Iran’s Supreme Leader, Ayatollah Ali Khamenei, was killed on 28 February 2026 in joint airstrikes by the United States and Israel targeting senior Iranian leadership and strategic sites in a new and significant round of fighting designed to overthrow the Iranian dictatorship.
Other senior figures were reported among those killed or incapacitated in the same strike and follow-on operations, including heads of the Revolutionary Guard and defence leadership. Iran’s military has launched missile and drone counter-strikes against US, Israeli and Gulf states as part of its immediate retaliation.
While the situation remains highly fluid and unstable, it has immediate impacts for compliance professionals, particularly those working in financial services and with significant sanctions and cryptocurrency exposure.
Capital flight, crypto, and the risk to financial services
One of the most immediate compliance risks following the assassination of Iran’s supreme leader is capital flight by politically exposed persons and state-linked elites. When regimes destabilise, officials and their networks often attempt to move assets beyond the reach of domestic upheaval or foreign asset freezes. In a heavily sanctioned environment such as Iran’s, cryptocurrency offers a uniquely attractive escape valve.
US authorities have already been monitoring this prior to the outbreak of the war on 28 February. Earlier in February 2026, US authorities were already scrutinising a sharp rise in Iranian crypto activity. Blockchain analytics suggested transaction volumes in the billions, with a significant portion attributed to entities linked to the Islamic Revolutionary Guard Corps. The concern in Washington was that digital assets were being used to bypass sanctions, access hard currency equivalents and facilitate restricted procurement. That scrutiny now intersects with a far more volatile political environment.
If senior Iranian officials fear internal purges, asset seizures by rival factions, or expanded Western sanctions in response to military escalation, crypto becomes a portable, borderless store of value. Unlike real estate or bank deposits, it can be transferred within minutes to wallets outside Iranian jurisdiction. Unlike correspondent banking, it does not rely on US dollar clearing systems that are tightly monitored. Even where blockchain tracing is possible, attribution remains a lagging enforcement tool rather than a preventative control.
There are precedents for how sanctioned states and aligned actors take advantage of this.
North Korea’s Lazarus Group has demonstrated how digital assets can be stolen, layered across decentralised exchanges, bridged between blockchains and ultimately converted into usable funds. North Korea actors combined brute force cyber attacks and layering into jurisdictions with weaker AML supervision. The same infrastructure exists for any sanctioned actor seeking to obscure origin and destination of funds.
There are also well documented intersections between Iran and terror financing networks that have experimented with crypto rails. US sanctions in recent years have included wallet addresses tied to Iran-aligned militant groups. Stablecoins such as USDT on privacy-leaning blockchains have featured in past cases because of their relative liquidity and ease of transfer.
This pattern was seen after the killing of a Mexican cartel leader earlier in February. Crypto has emerged as one of the tools that allows criminal organisations to maintain cross-border liquidity while avoiding obvious banking triggers. In addition, compliance teams should be alert to unusual patterns in wire transfers involving Mexican entities for which establishing the ultimate beneficial owner is difficult. Increased activity through correspondent banking relationships that touch Central American or Caribbean jurisdictions warrants scrutiny. Real estate transactions structured through multiple corporate layers, particularly all-cash purchases, require enhanced review. Trade finance professionals should examine invoice integrity carefully and flag shipment patterns that do not align with the stated commercial relationship.
Iran’s role in art and terror financing
Iran has long functioned as Hezbollah’s principal backer, providing $700 million–$1 billion annually in financial support, weaponry, and training, making the group an operational proxy.
Iranian state institutions, including the Central Bank and the IRGC-Quds Force, feature prominently in shadow banking systems used to launder money, some of which has been traced to Hezbollah networks engaged in art and luxury goods trade.
Along with the UK warnings, a recent US Treasury report identified vulnerabilities in the high-value art market, citing the ease of transport, opaque ownership, and shell-entity structures. While direct evidence of terrorist financing was limited, the same mechanisms used for money laundering also enable terror finance.
According to OFSI’s 2025 threat assessment, Art Market Participants (AMPs) and High Value Dealers (HVDs) are involved in the trade of a wide array of luxury goods. This includes artwork, antiques, jewellery, wine, rare cars and fashion, collectively known as High Value Goods (HVGs). These items are highly portable, easily transferred across borders, and often stored or sold through opaque corporate structures. This makes them an ideal asset class for sanctions evaders and money launderers.
The key compliance issues to be aware of during the 2026 Iran conflict
The situation for compliance can become more complex if power struggles emerge within Iran. Officials or affiliated business networks seeking to ring-fence wealth may accelerate digital asset transfers before new sanctions lists are issued or before domestic rivals consolidate control.
Virtual asset service providers may see increased onboarding attempts from Iranian nationals using complex intermediary structures. Exchanges could face transaction spikes involving wallets with indirect exposure to sanctioned clusters. Banks interacting with crypto off-ramps may process seemingly legitimate fiat flows that originated in sanctioned ecosystems. Trade finance and real estate purchases in third countries may be funded by crypto converted offshore.
The immediate compliance challenge is that much of this activity can appear commercially routine. A property acquisition in Dubai, a consulting payment routed through Turkey, or a liquidity injection into a technology start-up may not carry obvious Iranian identifiers once value has moved through multiple wallets and exchanges. Without robust blockchain analytics, enhanced PEP screening and continuous sanctions list monitoring, institutions risk facilitating capital flight by sanctioned actors. In this kind of unstable situation, the velocity of financial movement often increases.
