Bulgaria -- Travel Rule Implementation Regulatory Overview

Bulgaria, as a member state of the European Union, implements the FATF Travel Rule primarily through the direct application of EU regulations and the transposition of EU directives into its national law.

Here's a breakdown of the status in Bulgaria:

1. Whether Adopted & Effective Date

• Adopted: Yes, the principles of the FATF Travel Rule for crypto assets are adopted in Bulgaria through the Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets, also known as the amended Transfer of Funds Regulation (TFR). This regulation is directly applicable in all EU member states, including Bulgaria, without the need for national transposition.
  • Prior to the TFR, Bulgaria already had a framework for Virtual Asset Service Providers (VASPs) under its national AML legislation.
• Effective Date: The amended TFR, which specifically extends the Travel Rule to crypto-asset transfers, will apply from 30 December 2024.
  • Bulgaria's national anti-money laundering legislation, the Measures Against Money Laundering Act (MAMLA), already subjects VASPs to AML/CFT obligations, including customer due diligence and suspicious transaction reporting.

2. Threshold Amounts

The thresholds specified in the amended EU TFR will apply in Bulgaria:

• Between VASPs (or CASPs as defined by MiCA): There is no de minimis threshold. All crypto-asset transfers, regardless of amount, must be accompanied by accurate and complete originator and beneficiary information when transferred between Crypto-Asset Service Providers (CASPs).
• For transfers to/from unhosted wallets (self-hosted wallets):
  • CASPs must collect originator and beneficiary information for all transfers.
  • For transfers exceeding €1,000, the CASP must verify that the unhosted wallet is owned or controlled by the originator or beneficiary.
  • Below €1,000 for unhosted wallets, verification is not strictly mandated unless there are indications of money laundering, terrorist financing, or other suspicious activity.

3. Which VASPs are Covered

The amended TFR, in conjunction with the Markets in Crypto-Assets Regulation (MiCA), uses the term "Crypto-Asset Service Providers" (CASPs). These include:

• Any natural or legal person whose occupation or business is to provide one or more crypto-asset services to third parties on a professional basis.
• Specifically, entities providing services related to the exchange of crypto-assets for fiat currency, the exchange of crypto-assets for other crypto-assets, the transfer of crypto-assets, and custody and administration of crypto-assets on behalf of clients.

Bulgaria's national Measures Against Money Laundering Act (MAMLA) already defines and covers:

• "Providers of services related to virtual currencies" (e.g., platforms for initial coin offerings, crypto-mining pools, providers of software for virtual wallets)
• "Providers of services related to exchange between virtual currencies and fiat currencies"

These national definitions are aligned with the broader EU framework for CASPs.

4. Technical Implementation Requirements

CASPs operating in Bulgaria (and the EU) will be required to:

• Collect and transmit information: Ensure that crypto-asset transfers are accompanied by the following information:
  • Originator: Name, crypto-asset account number, address (or national ID number/customer ID number), date and place of birth (for natural persons), legal entity registration number (for legal entities).
  • Beneficiary: Name, crypto-asset account number.
• Verify information: Take reasonable steps to verify the accuracy of the information, especially for transfers to/from unhosted wallets above the €1,000 threshold.
• Retain records: Keep records of the collected information for a period of five years.
• Detect missing information: Implement systems to detect if the required originator or beneficiary information is missing or incomplete for incoming or outgoing transfers.
• Implement risk-based procedures: Establish robust internal policies, controls, and procedures to mitigate money laundering and terrorist financing risks, including procedures for handling transfers with incomplete information or to/from unhosted wallets.
• Data Protection: All data processing must comply with the GDPR (General Data Protection Regulation).

Technical solutions for sharing this data between CASPs (e.g., TRISA, Sygna, Travel Rule Protocol) are being developed and will be critical for compliance.

5. Penalties for Non-Compliance

Penalties for non-compliance with AML/CFT obligations in Bulgaria, including those related to the Travel Rule, are outlined in the Measures Against Money Laundering Act (MAMLA) and enforced by the Financial Intelligence Agency (FIA) and other supervisory bodies. These can be substantial and include:

• Administrative fines:
  • For legal entities, fines can range significantly, potentially up to BGN 1,000,000 (approx. €511,000) or more, depending on the severity of the breach, the type of entity, and whether it's a repeated offense. In some cases, fines can be a percentage of the annual turnover.
  • For responsible individuals within the entity, fines are also imposed, typically lower than for legal entities but still significant.
• Sanctions by supervisory bodies:
  • Withdrawal or suspension of licenses/registrations.
  • Orders to cease operations or specific activities.
  • Public reprimands.
• Criminal liability: In cases of severe and intentional breaches leading to actual money laundering or terrorist financing, individuals and entities could face criminal charges under the Bulgarian Criminal Code, which can result in imprisonment and much higher fines.

Referenced Legislation and Guidance:

1. Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets (Amended Transfer of Funds Regulation - TFR):
   • URL: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023R1113
2. Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets (MiCA): (Provides definitions for CASPs)
   • URL: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023R1114
3. Measures Against Money Laundering Act (MAMLA) / Закон за мерките срещу изпирането на пари: (Bulgarian National Law)
   • An official English version from a government site is not consistently maintained or easily available for all amendments. The authoritative text is in Bulgarian. You can find the consolidated Bulgarian text on legal databases like Lex.bg (unofficial but widely used in Bulgaria):
   • URL (Bulgarian): https://www.lex.bg/laws/ldoc/2136932464
   • For official information and supervision, refer to the Bulgarian Financial Intelligence Agency (FIA) website:
   • URL: https://fian.bg/
4. FATF Recommendations: (General context for the Travel Rule)
   • URL: https://www.fatf-gafi.org/recommendations.html

In summary, Bulgaria's implementation of the FATF Travel Rule is robust, primarily driven by the directly applicable EU Transfer of Funds Regulation (effective December 2024), complementing its existing national AML framework for virtual asset service providers.