Georgia

**National Bank of Georgia (NBG)**: The central bank is the sole licensing and supervisory authority for VASPs in Georgia.

**Exchange between virtual assets and fiat currencies.**

**Exchange between one or more forms of virtual assets.**

**Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets (custody services).**

**Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.**

**Exchanges (Virtual Asset Exchange Providers):**

**Required License:** VASP Authorization from the NBG.

This falls directly under points 1 and 2 of the VASP definition.

**Custody Providers (Virtual Asset Custody Providers):**

This falls directly under point 4 of the VASP definition.

**Payment Processors (dealing with Virtual Assets):**

If a payment processor *only* handles fiat currency payments for the purchase of virtual assets (e.g., a traditional payment gateway facilitating fiat payments to an exchange), it might primarily fall under general payment service regulations, but the *connection* to virtual assets will still bring it under the NBG's scrutiny regarding AML/CFT for VASPs. However, if they directly facilitate VA transfers or exchanges as part of their payment service, a VASP license is required.

**Legal Entity:** The applicant must be a legal entity registered in Georgia.

Applicants must meet minimum share capital requirements. The specific amounts are typically defined in NBG resolutions.

As of recent implementations, the required share capital for a VASP is **1,000,000 GEL** (Georgian Lari).

In addition, VASPs must maintain sufficient **operational capital** to cover their operational risks and costs.

Applicants must establish and implement robust Anti-Money Laundering (AML) and Know Your Customer (KYC) policies and procedures in compliance with the **Law of Georgia on Facilitating the Suppression of Money Laundering and the Financing of Terrorism** and relevant NBG regulations.

Customer due diligence (CDD) and enhanced due diligence (EDD) procedures.

Reporting of suspicious transactions (STRs) to the Financial Monitoring Service of Georgia (FMS).

Risk assessment frameworks (business-wide and customer-specific).

Appointment of an AML/CFT officer.

A significant local presence is required, including:

A registered office in Georgia.

Local management (e.g., general director, compliance officer) that is "fit and proper" and resident in Georgia.

**Fit and Proper Requirements:** All management board members, supervisory board members, and significant shareholders must meet "fit and proper" criteria, including having relevant experience, no criminal record, and demonstrating good repute.

**Organizational Structure:** A clear and effective governance structure, internal control mechanisms, risk management systems, and audit functions must be in place.

Robust and secure IT systems, data protection measures, cybersecurity protocols, and business continuity plans (BCP) and disaster recovery plans (DRP) must be established to protect client assets and data.

Independent security audits may be required.

**Business Plan:** A detailed business plan outlining the intended services, target market, operational model, technological infrastructure, and financial projections.

**Internal Rules and Policies:** Comprehensive internal rules and procedures covering all operational aspects, including client onboarding, transaction execution, asset safeguarding, complaints handling, and compliance.

**Professional Indemnity Insurance:** The NBG may require specific insurance coverage.

**Pre-Application Consultation (Recommended):** Applicants may engage with the NBG to discuss their proposed business model and clarify regulatory requirements. While not always mandatory, it can streamline the process.

**Preparation of Application Documents:** This is the most extensive phase, involving the compilation of:

Financial projections (usually for 3-5 years).

AML/CFT policies and procedures manual.

Resumes and "fit and proper" declarations for key personnel and significant shareholders.

Evidence of IT and cybersecurity infrastructure.

Internal rules, risk management policies, and operational manuals.

Legal documents of the Georgian entity (charter, registration certificates).

Any other documentation as required by NBG resolutions.

**Submission of Application:** The complete application package is submitted to the NBG. An application fee is typically required.

**NBG Review and Due Diligence:**

The NBG reviews the application for completeness and compliance with all requirements.

They may request additional information, clarifications, or amendments to the submitted documents.

Interviews with key personnel may be conducted.

On-site inspections of proposed operational facilities may occur.

If satisfied, the NBG issues the VASP authorization.

If the application is rejected, the NBG provides reasons for the refusal.

**Post-Authorization Obligations:** Once authorized, VASPs are subject to ongoing supervisory obligations, including regular reporting to the NBG and the FMS, compliance with all relevant regulations, and potential on-site inspections.

**Law of Georgia on Virtual Assets (June 2023):**

This is the foundational law. It sets out the definition of VASPs, the requirement for authorization, NBG's supervisory powers, and general principles.

