Belgium -- Sanctions Compliance Regulatory Overview

The UN Security Council issues resolutions imposing sanctions (e.g., arms embargoes, asset freezes, travel bans) on states, entities, and individuals to maintain international peace and security.

Some UN Security Council resolutions – in particular those adopted under Article 41 of the UN Charter or using clearly mandatory language – are legally binding on all UN member states, including Belgium, but not all Security Council resolutions are binding; their legal effect depends on the specific legal basis and wording of each resolution.

The EU implements these UN sanctions through its own legal instruments, making them directly applicable within Belgium.

UN Sanctions Committees are subsidiary organs of the UN Security Council that administer global sanctions regimes under Chapter VII of the UN Charter; they do not constitute a Belgian regulatory authority, and their measures are implemented in Belgium only through subsequent transposition into Belgian and EU law.

The EU implements all UN sanctions and also imposes its own autonomous sanctions. These are adopted by the Council of the European Union under its Common Foreign and Security Policy (CFSP).

**EU Regulations:** Unlike directives, EU Regulations are **directly applicable** in all member states, including Belgium, without the need for national implementing legislation. This means VASPs in Belgium must directly comply with EU sanctions regulations.

**Types of Sanctions:** Asset freezes, prohibitions on making funds or economic resources available, travel bans, sectoral sanctions (e.g., related to finance, energy, transport, technology), and trade restrictions.

**Scope for Crypto:** EU sanctions explicitly cover "funds" and "economic resources," which are broad enough to include virtual assets. Recent sanctions, particularly those against Russia, have explicitly mentioned crypto-assets.

**Example (Russia):** Council Regulation (EU) No 833/2014, as amended by numerous subsequent regulations (e.g., Council Regulation (EU) 2022/328, Council Regulation (EU) 2022/394, Council Regulation (EU) 2022/428, and many more, most notably 2022/1904 prohibiting all crypto-asset wallet, account or custody services to Russian persons and residents, regardless of the amount of the crypto-assets). These amendments explicitly extended financial restrictions to crypto-assets.

**EU Sanctions Map:** Provides a comprehensive overview of current EU restrictive measures. https://www.sanctionsmap.eu/

**Official Journal of the EU:** Where all new EU sanctions regulations are published. https://eur-lex.europa.eu/oj/direct-access.html

**U.S. Office of Foreign Assets Control (OFAC) Sanctions:**

While OFAC sanctions are U.S. law, they can have **extra-territorial reach** and impact Belgian VASPs if there is a U.S. nexus. This includes:

U.S. sanctions jurisdiction is generally triggered when U.S. dollar‑denominated transactions are processed or cleared through the U.S. financial system (for example, via U.S. correspondent banks, CHIPS, Fedwire, or other U.S. intermediaries), but using or denominating a transaction in U.S. dollars does not, by itself in all cases, guarantee that it will clear through the U.S. financial system or create a U.S. nexus.

Use of U.S.-origin technology, software, services, or other U.S. nexus remains a key trigger for U.S. sanctions and export‑control jurisdiction, but the definition of a U.S. nexus has expanded beyond the simple ‘use of U.S.-origin technology or services’ to include foreign‑produced items incorporating specified U.S.-origin content (e.g., via rules like the 50 Percent Rule) and a broader range of U.S.-person technical services and support activities.

Using a U.S.-based cloud server or other passive U.S. technical infrastructure, by itself, is no longer treated as sufficient to automatically subject an otherwise foreign crypto transaction to comprehensive U.S. regulatory jurisdiction; current practice focuses on more substantive U.S. contacts such as U.S. counterparties, marketing to U.S. persons, conduct within U.S. markets, or activities clearly covered by specific U.S. regulatory frameworks (e.g., securities, commodities, AML/sanctions), rather than any minimal ‘U.S. touchpoint.’

Non-compliance with OFAC sanctions can lead to severe penalties from the U.S. government, even for non-U.S. entities.

The OFAC Specially Designated Nationals (SDN) List is a U.S. Treasury sanctions list administered by OFAC with global effect, but it is a U.S. regulatory instrument and not a Belgium (BE) jurisdictional sanctions list or Belgian regulatory requirement.

