Belgium

This page typically contains direct links to relevant legislation, forms, and FAQs.

La loi du 18 septembre 2017 relative à la prévention du blanchiment de capitaux et du financement du terrorisme et à la limitation de l'utilisation des espèces constitue toujours la base légale belge en matière LBC/FT, mais elle a été substantiellement modifiée par des lois ultérieures et doit être lue dans sa version consolidée actuelle.

*Wet van 18 september 2017 tot voorkoming van het witwassen van geld en de financiering van terrorisme en tot beperking van het gebruik van contanten.* (In Dutch)

The primary Belgian transposition of AMLD5 is the Act of 5 August 2020 implementing the fifth Anti‑Money Laundering Directive, which amends the Act of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash; it can be found on the official Belgian legislative database (e.g., https://www.ejustice.just.fgov.be/loi/loi.htm) by searching by date and title.

In Belgium, the 5th Anti‑Money Laundering Directive (AMLD5) remains part of the transposed national AML framework but is no longer the ‘current baseline’ at EU level, as it has been supplemented and partly superseded by the 6th AML Directive (6AMLD) and the emerging EU single‑rulebook AML package; Belgian obliged entities must now comply with national law implementing both AMLD5 and 6AMLD, and prepare for direct application of the new EU AML Regulation.

Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU.

**Partial, Moving Towards Comprehensive:** Before MiCA, Belgium's approach was characterized by specific AML/CFT regulations for certain crypto service providers, consumer warnings, and a general "wait and see" stance for broader market regulation. With MiCA's staggered implementation (July 2024 for stablecoins, December 2024 for other crypto-assets), Belgium is in the process of fully integrating a comprehensive regulatory framework for crypto-asset issuance, trading, and services.

**Focus Areas:** AML/CFT, consumer protection, market integrity, and financial stability.

**EU Harmonization:** Belgium, as an EU member state, is directly impacted by and actively transposing/implementing EU regulations.

**National Bank of Belgium (NBB - *Nationale Bank van België / Banque Nationale de Belgique*):**

The NBB shares AML/CFT supervision of crypto-asset service providers with the ECB under the AMLA framework (2025), with the ECB now holding primary prudential oversight of significant crypto firms, while the NBB retains registration and AML/CFT responsibilities for smaller/non-significant providers.

**Financial Services and Markets Authority (FSMA - *Autoriteit voor Financiële Diensten en Markten / Autorité des services et marchés financiers*):**

**Role:** Responsible for supervising financial markets and ensuring fair and honest treatment of consumers. The FSMA issues warnings about crypto-related risks (volatility, scams), and provides guidance on whether specific crypto-assets might fall under existing financial legislation (e.g., securities law). Post-MiCA, the FSMA is expected to play a significant role in supervising entities licensed under the new framework, particularly regarding market conduct and consumer protection.

**EU Level (Directly Impacts Belgium):**

**Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA)**

**Date:** Signed into law 31 May 2023.

Titles III and IV (relating to asset-referenced tokens and e-money tokens/stablecoins): **30 June 2024**.

Other provisions (relating to crypto-asset service providers and other crypto-assets): **30 December 2024**.

**Impact:** MiCA provides a harmonized regulatory framework across the EU for crypto-assets not covered by existing financial services legislation. It covers the issuance, public offering, and admission to trading of various crypto-assets, as well as the authorization and supervision of crypto-asset service providers (CASPs). This is the most significant piece of legislation for the future of crypto regulation in Belgium.

**Reference:** Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937.

In Belgium, the EU Anti‑Money Laundering Directives (AMLDs) remain part of the legal background and are still reflected in national law, but the EU has moved to a new AML framework based on a directly applicable single rulebook and an EU‑level AML Authority (AMLA), so AMLDs are no longer the sole or primary forward‑looking reference point for EU/Belgian AML regulation.

Directive (EU) 2018/843 (5th AMLD) remains part of the binding EU AML framework as transposed into Belgian law, but it is no longer the sole or ultimate regulatory baseline: Belgium’s regime is now shaped by 4AMLD as amended by 5AMLD plus subsequent EU legislative and institutional reforms (including the emerging AMLA framework), and Belgium has been formally challenged over incorrect transposition of these directives.

