Customer Risk Assessments (CRAs) – Have you reassessed your CRA in light of the Iran Conflict?

The evolving geopolitical situation surrounding the conflict involving Iran has created a rapidly shifting landscape of financial crime and sanctions compliance risk.

Periods of heightened regional instability, economic stress, and intensified sanctions enforcement have historically led to increased cross-border financial flows, directly or indirectly, affecting the relevant jurisdictions.

These risks and trends are already visible today, as noted by the Australian Sanctions Office (ASO), which has warned that financial institutions may experience a rise in inbound funds with an Iranian nexus during times of conflict, currency volatility, and domestic instability.

• Against this backdrop, financial services providers worldwide must reassess the adequacy of their:-
• CUSTOMER RISK ASSESSMENTS [CRAs], including risk appetite statements
• Transaction‑Monitoring Frameworks, and
• Sanctions‑Screening Controls.
• The Australian Sanctions Office (ASO), advisory note, [dfat.gov.au] published on 3 March 2026, highlights a variety of behavioural, transactional, and structural indicators of potential sanctions‑evasion activity, such as
• Complex ownership arrangements,
• Opaque source‑of‑funds documentation,
• Layered transfers through intermediary jurisdictions, and
• Increased use of cryptocurrency channels.
•  These insights ARE NOT confined to the Australian context;
• Rather, they offer a useful and practical reference point for global compliance teams seeking to strengthen their controls in anticipation of heightened sanctions-related exposure.
• As the situation continues to evolve, the financial sector must ensure that customer due diligence, enhanced due diligence, sanctions screening, and ongoing monitoring arrangements are recalibrated to reflect emerging risks.
• The Australian guidance serves as a timely and valuable benchmark for firms everywhere as they reassess their exposure and reinforce their defences in an increasingly complex sanctions environment. Read more on the guidance in the next part

Australia issues an advisory note on sanctions risks posed by incoming Iranian funds.

The Australian Sanctions Office (ASO), Department of Foreign Affairs and Trade (DFAT) has released an Advisory Note warning the financial sector to expect increased inbound funds linked to Iran during certain high-risk periods.

According to DFAT, the note [dfat.gov.au] aims to:

• Raise public awareness of elevated sanctions risks
• Help the financial sector identify suspicious behaviour
• Reinforce that organisations are responsible for ensuring compliance
• Highlight that the document does not constitute legal advice

The ASO encourages entities to evaluate detected indicators within the broader sanctions framework and maintain robust controls.

The ASO states that banks, remitters, and Virtual Asset Service Providers (VASPs) may observe higher volumes of funds connected to Iran during:

• Geopolitical conflict
• Economic stress in Iran
• Tightened sanctions
• Currency volatility
• Domestic instability

These conditions often lead to capital flight from Iran. While the outflow of funds is not inherently illegal, it raises the risk of sanctions contraventions, especially when funds originate from sanctioned sectors or designated persons.

 Key Risks Identified

1. Indirect or obscured Iranian nexus

Funds rarely come directly from Iran due to sanctions and banking restrictions. Instead, they may be routed via:

• UAE
• Türkiye
• Malaysia
• Other regional financial hubs

Often, transfers involve multiple correspondent banks or layered transactions, making the source opaque.

2. Source‑of‑funds documentation concerns

Financial institutions may encounter:

• Opaque or insufficient wealth‑source documentation
• Customers using complex ownership structures (trusts, private companies)
• Attempts to mask Iranian connections, including alternate spellings or unclear beneficial ownership

These patterns raise red flags when the customer or their network has links to Iran.  

3. Customer-level risk indicators

Examples highlighted in the advisory include:

• Sudden, large inbound transfers inconsistent with known income
• Large capital transfers shortly after arrival in Australia by Iranian migrants or visa-holders
• Unusual asset purchases using complex structures
• Difficulty verifying claimed wealth sources

These behaviours may suggest sanctions‑exposure or illicit capital movement.  

4. Transaction-level risk indicators

Institutions may see:

• Incoming transactions from Iranian nationals or offshore Iranian entities without a prior relationship
• Structured transfers just below internal reporting thresholds
• Layered transfers before consolidation into Australian accounts

These patterns are typical of sanctions evasion or AML/CTF risk.

5. Cryptocurrency indicators

The ASO warns that Iran-linked funds may arrive via crypto channels:

• Transfers from offshore crypto exchanges into Australian bank accounts
• Rapid conversion (“off‑ramping”) into AUD
• Patterns consistent with crypto accumulation abroad

Cryptocurrency is explicitly recognised under Australian sanctions law as an asset, meaning providing crypto or crypto services to sanctioned persons may itself constitute a sanctions breach. (Supported by broader ASO guidance.)

Summary

• Australia’s sanctions regulator is cautioning financial institutions that incoming funds linked to Iran are likely to increase and that such flows carry elevated sanctions, AML/CTF, and reputational risks.
• The ASO outlines detailed behavioural, transactional, and crypto-related indicators to help institutions detect potential sanctions contraventions.

Sources

• https://www.dfat.gov.au/international-relations/security/sanctions/guidance/sanctions-risks-incoming-funds-iran
• https://www.brightlaw.com.au/new-sanctions-advisory-notes/