Bulgaria -- Sanctions Compliance Regulatory Overview

Bulgaria, as a Member State of the European Union, is subject to the full suite of EU and UN sanctions. While OFAC sanctions are extraterritorial and not directly part of EU law, they significantly impact global financial institutions, including VASPs in Bulgaria, due to the interconnectedness of the financial system and the potential for secondary sanctions.

Here’s a breakdown of cryptocurrency sanctions and restrictions applicable in Bulgaria:

1. EU Sanctions Framework (Directly Applicable in Bulgaria)

The primary legal framework for sanctions in Bulgaria stems from the European Union. EU sanctions are binding on all persons and entities operating within the EU, including Virtual Asset Service Providers (VASPs).

Key Elements:

• Legal Basis: EU sanctions are typically imposed through Council Decisions and implemented via Council Regulations. These Regulations are directly applicable in all EU Member States without the need for national transposition.
• Scope: EU sanctions apply to:
  • All natural and legal persons, entities, or bodies within the territory of the EU.
  • Any legal person, entity, or body incorporated or constituted under the law of a Member State.
  • Any natural or legal person, entity, or body in respect of any business done in whole or in part within the EU.
• Definition of "Funds" and "Economic Resources": EU sanctions regulations typically prohibit making "funds" and "economic resources" available to designated persons and entities. Post-AMLD5 and the Russia sanctions, cryptocurrencies are widely understood and treated as "funds" or "economic resources" for sanctions compliance purposes.
  • Legal Reference: Council Regulation (EU) No 833/2014 (concerning restrictive measures in view of Russia's actions destabilising the situation in Ukraine), Article 5b, explicitly mentions the prohibition of providing crypto-asset wallet, account, or custody services to Russian persons/entities. Similar provisions can be found in other sanctions regimes.
    • Council Regulation (EU) No 833/2014 (See Article 5b for crypto-related restrictions concerning Russia)

Sanctioned Entity Screening Obligations for VASPs:

• Obligation to Freeze Assets: VASPs must immediately freeze all funds and economic resources belonging to, or owned or controlled by, designated persons and entities listed in EU sanctions regimes. This includes any crypto assets held or transacted through the VASP.
• Prohibition on Making Funds Available: VASPs are prohibited from making any funds or economic resources, directly or indirectly, available to or for the benefit of designated persons and entities.
• Customer Due Diligence (CDD) and Screening: Under the EU Anti-Money Laundering Directives (AMLDs), VASPs are obliged to apply CDD measures, which explicitly include screening clients and beneficial owners against sanctions lists.
  • Legal Reference:
    • Directive (EU) 2018/843 (AMLD5): Extended AML/CFT obligations to VASPs, including customer due diligence and reporting of suspicious transactions.
      • Directive (EU) 2018/843 (AMLD5)
    • Directive (EU) 2015/849 (AMLD4): The foundational AML directive, as amended by AMLD5.
      • Directive (EU) 2015/849 (AMLD4)
    • EBA Guidelines: The European Banking Authority (EBA) provides guidelines on ML/TF risk factors and CDD, which VASPs are expected to follow, even if not directly supervised by the EBA in Bulgaria (the national financial intelligence unit and potentially the Bulgarian National Bank/Financial Supervision Commission would be relevant).
      • EBA Guidelines on ML/TF risk factors (EBA/GL/2021/02)

Geographic Restrictions:

EU sanctions often impose comprehensive restrictions on dealing with specific countries or territories, or persons/entities connected to them. Examples include:

• Russia: Extensive restrictions on trade, financial services (including crypto services to or for persons/entities residing in Russia or established in Russia), and specific sectors.
• North Korea (DPRK): Comprehensive embargoes on financial services, trade, and related activities.
• Iran, Syria, Venezuela, Myanmar, Belarus, etc.: Various targeted sanctions regimes that may include financial and sectoral restrictions.

VASPs must consult the specific EU sanctions regulations for each targeted country or regime to understand the precise scope of restrictions. The EU Sanctions Map provides an overview:

• EU Sanctions Map

Penalties for Violations (EU Level):

While national laws transpose the penalties, the EU Framework Decision 2005/667/JHA and Directive (EU) 2018/1673 (AMLD6) provide for minimum common rules for offenses and penalties concerning sanctions violations.

