Czech Republic

**Criminal investigations and prosecutions** for fraud, money laundering, and other criminal activities involving cryptocurrencies. These target individuals or criminal organizations rather than licensed businesses.

**AML/CFT fines by the FAÚ** for failures in compliance, which can apply to any "obliged entity," including crypto service providers. However, large, publicly detailed fines against prominent crypto platforms are not as common as in some other countries.

**Regulator/Enforcing Body:** Czech Police (National Centre against Organised Crime - NCOZ), Public Prosecutor's Office. International cooperation with U.S. Department of Justice, Europol, etc.

**Entity Targeted:** Alexander Vinnik (primary alleged operator of BTC-e/WEX), and associated individuals/entities involved in money laundering.

**Violation Type:** Operating an unlicensed money transmission business, money laundering (estimated billions of dollars), and wire fraud using Bitcoin.

**Asset Seizure:** Czech authorities seized cryptocurrencies and other assets during the investigation. US authorities sought forfeiture of approximately $100 million in assets.

**Convictions:** Alexander Vinnik was convicted in France in December 2020 (5 years imprisonment, €100,000 fine) for money laundering, and later extradited to the US in August 2022 to face charges.

Vinnik's arrest in Greece: July 2017.

Extradition to France: January 2020.

Conviction in France: December 2020.

Extradition to the US: August 2022.

*Czech police investigation and cooperation regarding seized assets continued throughout this period, including within the last 3 years.*

**Outcome:** Disruption of a major global cryptocurrency-based money laundering operation. Seizure of significant assets. Conviction and ongoing prosecution of key individuals.

**U.S. Department of Justice Press Release (Vinnik Extradition to US):** https://www.justice.gov/opa/pr/alleged-operator-btc-e-cryptocurrency-exchange-extradited-united-states-face-charges (Dated August 5, 2022)

**Radio Prague International (Czech Police involvement):** https://english.radio.cz/czech-police-took-part-arrest-btc-e-exchange-operator-8610058 (Dated July 28, 2017 - *Note: While older, it details the initial Czech involvement that led to later developments within the timeframe.*)

**Local Czech News reports (e.g., ČT24, Novinky.cz) would also cover Czech aspects of the case, though English sources provide clearer international context.**

**Regulator Name:** Financial Analytical Office (FAÚ) of the Ministry of Finance.

**Entity Targeted:** Various obliged entities, including (but not limited to) payment institutions, banks, and potentially smaller crypto service providers. Specific names and detailed violations for smaller crypto firms are not always publicly disclosed unless the fine is exceptionally large or the case is particularly egregious.

**Violation Type:** Failure to comply with anti-money laundering and counter-terrorist financing (AML/CFT) obligations (e.g., insufficient customer due diligence, inadequate risk assessment, failure to report suspicious transactions).

**Penalty Amount:** Varies significantly depending on the severity and scale of the violation. Fines can range from tens of thousands CZK to millions CZK. FAÚ annually publishes statistics on fines but not always specific details for each entity unless it's a high-profile case.

**Date:** Ongoing, as part of FAÚ's regular supervisory activities.

**Outcome:** Improved AML compliance among obliged entities, deterrence of future violations.

**FAÚ Annual Reports (Czech only, provides general statistics on fines):** https://www.financnianalytickyurad.cz/cinnost-uradu/rocenky-cinnosti.html

**Overview of AML/CFT in Czech Republic (often mentions FAÚ's role):** Searching for "AML Czech Republic cryptocurrency" will yield legal firm updates discussing FAÚ's supervision. (e.g., Kinstellar, Deloitte often publish these).

**Regulator Name:** Czech National Bank (ČNB).

**Entity Targeted:** Companies or platforms operating without the required licenses (e.g., for payment services, investment services) in the Czech Republic, or those promoting fraudulent schemes. These are often foreign entities without a Czech presence or clear regulatory status.

**Violation Type:** Offering financial services (which the ČNB deems to include certain crypto-related activities) without proper authorization/license, or promoting questionable investment schemes.

**Penalty Amount:** No direct financial penalty from the warning itself, but it can lead to further investigation by other authorities or legal action if unauthorized activity continues.

**Date:** Ongoing; ČNB regularly publishes such warnings. For example, in 2021-2023, there have been several warnings related to investment platforms, some of which feature crypto.

**Outcome:** Public awareness, potential cessation of unauthorized activities, groundwork for further regulatory or criminal action if ignored.

