The EU 20th Package CASP Ban: How a Sectoral Crypto Prohibition Ends the “No SDN Match” Era (April–May 2026)

At 11:00 CET on 23 April 2026, the Council of the European Union adopted Council Regulation (EU) 2026/506, the legal instrument carrying the bloc's twentieth package of restrictive measures in response to Russia's war of aggression against Ukraine. Buried inside a 120-listing announcement that led on energy revenues, drone-component supply chains, and a transaction ban on twenty Russian banks was a single article — a new Article 5bb inserted into Council Regulation 833/2014 — that closes a four-year loophole at the heart of the EU crypto-asset compliance regime.^[1][2] From 24 May 2026, no Crypto-Asset Service Provider authorised under the EU's Markets in Crypto-Assets Regulation may engage, directly or indirectly, in any transaction with any crypto-asset service provider or platform established in the Russian Federation. The prohibition is sectoral, not list-based. It does not depend on a counterparty being designated. It does not depend on an SDN match. It does not depend on a Russian licence number turning up on a screen. The compliance workflow that the EU exchange, custodian, OTC desk and DeFi-onramp industry has run since 2022 — "screen the counterparty, log a clean hit, settle the trade" — ceases to be sufficient on a Sunday at midnight Brussels time, six days after this briefing publishes.

What Article 5bb actually says, and what it does not say

The Council press release of 23 April 2026 framed the new measure in plain prose: "the EU is introducing a total sectoral ban on providers and platforms established in Russia that allow the transfer and exchange of crypto assets."^[1] The legal vehicle is Council Regulation (EU) 2026/506 amending Regulation (EU) No 833/2014, published in the Official Journal of the European Union the day following adoption. The new sectoral sanctions amending Regulation 833 entered into force on 24 April 2026, the day after publication, but the prohibition on transactions with Russian crypto-asset service providers and platforms is separately scheduled to take effect on 24 May 2026, giving a one-month wind-down period.^[3][6]

The substance is straightforward to state and harder to operationalise. Article 5bb prohibits any natural or legal person subject to EU jurisdiction from engaging, directly or indirectly, in any transaction with any crypto-asset service provider or any other crypto-asset transfer or exchange platform established in Russia. The prohibition is in addition to, not in replacement of, the pre-existing prohibitions under Article 5b on the provision of crypto-asset wallet, account, or custody services to Russian persons or residents (the regime adopted in the EU's 8th package of October 2022 that eliminated the prior EUR 10,000 threshold).^[7][8] The package additionally prohibits "engaging, directly or indirectly, in any transaction" involving Russia's central bank digital currency and the ruble-denominated RUBx stablecoin, and it extends the framework to "support to the development of listed cryptoassets and central bank digital currencies."^[3]

What the article does and does not capture turns on three definitions, none of which is mechanically obvious from the press release alone. The first is what counts as "established in Russia." The second is who counts as a Russian counterparty. The third is what counts as a "transaction" in a market where settlement layers, wrappers, and aggregators routinely interpose two or three contracts between an end-user instruction and an on-chain transfer. The early legal-analysis pieces — Skadden's 5 May briefing, Mayer Brown's 24 April note, Herbert Smith Freehills Kramer's tracker, Kinstellar's CEE-focused review, and the Steptoe blog post — converge on the following reading.^{[3][4][9][10][11]}

"Established in Russia" is a venue test, not a counterparty test. It captures legal entities that are domiciled, registered, headquartered, or principally operated out of the Russian Federation. It does not turn on the residency or nationality of the entity's customers. A CASP licensed in Russia and serving exclusively non-Russian residents is in scope; a CASP licensed in the Netherlands and serving Russian-resident customers is not in scope of Article 5bb (it is in scope of the pre-existing Article 5b prohibition on services to Russian persons). The TRM Labs analysis emphasises that the measure also explicitly addresses successor-platform circumvention: provisions target entities providing crypto-asset services that "operate as a mirror or successor entity" to a banned provider.^[4] This is the EU's response to the Garantex-to-Grinex pattern, examined below.

The Russian-counterparty edge cases for individuals are where the package is narrowest and where compliance teams have the most to do. The Council adopted limited carve-outs for: EU diplomatic and consular missions in Russia, EU nationals (and their family members) who were already resident in the Russian Federation before 24 February 2022, and member-state-authorised wind-downs of Russian operations.^[3][4] The published analyses explicitly do not extend the carve-outs to dual-national EU/RU passport holders without prior EU residence, to Russian citizens holding EU residence permits issued after February 2022, or to natural persons resident in third countries (UAE, Kazakhstan, Belarus, Serbia, Georgia) on Russian passports. None of those categories enjoys an Article 5b exemption either — the existing Russian-persons custody-service prohibition has applied to all Russian nationals and residents since October 2022 with the same narrow exemptions — but the practical observation across the published Russia-CASP investigations of 2024-2025 is that EU CASPs have implemented the existing prohibition unevenly, with KYC residency self-attestation accepted at face value in many cases.^[12][13]

