← Regulations / Albania / custody
Grade A AI-Researched

Albania -- Custody Regulations Regulatory Overview

Published: 2026-04-26 Updated: 2026-04-22 Author: SearXNG+LLM Version 1 Sources cited in: English (5)

Methodology

AI-generated synthesis from web search results.

Limitations

  • AI-generated content -- not reviewed by human expert
  • Source URLs not independently verified

Albania has taken steps to regulate the digital asset space, primarily through its Law No. 110/2020 "On Financial Markets Based on Distributed Ledger Technology" (DLT Law). This law, which came into effect in 2020, aims to provide a framework for the licensing, supervision, and operation of DLT-based financial markets, including services related to virtual assets.

The Financial Supervisory Authority (Autoriteti i Mbikëqyrjes Financiare - AMF/FSA) is the primary regulatory body responsible for implementing and supervising this law.

Here's a breakdown of the custody regulations in Albania under the DLT Law:

General Regulatory Framework

  • Law No. 110/2020 "On Financial Markets Based on Distributed Ledger Technology": This is the foundational legal act regulating DLT-based financial markets and virtual assets in Albania. It defines virtual assets, DLT service providers, and sets out licensing and operational requirements.
    • Official Albanian Source (Kuvendi i Shqipërisë - Parliament of Albania): Ligji Nr. 110/2020 "Për Tregjet Financiare Të Bazuara Në Teknologjinë E Regjistrit Të Shpërndarë"
      • A direct official English translation URL is not readily available from government sources, but reputable legal firms have summarized or translated it.

Custodial License Requirements

Under Law No. 110/2020, entities providing custody services for virtual assets are considered DLT service providers and must be licensed by the Financial Supervisory Authority (FSA). The law does not typically define a separate "custody license" but rather incorporates custody services as one of the activities requiring a general DLT service provider license.

Key requirements for obtaining a license include:

  1. Authorization from FSA: Any entity intending to offer DLT services, including custody of virtual assets, must obtain prior authorization from the FSA (Article 12).
  2. Legal Form and Capital: Applicants must be established as legal entities in Albania and meet minimum capital requirements, which are determined by secondary legislation issued by the FSA.
  3. Governance and Management: Requirements for sound and prudent management, including "fit and proper" criteria for directors and significant shareholders, robust internal control mechanisms, risk management procedures, and administrative arrangements.
  4. Operational Capacity: Adequate technical and human resources to perform the intended services securely and efficiently. This implicitly covers aspects like cybersecurity, data protection, and operational resilience.
  5. AML/CFT Compliance: Strict adherence to anti-money laundering and combating the financing of terrorism (AML/CFT) regulations, including customer due diligence (CDD), suspicious transaction reporting, and internal AML policies. These are primarily governed by Law No. 111/2019 "On Preventing Money Laundering and Terrorism Financing."
  6. Transparency and Disclosure: Ongoing obligations for reporting to the FSA and providing transparent information to clients.
  • Regulatory Reference: Articles 12-16 of Law No. 110/2020 and subsequent secondary legislation/regulations issued by the FSA.

Segregation of Client Assets Rules

Law No. 110/2020 explicitly addresses the safeguarding of client assets.

  • Article 21 (Client Asset Protection): DLT service providers, including custodians, are required to implement measures to protect the virtual assets and funds of their clients. This includes:

    • Segregation: Maintaining separate accounts for client virtual assets and funds from their own proprietary assets. This is a fundamental principle to ensure that client assets are not subject to claims from the DLT service provider's creditors in case of insolvency.
    • Identification: Clearly identifying client assets as such.
    • Reconciliation: Regularly reconciling client asset records with actual holdings.
    • Prevention of Misuse: Implementing robust controls to prevent the unauthorized use or misuse of client assets.

  • Regulatory Reference: Article 21 of Law No. 110/2020.

Insurance/Bonding Requirements

Law No. 110/2020 does not explicitly mandate specific "insurance" or "bonding" for DLT service providers. However, the legislation implies a requirement for financial robustness and risk coverage through:

  • Minimum Capital Requirements: DLT service providers must meet minimum initial capital requirements, as determined by the FSA through secondary acts. This capital acts as a buffer against operational risks and potential liabilities.