**Date:** Entered into force 9 July 2018, implementation deadline 10 January 2020.

**Impact:** Extended the scope of AML/CFT rules to include providers engaged in exchange services between virtual currencies and fiat currencies, and custodian wallet providers. This mandated registration requirements at the national level.

**URL (EUR-Lex, 5th AMLD):** https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32018L0843

*Note:* The EU is currently working on a comprehensive new AML/CFT package, including a new AML Regulation and the establishment of an EU AML Authority (AMLA), which will further streamline and enforce these rules across member states.

**Law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash (AML Law)**

**Date:** Initially 18 September 2017.

**Key Amendment:** Modified by various Royal Decrees to transpose the 5th AMLD, notably the **Royal Decree of 28 April 2022**, which specifies the conditions and procedure for registration of providers of exchange services between virtual currencies and legal tender, and custodian wallet providers.

**Impact:** This law, as amended, is the primary legal basis requiring certain crypto service providers to register with the NBB for AML/CFT purposes in Belgium.

**URL (NBB - relevant registration page summarizing requirements):** https://www.nbb.be/en/supervision/aml-and-ctf/providers-exchange-services-between-virtual-currencies-and-legal-tender-and (This page provides a clear overview and links to the relevant legal texts for practical application.)

**Legal but Regulated:** Crypto trading and the operation of crypto exchanges are legal in Belgium, but they are subject to significant regulatory oversight, primarily for AML/CFT purposes.

Since Belgium’s implementation of the EU MiCA/MiCAR regime, the previous AML-based requirement for virtual asset service providers (including providers of exchange services between virtual and fiat currencies and custodian wallet services) to register with the National Bank of Belgium has been replaced by the new MiCA/MiCAR authorisation/supervisory framework, so the old mandatory NBB registration regime no longer applies in its original form.

As of the MiCAR implementation in Belgium, the FSMA is the sole competent authority for virtual asset service providers, and the NBB public register for exchange services between virtual currencies is no longer the primary supervisory tool.

European regulators, including the FSMA/ESA/FCA ecosystem, continue to warn consumers that crypto-assets can be highly risky and that protections may be limited depending on the product and provider, while MiCA has introduced some EU-wide safeguards for certain crypto-assets and services.

**MiCA's Future Impact:** Once MiCA fully applies by the end of 2024, the landscape for crypto exchanges and other CASPs will fundamentally change:

**Licensing, not just Registration:** CASPs will need to obtain a specific license under MiCA from a competent national authority (likely the FSMA or NBB, or both in cooperation, depending on their national distribution of powers) to operate across the EU.

**Broader Scope:** MiCA covers a wider range of crypto-asset services than just exchange and custody, including operating a trading platform, advice on crypto-assets, and portfolio management.

**Passporting:** A license obtained in one EU member state will allow a CASP to offer its services across the entire European Union, promoting market integration and competition.

**Requirement:** Providers of "custodian wallet services" are required to register with the FSMA. This is not a full financial services license but an AML registration.

**Legal Basis:** The **Law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash**. Specifically, **Article 5, §1, 37°** designates "providers of custodian wallets" as entities subject to AML/CFT obligations.

**Regulator:** Financial Services and Markets Authority (FSMA).

In Belgium’s twin‑peaks model, virtual asset service providers and similar intermediaries that fall under the FSMA’s remit must register and provide information on the company, its governance and internal organization, shareholders, and their AML/CFT policies and procedures. The FSMA assesses these elements in line with its conduct‑of‑business and AML supervisory role, while key prudential and certain fit‑and‑proper/AML responsibilities for many institutions lie with the National Bank of Belgium (NBB).

Belgian Law of 18 September 2017 (in Dutch/French): Look for "Wet van 18 september 2017 tot voorkoming van het witwassen van geld en de financiering van terrorisme en tot beperking van het gebruik van contanten" on the Belgian official gazette (e.g., through Jurisquare or Justel).