• Directive (EU) 2018/1673 (AMLD6): Requires Member States to ensure that offenses relating to money laundering (which includes sanctions evasion as a predicate offense) are punishable by maximum terms of imprisonment of at least four years, and imposes additional sanctions or measures, including fines for legal persons.
  • Directive (EU) 2018/1673 (AMLD6)

2. UN Sanctions Framework

The United Nations Security Council (UNSC) imposes sanctions to maintain international peace and security. UN sanctions are implemented in the EU through Council Regulations, making them directly applicable in Bulgaria.

Key Elements:

• Implementation: The EU adopts Council Regulations that transpose UN Security Council Resolutions into EU law.
• Scope: UN sanctions typically target specific individuals, entities, and countries (e.g., ISIL (Da'esh) and Al-Qaida, Taliban, DPRK, Iran, Libya, Somalia, Sudan, Yemen, etc.).
• Obligations for VASPs: The same obligations for freezing assets, prohibiting making funds available, and screening apply as with EU autonomous sanctions, as they are implemented through the same EU legal framework.
  • Legal Reference (Example for Al-Qaida/ISIL): Council Regulation (EC) No 881/2002 implementing UNSCR 1267 (1999) and subsequent resolutions concerning restrictive measures against certain persons and entities associated with the ISIL (Da'esh) and Al-Qaida organisations.
    • Council Regulation (EC) No 881/2002
• UN Sanctions List: The consolidated list of persons and entities subject to UN sanctions is available on the UN website.
  • UN Security Council Sanctions Committees

3. OFAC (U.S. Department of the Treasury's Office of Foreign Assets Control) Sanctions

While OFAC sanctions are U.S. law, their extraterritorial reach means they significantly impact non-U.S. entities, including VASPs in Bulgaria, especially if they:

• Deal with U.S. persons or entities.
• Transact in U.S. dollars.
• Use U.S. correspondent banking services.
• Use U.S.-origin technology or software.
• Facilitate transactions that touch the U.S. financial system.

Key Elements:

• Sanctioned Entity Screening: VASPs dealing with the U.S. or using U.S. financial infrastructure are expected to screen against OFAC's Specially Designated Nationals (SDN) and Blocked Persons List, as well as other OFAC sanctions lists.
• Crypto Enforcement: OFAC has actively targeted crypto mixers, exchanges, and individuals involved in sanctions evasion using virtual assets. They have explicitly stated that sanctions apply to virtual currency transactions just as they apply to traditional fiat transactions.
• Geographic Restrictions: OFAC administers numerous sanctions programs targeting specific countries (e.g., Russia, Iran, North Korea, Cuba, Syria, Venezuela) and illicit actors (e.g., narcotics traffickers, terrorists, cybercriminals).
• Penalties for Violations: Violations can result in severe civil and criminal penalties, including substantial fines, imprisonment for individuals, and being cut off from the U.S. financial system.
  • Legal Reference:
    • OFAC's SDN List
    • OFAC's Guidance on Virtual Currency

4. Bulgarian Specific Legal Framework

Bulgaria transposes the EU Anti-Money Laundering Directives into national law, primarily through the Measures Against Money Laundering Act (ZMSIP). This Act sets out the specific obligations for financial institutions, including VASPs, regarding AML/CFT and sanctions compliance.

Key Elements:

