Azerbaijan

**A General Lack of Specific Legislation:** There is no specific law or regulatory framework explicitly governing the licensing of crypto exchanges, custody providers, or dedicated crypto payment processors.

**Restrictive Interpretation / Regulatory Silence:** The prevailing approach by the Central Bank of Azerbaijan (CBA) and other financial authorities leans towards caution and, in many cases, a de facto prohibition or severe restriction on activities involving virtual assets, especially when they touch upon traditional financial services. Cryptocurrencies are *not* recognized as legal tender.

**Application of General Financial Laws (Where Applicable):** Certain activities might inadvertently fall under existing financial services laws (e.g., banking, payment services, securities), which are highly regulated and typically not easily granted for crypto-related businesses.

**Regulatory Gap / De Facto Prohibition:** The absence of a framework often means such activities are either not allowed, operate in a legal grey area with significant risk, or would require a full traditional financial license (e.g., a banking license or a payments institution license), which is extremely difficult to obtain and often not suitable for pure crypto businesses.

**Cryptocurrency Exchanges:** There is no specific license for a cryptocurrency exchange. Any entity attempting to operate an exchange facilitating fiat-to-crypto or crypto-to-fiat transactions would likely face significant regulatory hurdles and could be deemed to be operating an unlicensed financial service, potentially requiring a banking license or being considered illegal. Crypto-to-crypto exchanges might exist in a grey area, but still face AML/CTF obligations.

**Custody Providers:** There is no specific license for virtual asset custody. If a service involves holding client assets, especially if they are deemed to have monetary value, it could potentially fall under regulations for safekeeping, trust services, or even banking, requiring appropriate traditional licenses.

**Processing payments *in* cryptocurrency:** This is generally not permitted as cryptocurrencies are not legal tender in Azerbaijan.

**Processing *fiat* payments *for* cryptocurrency services:** An entity processing fiat payments on behalf of clients or other businesses for crypto-related transactions would typically require a traditional payment services license under the "Law on Payment Services and Payment Systems." However, the underlying crypto activity itself might still be problematic or prohibited.

**Capital Requirements:** For traditional financial institutions (banks, payment institutions), capital requirements are significant. For example, a bank would require a very high minimum capital. For a payment institution, it's lower but still substantial.

**AML/KYC Requirements:** This is the most crucial aspect that *does* apply. Azerbaijan is a member of the FATF (Financial Action Task Force) and has updated its AML/CTF framework to align with FATF recommendations. This means that entities dealing with virtual assets, if they operate, are expected to comply with:

**Customer Due Diligence (CDD) / Know Your Customer (KYC):** Verifying customer identity.

**Ongoing Monitoring:** Monitoring transactions for suspicious activities.

**Record Keeping:** Maintaining records of transactions and CDD.

**Suspicious Transaction Reporting (STR):** Reporting suspicious activities to the Financial Monitoring Service (FMS).

The FATF's expanded definition of "Virtual Asset Service Providers (VASPs)" to include exchanges, custodians, etc., generally means these entities *should* be subject to AML/CTF obligations in Azerbaijan, even if a dedicated licensing regime is absent.

**Local Presence:** Any regulated financial institution in Azerbaijan is required to have a physical local presence and often local management.

**Management & Governance:** Fit and proper tests for directors and senior management, robust internal controls, and risk management frameworks are standard for financial institutions.

Submission of a comprehensive application to the Central Bank of Azerbaijan (CBA).

Risk-based AML/CTF program emphasizing effectiveness, tailored risk assessments, and outcome-oriented policies (no longer requiring static detailed business plan or financial projections)

Information on shareholders, directors, and management (fit and proper checks).

Extensive review and due diligence by the CBA.

The process is typically lengthy, rigorous, and requires significant legal and financial expertise.

**Central Bank of Azerbaijan (CBA):** The primary financial regulator responsible for banking, payment systems, and financial market supervision. Their website provides information on relevant laws and regulations for traditional financial services.

You would look here for laws like the "Law on Banks," "Law on Payment Services and Payment Systems," etc., which do *not* specifically mention virtual assets.

**Financial Monitoring Service (FMS) of the Republic of Azerbaijan:** This is the financial intelligence unit (FIU) responsible for combating money laundering and terrorist financing. They are the body that would enforce AML/CTF obligations on *any* entity dealing with virtual assets, even in the absence of a specific licensing framework.

The relevant law is the **Law of the Republic of Azerbaijan "On Combating Legalization of Criminally Obtained Funds or Other Property and Financing of Terrorism."** While a direct English version link can be hard to find consistently, the FMS oversees its implementation. This law would be the basis for any VASP's AML/CTF obligations.

**Law of the Republic of Azerbaijan on Combating the Legalization of Criminally Obtained Funds or Other Property and the Financing of Terrorism** (often referred to as the AML/CFT Law).

The AML/CTF framework defines the scope of reporting entities and their obligations, but amendments intended to align more fully with international standards—particularly in relation to new technologies and virtual assets—have been enacted but are not scheduled to commence until 31 March 2026, so those specific changes are not yet in force.