**Explicit Rules for Crypto:** The current AML Law of 2017 does not explicitly detail segregation rules specifically for crypto assets.

**Implicit Expectations:** However, as entities subject to AML/CFT, registered custodian wallet providers are generally expected to adhere to sound business practices, which would imply the segregation of client assets from the firm's own operational assets to protect clients in case of insolvency or operational issues. This is a general principle of good governance and risk management in financial services.

**Explicit Requirements:** There are no explicit national mandates for specific insurance or bonding requirements for crypto custodian wallet providers under the current AML framework.

**Implied:** Prudent risk management would nevertheless encourage such providers to consider adequate insurance coverage.

**Explicit Mandates:** There are no explicit national mandates for the use of cold storage or specific percentages of assets to be held in cold storage under the current AML framework.

**Implied:** Robust cybersecurity and operational risk management are expected, and the use of cold storage is generally considered a best practice for securing a significant portion of client digital assets. The FSMA would expect appropriate security measures as part of the operational risk assessment during registration.

**Specific Definition for Crypto:** The current Belgian framework does not define a "qualified custodian" specifically for digital assets beyond the "custodian wallet provider" designation under the AML Law. This designation focuses on AML/CFT compliance rather than broader financial regulatory standards.

**Authorization:** Providers of "safekeeping and administration of crypto-assets on behalf of clients" will need to obtain authorization as a Crypto-Asset Service Provider (CASP) from their national competent authority (the FSMA in Belgium). This is a more comprehensive authorization than the current AML registration.

**Scope:** MiCA defines "safekeeping and administration of crypto-assets on behalf of clients" as the activity of safeguarding or controlling crypto-assets or instruments giving access to crypto-assets on behalf of third parties.

**Requirements:** CASPs will need to meet stringent organizational, operational, and prudential requirements, including having robust governance arrangements, internal control mechanisms, risk management procedures, and capital requirements.

Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1114

**Article 53** (General obligations for CASPs) and **Article 67** (Specific obligations for providers of safekeeping and administration of crypto-assets on behalf of clients) are particularly relevant.

**Explicit Mandate:** MiCA explicitly mandates the segregation of client assets.

**Details (Article 67(2)):** Providers of safekeeping and administration of crypto-assets on behalf of clients must:

Enter into an agreement with their clients specifying their duties and responsibilities.

Keep records and establish accounts in their internal accounting systems that enable them to distinguish crypto-assets held on behalf of clients from their own crypto-assets and other clients' crypto-assets, and the funds of clients from their own funds.

Not use crypto-assets or funds held on behalf of clients for their own account.

**Reference:** MiCA Regulation, **Article 67(2)**.

**Specific Insurance:** MiCA does not explicitly mandate a specific type or amount of insurance *per se*.

**Liability and Operational Risk:** However, MiCA imposes liability on CASPs for losses incurred by clients due to their negligence or fraud. It also requires robust operational risk management, including cybersecurity, business continuity, and recovery plans. While not explicitly "insurance," these provisions require CASPs to manage risks that might typically be covered by insurance or equivalent capital.

**Reference:** MiCA Regulation, **Article 53** (General obligations), **Article 54** (Prudential requirements), **Article 67(6)** (Liability for loss).

**Explicit Mandates:** MiCA does not mandate a specific percentage of crypto assets to be held in cold storage.

**Operational Requirements:** However, it requires CASPs to have robust ICT systems and security protocols, effective security access protocols, and ensure the resilience and security of their services. This implicitly necessitates the use of secure storage solutions, including cold storage, as a key component of a robust risk management framework for safeguarding client assets.

**Reference:** MiCA Regulation, **Chapter 5** (Authorization and operating conditions for CASPs), specifically **Section 3** (Operating conditions for CASPs), and **Article 67** (Specific obligations for providers of safekeeping and administration of crypto-assets on behalf of clients).