**ČNB Warnings List (in Czech, look for "Upozornění ČNB" or "Varování ČNB"):** https://www.cnb.cz/cs/cnb-jako-regulator/dohled-financniho-trhu/upozorneni-cnb/

*Example (general financial warning, but principle applies):* Search for specific entity names on this list, often related to forex/CFD scams that might involve crypto payment methods.

**Criminal activities:** Fraud, money laundering, tax evasion.

**AML compliance:** Ensuring obliged entities (including crypto service providers) adhere to KYC/AML reporting.

**Consumer protection:** Warning against scams or unauthorized services.

**Act No. 253/2008 Coll., on Certain Measures against Legalisation of Proceeds of Crime and Financing of Terrorism (Anti-Money Laundering Act)**

**Act No. 455/1991 Coll., on Trade Licensing (Trade Licensing Act)**

**Financial Analytical Office (FAÚ):** The primary supervisory body for AML/CTF compliance. Their website provides guidance and information (mostly in Czech).

**Act No. 370/2017 Coll., on Payment System (for Payment Institutions):**

**Czech National Bank (ČNB):** Supervisory body for payment institutions and financial services.

**Transferable securities:** Classes of securities which are negotiable on the capital market, with the exception of instruments of payment. This includes:

Shares in companies and other equivalent instruments

Bonds or other forms of securitised debt

Any other securities giving the right to acquire or dispose of any such transferable securities

**Units in collective investment undertakings**

**Options, futures, swaps, forward rate agreements, and any other derivative contracts** relating to securities, currencies, interest rates or yields, emission allowances, or other underlying assets, instruments, or indices.

**Asset-Referenced Tokens (ARTs):** Tokens that purport to maintain a stable value by referencing any other value or right or combination thereof, including one or more official currencies, one or more commodities, or one or more crypto-assets, or a combination of such assets.

**Electronic Money Tokens (EMTs):** Tokens that purport to maintain a stable value by referencing the value of one official currency.

**Other Crypto-assets:** Any crypto-asset that is not an ART or an EMT and does not qualify as a financial instrument. This typically covers pure utility tokens or general-purpose payment tokens like Bitcoin (unless used in a scheme that makes them an investment).

**Security Tokens (Equity-like):** Tokens that represent ownership stakes in a company or project, granting rights similar to shares (e.g., voting rights, dividend distribution, claim on assets upon liquidation).

**Security Tokens (Debt-like):** Tokens that represent a loan or debt instrument, offering entitlements to interest payments or repayment of principal (e.g., tokenised bonds, loan tokens).

**Derivative Tokens:** Tokens that function as options, futures, swaps, or other derivative contracts, deriving their value from an underlying asset, index, or rate.

**Tokens as units in collective investment undertakings:** Tokens representing units or shares in investment funds.

**True Utility Tokens:** Tokens that are solely designed to provide access to a specific product or service within a defined ecosystem, without any expectation of profit from the token's appreciation, and not transferable outside that ecosystem or not for investment purposes.

**Pure Payment Tokens (like Bitcoin/Ethereum):** If they are used primarily as a medium of exchange and not marketed or structured as an investment vehicle promising returns. However, even these could become part of a "security" if offered as part of a collective investment scheme.

**ARTs and EMTs (under MiCA):** While regulated by MiCA, they are *not* automatically considered MiFID II securities unless their specific structure also makes them qualify (e.g., an ART structured like a bond).

**Prospectus Requirement:** Issuing such tokens to the public generally requires the publication of an approved prospectus under the EU Prospectus Regulation (EU) 2017/1129, as transposed into Czech law by Act No. 256/2004 Coll., on Capital Market Undertakings, and Act No. 377/2015 Coll., on Capital Market Operations. The prospectus must be approved by the ČNB (or another EU competent authority).

**Exemptions:** Limited exemptions exist for small offers (e.g., less than €1 million over 12 months, or offers to qualified investors, or to fewer than 150 persons per Member State), but these are strict.

**Issuer Requirements:** Issuers may need to be authorized as an investment firm if they engage in certain MiFID II activities (e.g., placing the tokens).

**ARTs & EMTs:** Issuers of ARTs and EMTs will require authorization from the ČNB (or another EU competent authority) and must publish an approved white paper, adhere to strict prudential, governance, and operational requirements.

**Other Crypto-assets:** Issuers of "other crypto-assets" (i.e., non-security, non-ART/EMT tokens) will need to publish a crypto-asset white paper and comply with specific marketing rules, but generally won't require prior authorization unless they also provide crypto-asset services.

**Exemptions (MiCA):** MiCA also provides exemptions for certain small-scale offerings (e.g., offers of crypto-assets other than ARTs/EMTs to fewer than 150 persons, or for a total consideration of less than €1 million over 12 months).