What the package does not capture, in the reading consistent across the legal analyses: a Russian-resident natural person trading on a non-EU CASP (the EU has no jurisdiction); a Russian-controlled UAE or Kazakhstani company holding wallets at an EU CASP if the company itself is the counterparty of record and is not Russian-established (Article 5bb's "established in Russia" venue test does not catch it directly, though Article 5b's services-to-Russian-persons regime, the EU's 50 Percent Rule on indirect ownership, and the CASP's MiCA / Transfer of Funds Regulation due-diligence obligations all bear on the question); and on-chain transfers between two unhosted (self-custodial) wallets that do not involve any CASP at all. The 50 Percent Rule's application to crypto wallets, beneficial-ownership opacity through nominee structures, and the indirect-ownership tests are the same patterns we documented in our 50 Percent Rule briefing — they are now load-bearing for crypto compliance in a way they were not before.

Methodology: what this briefing is and is not

This briefing is an open-source reconstruction of the article's scope, the empirical footprint of EU CASP exposure to Russian-counterparty flows since 2022, and three case-pattern reconstructions drawn from public reporting. We have not contacted CASPs for proprietary risk-model data, we have not requested confidential FinCEN or EU FIU data, and we have not attempted to identify natural persons beyond what is in OFAC press releases and primary reporting by Reuters, Bloomberg, the Financial Times, CoinDesk, The Block, and the named blockchain-analytics firms. Where a number is not verifiable from a public source we say so in plain prose rather than carry an unfilled citation marker.

The empirical footprint: what EU CASPs have actually been doing since 2022

The picture from the published Chainalysis, TRM Labs, and Elliptic reporting, cross-referenced against EU rule-making since the 8th package of October 2022, is that the EU CASP industry has operated in three regulatory layers since the war began. The first is the Article 5b custody-and-wallet prohibition (no crypto-asset wallet, account, or custody services to Russian persons, residents, or entities established in Russia). The second is the Markets in Crypto-Assets Regulation (MiCA) and the Transfer of Funds Regulation (TFR), applicable to all CASPs from January 2025, requiring identification and verification of originator and beneficiary at each end of a wire transfer, with a zero-EUR threshold for inter-CASP transfers.^[31][32] The third is the AML Regulation (AMLR) framework, with national implementations and enhanced due-diligence requirements for higher-risk counterparties.

What the on-chain reporting documents is a system in which the formal compliance perimeter has been substantially achieved (Russian-passport-only customer accounts at major EU venues are largely closed or in wind-down) while the empirical perimeter remains porous. Chainalysis's 2025 Geography of Crypto report estimated that Russia received approximately USD 376.3 billion in on-chain crypto-asset value between July 2024 and June 2025, a 48 percent year-on-year increase, putting Russia ahead of the United Kingdom (USD 273.2 billion) as the largest single-country crypto market measured by inbound volume.^[18] Chainalysis attributed the surge to two factors: large institutional transfers and an eight-fold expansion in DeFi activity in early 2025. The same report cautions that the figures cover only fiat onramping on tracked centralised exchanges and do not capture activity through OTC desks, hawala-style informal markets, or cash-based crypto shops — categories that, in Russia, have grown disproportionately since 2022.^[18]

For the EU venue side, the public picture is sparser. Elliptic's Discovery dataset profiles more than 400 CASPs identified as having a nexus with Russia, a population that includes EU-licensed venues with material historical exposure to Russian-counterparty flows.^[33] The named EU venues that have appeared most often in the open-source record since 2022 as primary RU-counterparty venues, by direct on-chain link, regulatory enforcement, or news-reporting reference, include Bitstamp (Slovenia/Luxembourg, since acquired by Robinhood), Bitvavo (Netherlands), the European-licensed entities of Coinbase (Coinbase Europe Limited, Ireland; Coinbase Germany GmbH), and the Kraken Ireland entity (Payward Europe Solutions Limited). The published reporting does not produce a single rank-ordered table of EU-CASP-to-Russia volumes, and we decline to construct one from inference.

The aggregate point is that EU CASPs have not been the primary conduit for Russian-resident retail flows since the 8th package — Russian-resident individual accounts at major EU venues are largely closed — but they have continued to handle the much larger flow of (a) corporate clients incorporated in third countries (UAE, Kazakhstan, the Caucasus, Hong Kong, Singapore) whose ultimate beneficial owners are Russian-resident or Russian-passport holders; (b) Russian-origin stablecoin volumes routed through non-custodial intermediaries before terminating at an EU venue for fiat off-ramping; and (c) inter-CASP transfers with non-EU CASPs that are themselves serving Russian-counterparty users. Article 5bb addresses category (c) directly, addresses category (a) only through the existing Article 5b regime and 50 Percent Rule indirect-ownership tests, and addresses category (b) through the application of MiCA and TFR obligations to the EU venue at the moment of fiat off-ramp.