The UN Security Council issues resolutions imposing sanctions (e.g., arms embargoes, asset freezes, travel bans) on states, entities, and individuals to maintain international peace and security.

Some UN Security Council resolutions – in particular those adopted under Article 41 of the UN Charter or using clearly mandatory language – are legally binding on all UN member states, including Belgium, but not all Security Council resolutions are binding; their legal effect depends on the specific legal basis and wording of each resolution.

The EU implements these UN sanctions through its own legal instruments, making them directly applicable within Belgium.

UN Sanctions Committees are subsidiary organs of the UN Security Council that administer global sanctions regimes under Chapter VII of the UN Charter; they do not constitute a Belgian regulatory authority, and their measures are implemented in Belgium only through subsequent transposition into Belgian and EU law.

The EU implements all UN sanctions and also imposes its own autonomous sanctions. These are adopted by the Council of the European Union under its Common Foreign and Security Policy (CFSP).

**EU Regulations:** Unlike directives, EU Regulations are **directly applicable** in all member states, including Belgium, without the need for national implementing legislation. This means VASPs in Belgium must directly comply with EU sanctions regulations.

**Types of Sanctions:** Asset freezes, prohibitions on making funds or economic resources available, travel bans, sectoral sanctions (e.g., related to finance, energy, transport, technology), and trade restrictions.

**Scope for Crypto:** EU sanctions explicitly cover "funds" and "economic resources," which are broad enough to include virtual assets. Recent sanctions, particularly those against Russia, have explicitly mentioned crypto-assets.

**Example (Russia):** Council Regulation (EU) No 833/2014, as amended by numerous subsequent regulations (e.g., Council Regulation (EU) 2022/328, Council Regulation (EU) 2022/394, Council Regulation (EU) 2022/428, and many more, most notably 2022/1904 prohibiting all crypto-asset wallet, account or custody services to Russian persons and residents, regardless of the amount of the crypto-assets). These amendments explicitly extended financial restrictions to crypto-assets.

**EU Sanctions Map:** Provides a comprehensive overview of current EU restrictive measures. https://www.sanctionsmap.eu/

**Official Journal of the EU:** Where all new EU sanctions regulations are published. https://eur-lex.europa.eu/oj/direct-access.html

**U.S. Office of Foreign Assets Control (OFAC) Sanctions:**

While OFAC sanctions are U.S. law, they can have **extra-territorial reach** and impact Belgian VASPs if there is a U.S. nexus. This includes:

U.S. sanctions jurisdiction is generally triggered when U.S. dollar‑denominated transactions are processed or cleared through the U.S. financial system (for example, via U.S. correspondent banks, CHIPS, Fedwire, or other U.S. intermediaries), but using or denominating a transaction in U.S. dollars does not, by itself in all cases, guarantee that it will clear through the U.S. financial system or create a U.S. nexus.

Use of U.S.-origin technology, software, services, or other U.S. nexus remains a key trigger for U.S. sanctions and export‑control jurisdiction, but the definition of a U.S. nexus has expanded beyond the simple ‘use of U.S.-origin technology or services’ to include foreign‑produced items incorporating specified U.S.-origin content (e.g., via rules like the 50 Percent Rule) and a broader range of U.S.-person technical services and support activities.

Using a U.S.-based cloud server or other passive U.S. technical infrastructure, by itself, is no longer treated as sufficient to automatically subject an otherwise foreign crypto transaction to comprehensive U.S. regulatory jurisdiction; current practice focuses on more substantive U.S. contacts such as U.S. counterparties, marketing to U.S. persons, conduct within U.S. markets, or activities clearly covered by specific U.S. regulatory frameworks (e.g., securities, commodities, AML/sanctions), rather than any minimal ‘U.S. touchpoint.’

Non-compliance with OFAC sanctions can lead to severe penalties from the U.S. government, even for non-U.S. entities.

The OFAC Specially Designated Nationals (SDN) List is a U.S. Treasury sanctions list administered by OFAC with global effect, but it is a U.S. regulatory instrument and not a Belgium (BE) jurisdictional sanctions list or Belgian regulatory requirement.