**Regulated Markets:** Secondary trading of such tokens must occur on regulated markets (e.g., stock exchanges), multilateral trading facilities (MTFs), or organised trading facilities (OTFs), which are subject to stringent MiFID II rules regarding transparency, investor protection, market abuse, and reporting.

**Authorized Firms:** Trading activities must be conducted by authorized investment firms.

**Market Abuse:** The EU Market Abuse Regulation (MAR) applies, prohibiting insider dealing and market manipulation.

**CASPs (Crypto-Asset Service Providers):** MiCA will introduce a comprehensive framework for CASPs, including crypto-asset exchanges, which will require authorization from the ČNB (or another EU competent authority).

**Operational Rules:** Authorized CASPs will need to comply with organizational, prudential, and conduct of business rules, ensuring transparency, integrity, and investor protection in secondary trading. This includes rules on orderly execution of orders, preventing market abuse, and reporting.

**Prevention and Warnings:** The ČNB often issues warnings and methodological guidance to the public and market participants, clarifying its stance on crypto-assets and emphasizing that tokens resembling securities must comply with existing financial market rules.

**AML Focus:** Many enforcement actions related to crypto have focused on **Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF)** compliance, as all virtual asset service providers (exchanges, custodians, etc.) are required to register and comply with the AML Act. The ČNB actively supervises these entities.

**Broader Fraud/Consumer Protection:** Cases involving crypto scams or outright fraud are typically handled under general criminal law or consumer protection legislation rather than specific securities classification enforcement.

**EU-level Collaboration:** For larger, cross-border cases, enforcement might be coordinated at the EU level, or firms might face action from other EU national competent authorities.

**Markets in Financial Instruments Directive II (MiFID II):** Directive 2014/65/EU

**Prospectus Regulation:** Regulation (EU) 2017/1129

**Markets in Crypto-Assets (MiCA) Regulation:** Regulation (EU) 2023/1114

**Anti-Money Laundering Directives (e.g., 5th AMLD):** Directive (EU) 2018/843

**ESMA (European Securities and Markets Authority) Q&As on MiFID II and crypto-assets:**

Regularly updated, search for "ESMA Q&A on MiFID II and crypto-assets" on https://www.esma.europa.eu/

**Act No. 256/2004 Coll., on Capital Market Undertakings:** Transposes MiFID II and related directives into Czech law.

**Act No. 377/2015 Coll., on Capital Market Operations:** Governs prospectuses and public offers of securities.

**Act No. 253/2008 Coll., on Measures Against the Legalisation of Proceeds of Crime and Financing of Terrorism (AML Act):**

**Czech National Bank (ČNB) Official Website:** Look for press releases, statements, and methodologies related to crypto-assets and financial market supervision.

https://www.cnb.cz/en/ (English section available, but detailed guidance might be in Czech)

Focuses primarily on Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) obligations for virtual asset service providers (VASPs).

Virtual asset activities are generally permitted but are mostly regulated under general trade licensing laws, with specific AML/CFT requirements.

There is no bespoke financial services licensing regime *specifically* for most crypto-asset services beyond AML/CFT, except for certain activities that might already fall under existing financial regulations (e.g., securities tokens might be regulated under securities law).

MiCA will introduce a harmonized and comprehensive framework for the issuance and provision of services related to crypto-assets across the EU, including the Czech Republic.

This will shift the regulatory landscape significantly, requiring specific authorization for a wide range of crypto-asset services and imposing detailed operational, organizational, and prudential requirements.

**Role:** The central bank and primary financial market supervisor. While its direct regulatory role for *most* crypto activities is currently limited (mostly to AML supervision over entities it already regulates), it plays a crucial role in interpreting financial regulations, issuing warnings, and providing guidance. It will be the **primary competent authority** for MiCA implementation in the Czech Republic.

**Ministry of Industry and Trade (MIT)**

**Role:** Responsible for trade licensing. Currently, virtual asset service providers (like exchanges or wallet providers) need to obtain a trade license from the MIT for activities such as "operating a virtual asset exchange" or "operating a virtual asset wallet." This is a general business license, not a financial services license.

**Role:** The Czech Republic's Financial Intelligence Unit (FIU). It is responsible for combating money laundering and terrorist financing. It supervises all entities subject to AML obligations, including virtual asset service providers, ensuring they comply with reporting duties (e.g., suspicious transaction reports) and implement appropriate AML/CFT measures.

**Date:** Original Act from 2008, significantly amended over time, notably in **2020** to transpose the EU's 5th Anti-Money Laundering Directive (5AMLD) and to include virtual asset service providers within its scope.

