Bosnia and Herzegovina -- Sanctions Compliance Regulatory Overview

Bosnia and Herzegovina (BiH), as a sovereign state and a UN member, is obligated to comply with international sanctions regimes. Furthermore, as an aspiring EU member, BiH continually strives to align its legislative framework with EU standards, including those related to anti-money laundering (AML) and counter-terrorist financing (CFT), which underpin sanctions compliance.

Here's a breakdown of cryptocurrency sanctions and restrictions applicable in BiH:

I. General Sanctions Framework in Bosnia and Herzegovina

BiH's approach to financial sanctions, including those related to crypto assets, is primarily governed by:

1. UN Security Council Resolutions (UNSCRs): As a UN member state, BiH is legally bound to implement sanctions regimes imposed by the UNSC, particularly those related to terrorism financing, proliferation financing, and other threats to international peace and security.
2. Alignment with EU Sanctions: Although not an EU member, BiH has signed a Stabilization and Association Agreement with the EU and is a candidate country for EU membership. This means it has a political commitment to approximate its legislation with the EU acquis, including EU restrictive measures (sanctions).
3. Application of OFAC Sanctions: U.S. sanctions, primarily administered by the Office of Foreign Assets Control (OFAC), have significant extraterritorial reach. Any VASP or financial institution in BiH dealing with U.S. persons, transacting in U.S. dollars, or involving U.S. financial systems can be subject to OFAC jurisdiction. Furthermore, OFAC has specific sanctions programs targeting individuals and entities within BiH.

II. OFAC/EU/UN Sanctions Compliance Requirements for VASPs in BiH

While BiH does not yet have a specific standalone "crypto law" equivalent to MiCA (though it's in progress), crypto assets and VASPs are increasingly being brought under the existing AML/CFT framework.

The primary legal framework for AML/CFT and sanctions compliance in BiH is the Law on Anti-Money Laundering and Financing of Terrorist Activities (Zakon o sprečavanju pranja novca i finansiranja terorističkih aktivnosti). This law applies to "obligated entities," which include financial institutions and, increasingly, other businesses engaged in financial activities, including those dealing with crypto assets.

Key Compliance Requirements for VASPs (or entities dealing with crypto) include:

1. Risk Assessment: Obligated entities must conduct a comprehensive risk assessment to identify and evaluate ML/FT risks, including those related to crypto assets, specific customers, products, services, and geographic areas. This must inform their internal controls.
2. Customer Due Diligence (CDD) and Know Your Customer (KYC):
   • Identification and Verification: VASPs must identify and verify the identity of their customers (natural and legal persons) and, crucially, their beneficial owners.
   • Purpose and Nature of Business: Understand the purpose and intended nature of the business relationship.
   • Ongoing Monitoring: Continuously monitor customer transactions and activities to ensure consistency with their business profile.
   • Enhanced Due Diligence (EDD): Apply EDD for high-risk situations, such as dealings with Politically Exposed Persons (PEPs), customers from high-risk jurisdictions, or transactions involving anonymity-enhancing technologies.
3. Sanctioned Entity Screening: Obligated entities must screen their customers, beneficial owners, and transaction counterparties against relevant sanctions lists.
   • UN Sanctions Lists: Consolidated list of individuals and entities subject to UN sanctions.
   • EU Sanctions Lists: Consolidated list of persons, groups, and entities subject to EU financial sanctions.
   • OFAC Sanctions Lists: Specially Designated Nationals (SDN) and Blocked Persons List, Sectoral Sanctions Identifications (SSI) List, etc.
   • Domestic Lists: Any specific lists published by BiH authorities (e.g., related to domestic terrorism or specific high-risk individuals, though these often reflect international lists).
4. Transaction Monitoring: Implement systems to monitor transactions for unusual patterns, amounts, or origins that could indicate illicit activity, including attempts to circumvent sanctions.
5. Reporting Obligations:
   • Suspicious Transaction Reports (STRs) / Suspicious Activity Reports (SARs): Report any suspicious transactions (including those involving crypto) or activities to the Financial Intelligence Unit (FIU) of BiH, which is part of the State Investigation and Protection Agency (SIPA).
   • Blocking Reports: Immediately block funds/assets of sanctioned individuals or entities and report the hit to the relevant authorities (FIU, Central Bank of BiH).
6. Record-keeping: Maintain records of customer identification, transactions, and risk assessments for a specified period (typically 5-10 years).
7. Internal Controls and Training: Implement robust internal policies, procedures, and controls, and provide regular training to employees on AML/CFT and sanctions compliance.
8. FATF Travel Rule: While not a sanction per se, the FATF's Recommendation 16 (the "Travel Rule") requires VASPs to obtain, hold, and transmit required originator and beneficiary information for crypto transfers above a certain threshold. Compliance with the Travel Rule helps enhance the transparency necessary for sanctions screening in the crypto space.