Case 1 — The OTC-desk corridor: USDT-for-EUR since the stablecoin-only era

The first case-pattern reconstruction is structural rather than entity-specific, and it begins with the regulatory move of October 2022. The EU's 8th sanctions package eliminated the EUR 10,000 cap on Russian holdings at EU CASPs that had been imposed in April 2022 and replaced it with a complete prohibition on the provision of any crypto-asset wallet, account, or custody service to Russian persons or residents.^[7][8] The immediate operational consequence was that the major EU venues closed Russian-resident retail accounts. The slower consequence was the migration of Russian-counterparty flows away from spot retail and into the OTC-desk channel, where the counterparty of record is a corporate entity (typically incorporated outside Russia) and the on-chain leg is denominated almost exclusively in stablecoin.

The structural pattern that has held from late 2022 through Q1 2026 has the following shape. A Russian-resident principal contracts with a corporate vehicle incorporated in the UAE (typically a free-zone entity in DMCC, JAFZA, or one of the other Dubai or Abu Dhabi free zones) or in Kazakhstan, Kyrgyzstan, or Hong Kong. The corporate vehicle holds an account at an EU OTC desk — usually a desk attached to a major EU CASP, sometimes a stand-alone desk — under KYC documentation reflecting the corporate domicile, not the principal's residency. The trade is settled in USDT on the on-chain leg and in EUR on the fiat leg, against a SEPA wire to a corresponding bank account held in the same third-country jurisdiction. The Russian-resident principal never directly transacts on the EU venue; the Russian-resident principal's economic interest is intermediated through a corporate-form counterparty whose KYC documentation is, on its face, EU-compliant.

Two facts give this pattern its durability. The first is that Tether (USDT) is the dominant on-chain settlement medium for Russian-counterparty flows. Chainalysis's 2025 stablecoin reporting noted USDT processing volumes routinely in the order of USD 700 billion per month globally, peaking above USD 1 trillion in June 2025; the Russia-corridor share of that volume is not separately published but is consistently identified by the analytics firms as material.^[18][19] The second is the underlying corporate-veil problem documented in our 50 Percent Rule briefing: a UAE free-zone entity whose ultimate beneficial owner is a Russian-resident natural person can be screened against the EU consolidated sanctions list with a clean result, because the natural person is not on the list and the entity itself is not on the list, and the indirect-ownership test under the 50 Percent Rule is documentary work that requires a chain-tracing exercise the EU CASP's automated screening tool does not perform.

What changes on 24 May 2026: the OTC desk corridor as described is not directly captured by Article 5bb, because the corporate counterparty of record is typically not "established in Russia." It is captured indirectly to the extent that the trade routes through any Russian-established CASP (for example, a settlement leg via Grinex, the A7A5 token issuer's infrastructure, or any of the other Russian-established platforms named in the August 2025 OFAC action) at any point in the chain. It is captured by the underlying Article 5b prohibition to the extent that the EU CASP knows or should know that the natural-person principal is Russian-resident. And it is captured by the MiCA / TFR / AMLR obligations to the extent that the EU CASP's enhanced due diligence on the corporate counterparty would have surfaced the Russian principal — a question that, as the GVA Capital enforcement of 2025 (covered in the 50 Percent Rule briefing) made clear, is now evaluated on the adequacy of the analytic record, not on the adequacy of the automated screen.

Case 2 — The Garantex aftermath: where the displaced volume migrated

The second case is the Garantex-to-Grinex migration, the cleanest documented example in the open-source record of how a sanctions-driven enforcement against one Russian-established CASP produces displaced volume that migrates to a successor venue and then partially re-enters the EU CASP perimeter at the fiat off-ramp.

The factual sequence, as set out in the OFAC and DOJ filings and the subsequent Chainalysis, TRM Labs, and Elliptic reporting, runs as follows. On 6 March 2025, the United States Secret Service, in coordination with German and Finnish law-enforcement counterparts, took disruptive action against Garantex's computer infrastructure, seizing the exchange's web domain and freezing more than USD 26 million in cryptocurrency held by or for Garantex.^[23][34] On 7 March 2025, the US Department of Justice unsealed indictments against two named Garantex executives, Aleksej Besciokov and Aleksandr Mira Serda. Following the unsealing, Besciokov was arrested in India.^[23] The exchange — which OFAC had originally designated in April 2022 alongside the Hydra darknet market, and which OFAC's August 2025 action characterised as having processed in excess of USD 100 million in transactions linked to ransomware actors and other cybercriminals since 2019 — was operationally disrupted but not eliminated.^[26][35]