**Purpose:** This is the cornerstone of AML/CFT compliance in the Czech Republic. It mandates that virtual asset service providers (VASPs) – defined as entities providing services related to the exchange of virtual currency for fiat currency or other virtual currency, or providing custodian wallet services – are obliged entities. They must perform customer due diligence (KYC), monitor transactions, report suspicious activities to the FAO, and implement internal AML/CFT policies.

**URL:** Official Czech legislation is published in the Collection of Laws (`Sbírka zákonů`) and may not have a stable English URL. However, its implementation of EU directives is well-documented.

**Date:** Original Act from 1991, with subsequent amendments. The relevant provisions for crypto-asset services were introduced as part of broader amendments.

**URL:** Similar to the AML Act, specific amendments for crypto are part of the broader legislative body in the Collection of Laws.

**Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets (MiCA)**

**Date:** Adopted on **31 May 2023**.

Rules concerning **asset-referenced tokens (ARTs) and e-money tokens (EMTs)** (stablecoins) will apply from **30 June 2024**.

Rules concerning **other crypto-assets and crypto-asset service providers (CASPs)** will apply from **30 December 2024**.

**Purpose:** MiCA provides a comprehensive regulatory framework for crypto-assets that are not already covered by existing financial services legislation. It covers:

Transparency and disclosure requirements for the issuance and admission to trading of crypto-assets.

Authorization and supervision of crypto-asset service providers (CASPs).

Operational, organizational, and governance requirements for CASPs.

Measures to prevent market manipulation and insider dealing.

**Impact on CZ:** MiCA is a regulation, meaning it will be directly applicable in the Czech Republic without the need for national transposition. However, the CNB will need to be formally designated as the competent authority and establish supervisory procedures.

**Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets (Revised Transfer of Funds Regulation - TFR)**

**Implementation Date:** Applies from **30 December 2024** (aligned with MiCA for CASPs).

**Purpose:** Implements the "travel rule" for crypto-asset transfers. It requires crypto-asset service providers to collect and make accessible information about the originators and beneficiaries of crypto-asset transfers, to prevent money laundering and terrorist financing.

**Impact on CZ:** Like MiCA, TFR is directly applicable.

**EU Anti-Money Laundering Directives (e.g., 5AMLD, 6AMLD)**

**Date:** 5AMLD adopted in 2018 (transposed into Czech law by 2020); 6AMLD adopted in 2020 (transposed by 2021).

**Purpose:** These directives expanded the scope of AML/CFT obligations to virtual asset service providers, which the Czech Republic has implemented through its national AML Act.

**Impact on CZ:** Already implemented. While new AML rules are being proposed at EU level (e.g., a new AML Regulation and 7th AMLD), the principles established by 5AMLD/6AMLD remain core.

Trading and holding crypto-assets by individuals for personal use is generally **legal and permitted**. There are no specific licenses required for individuals to buy, sell, or hold crypto-assets.

Profits from crypto-asset trading by individuals are subject to **income tax** under standard capital gains rules, similar to other forms of investment.

**For Businesses (Exchanges and VASPs):**

Operating a crypto exchange or providing custodian wallet services (and other virtual asset services) is **legal** but subject to regulatory requirements.

**Trade License:** As of now (pre-MiCA), entities must obtain a **trade license** from the Ministry of Industry and Trade for "operating a virtual asset exchange" or "operating a virtual asset wallet."

**AML/CFT Compliance:** All licensed VASPs are strictly subject to the Czech AML Act (implementing EU AMLD). This requires:

**Customer Due Diligence (KYC):** Verifying customer identities.

**Transaction Monitoring:** Monitoring transactions for suspicious patterns.

**Suspicious Activity Reporting (SAR):** Reporting suspicious transactions to the Financial Analytical Office (FAO).

**Risk Assessments:** Implementing internal AML/CFT risk assessment and management procedures.

**Forthcoming MiCA Impact:** From late 2024, entities operating crypto exchanges and providing other crypto-asset services will need to obtain a **specific authorization (license)** from the Czech National Bank (CNB) under MiCA, replacing the general trade license for these activities. They will also need to comply with comprehensive operational, organizational, and prudential rules set out in MiCA.

**Fifth Anti-Money Laundering Directive (EU 2018/843) (5AMLD):** This directive explicitly brought virtual asset service providers under the scope of AML/CFT regulations, requiring them to comply with customer due diligence, reporting, and record-keeping obligations.

