Austria -- Sanctions Compliance Regulatory Overview

Austria, as a member state of the European Union, is subject to the comprehensive sanctions regimes established by the United Nations (UN) and the European Union (EU). While the U.S. Office of Foreign Assets Control (OFAC) sanctions are primarily U.S. law, their extraterritorial reach often necessitates compliance by Austrian entities involved in international transactions or with a U.S. nexus.

For Virtual Asset Service Providers (VASPs) operating in Austria, compliance with these sanctions is critical and integrated into their Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) obligations.

Here's a breakdown:

I. Overarching Sanctions Frameworks Applicable to Austria

A. European Union (EU) Sanctions

EU sanctions are legally binding on all EU member states, including Austria. They are typically implemented through EU Council Regulations, which are directly applicable law without the need for national transposition.

1. Legal Basis:

   • Treaty on European Union (TEU) – Article 29.
   • Treaty on the Functioning of the European Union (TFEU) – Article 215.
   • These treaties empower the EU to impose restrictive measures (sanctions) to achieve Common Foreign and Security Policy (CFSP) objectives.

2. Types of Sanctions:

   • Asset Freezes: Prohibiting the use, transfer, or access to funds and economic resources of designated individuals, entities, or bodies. This directly applies to cryptocurrencies held by or transacted through VASPs.
   • Travel Bans: Restricting entry into or transit through EU territory for designated individuals.
   • Trade Restrictions: Embargoes on certain goods (e.g., arms, dual-use goods, luxury goods) or services. This includes restrictions on providing crypto-asset services to certain entities or in specific contexts.
   • Sectoral Sanctions: Targeting specific economic sectors (e.g., finance, energy, transport). The EU has increasingly included prohibitions on providing crypto-asset services as part of its sectoral sanctions, particularly against Russia and Belarus.

3. Key Sanctions Programs (Examples):

   • Russia: Extensive sanctions, including asset freezes, financial restrictions (e.g., SWIFT bans for certain banks, prohibitions on transactions with certain state-owned enterprises), and specific prohibitions on crypto-asset services.
     • Legal Reference: Council Regulation (EU) No 833/2014 concerning restrictive measures in view of Russia's actions destabilizing the situation in Ukraine. Subsequent amendments explicitly included crypto-asset services.
     • URL: EUR-Lex - Council Regulation (EU) 833/2014 (Check for latest consolidated version and amendments).
   • Belarus, Syria, Iran, North Korea, Venezuela, Myanmar, etc.: Various sanctions regimes applying asset freezes and other restrictions.

4. Consolidated List of Sanctioned Persons, Groups and Entities:

   • The EU maintains a consolidated list of persons, groups, and entities subject to EU financial sanctions. This is the primary list for screening.
   • URL: EU Sanctions Map (EEAS) or Financial Sanctions (European Council)

B. United Nations (UN) Sanctions

UN sanctions, imposed by the UN Security Council, are binding on all UN member states. The EU implements all UN Security Council resolutions imposing sanctions, typically through specific EU Council Decisions and Regulations, making them directly applicable in Austria.

1. Legal Basis: UN Charter, Chapter VII.
2. Key UN Sanctions Programs: DPRK (North Korea), Iran, Afghanistan (Taliban), ISIL (Da'esh) & Al-Qaida, Libya, Somalia, Sudan, South Sudan, Yemen, etc.
3. UN Sanctions List:
   • URL: UN Security Council Sanctions Committees (Each committee maintains its specific list).

C. Office of Foreign Assets Control (OFAC) Sanctions (U.S.)

While not Austrian law, OFAC sanctions are critical for VASPs in Austria due to their extraterritorial reach. OFAC sanctions can apply if:

• An Austrian VASP deals with U.S. persons (citizens, residents, entities).
• Transactions involve the U.S. financial system (e.g., USD-denominated transactions, even if not directly involving a U.S. bank, if they clear through the U.S.).
• Transactions involve U.S.-origin technology or services.
• Transactions have a direct or indirect nexus to OFAC-sanctioned individuals, entities, or jurisdictions, regardless of where the VASP is based.

1. Key OFAC List: Specially Designated Nationals and Blocked Persons (SDN) List.
   • URL: OFAC SDN List
2. OFAC Crypto Guidance: OFAC has issued specific guidance on sanctions compliance for the virtual currency industry.
   • URL: OFAC Enforcement Guidance for the Virtual Currency Industry

II. Sanctions Compliance Requirements for VASPs in Austria

In Austria, the Finanzmarktaufsicht (FMA - Financial Market Authority) is the primary supervisory authority for VASPs regarding AML/CFT and sanctions compliance.

The legal framework for VASPs in Austria is primarily based on the transposition of EU Anti-Money Laundering Directives (currently AMLD5 and AMLD6) into national law, specifically the Finanzmarkt-Geldwäschegesetz (FM-GwG - Financial Market Anti-Money Laundering Act).

1. Legal Basis for VASPs in Austria:

   • Finanzmarkt-Geldwäschegesetz (FM-GwG): This law implements the EU AML Directives and specifically covers VASPs. It mandates that VASPs comply with AML/CFT obligations, which inherently include sanctions compliance.
     • URL: RIS - Finanzmarkt-Geldwäschegesetz (FM-GwG) (Official Austrian legal information system – check for the latest consolidated version).
   • Registration Requirement: VASPs operating in Austria must register with the FMA. Registration requires demonstrating robust AML/CFT systems, including sanctions compliance.