• Measures Against Money Laundering Act (ZMSIP): This is the principal national law governing AML/CFT obligations in Bulgaria. It designates the Financial Intelligence Agency (part of the State Agency for National Security - DANS) as the national authority responsible for receiving and processing suspicious transaction reports and enforcing AML/CFT measures.
  • Obligations: The ZMSIP mandates obliged entities (including VASPs) to:
    • Apply CDD measures, including identification and verification of customers and beneficial owners.
    • Monitor transactions for suspicious activity.
    • Report suspicious transactions to DANS.
    • Implement internal policies, controls, and training related to AML/CFT and sanctions.
    • Freeze assets of designated persons/entities and report these freezes.
  • Registration of VASPs: VASPs operating in Bulgaria must register with the National Revenue Agency (NRA) and are subject to supervision by the State Agency for National Security (DANS) regarding AML/CFT compliance.
  • Legal Reference:
    • Закон за мерките срещу изпирането на пари (ZMSIP - Measures Against Money Laundering Act):
      • ZMSIP (in Bulgarian, via APIS.bg) (Official source often linked via Bulgarian Ministry of Finance or Parliament websites)
      • Ministry of Finance (Bulgaria) - AML Section (Provides information on national AML policy)
    • Наказателен кодекс (Penal Code): Articles related to money laundering and terrorism financing would cover serious violations of sanctions.
      • Наказателен кодекс (in Bulgarian, via APIS.bg)

Country-Specific Sanctions Lists:

Bulgaria, as an EU member, does not maintain separate "country-specific sanctions lists" for international sanctions beyond implementing EU and UN lists. The EU's consolidated list of persons, groups, and entities subject to financial sanctions and the UN consolidated list are the primary sources for screening.

Regulatory Bodies:

• Financial Intelligence Agency (FIA) / State Agency for National Security (DANS): The primary authority for AML/CFT supervision and enforcement, including sanctions compliance, for obliged entities like VASPs.
• National Revenue Agency (NRA): Responsible for the registration of VASPs.

Penalties for Violations (Bulgarian Law):

Violations of the ZMSIP (including sanctions breaches) and the Penal Code carry significant administrative and criminal penalties:

• Administrative Penalties (under ZMSIP):
  • Fines for natural persons: Can range from BGN 1,000 to BGN 10,000 (approx. EUR 500 to EUR 5,000).
  • Fines/Pecuniary Sanctions for legal persons and sole traders: Can range from BGN 2,000 to BGN 100,000 (approx. EUR 1,000 to EUR 50,000) or more, depending on the severity and recurrence of the violation. Repeated violations typically incur higher penalties.
• Criminal Penalties (under Penal Code):
  • Offenses like money laundering or financing of terrorism (which can include sanctions evasion) carry severe penalties, including imprisonment (e.g., up to 10 years or more for serious cases) and substantial fines for individuals, as well as forfeiture of assets.

5. Key Compliance Requirements for VASPs in Bulgaria

To ensure compliance with the various sanctions regimes, VASPs operating in Bulgaria must implement robust measures, including:

1. Risk-Based Approach: Develop and maintain a comprehensive risk assessment of their business, customers, products, services, and geographic exposure, specifically considering sanctions risks.
2. Customer Due Diligence (CDD): Implement strong KYC/KYB procedures to identify and verify the identity of customers and beneficial owners.
3. Sanctions Screening: Conduct real-time or near real-time screening of all customers, beneficial owners, counterparties, and transactions against:
   • EU Consolidated Sanctions List: Accessible via the EU Sanctions Map or specific Council Regulations.
   • UN Consolidated Sanctions List: Implemented via EU regulations.
   • OFAC SDN List and other relevant OFAC lists: For any U.S.-nexus activities.
4. Transaction Monitoring: Implement systems to monitor transactions for patterns or red flags indicative of sanctions evasion or illicit activity.
5. Freezing and Reporting: Immediately freeze any funds or economic resources (including crypto assets) belonging to or controlled by sanctioned entities or individuals, and report such freezes to DANS without delay.
6. Prohibition of Services: Refuse to provide services to or for the benefit of sanctioned persons, entities, or in prohibited jurisdictions.
7. Internal Controls & Training: Establish and maintain robust internal policies, procedures, and controls, including regular staff training on sanctions compliance.
8. Record Keeping: Maintain accurate and comprehensive records of all CDD measures, sanctions screening, transaction monitoring, and any suspicious activity reports.

Disclaimer: This information is for general guidance and informational purposes only, and does not constitute legal advice. VASPs and other entities in Bulgaria should consult with legal counsel specializing in AML/CFT and sanctions compliance to ensure full adherence to all applicable laws and regulations.