**Sixth Anti-Money Laundering Directive (EU 2018/1673) (6AMLD):** Further strengthens the legal framework by harmonizing the definition of money laundering offenses and related penalties across EU member states.

**Act No. 253/2008 Coll., on Certain Measures Against Legalisation of Proceeds of Crime and Financing of Terrorism (the "AML Act"):** This is the primary national law transposing the EU AML directives. It was amended to include VASPs as obliged entities.

**Act No. 455/1991 Coll., the Trade Licensing Act:** This act was amended to create specific categories for virtual asset service providers, requiring them to obtain a trade license to operate legally. This licensing ensures that they are formally recognized and fall under the regulatory purview for AML purposes.

**Virtual Asset Exchange Services:** Providing services for the exchange between virtual assets and fiat currencies or between one or more forms of virtual assets.

**Custodial Wallet Services:** Providing services to safeguard private cryptographic keys on behalf of customers, to hold, store, and transfer virtual assets.

**Issuance of Virtual Assets:** Certain activities related to the issuance of new virtual assets (e.g., initial coin offerings, ICOs, or security token offerings, STOs, depending on their classification).

**Transfer of Virtual Assets:** Facilitating transfers of virtual assets.

**Natural Persons:** Full name, date and place of birth, permanent address, nationality.

**Legal Entities:** Company name, registered office address, identification number (IČO), and details of their statutory representatives.

**Beneficial Owner (BO):** For legal entities and trusts, VASPs must identify and verify the beneficial owner(s) – i.e., the natural person(s) who ultimately own or control the customer, or on whose behalf a transaction is being conducted. This typically involves identifying any natural person holding more than 25% of the shares or voting rights, or otherwise exercising control.

Information must be verified using reliable, independent sources (e.g., valid government-issued identification documents for individuals like passports or ID cards; official company registration documents for legal entities).

For non-face-to-face relationships, enhanced verification measures are required.

**Understanding the Purpose and Intended Nature of the Business Relationship:**

VASPs must gather information about why the customer wants to use their services and the expected type and volume of transactions.

VASPs must continuously monitor the business relationship and transactions to ensure they are consistent with their knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds.

Regular reviews of customer information and risk assessments must be conducted.

**Source of Funds/Wealth (When Applicable):**

For higher-risk customers or transactions, VASPs must take reasonable measures to establish the source of funds or source of wealth involved.

EDD is required for higher-risk situations, including:

Customers or beneficial owners who are Politically Exposed Persons (PEPs).

Customers from high-risk third countries (identified by the EU or FATF).

Complex or unusually large transactions.

Non-face-to-face business relationships (unless mitigated by other measures).

Relationships where the customer is a shell company or similar entity without clear economic purpose.

EDD measures include obtaining additional information, increased monitoring, and requiring senior management approval.

While possible in low-risk situations, SDD is rarely applicable to cryptocurrency activities due to the inherent anonymity and global reach associated with virtual assets. The default assumption for crypto is generally higher risk.

Funds or virtual assets are the proceeds of criminal activity.

Funds or virtual assets are linked to terrorist financing.

A transaction (even if not carried out) is suspicious.

**No Tipping-Off:** VASPs and their employees are prohibited from informing the customer or any third party that a report has been made or that a money laundering or terrorist financing investigation is underway.

**Reporting Thresholds:** While there are specific thresholds for cash transactions (e.g., above €15,000 for traditional financial institutions), the obligation to report *suspicious* transactions applies irrespective of the amount involved.

**CDD Records:** Copies of identification documents, verification data, and any information obtained during the CDD process.

**Transaction Records:** Details of all transactions, including amounts, dates, parties involved, and the nature of the transaction.

**Analysis and Decisions:** Records of the analysis performed for suspicious transactions, internal reports, and any decisions made regarding reporting or declining a transaction.

**Financial Analytical Unit (FAU) of the Ministry of Finance (Finanční analytický úřad (FAÚ) Ministerstva financí):** The FAU acts as the Czech Financial Intelligence Unit (FIU) and is responsible for receiving and analyzing suspicious transaction reports. It also supervises compliance with AML obligations for non-bank financial institutions and other obliged entities, including VASPs.

**Website:** https://www.fau.mfcr.cz/ (Czech only, use translation tool)

**Regulator:** The **Financial Analytical Office (Finanční analytický úřad - FAU)** is the primary AML/CTF supervisory authority.

**Requirement:** Entities providing services related to virtual assets, which includes the custody or administration of virtual assets, are considered "obliged entities" under Czech AML law. They must be registered with the FAU.