**Legal Basis for VASP Regulation in Belgium:**

The Belgian Anti-Money Laundering framework is based on the Law of 18 September 2017, but this law has been substantially amended and supplemented by subsequent legislation and is now part of a continuously evolving compliance regime, not a standalone current framework.

The Loi du 18 septembre 2017 relative à la prévention du blanchiment de capitaux et du financement du terrorisme et à la limitation de l'utilisation des espèces has been amended by subsequent Belgian legislation, most notably by the law of 8 February 2023 (published in the Belgian Official Gazette), but remains in force as the foundational law.

**FSMA Registration:** VASPs operating in Belgium must be registered with the Financial Services and Markets Authority (FSMA). This registration implies compliance with AML/CFT and sanctions obligations.

**FSMA Information on VASPs:** https://www.fsma.be/en/regulated-entities/virtual-assets/vasp

**EU AMLD5 (Directive (EU) 2018/843):** Explicitly brought VASPs under the scope of AML/CFT regulations.

**EU AMLD6 (Directive (EU) 2018/1673):** Reinforces criminal penalties for money laundering offenses, which includes sanctions evasion.

**Key Compliance Obligations for VASPs:**

VASPs must have robust, risk-based systems to screen customers (including, where relevant, beneficial owners) and, where appropriate based on risk, relevant counterparties and transaction participants against applicable sanctions lists; the scope and intensity of screening are determined by a risk-based assessment rather than a blanket obligation to screen every possible counterparty or transaction participant in all cases.

Belgian entities must primarily comply with the EU Consolidated List of Persons, Groups and Entities Subject to EU Financial Sanctions (asset freezes and related prohibitions), published and regularly updated by the EU and accessible via the EU sanctions map and data portal. However, this is not the only relevant list for Belgium: Belgium also maintains an autonomous national list for the freezing of terrorist assets, which extends the EU sanctions framework and must likewise be checked by obliged entities.

**OFAC SDN List:** Essential for VASPs with any U.S. nexus.

For Belgian (EU) institutions, the legally required sanctions screening layer is the EU framework (which transposes UN measures and also applies autonomous EU listings); direct screening of the UN Security Council Consolidated List can be used as an additional, prudential layer, but it is neither sufficient nor the primary compliance basis and does not replace EU sanctions screening obligations.

**Frequency:** Screening should occur during customer onboarding (KYC), on an ongoing basis (e.g., periodic reviews, real-time transaction screening), and potentially even post-transaction.

**Fuzzy Logic:** Systems should be capable of detecting close matches and aliases, not just exact ones.

2. Geographic Restrictions: VASPs must identify and block transactions to/from sanctioned jurisdictions or regions. For example, EU sanctions prohibit providing crypto-asset wallet, account or custody services to Russian persons and residents, regardless of the amount.

VASPs must identify and block transactions to/from sanctioned jurisdictions or regions. For example, EU sanctions prohibit providing crypto-asset wallet, account or custody services to Russian persons and residents, regardless of the amount.

This requires identifying the origin and destination of funds, which can be challenging with cryptocurrencies, but VASPs are expected to use all available information (IP addresses, transaction patterns, customer declarations, blockchain analytics) to assess geographic risk.

Monitor transactions for patterns indicative of sanctions evasion (e.g., unusual transaction sizes or frequencies, obfuscation techniques, rapid movement of funds to high-risk jurisdictions).

Leverage blockchain analytics tools to identify links to known sanctioned addresses or entities.

If a VASP identifies a match with a sanctioned entity or has reasonable suspicion of sanctions evasion or a blocked asset, it must immediately:

Freeze the assets (preventing any further transactions).

Report the hit or suspicious transaction without delay to the Belgian financial intelligence unit CTIF‑CFI (Cellule de Traitement des Informations Financières / Cel voor Financiële Informatieverwerking), in accordance with Belgium’s AML Law.