2. Key Compliance Obligations for VASPs:

   • Customer Due Diligence (CDD):

     • Identify and verify the identity of customers (KYC) and beneficial owners.
     • Understand the purpose and intended nature of the business relationship.
     • Ongoing monitoring of the business relationship.
     • Sanctions screening is an integral part of CDD.

   • Sanctioned Entity Screening Obligations:

     • Mandatory Screening: VASPs must screen all customers (individuals and entities), beneficial owners, and, where appropriate, transaction counterparties against relevant sanctions lists (EU, UN, and practically, OFAC).
     • Real-time & Ongoing: Screening should ideally occur at onboarding and on an ongoing, risk-based basis (e.g., daily, weekly, or upon significant changes) to capture updates to sanctions lists.
     • Technology: Utilizing robust sanctions screening software that can handle various name spellings, aliases, and updates from multiple lists is essential.
     • "Travel Rule" for Crypto: For crypto transactions above a certain threshold, VASPs are required to obtain and transmit originator and beneficiary information, which then also needs to be screened for sanctions. This is being implemented via the EU's Transfer of Funds Regulation (TFR) which will apply to crypto-asset transfers.

   • Transaction Monitoring:

     • Monitor transactions for unusual patterns, amounts, or destinations that could indicate sanctions evasion or other illicit activities.
     • This includes monitoring on-chain activity where feasible and integrating with blockchain analytics tools.

   • Reporting Obligations:

     • Suspicious Activity Reports (SARs)/Suspicious Transaction Reports (STRs): If a VASP identifies a potential match to a sanctions list or suspects sanctions evasion, they must immediately freeze the assets and report the incident to the Austrian Financial Intelligence Unit (FIU), which is part of the Federal Criminal Police Office (Geldwäschemeldestelle).
     • URL (FMA guidance): FMA - Geldwäscheprävention (AML Prevention)

   • Internal Controls and Risk Assessment:

     • Implement comprehensive internal policies, procedures, and controls for sanctions compliance, tailored to the VASP's specific risk profile.
     • Conduct regular risk assessments to identify and mitigate sanctions risks inherent in their services, customer base, and geographic exposure.
     • Provide ongoing training to relevant staff.

   • Record Keeping: Maintain records of CDD measures, transactions, and sanctions screening activities for at least 5 years.

III. Geographic Restrictions

Sanctions regimes impose significant geographic restrictions. VASPs in Austria must prohibit or severely restrict dealings with:

• Sanctioned Jurisdictions: Countries subject to comprehensive sanctions (e.g., North Korea, Iran, Syria, parts of Ukraine, Russia, Belarus for specific sectors/individuals).
• Designated Entities/Individuals within Jurisdictions: Even in non-sanctioned countries, transactions involving designated individuals, entities, or their controlled assets are prohibited.

For crypto-assets, this means:

• No onboarding of customers residing in comprehensively sanctioned jurisdictions.
• Prohibition on facilitating any crypto-asset transfers to or from designated persons or entities.
• Careful monitoring of IP addresses and other geographical indicators to prevent access from sanctioned areas.

IV. Penalties for Violations

Violations of sanctions and AML/CFT laws in Austria can lead to severe penalties, both for the VASP as an entity and for individuals responsible.

1. Administrative Fines:

   • Under the FM-GwG, the FMA can impose significant administrative fines. For serious, repeated, or systematic breaches, fines can be up to €5 million or 10% of the total annual turnover for legal entities, and up to €5 million for natural persons.
   • Legal Reference: FM-GwG, Sections 97-100.
   • URL: RIS - FM-GwG (Check sections related to administrative penalties).

2. Criminal Penalties:

   • Severe violations, particularly those involving active participation in money laundering or terrorist financing through sanctions evasion, can lead to criminal charges under the Austrian Criminal Code (Strafgesetzbuch - StGB).
   • This can result in imprisonment for individuals and significant fines for legal entities.
   • Legal Reference: Strafgesetzbuch (StGB), particularly sections related to money laundering (§ 165 StGB) and terrorist financing (§ 278d StGB).
   • URL: RIS - Strafgesetzbuch (StGB)

3. Reputational Damage:

   • Beyond legal and financial penalties, a VASP found in violation of sanctions faces severe reputational damage, loss of trust from customers and financial partners, and potential revocation of its FMA registration.

V. Country-Specific Sanctions Lists for Austria

Austria does not maintain its own independent international sanctions lists that differ from those of the EU or UN. As an EU member, Austria directly implements:

• EU Sanctions Lists: These are the primary lists (e.g., the consolidated list of persons, groups and entities subject to EU financial sanctions) that Austrian entities must screen against.
• UN Sanctions Lists: These are incorporated into EU law and thus also directly applicable.

The FMA's role is to ensure compliance with these internationally agreed-upon and EU-implemented sanctions regimes within the Austrian financial sector, including for VASPs.

Conclusion

VASPs operating in Austria face stringent sanctions compliance requirements, primarily driven by EU regulations that incorporate UN sanctions. While OFAC is a U.S. regime, its practical extraterritorial impact makes it a necessary consideration for globally operating VASPs. Austrian law, specifically the FM-GwG, mandates that VASPs implement robust AML/CFT programs that include comprehensive sanctions screening, transaction monitoring, and reporting obligations. Failure to comply can result in severe administrative fines, criminal charges, and significant reputational harm.

Disclaimer: This information is for general informational purposes only and does not constitute legal advice. Sanctions regimes are complex and constantly evolving. VASPs should consult with legal professionals specializing in sanctions compliance to ensure full adherence to all applicable laws and regulations.