Within months, the on-chain reporting documented the migration. TRM Labs and Chainalysis identified Grinex as a successor venue whose promotional materials explicitly advertised it as a response to the sanctions and asset freezes that affected Garantex; customer balances appear to have been migrated from the seized Garantex infrastructure to Grinex through, among other instruments, the A7A5 ruble-pegged stablecoin issued by an entity (Old Vector) registered in the Kyrgyz Republic.^{[5][20][22][26]} Elliptic's analysis put A7A5's cumulative on-chain transaction throughput at over USD 100 billion by January 2026, characterising the token as the largest non-dollar stablecoin in the world by activity, with daily volumes peaking near USD 1.5 billion before coordinated sanctions in August 2025 reduced the daily figure to around USD 500 million.^[5][22] Chainalysis's reporting around the same August 2025 OFAC action put A7A5's cumulative volume at over USD 51 billion through July 2025 and noted the token's growth to roughly USD 1 billion of daily on-chain throughput by mid-2025.^[20][22]

The 14 August 2025 OFAC action re-designated Garantex, sanctioned Grinex as a successor, sanctioned the founder and co-owners of the previously sanctioned exchange, and designated six associated companies in Russia and the Kyrgyz Republic that had supported the operation, including Old Vector for its role in working with Garantex and the Russian company A7 LLC and its subsidiaries to create and distribute the A7A5 token.^[26][35] The EU's 19th sanctions package of October 2025 added third-country banks and individual crypto-providers; the 20th package extended that approach with the designation of the Kyrgyz exchange operator that the Council press release identified as a primary platform for trading A7A5.^[1][36] Elliptic's analysis identified the designated Kyrgyz venue as TengriCoin / Meer.kg, characterised as a primary venue for trading A7A5 and a critical bridge for ruble-stablecoin trading.^[5]

The compliance question for an EU CASP today is not whether Grinex or the A7A5 issuer is on the EU consolidated sanctions list (they are, since the August 2025 US action and the EU's October 2025 and April 2026 packages); it is whether the EU CASP's transaction-monitoring infrastructure can reliably identify on-chain flows that have, at any point in their history, touched Grinex, the A7A5 issuance / redemption infrastructure, the Old Vector or A7 LLC corporate group, or any successor / mirror venue spawned in response to the OFAC and EU actions. The blockchain-analytics vendors maintain attribution datasets that cover the principal known clusters; coverage of new mirror entities, new successor wallets, and the constantly evolving A7A5 secondary markets is a moving target.

Case 3 — The non-custodial wrapper: DeFi, MEV and aggregator routes

The third case is the most difficult to bound from open sources, because the conduct it describes is by design hard to attribute. Russian DeFi activity, as measured by Chainalysis, expanded eight-fold in early 2025 and was the single largest contributor to the surge that put Russia at the top of the global Geography of Crypto rankings for the year ending June 2025.^[18] The structural reason is that DeFi, decentralised exchanges (DEXs), DEX aggregators (Uniswap, 1inch, Matcha, ParaSwap, CowSwap and the others), maximal-extractable-value (MEV) infrastructure, and cross-chain bridges produce, between an end-user instruction and a final on-chain settlement, a chain of contracts and counterparties of which only some are CASPs in any meaningful sense and many are non-custodial protocols not subject to TFR or MiCA.

The pattern that the analytics reporting documents is the use of non-custodial wrappers to obscure venue exposure. A user instructs a swap from one stablecoin to another on a DEX aggregator; the aggregator routes the order through a series of liquidity pools spanning multiple chains, possibly through privacy-enhancing protocols, possibly through bridges into chains with different attribution coverage, before terminating in a wallet that may or may not later interact with a custodial CASP. From the perspective of the terminal CASP — the EU venue at which the resulting position is eventually off-ramped to fiat — the on-chain provenance of the inbound transfer is observable, but only to the depth that the CASP's blockchain-analytics provider has clustered the relevant addresses. A multi-hop route through an aggregator, a privacy protocol, and a bridge can produce a terminal address whose immediate predecessors are clean and whose deeper history is mixed.

Article 5bb's reach into this layer is legally clear and operationally fraught. The prohibition is on transactions with any crypto-asset transfer or exchange platform established in Russia. A non-custodial DEX or DEX aggregator is not "established" anywhere in the conventional corporate-domicile sense; the smart-contract code is deployed to a chain. The legal-analysis pieces consistently note that the EU's interpretation of "platform" in this context will be tested in practice through enforcement actions, FAQ guidance from the European Commission, and member-state implementation. The Skadden, Mayer Brown, Herbert Smith Freehills Kramer, and Steptoe analyses each flag this as one of the principal definitional uncertainties of the package.^{[3][4][9][11]}

What is operationally clear is that an EU CASP off-ramping a user position cannot rely on the smart-contract-deployment fiction that a DEX is "not established in Russia" if the DEX's front-end interface, governance, treasury, or operational team is in fact based in Russia and meets the standard criteria for establishment. For Russian-themed DeFi protocols whose operating teams have publicly Russian-residency footprints, the question of whether interactions with the protocol fall within Article 5bb is one the European Commission FAQ guidance will need to clarify; in the interim, the prudent reading from the published legal analysis is that the EU CASP must treat such interactions as in scope and document its risk assessment accordingly.