CTIF-CFI (Cellule de Traitement des Informations Financières / Cel voor financiële informatieverwerking) is Belgium’s Financial Intelligence Processing Unit (FIU) responsible for receiving and analyzing suspicious transaction reports and other AML/CFT-related information. The correct official website is https://www.ctif-cfi.be/; CTIF-CFI will only accept suspicious transaction reports via the goAML application as from 30 September 2024.

**Treasury Department (FPS Finance):** For reporting asset freezes and information on listed individuals/entities. The Treasury has a specific service for implementing financial sanctions. https://finances.belgium.be/fr/tresorerie/gel-des-avoirs (French link, English available)

Internal controls and risk management standards have been revised in 2025, with the GAO Green Book update emphasizing preventive controls, fraud risk management, and management's responsibility at all levels, integrating modern risk-adaptive practices.

Develop and implement a comprehensive risk-based sanctions compliance program.

Appoint a dedicated compliance officer.

Provide regular training to relevant staff.

Conduct independent audits of the compliance program.

Maintain detailed records of all compliance efforts.

The FSMA, as the supervisory authority for VASPs, can impose significant administrative fines for non-compliance with AML/CFT and sanctions obligations.

**Article 139 of the Law of 18 September 2017:** Allows the FSMA to impose administrative fines of up to **€5,000,000** or **10% of the total annual turnover** for legal entities, and up to **€5,000,000** for individuals, for serious breaches of AML/CFT and related obligations, including sanctions compliance.

**Other measures:** Prohibition on conducting certain activities, revocation of registration, suspension of services, public reprimands.

**Article 140 of the Law of 18 September 2017:** Criminalizes serious breaches of the AML/CFT law, including non-compliance with sanctions.

**Imprisonment:** Up to **5 years**.

Criminal fines: Up to €2,000,000 for legal entities and up to €25,000 for individuals (administrative fines up to €2,000,000 possible).

**Reputational Damage:** Beyond legal penalties, non-compliance can lead to significant reputational damage, loss of trust, and loss of business.

**Belgian Law of 18 September 2017 (AML Law):**

Loi du 18 septembre 2017 relative à la prévention du blanchiment de capitaux et du financement du terrorisme et à la limitation de l'utilisation des espèces: https://www.ejustice.just.fgov.be/cgi_loi/change_lg.pl?language=fr&la=F&cn=2017091811&table_name=loi

**FSMA (Financial Services and Markets Authority):**

**CTIF-CFIU (Belgian Financial Intelligence Unit):**

**Belgian Treasury Department (FPS Finance) - Sanctions:**

Information on asset freezes (in French): https://finances.belgium.be/fr/tresorerie/gel-des-avoirs

Interactive overview of EU restrictive measures: https://www.sanctionsmap.eu/

Most recent version of the EU consolidated sanctions list is at the provided EUR-Lex link.

Council Regulation (EU) No 833/2014 concerning restrictive measures in view of Russia's actions destabilising the situation in Ukraine remains in force but has been extensively and continuously amended, including by the 18th, 19th and 20th EU sanctions packages through 2025 and 2026, which significantly expand sectoral, trade and transaction bans (e.g., oil and LNG-related measures, payment services and anti‑circumvention rules). Any reference to this instrument must therefore be understood as referring to its latest amended form, not its original or earlier versions.

Directive (EU) 2018/843 (AMLD5) was the EU’s fifth Anti-Money Laundering Directive and formed an important part of Belgium’s AML framework, but it has since been superseded by the newer EU AML package (including AMLR/AMLD6) and is no longer the current governing framework.

Directive (EU) 2018/1673 (the 6th Anti‑Money Laundering Directive, 6AMLD) remains in force as the EU’s harmonised criminal-law framework for money‑laundering offences, including in Belgium, but it is no longer the sole or exhaustive AML instrument: it now operates alongside a newer, broader EU AML package (including the directly applicable Anti‑Money Laundering Regulation and the creation of the Anti‑Money Laundering Authority), which overhauls and supplements—rather than formally repeals—earlier directives on prudential/preventive AML rules.

**OFAC Sanctions List (SDN List):**

**UN Security Council Sanctions Committees:**