  • Robust Risk Management: The law mandates comprehensive risk management systems, which would typically include assessing and mitigating various risks, including cyber risks, operational risks, and the potential for asset loss. While not explicit insurance, it indirectly requires financial stability and the ability to cover potential losses.

  • Regulatory Reference: Article 13 of Law No. 110/2020 (regarding capital requirements) and Article 15 (regarding internal governance and risk management).

Cold Storage Mandates

Law No. 110/2020 does not explicitly mandate "cold storage" as a specific technical requirement. However, it implicitly requires high standards of security for the safekeeping of virtual assets:

  • Security Requirements (Article 15): DLT service providers must establish robust internal control mechanisms, including comprehensive IT security measures, to ensure the integrity, confidentiality, and availability of data and assets. This would naturally lead to the adoption of industry best practices for securing private keys, which typically include a significant portion of assets being held in offline (cold) storage.
  • Operational Resilience: The law requires measures to ensure operational continuity and resilience, which often involves disaster recovery plans and robust backup systems, again favoring secure storage solutions.

While not explicitly named, the general security and risk management requirements strongly imply the necessity of secure storage solutions like cold storage for a substantial portion of custodied assets.

  • Regulatory Reference: Article 15 of Law No. 110/2020 (internal governance, risk management, and IT systems).

Qualified Custodian Definitions

Under Albanian law, a "qualified custodian" for digital assets is essentially a DLT service provider licensed by the Financial Supervisory Authority (FSA) specifically authorized to provide custody services for virtual assets, in accordance with Law No. 110/2020.

The law defines "DLT service provider" and includes "provision of virtual asset custody services" as one of the activities (Article 4, point 16 and point 17). Therefore, any entity meeting the licensing criteria and authorized by the FSA to perform this service is deemed a "qualified" provider under Albanian law.

  • Regulatory Reference: Article 4 (Definitions) and Articles 12-16 (Licensing) of Law No. 110/2020.

Pending Custody Legislation

Albania is a candidate country for European Union membership. As such, its regulatory framework for financial services, including digital assets, is increasingly influenced by EU legislation.

The most significant pending legislation that will likely impact Albanian crypto custody regulations in the future is the EU Markets in Crypto-Assets Regulation (MiCA). MiCA sets out a comprehensive framework for crypto-asset markets across the EU, including detailed requirements for crypto-asset service providers (CASPs), which explicitly include custodians.

While MiCA directly applies to EU member states, it is highly probable that Albania will align its national legislation with MiCA as part of its EU harmonization process. This could lead to:

  • More Specific Rules: MiCA provides very detailed requirements for custody service providers regarding governance, operational resilience, segregation of assets, liability, and safeguarding arrangements.
  • Increased Scope: Potential expansion of the types of crypto-assets and services covered.
  • Enhanced Supervision: More detailed supervisory guidelines and closer alignment with European supervisory authorities.

There are no specific public announcements from the Albanian government detailing new, separate pending custody legislation outside of the existing DLT Law and its secondary acts, but the future direction is undeniably towards convergence with MiCA standards.

In summary, Albania has a foundational legal framework for crypto custody through its DLT Law (Law No. 110/2020), which requires licensing by the FSA and mandates client asset segregation. While specific technical requirements like cold storage are implied rather than explicit, and insurance is covered by capital adequacy, the regulatory landscape is likely to evolve towards greater detail and alignment with EU standards like MiCA.

Sources & Attribution

This article was generated by SearXNG+LLM .

Primary Sources

[1] https://gdpml.gov.al/ ()
[2] Qendra e Publikimeve Zyrtare (QBZ) - Official Publishing Centre ()
[3] https://home.treasury.gov/policy-issues/financial-sanctions/specially-designated-nationals-and-blocked-persons-list-sdn-human-readable-lists ()
[4] http://www.gdpml.gov.al/ ()
[5] https://amf.gov.al/ ()

Edit History

2026-04-26 — fix-grade-d-pipeline: upgraded — Auto-upgraded from D to A using allFacts sources

This article is maintained by AI research workers and reviewed by human editors. Learn about our methodology →