The MEV layer adds a separate complication. MEV searchers and builders extract value by re-ordering, inserting, or sandwiching transactions; a non-trivial share of MEV value-extraction infrastructure is operated by entities in jurisdictions including Russia. An EU CASP whose order flow is routed through an MEV-aware execution venue may, without taking any direct counterparty action, be settling against block-construction infrastructure operated by a Russian-established entity. The April 2026 reaction notes from TRM Labs and Elliptic flag this category as one of the harder enforcement questions and one for which the published guidance is incomplete.^[4][5]

Why 30 days is operationally tight

The 24 April 2026 entry-into-force of the regulation, with the Article 5bb prohibition taking effect on 24 May 2026, provides EU CASPs with thirty days to re-engineer their counterparty-screening and transaction-monitoring infrastructure from the prior list-based regime to the new sectoral one. For the AML and compliance functions of a regulated CASP, thirty days is roughly the duration of one to two transaction-monitoring rule tuning cycles, and it is materially shorter than the lead time customarily required to:

• Re-tune transaction-monitoring rules. Existing CASP transaction-monitoring engines screen counterparties against published designation lists (OFAC SDN, EU consolidated, UK OFSI, UN), against blockchain-analytics attribution scores, and against internal risk-rating models. Adding a sectoral screen for "any CASP established in Russia" requires either a maintained list of in-scope Russian CASPs (which the EU has not officially published) or an inferential test based on the counterparty CASP's domicile, registration, principal place of business, and operational footprint. Building, validating, and integrating that inferential test typically takes longer than thirty days under standard model-risk-management discipline.
• Rebuild blockchain-attribution coverage. The blockchain-analytics vendors provide cluster attribution at the level of individual exchanges, mixers, and named protocols, but coverage of all Russian-established CASPs is not uniform. New venues launched in the wake of the August 2025 OFAC action and the EU's 19th-package additions remain partly unattributed; coverage of mirror and successor venues lags the underlying activity.
• Renegotiate inter-CASP TFR data-sharing. Under the EU's Transfer of Funds Regulation, EU CASPs must identify and verify originator and beneficiary information for all inter-CASP transfers at a zero-EUR threshold.^[31] Adding a sectoral filter on the counterparty CASP's establishment requires updating bilateral and multilateral TFR data-sharing arrangements — a process that, where it requires changes to standardised messaging and counterparty registries, typically takes weeks per counterparty.
• Update unhosted-wallet risk assessments. The EU's published guidance on transfers to and from unhosted (self-custodial) wallets requires CASPs to apply enhanced due diligence above EUR 1,000 thresholds and, in higher-risk cases, additional measures.^[32] Adding the sectoral test in the unhosted-wallet workflow requires inferring the establishment of the counterparty controlling the unhosted wallet — a question often answerable only through blockchain-analytics attribution and behavioural inference.
• Document the file. The regulatory expectation, as the early Mayer Brown and Skadden analyses make explicit, is that EU CASPs will produce a documented risk assessment, a documented control framework, and a documented transition plan for in-scope counterparties.^[3][9] Under standard model-risk-management practice, documentation review and validation cycles run to 4-6 weeks; thirty days from regulation publication to entry-into-force does not accommodate that cycle.

The foreseeable enforcement outcomes of a tight 30-day window are well-documented from prior sanctions deadlines. We expect: a wave of conservative wind-downs by EU CASPs of any counterparty relationship that is plausibly in scope, including some that on closer analysis would not be (over-compliance); a wave of customer-account closures or restrictions for accounts whose KYC documentation indicates any Russian nexus, including some accounts that would qualify for the EU-resident-before-February-2022 carve-out (collateral damage); a wave of deposits and balances stranded at Russian-established CASPs as EU counterparties cease facilitation, with the practical effect of accelerating the migration of remaining Russian-counterparty flows to non-EU CASPs and to non-custodial routes (substitution); and an enforcement docket, beginning in Q3 and Q4 2026, of EU CASPs found to have continued facilitation past the deadline through inadequate transaction-monitoring tuning, inadequate counterparty due diligence, or inadequate documentation of the analytic record (selective enforcement).

Structural patterns in what comes next

Three structural patterns are visible in the published reaction notes and enforceable in the policy text itself.

