Denmark -- Licensing Requirements Regulatory Overview

Denmark, as an EU member state, has implemented the relevant EU Anti-Money Laundering Directives (AMLD5 and soon AMLD6) concerning virtual assets. This means that firms providing services related to virtual assets are subject to AML/CTF (Anti-Money Laundering/Counter-Terrorist Financing) supervision.

1. Regulatory Authority

The primary regulatory body responsible for the supervision and registration of virtual asset service providers (VASPs) in Denmark is the Finanstilsynet (Danish Financial Supervisory Authority - FSA).

• Finanstilsynet Website: https://www.finanstilsynet.dk/

2. Registration vs. Licensing Regime

Currently, Denmark operates a registration regime for virtual asset service providers, primarily focused on AML/CTF compliance, rather than a full prudential licensing regime (like those for banks or traditional payment institutions). This means entities must register with the Finanstilsynet to demonstrate they meet AML obligations.

Key Point: This is an AML registration, not a full license that covers prudential requirements, capital adequacy beyond operational needs, or consumer protection in the same way as traditional financial services licenses. However, the upcoming EU MiCA Regulation (Markets in Crypto-Assets) will introduce a comprehensive licensing regime for crypto-asset service providers (CASPs) across the EU, which Denmark will adopt.

3. Required Registrations for Exchanges, Custody Providers, and Payment Processors

Under Danish law, specifically the Money Laundering Act (Hvidvaskloven), the following services related to virtual assets require registration with Finanstilsynet:

• Exchanges (Virtual Asset Service Providers - VASPs):
  • Definition: Firms that offer exchange services between virtual currencies and fiat currencies, or between one or more virtual currencies. This covers both fiat-to-crypto and crypto-to-crypto exchanges.
  • Requirement: Registration as a VASP with Finanstilsynet.
• Custody Providers (Virtual Asset Service Providers - VASPs):
  • Definition: Firms that provide custody and administration services of virtual currencies on behalf of clients (e.g., managing private keys, operating hosted wallets).
  • Requirement: Registration as a VASP with Finanstilsynet.
• Payment Processors (Nuance Required):
  • If the payment processor directly handles or facilitates transactions in virtual assets (e.g., sending/receiving virtual assets on behalf of third parties, operating virtual asset wallets for payment purposes): They will likely fall under the definition of a VASP and require registration with Finanstilsynet.
  • If the payment processor only processes fiat currency transactions for a crypto business (e.g., a traditional payment institution processing fiat deposits to a crypto exchange): They would be regulated under the Payment Services Act (implementing PSD2) or the Electronic Money Act, rather than as a VASP directly. The crypto business they serve would be the one requiring VASP registration.
  • Key takeaway: The VASP registration applies when the core service involves direct interaction with or management of virtual assets for others.

4. Key Requirements for VASP Registration

The requirements are primarily centered around AML/CTF compliance and organizational soundness:

• Legal Basis: The Danish Money Laundering Act (Hvidvaskloven) – specifically Section 2, subsection 1, no. 15, which defines the scope of virtual asset service providers.
• AML/KYC (Anti-Money Laundering / Know Your Customer): This is the core requirement. Applicants must demonstrate robust policies and procedures for:
  • Risk Assessment: Comprehensive assessment of money laundering and terrorist financing risks associated with their business model, products, customers, and geographical exposure.
  • Customer Due Diligence (CDD): Identifying and verifying the identity of customers and beneficial owners. This includes ongoing monitoring of business relationships.
  • Enhanced Due Diligence (EDD): For higher-risk customers, products, or transactions.
  • Reporting Suspicious Transactions (STRs): Procedures for detecting and reporting suspicious transactions to the State Prosecutor for Serious Economic and International Crime (SØIK).
  • Record Keeping: Maintaining records of customer data and transactions for at least five years.
  • Internal Controls & Training: Establishing appropriate internal controls, policies, procedures, and providing regular training to employees on AML/CTF obligations.
  • AML Officer: Appointment of a qualified AML officer responsible for overseeing compliance.
• Capital Requirements:
  • Currently, for a standalone VASP registration, there is no specific prescribed minimum capital requirement like for banks or payment institutions.
  • However, the company must demonstrate sufficient financial resources to operate its business responsibly and meet its AML/CTF obligations. Finanstilsynet will assess the company's business plan, financial projections, and operational setup to ensure financial soundness.
  • Note: If the entity also falls under other financial regulations (e.g., as a payment institution), separate capital requirements for those activities would apply.
• Local Presence:
  • The legal entity applying for registration must be established in Denmark (e.g., registered with the Danish Business Authority, CVR number).
  • Management and governance: Finanstilsynet expects the company's management (e.g., CEO, AML Officer) to be "fit and proper" and for the firm to have effective management based in Denmark to ensure proper oversight and supervision. The "mind and management" principle generally applies.
• Governance and Organization:
  • Clear organizational structure.
  • Fit and proper assessment for board members and key management personnel.
  • Robust internal control framework, including IT security and data protection measures.
  • A sound business plan demonstrating the viability and compliance of the proposed operations.

