For crypto exchanges, the timing of sanctions screening determines regulatory liability. Running compliance checks after a transaction is authorised does not prevent a breach. It documents one.
Sanctions Screening Timing for Crypto Exchanges
The question regulators and auditors now ask is not whether an exchange screens transactions for sanctions exposure, but at what point in the custody workflow that screening occurs.
AML, KYT, and transaction screening against OFAC designations are baseline requirements for regulated exchanges. What separates compliant operations from exposed ones is whether screening functions as a preventive control or a detection mechanism.
Under OFAC’s strict liability standard, an exchange that processes a transaction to a sanctioned address is liable for that transaction regardless of whether its screening system subsequently identifies it. The timing of the check does not change the liability for the underlying transaction. It changes whether the transaction happened at all.
Regulators across key markets reflect this expectation. The Financial Intelligence Unit (FIU) in India, the Virtual Assets Regulatory Authority (VARA) in the UAE, and the Monetary Authority of Singapore (MAS) increasingly require screening to function as a preventive control, not solely a monitoring mechanism.
Post-Trade Screening: Detection After Execution
Post-trade screening runs after the custody system has signed and authorised a transaction, which means by the time a sanctioned address is identified, the transaction is already confirmed on-chain and irreversible.
Once an exchange confirms it has executed a transaction with a sanctioned entity, reporting obligations are triggered immediately. FIU regulations in India, VARA regulations in the UAE, and MAS guidance in Singapore all require institutions to file reports on these transactions.
The regulatory exposure is material. Under OFAC’s strict liability standard, the exchange is liable for the transaction regardless of whether the screening system later identifies it as sanctioned. Identifying a transaction after the fact documents the breach. It does not eliminate liability for it.
Post-trade screening also creates a compounding operational problem at volume. In high-transaction environments, signing happens faster than compliance reviews are completed. A backlog of already-authorised transactions represents growing contingent liability, and if any of those transactions match a recently designated address, the exposure window includes the full gap between broadcast and detection. Auditors and regulators will identify this gap.
Pre-Trade Screening: Preventing Sanctioned Transactions Before Execution
Pre-trade screening blocks a transaction before the custody system signs it, which means a sanctioned address never reaches the authorisation stage and no cryptographic commitment is made.
A transaction flagged against a sanctioned address is halted at the policy level. It is not cryptographically committed. It is not broadcast to the blockchain. The compliance record shows a blocked interaction, not an executed one.
This distinction matters under strict liability frameworks. A blocked transaction is not a breach. An executed transaction to a sanctioned address is, regardless of when screening identifies it. Pre-trade screening is the only custody design that produces a preventive compliance record rather than a retrospective one.
Pre-Trade vs Post-Trade: A Direct Comparison
| Pre-Trade Screening | Post-Trade Screening | |
|---|---|---|
| When screening runs | Before the transaction is signed and authorised | After the transaction is signed and confirmed on-chain |
| What happens to a flagged transaction | Blocked at the policy level before any cryptographic commitment is made | Flagged for review after assets have already moved |
| Regulatory outcome | Blocked interaction. Not a breach. | Executed transaction to a sanctioned address. Reportable breach. |
| Liability under OFAC strict liability | No liability. Transaction never occurred. | Full liability regardless of when screening identifies it. |
| Audit record produced | Preventive compliance record showing blocked interactions | Detection record showing violations identified after execution |
| Reversibility | Not applicable. Transaction never reached the blockchain. | Irreversible. Transaction is already confirmed on-chain. |
| Regulatory alignment | Meets FATF, VARA, MAS, and FIU-IND expectations for preventive controls | Meets minimum monitoring requirements but does not satisfy preventive control expectations |
| Operational risk at volume | Low. Flagged transactions are stopped before they compound. | High. Backlog of signed transactions creates growing contingent liability. |
How Pre-Trade Screening Works Inside a Custody Workflow
Embedding pre-trade screening into a custody workflow requires placing the compliance check between transaction initiation and the signing stage, so that no transaction proceeds to authorisation without first clearing sanctions and risk policies
The Liminal Firewall is built for this position in the workflow. It sits in front of the custody signing stage and functions as a compliance layer that every transaction must pass through before proceeding to authorisation.
When exchanges use Liminal’s MPC or multi-signature infrastructure with the Firewall enabled, every transaction is evaluated against configured sanctions lists and risk policies before the signing process begins. A transaction involving a flagged address is blocked at the policy level. A transaction that clears all checks proceeds to the authorisation and signing stage without interruption. Compliance teams can configure policies based on transaction size, counterparty type, travel rule verification status, or any combination of risk parameters relevant to their regulatory environment.
This design means compliance controls are embedded in the custody workflow rather than sitting alongside it. Screening is not a separate step that runs after signing. It is a condition that must be satisfied before signing can occur.
The Audit Trail Difference Between Pre-Trade and Post-Trade
The compliance record an exchange produces is determined by where sanctions screening sits in the custody workflow.
An exchange with pre-trade screening embedded in custody produces a record showing that sanctioned interactions were blocked before execution. An exchange with post-trade screening produces a record showing which transactions were identified after assets had already moved. Regulators and auditors treat these records differently, and so does OFAC’s liability standard.
Liminal holds SOC 2 Type II, ISO 27001, and ISO 27701 certifications and is registered with India’s FIU. The Firewall was built to place sanctions screening at the point of authorisation, before assets move, so that exchanges produce a preventive compliance record rather than a reactive one.
FAQs
Does my exchange need to replace its screening vendor to implement pre-trade screening?
No. The screening API can merge directly with the custody policy engine so that checks execute before signing rather than after broadcast.
How does pre-trade screening affect transaction throughput?
Latency is typically minimal while using real-time screening APIs. For most institutional operators, preventing sanctions exposure surpasses the operational cost of pre-trade verification.
What’s the regulatory difference between pre-trade and post-trade screening in an audit?
Pre-trade screening demonstrates a preventive control that aligns with current regulatory expectations across OFAC, VARA, MAS, and FIU-IND frameworks. Post-trade screening produces a detection record showing violations were identified after execution, which does not eliminate liability under strict liability standards.
Can pre-trade screening be applied only to specific transaction types?
Yes. Compliance rules can be customised based on transaction size, counterparty type, and the nature of the operational activities performed.
How long does it take to move from post-trade to pre-trade screening?
Implementation timelines depend on the existing custody solution, current screening infrastructure, and system complexity.