**Legal Basis for VASP Regulation in Belgium:**

The Belgian Anti-Money Laundering framework is based on the Law of 18 September 2017, but this law has been substantially amended and supplemented by subsequent legislation and is now part of a continuously evolving compliance regime, not a standalone current framework.

The Loi du 18 septembre 2017 relative à la prévention du blanchiment de capitaux et du financement du terrorisme et à la limitation de l'utilisation des espèces has been amended by subsequent Belgian legislation, most notably by the law of 8 February 2023 (published in the Belgian Official Gazette), but remains in force as the foundational law.

**FSMA Registration:** VASPs operating in Belgium must be registered with the Financial Services and Markets Authority (FSMA). This registration implies compliance with AML/CFT and sanctions obligations.

**FSMA Information on VASPs:** https://www.fsma.be/en/regulated-entities/virtual-assets/vasp

**EU AMLD5 (Directive (EU) 2018/843):** Explicitly brought VASPs under the scope of AML/CFT regulations.

**EU AMLD6 (Directive (EU) 2018/1673):** Reinforces criminal penalties for money laundering offenses, which includes sanctions evasion.

**Key Compliance Obligations for VASPs:**

VASPs must have robust, risk-based systems to screen customers (including, where relevant, beneficial owners) and, where appropriate based on risk, relevant counterparties and transaction participants against applicable sanctions lists; the scope and intensity of screening are determined by a risk-based assessment rather than a blanket obligation to screen every possible counterparty or transaction participant in all cases.

Belgian entities must primarily comply with the EU Consolidated List of Persons, Groups and Entities Subject to EU Financial Sanctions (asset freezes and related prohibitions), published and regularly updated by the EU and accessible via the EU sanctions map and data portal. However, this is not the only relevant list for Belgium: Belgium also maintains an autonomous national list for the freezing of terrorist assets, which extends the EU sanctions framework and must likewise be checked by obliged entities.

**OFAC SDN List:** Essential for VASPs with any U.S. nexus.

For Belgian (EU) institutions, the legally required sanctions screening layer is the EU framework (which transposes UN measures and also applies autonomous EU listings); direct screening of the UN Security Council Consolidated List can be used as an additional, prudential layer, but it is neither sufficient nor the primary compliance basis and does not replace EU sanctions screening obligations.

**Frequency:** Screening should occur during customer onboarding (KYC), on an ongoing basis (e.g., periodic reviews, real-time transaction screening), and potentially even post-transaction.

**Fuzzy Logic:** Systems should be capable of detecting close matches and aliases, not just exact ones.

2. Geographic Restrictions: VASPs must identify and block transactions to/from sanctioned jurisdictions or regions. For example, EU sanctions prohibit providing crypto-asset wallet, account or custody services to Russian persons and residents, regardless of the amount.

VASPs must identify and block transactions to/from sanctioned jurisdictions or regions. For example, EU sanctions prohibit providing crypto-asset wallet, account or custody services to Russian persons and residents, regardless of the amount.

This requires identifying the origin and destination of funds, which can be challenging with cryptocurrencies, but VASPs are expected to use all available information (IP addresses, transaction patterns, customer declarations, blockchain analytics) to assess geographic risk.

Monitor transactions for patterns indicative of sanctions evasion (e.g., unusual transaction sizes or frequencies, obfuscation techniques, rapid movement of funds to high-risk jurisdictions).

Leverage blockchain analytics tools to identify links to known sanctioned addresses or entities.

If a VASP identifies a match with a sanctioned entity or has reasonable suspicion of sanctions evasion or a blocked asset, it must immediately:

Freeze the assets (preventing any further transactions).

Report the hit or suspicious transaction without delay to the Belgian financial intelligence unit CTIF‑CFI (Cellule de Traitement des Informations Financières / Cel voor Financiële Informatieverwerking), in accordance with Belgium’s AML Law.

