for how sanctioned states and aligned actors operationalize illicit funds.
North Korea’s Lazarus Group has demonstrated how digital assets can be stolen, layered across decentralized exchanges, bridged between blockchains and ultimately converted into usable funds. North Korean actors combined brute-force cyberattacks and layered them across jurisdictions with weaker AML supervision. The same infrastructure exists for any sanctioned actor seeking to obscure the origin and destination of funds.
Sanctions in the frame: How the Ayatollah’s regime used art to fund terrorism
It’s not just banks that need to be on the lookout. Iranian money has for years been funnelled through the art market and high-value dealers to fund terrorism. Iran has long functioned as Hezbollah’s principal backer, providing hundreds of millions annually in financial support, weaponry and training, making the group an operational proxy.
Iranian state institutions, including the Central Bank and the IRGC-Quds Force, feature prominently in shadow banking systems used to launder money, some of which has been traced to Hezbollah networks engaged in art and luxury goods trade.
Along with UK warnings, a recent US Treasury report identified vulnerabilities in the high-value art market, citing ease of transport, opaque ownership structures and the use of shell entities. While direct evidence of terrorist financing was limited, the same mechanisms used for money laundering also enable terrorism financing. Dealers and art market participants are involved in the trade of a wide array of luxury goods, including artwork, antiques, jewelry, wine, rare cars and fashion. These items are highly portable, easily transferred across borders and often stored or sold through opaque corporate structures. This makes them an ideal asset class for sanctions evaders and money launderers.
The UK government also warned that the dying regime in Iran poses a heightened risk of cyber threats for organizations that have a presence or supply chains in the Middle East. From DDoS attacks to phishing, Iranian forces are targeting civilian infrastructure both physically and virtually.
When a Cartel Head Falls, the Money Keeps Moving
Shell companies, real estate purchases and structured trade transactions don't vanish when the cartel head is eliminated — they continue to function
Read moreDetailsThe crude oil chokepoint: Supply chain exposure via the Strait of Hormuz
At least 20 million barrels of oil per day, or 20% of global consumption, flow through the narrow sea lanes of the Strait of Hormuz, which the Iranians have sought to blockade. While their capability is questionable, the lack of viable alternative export routes makes disruption far more consequential. Roughly 84% of the crude moving through the Strait of Hormuz is destined for Asian markets, meaning any disruption will be felt most acutely in China, India, Japan and South Korea.
The strait is currently an active conflict zone, which has dramatically increased insurance premiums and led President Donald Trump to take the unusual step of offering maritime insurance through the US Development Finance Corporation.
The US is clearly seeking to avoid the energy price shocks seen during the early stages of Russia’s Ukraine invasion, which quickly cascaded into broader supply chain disruption. If the latest crisis pushes oil near $100 a barrel, logistics operators already reeling from tariffs could be left scrambling. Compliance teams might be pressured into quickly onboarding untested suppliers in the name of continuity. Opaque counterparties or payments to so-called problem-solvers may cause more issues than they fix.
Whatever solutions firms find to this disruption, they should be wary of future regulatory scrutiny. Price volatility naturally leads to stricter scrutiny of commodity trading. Allegations of hoarding, market manipulation or even insider trading are far more likely during periods of instability. Your market abuse policies might cover equities or commodities. Have they been updated to include prediction markets like Polymarket or Kalshi?
Shifting sanctions and high-risk jurisdictions
Sanctions on Iran, including secondary sanctions, have been a regulatory battleground for decades. A sudden power vacuum or change in leadership may see a recalibration of these lists, including designations, general licenses, exemptions and countermeasures, which can all change in days.
In recent years, the US Treasury’s Office of Foreign Assets Control (OFAC) doubled the statute of limitations for sanctions violations: from five to 10 years. This includes a 10-year record retention requirement for maintaining transaction records, screening documentation and compliance communications. That’s a decade of exposure, scrutiny and potential enforcement for every deal, transaction or due diligence file with a US nexus.
Additional jurisdictions may also come under scrutiny. Dubai and the rest of the United Arab Emirates have long served as key transit points for Iranian and Russian capital seeking routes around Western sanctions regimes. Its position as a global financial hub, extensive trade networks and relatively open real estate and financial markets have made it a conduit for legitimate commerce and, at times, for funds linked to sanctioned states and individuals.
Historically, Iranian trade and financial networks used Dubai and other Gulf hubs to facilitate petrochemical exports and payments through front companies; US authorities have previously identified a so-called “shadow banking” network operating out of the UAE, where sanctioned Iranian funds and associated crypto flows were allegedly laundered via overseas entities and exchanges. Russia’s sanctions evasion has shown similar patterns, with wealthy individuals and capital using Dubai’s markets to liquidate assets or convert value via property and cryptocurrencies.
The recent escalation in hostilities, including Iranian missile strikes affecting major infrastructure in Dubai, Abu Dhabi, Qatar and Bahrain, could reset this dynamic. As Gulf states reassess their exposure to Iran and Russia, sanctioned actors may pivot away from traditional Gulf transit routes toward alternative jurisdictions or proxy networks with weaker regulatory alignment or less direct exposure to US and EU enforcement. That could mean increased financial migration to countries in South and Southeast Asia, Central Asia, parts of Africa or through layered intermediary structures that obfuscate ultimate beneficial ownership.
Businesses shouldn’t sit on the sidelines to see how this plays out. A different world of risks waits on the other side, and compliance must be ready once the pieces settle into place. In the meantime, risks linked to high-risk jurisdictions, sanctions evasion and cryptocurrency exposure are emerging by the hour. The physical battleground might be confined to the Middle East, but the virtual war is global.
