Austria -- Licensing Requirements Regulatory Overview

Austria, as a member state of the European Union, has implemented the EU's anti-money laundering (AML) directives into its national law. The primary regulator for financial services, including virtual assets, is the Financial Market Authority (FMA) (Finanzmarktaufsicht).

Registration vs. Licensing Regime

Currently, Austria operates primarily an AML-driven registration regime for Virtual Asset Service Providers (VASPs), rather than a full prudential licensing regime akin to banks or investment firms. This means that entities providing certain virtual asset services must register with the FMA for AML/CTF (Anti-Money Laundering/Combating the Financing of Terrorism) purposes.

However, it's crucial to note that the regulatory landscape for virtual assets is evolving rapidly, particularly with the upcoming implementation of the Markets in Crypto-Assets Regulation (MiCA) at the EU level. MiCA will introduce a comprehensive licensing framework for various crypto-asset services across the EU, replacing the current AML-focused registration regimes.

Required Licenses for Exchanges, Custody Providers, and Payment Processors

Under the current Austrian regime, the key legislation is the Financial Market Money Laundering Act (FM-GwG - Finanzmarkt-Geldwäschegesetz), which transposes the 5th EU Anti-Money Laundering Directive (AMLD5) and 6th EU Anti-Money Laundering Directive (AMLD6).

The FM-GwG explicitly defines and requires registration for the following Virtual Asset Service Providers (VASPs):

1. Exchanges (Providers of Exchange Services between Virtual Currencies and Fiat Currencies and between One or More Virtual Currencies):

   • This covers services that facilitate the exchange of fiat currency for virtual currency, virtual currency for fiat currency, or virtual currency for other virtual currencies.
   • Required Action: Registration with the FMA.

2. Custody Providers (Providers of Safekeeping and Administration of Virtual Currencies on Behalf of Clients):

   • This includes entities that safeguard private cryptographic keys on behalf of their clients, to hold, store, and transfer virtual currencies.
   • Required Action: Registration with the FMA.

3. Payment Processors (in the context of virtual assets):

   • While "payment processor" isn't a standalone defined VASP category under FM-GwG like exchange or custody, entities that facilitate payments using virtual assets will likely fall under the definitions above if their activities involve:
     • Exchange: If they convert virtual assets to fiat or vice versa for payment purposes.
     • Custody: If they hold virtual assets on behalf of clients for payment execution.
   • Important Distinction: If a service involves processing payments in fiat currency (even if originating from or destined for a crypto transaction), it might also trigger the need for a traditional payment service provider license under the Austrian Payment Services Act 2018 (ZaDiG 2018). This is a full prudential license regulated by the FMA, separate from VASP AML registration.

In summary: For services directly involving virtual assets, registration under FM-GwG is required for exchange and custody. If traditional fiat payment services are also involved, ZaDiG 2018 licensing might be necessary.

Key Requirements for Registration

To register as a VASP with the FMA, applicants must meet several key requirements, primarily focused on AML/CTF compliance and operational integrity:

1. AML/KYC Framework:

   • Risk Assessment: A comprehensive assessment of the money laundering and terrorist financing risks associated with the company's business model, customer base, products, services, and geographical areas of operation.
   • Internal Policies and Procedures: Implementation of robust internal policies, controls, and procedures to mitigate identified risks, including:
     • Customer Due Diligence (CDD/KYC): Procedures for identifying and verifying the identity of customers and beneficial owners (UBOs), ongoing monitoring of business relationships, and enhanced due diligence for high-risk customers.
     • Transaction Monitoring: Systems for monitoring transactions for suspicious patterns.
     • Reporting: Procedures for reporting suspicious transactions to the Financial Intelligence Unit (FIU).
     • Record Keeping: Policies for retaining customer and transaction data.
   • AML Officer: Appointment of a qualified and reliable AML Officer (Geldwäschebeauftragter) responsible for overseeing AML compliance.
   • Staff Training: Regular training for all relevant employees on AML/CTF obligations.

2. Reliability and Professional Suitability (Fit & Proper):

   • Management: The managing directors and persons responsible for AML compliance must demonstrate professional suitability and reliability (e.g., no criminal record, especially related to financial crime, fraud, or money laundering).
   • Owners: Beneficial owners (typically holding 25% or more of shares/voting rights) must also demonstrate reliability.