5. Application Process

The application process typically involves:

1. Preparation: Gathering all necessary documentation, including:
   • Detailed business plan.
   • Ownership structure and beneficial owners.
   • Details of management and board members (CVs, declarations of "fit and proper" status).
   • Comprehensive AML/CTF policies, procedures, and risk assessments.
   • IT security framework and operational procedures.
   • Financial projections and evidence of sufficient resources.
   • Legal opinions if specific aspects of the business model require clarification regarding regulatory scope.
2. Submission: Submitting the complete application to Finanstilsynet.
3. Review and Dialogue: Finanstilsynet reviews the application, which may involve several rounds of communication, questions, and requests for supplementary information or clarifications.
4. Assessment: Finanstilsynet assesses the completeness and adequacy of the submitted documentation against the requirements of the Money Laundering Act. They will specifically scrutinize the AML/CTF framework.
5. Decision: Finanstilsynet issues a decision (approval or rejection) regarding the registration.
6. Timeline: The processing time can vary significantly depending on the complexity of the application and the quality of the submitted documentation, often ranging from several months to a year.

6. Specific Regulatory References & URLs

• Finanstilsynet's main page on virtual currencies (often includes guidance): You would typically search their website for "virtuelle valutaer" or "kryptovaluta". A specific direct link may change, but this search term will lead you to relevant pages.
  • Example of a relevant search result on their site: https://www.finanstilsynet.dk/Tilsyn/Indberetning/Hvidvask/Virksomheder_med_virtuelle_valutaer (This link provides an overview of their supervision of virtual currency firms and relevant forms/guidance).
• The Danish Money Laundering Act (Hvidvaskloven): The full legislative text is typically found on Retsinformation (Denmark's legal information database). Searching for "Hvidvaskloven" on Retsinformation will provide the latest consolidated version.
  • Retsinformation (search for "Hvidvaskloven"): https://www.retsinformation.dk/
• European Union AML Directives: While Danish law implements these, understanding the underlying EU directives provides context.
  • AMLD5 (Directive (EU) 2018/843): https://eur-lex.europa.eu/eli/dir/2018/843/oj
  • AMLD6 (Directive (EU) 2020/2848): https://eur-lex.europa.eu/eli/dir/2020/2848/oj

7. Future Outlook: MiCA Regulation

The EU's Markets in Crypto-Assets (MiCA) Regulation will significantly change the landscape for crypto-asset service providers across the EU, including Denmark. MiCA introduces a harmonized, comprehensive licensing regime for CASPs, covering prudential requirements, governance, investor protection, market abuse prevention, and operational requirements, going beyond just AML/CTF.

• MiCA will apply in phases:
  • Rules for stablecoins (Asset-Referenced Tokens and E-money Tokens) will apply from 30 June 2024.
  • Rules for other crypto-assets and CASPs will apply from 30 December 2024.
• Once MiCA is fully applicable, national VASP registration regimes (like Denmark's current one) will largely be superseded by the new EU-wide licensing framework. Firms currently registered may need to apply for MiCA licenses, potentially with transitional provisions.

It is crucial for any business considering operating in Denmark's virtual asset space to consult with legal and regulatory experts to navigate these requirements and stay updated on the evolving regulatory landscape, especially with the imminent arrival of MiCA.