**Key Principle:** The law's definitions of "property" and "financial operations" are broad enough to encompass virtual assets and related services, thus bringing VASPs under its purview, even if they are not explicitly named in every article. FATF's guidance strongly recommends this approach for member countries.

**Financial Monitoring Service of the Republic of Azerbaijan (FMS)**

The FMS acts as Azerbaijan's Financial Intelligence Unit (FIU), responsible for receiving, analyzing, and disseminating suspicious transaction reports (STRs). It also supervises compliance with AML/CFT requirements.

**Individuals:** Obtaining and verifying the customer's full legal name, date of birth, address, and unique identification number (e.g., passport number, national ID card number). Verification typically involves reliable, independent source documents or data.

**Legal Entities:** Obtaining and verifying the legal name, registration number, address, articles of incorporation, and identifying the natural persons who are the beneficial owners (typically those owning 25% or more of the entity's shares or voting rights, or exercising control through other means).

**Purpose and Nature of Business Relationship:** Understanding the purpose and intended nature of the business relationship.

**Source of Funds/Wealth:** For high-risk customers or transactions, obtaining information on the source of funds or wealth used in the virtual asset transactions.

**Ongoing Monitoring:** Continuously monitoring the business relationship and transactions to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile. This includes monitoring for unusual transaction patterns.

**Enhanced Due Diligence (EDD):** Required for higher-risk scenarios, such as:

Transactions with Politically Exposed Persons (PEPs).

Customers from high-risk jurisdictions identified by FATF or the FMS.

Complex, unusually large transactions or unusual patterns of transactions with no apparent economic or lawful purpose.

Cross-border virtual asset transfers to/from jurisdictions with weak AML/CFT regimes.

**Simplified Due Diligence (SDD):** May be applied in very limited, low-risk circumstances, as defined by internal risk assessments and regulatory guidelines.

**Indicators of Suspicion:** VASPs must develop systems and training to identify red flags indicative of money laundering, terrorist financing, or other illicit activities. These can include:

Unusual or complex transaction patterns.

Transactions inconsistent with the customer's known profile.

Rapid and inexplicable changes in transaction volume or frequency.

Structuring of transactions to avoid thresholds.

Transactions involving anonymity-enhancing virtual assets (e.g., privacy coins) without a legitimate explanation.

Transactions involving addresses linked to known illicit activities (e.g., darknet markets, scams).

**Prohibition of "Tipping Off":** VASPs and their employees are prohibited from disclosing to the customer or any third party that an STR has been filed or that an AML/CFT investigation is underway.

All customer identification and verification data (CDD records).

Transaction data (including sender and recipient information, amount, type of virtual asset, timestamp, transaction hash).

Records of suspicious transaction reports filed.

Retention periods vary by record type and applicable authority; many business, tax, and AML-related records must be kept for at least 5 years, but some records require longer retention (for example, 6, 7, or 10 years) under Arizona schedules or federal rules.

**Accessibility:** Records must be readily available to the FMS or other competent authorities upon request.

**Risk Assessments:** Conducting regular institutional risk assessments to identify and evaluate money laundering and terrorist financing risks, and implementing appropriate mitigation measures.

**Designated Compliance Officer:** Appointing a qualified AML Compliance Officer responsible for overseeing the AML/CFT program.

**Employee Training:** Providing ongoing training to all relevant employees on AML/CFT policies, procedures, and emerging risks.

**Independent Audit Function:** Establishing an independent audit function to test the effectiveness of the AML/CFT program.

**Sanctions Compliance:** Screening customers and transactions against national and international sanctions lists.

In line with FATF guidance, VASPs are increasingly expected to implement the 'Travel Rule,' requiring them to obtain and transmit originator and beneficiary information for virtual asset transfers above a certain threshold (typically USD/EUR 1,000).

**Financial Monitoring Service (FMS):** Responsible for AML/CFT oversight and financial intelligence.

**Ministry of Internal Affairs (MIA):** For criminal investigations, including cybercrime and financial fraud.

**Central Bank of Azerbaijan (CBAR):** Regulates traditional financial institutions and payment systems, but direct crypto regulation is still being formalized.

**Entity Targeted:** Individuals or groups operating alleged fraudulent schemes (e.g., Ponzi schemes, pyramid schemes) using cryptocurrencies as an investment vehicle or payment method.

**Violation Type:** Fraud, swindling, operating illegal financial schemes, potentially money laundering.

**Penalty Amount:** This is not a "fine." Instead, it involves arrests, criminal investigations, pre-trial detention, potential prosecution leading to imprisonment, and asset forfeiture. Specific "penalty amounts" as regulatory fines are not applicable here.

**Date:** Ongoing throughout the period. Reports of such arrests and investigations appear periodically in local media.

Arizona enforcement outcomes include arrests, ongoing criminal investigations, potential charges, prosecution, and sentencing if found guilty.

**Date Example (Illustrative of ongoing activity):**

**Nature of Violations:** The most common "violations" related to crypto in Azerbaijan that lead to law enforcement action are criminal in nature (fraud, pyramid schemes) rather than breaches of specific crypto-regulatory compliance.