3. Local Presence:

   • The VASP must have its registered office in Austria.
   • While not always strictly enforced for all personnel, the management and key AML functions are generally expected to be located in Austria to ensure effective oversight by the FMA.

4. Operational Capacity and IT Security:

   • The applicant must demonstrate adequate operational resources, systems, and controls to perform the proposed services securely and reliably.
   • This includes robust IT security measures to protect customer data and virtual assets.

5. Capital Requirements:

   • Unlike traditional financial institutions, there are no specific minimum capital requirements explicitly stated for AML registration of VASPs under FM-GwG.
   • However, the FMA will assess the applicant's financial stability and resources to ensure they can adequately operate the business and meet their AML/CTF obligations. Sufficient operational funding is expected.

Application Process

The application process for VASP registration with the FMA typically involves the following steps:

1. Preparation of Documentation: Gather all necessary documents, which generally include:

   • Completed application form provided by the FMA.
   • Detailed business plan, outlining the services, target market, operational model, and technological setup.
   • Comprehensive AML/CTF manual/concept (Geldwäschekonzept) detailing all internal policies, procedures, and controls.
   • Information on the legal entity (e.g., extract from the commercial register).
   • Proof of reliability and professional suitability for managing directors and beneficial owners (e.g., CVs, police clearance certificates, declarations of non-bankruptcy).
   • Organizational chart.
   • IT security concept.
   • Financial projections.
   • Proof of sufficient financial resources.

2. Submission to the FMA: The complete application package is submitted to the FMA. The FMA prefers electronic submissions through its online portal or secure channels where available.

3. FMA Review and Due Diligence: The FMA will review the application for completeness and compliance with the FM-GwG. This often involves:

   • Detailed scrutiny of the AML/CTF concept.
   • Assessment of the reliability and professional suitability of management and owners.
   • Requests for additional information or clarification.
   • Potential interviews with management.

4. Decision: If the FMA is satisfied that all requirements are met, it will register the entity as a VASP. If the application is incomplete or concerns remain, it may be rejected or further information requested.

5. Ongoing Supervision: Registered VASPs are subject to ongoing supervision by the FMA to ensure continuous compliance with AML/CTF obligations.

Timeline: The processing time can vary significantly, depending on the completeness of the application and the complexity of the business model. It can range from several weeks to several months.

Specific Regulatory References and URLs

• Austrian Financial Market Authority (FMA):

  • Main website: https://www.fma.gv.at/en/
  • Information on Virtual Assets (Cryptocurrencies) - Registration obligation: https://www.fma.gv.at/en/cross-sectional-topics/virtual-assets-cryptocurrencies/ (This page directly links to forms and relevant information for VASP registration.)

• Financial Market Money Laundering Act (FM-GwG - Finanzmarkt-Geldwäschegesetz):

  • The full legal text can be found in Austrian legal databases. A direct English translation might not be publicly available from an official source, but the German version is authoritative. It transposes:
    • 5th EU Anti-Money Laundering Directive (AMLD5) (Directive (EU) 2018/843): https://eur-lex.europa.eu/eli/dir/2018/843/oj
    • 6th EU Anti-Money Laundering Directive (AMLD6) (Directive (EU) 2018/1673): https://eur-lex.europa.eu/eli/dir/2018/1673/oj

• Payment Services Act 2018 (ZaDiG 2018 - Zahlungsdienstegesetz 2018):

  • Relevant if traditional payment services are also offered. This transposes the Second Payment Services Directive (PSD2).

• Markets in Crypto-Assets Regulation (MiCA):

  • Regulation (EU) 2023/1114 on Markets in Crypto-Assets: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023R1114
  • Future Impact: MiCA will introduce a harmonized EU-wide licensing regime for various crypto-asset services. The rules on stablecoins (asset-referenced tokens and e-money tokens) apply from 30 June 2024, and the rules for other crypto-assets and service providers apply from 30 December 2024. This means the current national AML-registration regimes will be largely superseded by MiCA's comprehensive licensing requirements. VASPs should prepare for this significant shift.

Disclaimer: This information is for general informational purposes only and does not constitute legal advice. Given the complexity and evolving nature of cryptocurrency regulations, it is highly recommended to consult with legal professionals specializing in Austrian financial law and virtual asset regulations before undertaking any activities in this sector.