**Legal Basis:** **Act No. 253/2008 Coll., on Selected Measures Against Legitimisation of Proceeds of Crime and Financing of Terrorism (AML Act)**.

Specifically, Section 2(1)(l) defines providers of services relating to virtual assets as obliged entities. Section 4 provides for the registration obligation.

Establishment and implementation of internal AML/CTF policies and procedures.

Customer Due Diligence (CDD) measures.

Reporting suspicious transactions to the FAU.

Ensuring the fitness and probity of management.

**Act No. 253/2008 Coll. (AML Act):** While an official English translation by the government may not be readily available online, the Czech version can be found in the Collection of Laws (Sbírka zákonů). Reputable legal firms often provide summaries in English.

**Financial Analytical Office (FAU) website:** https://www.financnianalytickyurad.cz/ (Czech only, but provides official information for registration and compliance).

**Currently:** There is no specific Czech law *explicitly* mandating the segregation of client crypto assets for virtual asset service providers (VASPs) under the current AML framework. However, general commercial law principles concerning fiduciary duties and preventing the misuse of client funds would strongly suggest, as best practice, that client assets should be held separately from the firm's operational assets. Misappropriation could lead to criminal charges.

**Currently:** There are no specific Czech laws mandating insurance or bonding requirements for crypto custody providers.

**Currently:** Czech law does not define a "qualified custodian" specifically for crypto assets in the same way traditional financial regulations define custodians for securities or funds. The closest regulated entity is the "provider of services relating to virtual assets" registered with the FAU under the AML Act.

**Stablecoins (Asset-Referenced Tokens and E-money Tokens):** Rules applying to these assets and their service providers will apply from **30 June 2024**.

**Other Crypto-Assets and CASPs (including Custodians):** Rules for other crypto-assets and service providers will apply from **30 December 2024**.

CASPs, including custodians, will require a specific authorization (license) from a designated competent authority in an EU Member State. In the Czech Republic, the **Czech National Bank (Česká národní banka - CNB)** is expected to be the primary competent authority for MiCA licenses.

Establishment of robust governance arrangements, including internal control mechanisms, effective risk management, and systems to ensure data integrity and confidentiality.

Prudential requirements (sufficient own funds or professional indemnity insurance).

Suitability of management and shareholders.

Robust ICT and security arrangements.

**Segregation of Client Assets Rules:**

**Explicit Mandate:** MiCA **explicitly mandates** CASPs providing custody to segregate client crypto-assets from their own assets. They must record clients' crypto-assets in separate accounts or using other equivalent measures, ensuring clients' crypto-assets are clearly distinguishable from the CASP's own assets.

**Protection:** In the event of the CASP's insolvency, client crypto-assets must not be considered part of the CASP’s insolvency estate.

MiCA requires CASPs to hold either:

**Own funds** permanently at the disposal of the CASP that are at least the higher of:

EUR 50,000 to EUR 150,000 (depending on the services provided).

A quarter of the fixed overheads of the preceding year.

**A professional indemnity insurance policy** covering the territories in which the CASP offers services, for an amount equivalent to the required own funds.

MiCA doesn't explicitly mandate "cold storage" as a specific technology, but it requires CASPs to implement **robust security policies and procedures** to ensure the protection and integrity of clients' crypto-assets.

Procedures for the safekeeping of crypto-assets.

Safeguarding against unauthorized access to cryptographic keys.

Robust operational resilience, including backup and disaster recovery plans.

*Best practice interpretation:* Meeting these security requirements will almost certainly necessitate secure offline storage (cold storage) for a significant portion of client assets.

MiCA defines "custody and administration of crypto-assets on behalf of third parties" as a specific crypto-asset service requiring authorization. Any entity authorized to provide this service under MiCA would effectively function as a "qualified custodian" in the EU, subject to the comprehensive set of rules outlined above.

**Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets (MiCA):** https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1114

**Czech National Bank (ČNB) website:** https://www.cnb.cz/en/ (Expected to be the competent authority for MiCA licenses in the Czech Republic).

Require specific authorization for crypto custody providers.

Mandate clear segregation of client assets.

Introduce prudential requirements (own funds or insurance).

Demand robust security measures that will likely necessitate advanced storage solutions.

Effectively create a definition for a regulated "crypto custodian" within the EU.

**Adopted:** Yes, the FATF Travel Rule for crypto-assets has been formally adopted through **Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets**, often referred to as the new TFR or TFR 2.0 (part of the EU's MiCA and AML package). As an EU Regulation, it is directly applicable in all Member States, including the Czech Republic, without requiring separate national transposition into law, although national legislation will designate competent authorities and set out penalties.