Legal Reference:

• Law on Anti-Money Laundering and Financing of Terrorist Activities of Bosnia and Herzegovina:
  • Official Gazette of BiH, No. 104/09, 107/09, 21/17, 102/23 (latest amendment).
  • While specific online access to the latest consolidated version might require a subscription, the legislation is publicly available through official channels. The BiH FIU (SIPA) often provides summaries or guidance: SIPA - Financial Intelligence Unit (Information usually in Bosnian/Serbian/Croatian).

III. Geographic Restrictions

Sanctions regimes impose restrictions on transactions and dealings with:

• Comprehensively Sanctioned Jurisdictions: Countries or regions under broad embargoes or comprehensive sanctions (e.g., Iran, North Korea, Cuba, Syria, Crimea, DNR, LNR regions of Ukraine, and certain regions of Belarus).
• Individuals and Entities in Specific Jurisdictions: Even in non-comprehensively sanctioned countries, specific individuals, entities, or sectors might be targeted.
• "High-Risk Jurisdictions" identified by FATF: While not strictly sanctions, these jurisdictions require EDD and increased scrutiny due to their AML/CFT deficiencies.

VASPs in BiH must not engage in any transactions with sanctioned jurisdictions or entities/individuals designated on relevant lists, regardless of the asset type (fiat or crypto). This includes facilitating transactions that directly or indirectly benefit sanctioned parties.

IV. Penalties for Violations

Violations of AML/CFT laws and sanctions regulations in BiH can result in severe penalties, including:

1. Administrative Fines: Substantial monetary fines imposed by regulatory authorities (e.g., Central Bank of BiH, Banking Agencies of FBiH and RS, or other supervisory bodies) on entities and responsible individuals.
2. Criminal Penalties: For serious offenses, particularly those involving money laundering or terrorist financing, individuals can face:
   • Imprisonment: Lengthy prison sentences.
   • Criminal Fines: Significant monetary penalties.
3. Reputational Damage: Significant harm to the entity's reputation, loss of trust, and potential inability to conduct business with international partners.
4. Loss of Licenses/Operating Permits: For regulated entities, violations can lead to the suspension or revocation of their operating licenses.

V. Country-Specific Sanctions Lists Applicable to Crypto (BiH)

BiH does not maintain its own crypto-specific sanctions list. Instead, sanctions apply to persons and entities regardless of the asset class they use (fiat or crypto).

However, it is crucial to note that OFAC has specifically designated individuals and entities within Bosnia and Herzegovina under various sanctions programs, notably:

• Western Balkans Sanctions Program (E.O. 13304, E.O. 14033): This program targets individuals and entities undermining democratic processes, contributing to instability, engaging in corruption, or obstructing peace agreements in the Western Balkans, including BiH.
  • Specific Example: Milorad Dodik (President of Republika Srpska) and other officials have been sanctioned by OFAC for corruption and undermining BiH's sovereignty and territorial integrity.
  • Reference: OFAC's Western Balkans Designations and OFAC Recent Actions (search for BiH-related press releases).

Therefore, any VASP or financial institution in BiH must absolutely screen against OFAC's SDN list for individuals and entities located within BiH, as well as those globally.

In summary, VASPs operating in Bosnia and Herzegovina must implement robust AML/CFT and sanctions compliance programs that align with international standards, particularly those of the UN, EU, and OFAC. This includes comprehensive KYC, ongoing monitoring, and diligent screening against all relevant international sanctions lists, paying particular attention to OFAC designations within BiH itself. The adoption of MiCA, when fully implemented, will further solidify the regulatory landscape for crypto assets and VASPs in BiH, bringing enhanced scrutiny and compliance obligations.