The list-to-sectoral shift is permanent. The Council's reasoning for replacing entity-by-entity designation with a sectoral prohibition — that "further listing of individual crypto asset service providers is likely to result in the set-up of new ones to circumvent those listings" — is a candid recognition of what the Garantex-to-Grinex migration demonstrated.^[4] The same logic applies to other sectors. The EU's 14th-package shadow-fleet-vessel listing approach, examined in our 287-tanker briefing, has produced a similar pattern of re-flagging and re-naming under each new package; the EU's 20th package laid the basis for a future maritime services ban on Russian crude oil and petroleum products, the natural extension of the same logic from list-based to sectoral.^[1] Compliance regimes built around list matching are converging towards sectoral-prohibition regimes built around establishment, conduct, and beneficial-ownership tests.

Stablecoin infrastructure is the load-bearing layer. The Garantex-to-Grinex migration was bridged by A7A5; the broader Russian-counterparty flow continues to settle predominantly in USDT (with USDC, A7A5, and minor stables in supporting roles); the Council's designation of the digital ruble and RUBx is the EU's first explicit sanctions designation of a state-backed cryptocurrency. The pattern across the 19th, 20th and (presumably) future packages is that the EU has accepted that stablecoins are the operational core of the Russian-counterparty crypto economy and is shifting from designating exchanges to designating issuers, redemption infrastructure, and settlement venues for the underlying tokens.

The third-country-intermediary problem is unsolved. Article 5bb is a venue test on the Russian side. It does not by itself capture a Kyrgyzstani, Belarusian, UAE, Kazakhstani, Turkish, or Serbian intermediary that handles Russian-counterparty flows and then interacts with EU CASPs. The 19th package added third-country banks; the 20th package designated a Kyrgyz exchange operator; the architecture of the broader regime — the AMLR, the indirect-ownership tests of the 50 Percent Rule, the TFR's correspondent-relationship enhanced due diligence — is the only mechanism by which third-country intermediaries are reached, and that architecture depends fundamentally on the quality of the EU CASP's documented analytic record.

Limitations of this investigation

Five categories of fact are not visible from open sources, and an honest account of the uncertainty:

• Internal CASP risk-model output. The proprietary risk scoring that EU CASPs apply to counterparties, the attribution coverage of the blockchain-analytics tools they have licensed, and the rule logic of their transaction-monitoring engines are not disclosed publicly. A specific EU CASP may have already implemented sectoral screening of Russian-established counterparties under voluntary risk policy; another may not. We cannot identify the distribution.
• OFAC and FinCEN non-public datasets. The US Treasury maintains, in addition to its published SDN list and FinCEN advisories, non-public attribution datasets on illicit-finance flows, suspicious-activity-report aggregations, and 314(b) information-sharing files. These inform US enforcement against EU CASPs operating in the US market but are not visible to open-source investigators. Our characterisation of the empirical footprint relies on the Chainalysis, TRM Labs and Elliptic published reporting, which is itself a partial view.
• Travel-rule data layer. The FATF travel-rule data layer — the originator/beneficiary information that CASPs share with each other under TFR and equivalent regimes — is not publicly aggregated. The on-chain reporting documents the value flows; the off-chain attribution at the level of natural persons and corporate entities behind specific addresses is partially in the analytics vendors' datasets, partially in CASP-to-CASP messaging, and not publicly visible in the form needed to size the residual Russian-resident exposure of any specific EU CASP after 24 May 2026.
• OTC desk volumes. OTC-desk activity, by definition, does not appear in the order books that the analytics firms scrape. Chainalysis explicitly notes that its volume figures cover only fiat onramping on tracked centralised exchanges and do not capture activity through OTC desks, hawalas, or cash-based crypto shops.^[18] The case-pattern reconstruction in Case 1 above describes the structural pattern; we decline to put a number on the Russian-counterparty share of EU OTC-desk flows because the underlying number is not visible in public sources.
• Future EU FAQ guidance. The European Commission has historically issued FAQ guidance on the implementation of new sanctions packages 30-90 days after entry into force. As of the date of this briefing, no FAQ specific to Article 5bb has been published. Several of the harder definitional questions identified above — the treatment of non-custodial DEX aggregators, the treatment of MEV infrastructure operated from Russia, the treatment of unhosted wallets controlled by Russian-established entities, the treatment of dual-national edge cases — will be clarified, or not clarified, in the forthcoming guidance. Our reading reflects the pre-guidance state of the regulation.