What comes next? Shifting sanctions and high risk jurisdictions
Sanctions on Iran, including secondary sanctions, have been a regulatory battleground for nearly a decade. Banks, asset managers, technology firms and service providers maintain detailed compliance policies focused on Iranian entities. A sudden power vacuum may see a recalibration of these lists including designations, general licenses, exemptions and countermeasures can all change in weeks rather than months. Enforcement bodies in the US, UK and EU are likely to issue new guidance quickly to address shifting risk profiles.
Last year, the US Treasury’s Office of Foreign Assets Control (OFAC) doubled the statute of limitations for sanctions violations: from 5 to 10 years. This includes a 10-year record retention requirement, including maintaining transaction records, screening documentation and compliance communications. That’s a decade of exposure, scrutiny, and potential enforcement for every deal, transaction, or due diligence file with a US nexus.
Entities previously designated for work with sanctioned Iranian institutions as a result of the nuclear programme, Iranian state bodies, or weapons supply networks will require fresh screening and potentially updated risk ratings as things change and develop. Firms must be prepared to absorb sanctioned parties newly added to lists tied to escalating conflict or internal power struggles.
Additional jurisdictions may also come under scrutiny. Dubai and the United Arab Emirates have long served as key transit points for Iranian and Russian capital seeking routes around Western sanctions regimes. Its position as a global financial hub, extensive trade networks and relatively open real-estate and finance markets have made it a conduit for legitimate commerce and, at times, for funds linked to sanctioned states and individuals. Historically, Iranian trade and financial networks used Dubai and other Gulf hubs to facilitate petrochemical exports and payments through front companies; US authorities have previously identified a so-called “shadow banking” network operating out of the UAE, where sanctioned Iranian funds and associated crypto flows were allegedly laundered via overseas entities and exchanges. Russia’s sanctions evasion has shown similar patterns, with wealthy individuals and capital using Dubai’s markets to liquidate assets or convert value via property and cryptocurrencies.
The recent escalation in hostilities, including Iranian missile strikes that have impacted major infrastructure in Dubai, Abu Dhabi, Qatar and Bahrain, could reset this dynamic. As Gulf states reassess their Iran and Russia exposure, sanctioned actors may pivot away from traditional Gulf transit routes to alternative jurisdictions or proxy networks with weaker regulatory alignment or less direct exposure to US and EU enforcement. That could mean increased financial migration to countries in South and Southeast Asia, Central Asia, parts of Africa, or through layered intermediary structures that obfuscate ultimate beneficial ownership. For compliance teams this signals a need to widen the geographic lens on sanctions screening, especially in crypto, where decentralised exchanges, peer-to-peer trading and cross-chain bridges can mask the movement of value through less regulated regional hubs. Scrutiny of counterparty risk and ultimate origin of digital asset transfers is now more important than ever, given the shifting terrain of global finance and sanctions risk.
Key red flags to be aware of during the 2026 Iran conflict
Heightened volatility in regulated crypto markets:
More actors may turn to crypto for cross-border movement. That may be driven by private individuals in Iran seeking to preserve wealth amid currency collapse, international actors aiming to capitalise on uncertainty, or sanctioned entities seeking alternative rails. Treat such flows as high-risk, potentially triggering expanded reporting requirements.
More sophisticated laundering and layering attempts:
Large blockchains, cross-chain bridges and decentralised exchanges already offer avenues to obfuscate transfers. In an environment of conflict and sanctions expansion, the volume of attempted illicit flows may increase. Firms with exposure to virtual asset service providers should intensify monitoring for patterns consistent with sanctions evasion.
Tighter enforcement of existing sanctions in crypto:
When OFAC or OFSI add wallet addresses, virtual asset service providers are expected to block or report interactions. As narratives of sanctions evasion evolve toward more assertive geopolitical conflict, regulators could expand requirements for real-time surveillance and reporting beyond current norms, using blockchain analytics and forcing interoperability in compliance screening tools.
Regime collapse may change who is on the sanctions lists:
A successor leadership in Tehran might be treated differently by global regulators. That could create a period where sanctions risk categories are in flux, with institutions needing to reconcile outgoing designations with incoming policy signals. For crypto compliance this is doubly tricky because digital asset addresses are tied to identities only by enforcement interpretation rather than legal status.
Shifting transit hubs and proxy jurisdictions:
As Gulf states reassess exposure amid direct Iranian hostilities, traditional transit points such as the UAE may face heightened scrutiny, regulatory tightening or political recalibration. Sanctioned Iranian and Russian actors could respond by rerouting funds through alternative jurisdictions with weaker enforcement alignment, lower transparency standards or emerging crypto systems. Compliance teams should treat sudden spikes in crypto-to-fiat conversion activity, real estate acquisitions, trade finance flows or digital asset transfers involving newly active intermediary jurisdictions as elevated risk.
Increased multilateral coordination on sanctions enforcement:
Conflict of this magnitude usually prompts an uptick in alignment between allies. The UK’s Office of Financial Sanctions Implementation, for example, might coordinate more closely with OFAC and the EU’s sanctions arm to issue unified guidance on navigating newly designated Iranian affiliates, especially in digital assets.
Download the VinciWorks guide to high risk jurisdictions.