**Effective Date:** The Regulation (EU) 2023/1113 was published in the Official Journal on 9 June 2023. It will apply from **30 December 2024**.

**For transfers between two Crypto-Asset Service Providers (CASPs/VASPs) or from a CASP to another hosted wallet:**

**No threshold (€0):** For *all* transfers of any amount, the originating CASP must obtain and transmit complete originator and beneficiary information to the beneficiary CASP. The beneficiary CASP must receive and hold this information.

**For transfers from a CASP to an unhosted wallet (or vice-versa):**

The CASP must collect and hold full originator (when sending) or beneficiary (when receiving) information from its customer, regardless of the amount.

If the value of the transaction is **€1,000 or more**, the CASP must take reasonable measures to verify that the unhosted wallet is owned or controlled by the originator or beneficiary. This can be done using various methods, including on-chain analysis or proof of control.

Exchanges between crypto-assets and fiat currencies.

Transfer of crypto-assets (on behalf of customers).

Custody and administration of crypto-assets on behalf of customers.

Execution of orders for crypto-assets on behalf of customers.

Reception and transmission of orders for crypto-assets.

**Interoperable Solutions:** CASPs must implement technical solutions that allow them to send and receive the required originator and beneficiary information securely and reliably with other CASPs globally.

**Data Accuracy and Verification:** CASPs must ensure the accuracy of the collected information and verify it based on reliable and independent sources.

**Data Retention:** Information must be retained for five years, in line with general AML requirements.

**Data Protection (GDPR):** All technical implementations must comply with the EU's General Data Protection Regulation (GDPR) regarding the collection, processing, and storage of personal data.

**No Prescribed Protocol:** The TFR does not mandate a specific technical protocol (e.g., TRISA, Sygna, Travel Rule Protocol), allowing the market to develop interoperable solutions. However, it requires that the information must be sent "immediately and securely."

**Administrative Fines:** Substantial monetary fines, which can reach millions of CZK (Czech Koruna) or a percentage of the annual turnover for serious or repeated breaches.

**Withdrawal or Suspension of License/Registration:** For severe or persistent non-compliance, the ČNB can revoke or suspend a CASP's license or registration.

**Public Sanctions:** The ČNB may publicly disclose information about non-compliant entities.

**Criminal Charges:** In cases involving deliberate and severe breaches or involvement in money laundering activities, individuals responsible within the CASP may face criminal prosecution.

**Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets:**

**Regulation (EU) 2023/1114 on markets in crypto-assets (MiCA):**

**Czech AML Act (Zákon č. 253/2008 Sb., o některých opatřeních proti legalizaci výnosů z trestné činnosti a financování terorismu):**

Currently, you would typically find the consolidated version on legal information portals. An official source for Czech legislation is "Zákony pro lidi" (Laws for People) or the e-Sbírka (e-Collection).

Example (unofficial but widely used consolidation, in Czech): https://www.zakonyprolidi.cz/cs/2008-253

**Czech National Bank (ČNB) - AML/CFT Supervision:**

ČNB website (English AML section): https://www.cnb.cz/en/financial-market-supervision/aml-cft/

**Designation of VASPs as Obliged Entities:** Under the EU Anti-Money Laundering Directives (currently 5AMLD, soon to be replaced by the EU AML Regulation and 6th AML Directive), VASPs are categorized as "obliged entities." This means they must comply with AML/CFT obligations, including sanctions compliance.

**Legal Reference:** Directive (EU) 2018/843 (5th AML Directive), amending Directive (EU) 2015/849.

**Specific Crypto-Related Sanctions (Russia/Ukraine):** Following Russia's invasion of Ukraine, the EU has imposed several rounds of sanctions that specifically target crypto-assets. These are particularly relevant for VASPs.

**Initial Restrictions:** Council Regulation (EU) 2022/334, amending Regulation (EU) No 833/2014, initially restricted the provision of crypto-asset wallet, account, or custody services to Russian persons and entities if the total value of crypto-assets exceeded EUR 10,000.

EUR-Lex - Council Regulation (EU) 2022/334

**Full Ban:** Subsequently, the EU expanded these measures, introducing a **full ban** on providing crypto-asset wallet, account, or custody services to Russian persons and entities, regardless of the amount. This prohibits all crypto-asset services for Russian nationals or natural persons residing in Russia, or legal persons, entities, or bodies established in Russia.

**Legal Reference:** Council Regulation (EU) 2022/1904 of 6 October 2022, amending Regulation (EU) No 833/2014 concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine.