What this means for compliance teams: five checks any EU CASP should run before 24 May

The methodology above collapses into five concrete checks that any EU-domiciled CASP, OTC desk, or DeFi onramp can apply before the prohibition takes effect:

1. Inventory inter-CASP exposures by counterparty domicile. Pull the last 180 days of inter-CASP transfers and segment by the counterparty CASP's establishment (jurisdiction of registration, headquarters, principal place of business, regulated-entity status). Flag every counterparty CASP whose establishment is in the Russian Federation. This is the irreducible Article 5bb screen and it is the first thing an enforcement action will ask to see.
2. Run the counterparty-CASP perimeter against the Garantex / Grinex / A7A5 successor map. The August 2025 OFAC re-designation, the Old Vector designation, and the EU 19th and 20th-package designations together identify a specific population of Russian-established CASPs and Russia-linked third-country platforms. Cross-reference your counterparty list against the consolidated EU and OFAC records and against the published Chainalysis, TRM Labs and Elliptic attribution datasets. Document the result. This is the second thing an enforcement action will ask to see.
3. Re-screen corporate-form counterparties against the 50 Percent Rule. A clean SDN screen on a UAE, Kazakhstani, or Hong Kong corporate counterparty is not sufficient. Walk the ownership chain (registrar extracts, free-zone disclosures, BVI / Seychelles / Cyprus intermediate tiers) and apply the indirect-ownership test. Flag any counterparty whose ultimate beneficial owner is a Russian-resident or Russian-passport-holding natural person. The 50 Percent Rule walkthrough in our earlier briefing is the working method.
4. Verify the residency carve-out documentation for retained Russian-national customers. The EU-national-resident-in-Russia-before-24-February-2022 and member-state-authorised-wind-down carve-outs are narrowly drafted. Pull the documentation file for every retained customer with any Russian nexus and verify that the carve-out applies on the face of the documentation. If it does not, the customer relationship is in scope of the existing Article 5b prohibition and should already have been wound down.
5. Document the file. If a transaction proceeds despite one or more of these flags — under a documented carve-out, under a documented wind-down authorisation, under a defensible reading of the regulation that turns out to be wrong — document the basis. The MiCA, TFR, and AMLR frameworks all evaluate the adequacy of the analytic record. The documented file is the difference between a regulator treating the CASP as negligent and a regulator treating it as complicit. The standard the GVA Capital enforcement of 2025 set, examined in the 50 Percent Rule briefing, is the baseline.

Closing note

The EU 20th package's Article 5bb is not a clever policy intervention. It is the bloc's acknowledgment, after four years of list-based crypto sanctions that produced exactly the successor-platform pattern the Garantex-to-Grinex migration documented in real time, that the workflow which the EU CASP industry has been running since 2022 — "screen the counterparty against published lists, log a clean hit, settle the trade" — is structurally insufficient to capture the architecture of Russian-counterparty crypto activity. The sectoral prohibition replaces the list with a venue test. The venue test will be circumvented within months by the migration of activity to third-country intermediaries that are not formally established in Russia, and the EU's response will be either further sectoral expansions (to specific third-country jurisdictions, to specific token-issuance infrastructures, to specific protocol categories) or a return to list-based work that learns from its own enforcement record.

What this means for any EU CASP, OTC desk, custodian or DeFi onramp on the morning of 25 May 2026 is the same thing it has meant for any bank, insurer, charterer, or port authority since the 14th package: reconstruct the counterparty's pattern of life from open sources, reconstruct its ownership chain from public registries and on-chain attribution, verify its establishment against the Article 5bb test, and document the file. No screening tool produces this output. It is investigative work, and it is the work the regulator now expects has been done.

Methodology disclosure

This briefing relies exclusively on public sources: the Council of the European Union press release of 23 April 2026; the European Commission Finance directorate-general statement of the same date; the EU Sanctions Compliance Helpdesk page on the 20th package; legal analysis published by Skadden Arps, Mayer Brown, Herbert Smith Freehills Kramer, Kinstellar, Steptoe, Morgan Lewis, and the Trade Compliance Resource Hub; reaction notes and on-chain reporting published by Chainalysis, TRM Labs, and Elliptic; OFAC and FinCEN press releases for the Garantex (March 2025), PM2BTC (September 2024), B-Crypto (March 2024), and Garantex / Grinex / A7A5 (August 2025) actions; primary reporting by Reuters, CoinDesk, CyberScoop, and The Block; and the Kyiv School of Economics Russian Oil Tracker and the CREA monthly fossil-fuel tracker for macro context. Where a statistic could not be verified from a public source we have hedged the claim in plain prose. Where a definitional question turns on European Commission FAQ guidance not yet published, we have stated the pre-guidance reading and noted the uncertainty. We have not identified any natural person beyond what is in OFAC press releases and primary reporting.