CTIF-CFI (Cellule de Traitement des Informations Financières / Cel voor financiële informatieverwerking) is Belgium’s Financial Intelligence Processing Unit (FIU) responsible for receiving and analyzing suspicious transaction reports and other AML/CFT-related information. The correct official website is https://www.ctif-cfi.be/; CTIF-CFI will only accept suspicious transaction reports via the goAML application as from 30 September 2024.

**Treasury Department (FPS Finance):** For reporting asset freezes and information on listed individuals/entities. The Treasury has a specific service for implementing financial sanctions. https://finances.belgium.be/fr/tresorerie/gel-des-avoirs (French link, English available)

Internal controls and risk management standards have been revised in 2025, with the GAO Green Book update emphasizing preventive controls, fraud risk management, and management's responsibility at all levels, integrating modern risk-adaptive practices.

Develop and implement a comprehensive risk-based sanctions compliance program.

Appoint a dedicated compliance officer.

Provide regular training to relevant staff.

Conduct independent audits of the compliance program.

Maintain detailed records of all compliance efforts.

The FSMA, as the supervisory authority for VASPs, can impose significant administrative fines for non-compliance with AML/CFT and sanctions obligations.

**Article 139 of the Law of 18 September 2017:** Allows the FSMA to impose administrative fines of up to **€5,000,000** or **10% of the total annual turnover** for legal entities, and up to **€5,000,000** for individuals, for serious breaches of AML/CFT and related obligations, including sanctions compliance.

**Other measures:** Prohibition on conducting certain activities, revocation of registration, suspension of services, public reprimands.

**Article 140 of the Law of 18 September 2017:** Criminalizes serious breaches of the AML/CFT law, including non-compliance with sanctions.

**Imprisonment:** Up to **5 years**.

Criminal fines: Up to €2,000,000 for legal entities and up to €25,000 for individuals (administrative fines up to €2,000,000 possible).

**Reputational Damage:** Beyond legal penalties, non-compliance can lead to significant reputational damage, loss of trust, and loss of business.

**Belgian Law of 18 September 2017 (AML Law):**

Loi du 18 septembre 2017 relative à la prévention du blanchiment de capitaux et du financement du terrorisme et à la limitation de l'utilisation des espèces: https://www.ejustice.just.fgov.be/cgi_loi/change_lg.pl?language=fr&la=F&cn=2017091811&table_name=loi

**FSMA (Financial Services and Markets Authority):**

**CTIF-CFIU (Belgian Financial Intelligence Unit):**

**Belgian Treasury Department (FPS Finance) - Sanctions:**

Information on asset freezes (in French): https://finances.belgium.be/fr/tresorerie/gel-des-avoirs

Interactive overview of EU restrictive measures: https://www.sanctionsmap.eu/

Most recent version of the EU consolidated sanctions list is at the provided EUR-Lex link.

Council Regulation (EU) No 833/2014 concerning restrictive measures in view of Russia's actions destabilising the situation in Ukraine remains in force but has been extensively and continuously amended, including by the 18th, 19th and 20th EU sanctions packages through 2025 and 2026, which significantly expand sectoral, trade and transaction bans (e.g., oil and LNG-related measures, payment services and anti‑circumvention rules). Any reference to this instrument must therefore be understood as referring to its latest amended form, not its original or earlier versions.

Directive (EU) 2018/843 (AMLD5) was the EU’s fifth Anti-Money Laundering Directive and formed an important part of Belgium’s AML framework, but it has since been superseded by the newer EU AML package (including AMLR/AMLD6) and is no longer the current governing framework.

Directive (EU) 2018/1673 (the 6th Anti‑Money Laundering Directive, 6AMLD) remains in force as the EU’s harmonised criminal-law framework for money‑laundering offences, including in Belgium, but it is no longer the sole or exhaustive AML instrument: it now operates alongside a newer, broader EU AML package (including the directly applicable Anti‑Money Laundering Regulation and the creation of the Anti‑Money Laundering Authority), which overhauls and supplements—rather than formally repeals—earlier directives on prudential/preventive AML rules.

**OFAC Sanctions List (SDN List):**

**UN Security Council Sanctions Committees:**