EUR-Lex - Council Regulation (EU) 2022/1904

This effectively means VASPs in the Czech Republic cannot offer any crypto-related services to identified Russian individuals or entities.

**EU Consolidated Sanctions List:** VASPs must continuously screen their clients against the EU's consolidated list of persons, groups, and entities subject to financial sanctions. This list is updated regularly.

**Legal Reference:** EU Sanctions Map (provides access to all EU restrictive measures)

**Legal Reference:** UN Security Council Sanctions Committees

**U.S. Nexus:** If a VASP processes transactions in USD, uses U.S.-based technology or infrastructure, or has U.S. persons as clients or employees, it becomes subject to OFAC jurisdiction.

**Secondary Sanctions:** OFAC can impose secondary sanctions on non-U.S. persons for engaging in certain transactions with sanctioned entities, even if those transactions don't directly involve the U.S.

**SDN List:** VASPs should screen clients against OFAC's Specially Designated Nationals and Blocked Persons (SDN) List.

**Legal Reference:** U.S. Department of the Treasury – OFAC Sanctions Programs and Information

**Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD):** VASPs must conduct thorough CDD on all clients, including identifying beneficial owners. For higher-risk situations (e.g., clients from high-risk jurisdictions, politically exposed persons, or large/complex transactions), EDD is required. This includes screening against sanctions lists.

**Real-time Sanctions Screening:** VASPs must have systems and procedures in place to screen new and existing clients against relevant sanctions lists (EU, UN, and often OFAC) on an ongoing basis. This includes screening both individuals/entities and wallet addresses where possible.

**Asset Freezing:** If a VASP identifies a sanctioned individual or entity among its clients, or if a transaction involves a sanctioned party, it must immediately freeze the assets and report the incident to the Financial Analytical Office (FAÚ) of the Czech Republic.

**Reporting Obligations:** VASPs must report suspicious transactions or any findings of sanctioned individuals/entities to the FAÚ.

**Legal Reference:** Act No. 253/2008 Coll., on certain measures against the legalisation of proceeds of criminal activity and financing of terrorism (AML Act).

Government of the Czech Republic - FAÚ (English information about the FAÚ)

(Note: Finding an official, up-to-date English translation of the full Czech AML Act online can be challenging. The Czech version is the authoritative one. A common legal information portal for Czech laws is ZakonyProLidi.cz)

Zákon č. 253/2008 Sb. (Czech AML Act)

**EU-Wide Restrictions:** The primary geographic restrictions stem from EU sanctions programs. Currently, the most significant restrictions are on transactions involving:

**Russia:** As detailed above, a full ban on providing crypto-asset wallet, account, or custody services to Russian persons and entities.

**Belarus:** Similar, though often less stringent, restrictions apply to Belarus.

Other countries subject to EU embargos or specific sanctions (e.g., Iran, North Korea, Syria, Venezuela) will also have varying levels of financial restrictions, which implicitly or explicitly cover crypto-assets depending on the specific regulation.

**FATF High-Risk Jurisdictions:** While not direct "sanctions," the Financial Action Task Force (FATF) identifies jurisdictions with strategic deficiencies in their AML/CFT regimes. VASPs in the Czech Republic are required to apply Enhanced Due Diligence (EDD) to business relationships and transactions involving these countries.

**Legal Reference:** FATF Public Documents - High-Risk Jurisdictions

The Czech AML Act (Act No. 253/2008 Coll.) stipulates substantial fines for non-compliance with AML/CFT obligations, including sanctions screening and reporting. Fines can range from tens of thousands up to millions of CZK, depending on the severity and nature of the breach, and whether the offender is an individual or a legal entity.

The FAÚ is the supervisory authority that imposes these fines.

Individuals and legal entities can face criminal charges for serious offenses such as money laundering, financing of terrorism, or circumvention of sanctions.

**Legal Reference:** Act No. 40/2009 Coll., the Criminal Code (Trestní zákoník).

Sections relating to money laundering (e.g., § 216), financing of terrorism (e.g., § 311), and potentially obstruction of justice or other related offenses.

Zákon č. 40/2009 Sb. (Czech Criminal Code)

Penalties can include imprisonment for individuals and significant fines, forfeiture of assets, and dissolution for legal entities.

**Monitor EU, UN, and OFAC sanctions lists** continuously.

**Implement robust CDD/EDD processes** including sanctions screening for all clients and transactions.

**Adhere strictly to the full ban on providing crypto services to Russian persons/entities** as mandated by EU regulations.

**Report any hits or suspicious activities** to the Czech Financial Analytical Office (FAÚ).

**Maintain comprehensive records** of their compliance efforts.