Sources and further reading

1. Russia's war of aggression against Ukraine: 20th round of stern EU sanctions hits energy, military-industrial complex, trade and financial services, including crypto. Council of the EU press release 284/26, 23 April 2026.
2. EU adopts 20th package of sanctions against Russia. European Commission, Finance directorate-general, 23 April 2026.
3. EU Adopts 20th Russia Sanctions Package. Skadden, Arps, Slate, Meagher & Flom LLP, 5 May 2026.
4. EU Adopts 20th Sanctions Package on Russia — Including a Sweeping Ban on All Crypto Asset Transactions With Russian and Belarusian Providers. TRM Labs, April 2026.
5. The EU's 20th sanctions package targets the architecture of crypto sanctions evasion. Elliptic, April 2026.
6. Sanctions Tracker: EU's 20th sanctions package targets energy revenues, the shadow fleet and financial circumvention. Herbert Smith Freehills Kramer, May 2026.
7. EU's Russian Crypto Ban Confirmed as Bloc Tightens Sanctions. CoinDesk, 6 October 2022 (8th package context, 10,000 EUR cap eliminated).
8. Europe Bans All Crypto Wallet Services to Russia in New Sanctions Package. Decrypt, October 2022.
9. EU Adopts 20th Package Against Russia & Parallel Sanctions on Belarus. Mayer Brown, 24 April 2026.
10. EU 20th sanctions package against Russia: Implications for financial services and crypto-assets. Kinstellar, April-May 2026.
11. EU's 20th Sanctions Package on Russia. Trade Compliance Resource Hub, 24 April 2026.
12. Russian Journalists, Activists Kicked Off Crypto Exchanges Due to EU Sanctions. CoinDesk, 14 October 2022 (operational impact of 8th package on EU CASPs).
13. 8th package of EU sanctions towards Russia and how it affects the customers. Kriptomat, October 2022 (an EU CASP's contemporaneous customer-impact note).
14. 20th package of sanctions against Russia. EU Sanctions Compliance Helpdesk, April-May 2026.
15. EU Adopts 20th Sanctions Package Against Russia, Expands Anti-Circumvention Efforts. Morgan Lewis, May 2026.
16. EU issues new FAQ guidance on the provision of payments services under the EU Russia Sanctions. Baker McKenzie Global Sanctions and Export Controls Blog.
17. EU's largest measures against Russia yet include escalation of crypto sanctions evasion. CoinDesk, 27 April 2026.
18. Crypto Adoption in Europe: The World's Largest Crypto Market. Chainalysis, 2025 Geography of Crypto report excerpt.
19. 2025 Crypto Adoption and Stablecoin Usage Report. TRM Labs.
20. Garantex, Grinex, and the A7A5 Token: A Deep Dive into Sanctions Evasion Networks. TRM Labs.
21. How A7A5 and Grinex Enable The Russian Shadow Crypto Economy. Chainalysis, August 2025.
22. Ruble-backed stablecoins: the importance of identifying indirect sanctions exposure. Elliptic.
23. Treasury Sanctions Cryptocurrency Exchange and Network Enabling Sanctions Evasion and Cyber Criminals. U.S. Department of the Treasury press release SB0225, March 2025 (Garantex enforcement context).
24. Treasury Takes Coordinated Actions Against Illicit Russian Virtual Currency Exchanges and Cybercrime Facilitator. U.S. Department of the Treasury press release JY2616, 26 September 2024 (PM2BTC primary money laundering concern).
25. Treasury Designates Russian Companies Supporting Sanctions Evasion Through Virtual Asset Services and Technology Procurement. U.S. Department of the Treasury press release JY2204, 25 March 2024 (B-Crypto, Rosbank, Russia-CASP advisory context).
26. OFAC Sanctions Crypto Network Behind Ruble-Backed Stablecoin and Shuttered Exchange Garantex. CoinDesk, 14 August 2025.
27. Russian Oil Tracker — April 2026. Kyiv School of Economics, KSE Institute.
28. Russian Oil Tracker — March 2026. Kyiv School of Economics, KSE Institute.
29. March 2026 — Monthly analysis of Russian fossil fuel exports and sanctions. Centre for Research on Energy and Clean Air (CREA).
30. Russia Fossil Tracker — payments to Russia for fossil fuels since 24 February 2022.
31. EU Crypto Travel Rule for CASPs: Regulatory Requirements Explained. AMLBot.
32. Preparing for the EU's requirements on the Travel Rule and unhosted wallets. Elliptic.
33. The EU's due diligence requirements for CASPs. VASPnet.
34. US widens sanctions on Russian crypto exchange Garantex, its successor and affiliate firms. CyberScoop, August 2025.
35. Treasury Sanctions Russia-Based Hydra, World's Largest Darknet Market, and Ransomware-Enabling Virtual Currency Exchange Garantex. U.S. Department of the Treasury press release JY0701, April 2022 (original Garantex designation).
36. 19th package of sanctions against Russia: EU targets Russian energy, third-country banks and crypto providers. Council of the EU, 23 October 2025.
37. OpenSanctions consolidated sanctions dataset.
38. OCCRP Aleph — investigative dataset and corporate records platform.