CompliFi
Blog
AML / BSA / sanctionsEU / MiCAMore in AML / BSA / sanctions
12 min read

EU’s sweeping Russian crypto ban takes effect May 24: what exchanges and compliance teams must do now

The EU’s 20th sanctions package bans Russian and Belarusian crypto providers from May 24, 2026, including RUBx and the digital ruble. Exchanges and compliance teams need immediate control updates before enforcement risk escalates.

Written by

CompliFi Editorial · Editorial

Our team has experience across compliance operations, licensing readiness, and digital-asset program work — including themes that show up in California DFAL, federal BSA/MSB expectations, and global licensing conversations. These articles distill public regulatory materials and operator practice into field notes for your internal workflows. Educational only — not legal advice; confirm specifics with counsel.

  • Topics: DFAL / DFPI, NMLS & MU bundles, AML, cyber, custody, consumer programs
  • Sources: regulator hubs, statute references, and industry-standard frameworks

Meet the editorial team · Editorial standards

Compliance workflow: licensing, evidence vault, and ongoing programsLicensingStatutory rows & ownersEvidence vaultArtifacts & versionsProgramsAML · cyber · custody
Illustration: how operators connect licensing tasks, evidence, and ongoing supervision modules.

This is not another entity listing — it is a market-wide prohibition

The EU’s 20th sanctions package changes strategy from naming one platform at a time to restricting the entire Russia and Belarus crypto provider perimeter. If your controls are still tuned only for named-entity checks, they will miss the point of this package.

For a baseline on cross-border sanctions program design, review UK crypto sanctions enforcement in May 2026. The EU package now requires equally tight evidence around provider geography, ownership, and control.

New prohibited instruments: RUBx and the digital ruble

Alongside previously targeted structures, the package explicitly expands to RUBx and Russia’s digital ruble rails, plus aligned measures under the Belarus framework. Controls need to block direct exposure and indirect exposure through mirror routes and intermediary structures.

Treat this as an asset-taxonomy update and a sanctions-screening update at the same time: symbol-level blocks, issuer and affiliate mapping, and review rules for wrapped or relabeled variants.

What enforcement teams will test first

Expect immediate scrutiny of counterparty onboarding, third-country correspondent channels, and transaction escalation quality. If a user is linked to Russia- or Belarus-based crypto providers, you should be able to show exactly how your controls flagged and resolved the risk.

TengriCoin’s designation is a signal that intermediary networks are in scope. Do not rely on country-of-incorporation alone when beneficial control points elsewhere.

Urgent checklist before and after May 24

Run a full counterparty and wallet rescreen, add RUBx and digital-ruble indicators to prohibited assets logic, and validate that block actions work in API, web, and mobile flows.

Update escalation and reporting runbooks now. Delayed governance updates after first enforcement contact are usually treated as control failure, not operational growing pains.

Operational takeaway for compliance leads

The EU is signaling that sanctions-evasion channels in crypto will be regulated as architecture, not only as a list-management exercise. Program maturity now depends on ownership analytics, not just string matching.

If your team is tightening controls under compressed timelines, join the CompliFi waitlist for workflows that keep sanctions evidence, owners, and deadlines in one operating layer.

Related guides

Continue reading — frameworks, tools, and field notes connected to this topic.