*Official Source (Georgian Parliament):* https://matsne.gov.ge/ka/document/view/5895028?publication=0

*Note:* An official English translation may be available via subscription legal databases or through the NBG website's English section once fully implemented and stable.

**National Bank of Georgia Resolution N133/04 on Approving the Rules for Licensing and Supervision of Virtual Asset Service Providers (November 29, 2023):**

This resolution provides the detailed rules for how the Law on Virtual Assets is implemented, including specific requirements for licensing, minimum capital, fit and proper tests, operational standards, reporting, and supervision.

*Official Source (NBG, likely on their resolutions page or Matsne):* https://matsne.gov.ge/ka/document/view/6064360?publication=0

*Note:* This resolution is critical for understanding the practical requirements.

**Law of Georgia on Facilitating the Suppression of Money Laundering and the Financing of Terrorism (AML/CFT Law):**

This law governs the general AML/CFT obligations for all obligated entities in Georgia, including VASPs.

*Note:* Specific NBG regulations for VASPs will build upon this general law.

**National Bank of Georgia Official Website:**

The NBG's official website is the primary source for updated information, press releases, and publications related to financial regulation. Look for sections on "Financial Sector Supervision" or "Virtual Assets."

**National Bank of Georgia (NBG):** This is the primary regulator responsible for the licensing, supervision, and regulation of Virtual Asset Service Providers (VASPs). The NBG issues secondary legislation (rules, decrees) to implement the VASP law.

*Official Website:* National Bank of Georgia

**Financial Monitoring Service of Georgia (FMS):** While the NBG licenses and supervises, the FMS is the financial intelligence unit responsible for receiving, analyzing, and disseminating suspicious transaction reports related to money laundering and terrorist financing, including those from VASPs.

*Official Website:* Financial Monitoring Service of Georgia

**Ministry of Finance:** Primarily responsible for tax policy regarding virtual assets.

**Law of Georgia on Virtual Asset Service Providers (VASP Law)**

**Effective Date:** March 1, 2024

Defines "virtual asset" and "virtual asset service provider" (VASP).

Mandates licensing and registration for all entities operating as VASPs (e.g., virtual asset exchanges, custodians, brokers).

Establishes comprehensive AML/CFT obligations for VASPs, including customer due diligence (CDD), record-keeping, suspicious transaction reporting (STR), and sanctions screening.

Grants the National Bank of Georgia the authority to issue licenses, conduct supervision, set capital requirements, and enforce compliance.

Includes provisions for consumer protection and market integrity.

*Reference (While an official English translation of the enacted law might not be readily available on a single NBG page, its passage and content are widely reported by NBG and legal firms):*

NBG Statement on Adoption of VASP Law (July 2023)

PwC Summary on Georgia's VASP Law (March 2024) (Provides a good overview of the law's content and effective date)

**Law of Georgia on Facilitating the Prevention of Illicit Income Legalization (Money Laundering) and Terrorism Financing (AML/CFT Law)**

**Date:** Most recent major revision in 2019 (No. 4930-IIს)

**Key Provisions:** This overarching law establishes the general AML/CFT framework in Georgia, to which VASPs are now explicitly subject under the VASP Law. It defines reporting entities, obligations for customer identification, record-keeping, and reporting of suspicious activities to the FMS.

*Reference (Official source for Georgian legislation - may require translation):* The Legislative Herald of Georgia (Mtsignobartukhutsesi)

**Licensing is Mandatory:** As of March 1, 2024, entities operating as Virtual Asset Service Providers (VASPs) in Georgia are **required to obtain a license from the National Bank of Georgia (NBG)**. This includes:

Exchanges facilitating the trade of virtual assets for fiat currency or other virtual assets.

Platforms offering virtual asset transfers.

Providers of other financial services related to virtual assets.

**Supervision and Compliance:** Licensed VASPs are subject to ongoing supervision by the NBG and must comply with stringent AML/CFT requirements, capital adequacy rules, and other prudential standards.

**Penalties for Non-Compliance:** Operating as a VASP without a license can lead to significant penalties, including fines and potential criminal charges.

**Individual Trading:** The VASP Law primarily targets service providers. Individual participation in virtual asset trading for personal use is not banned, but individuals engaging with unlicensed VASPs do so at their own risk. All transactions with licensed VASPs, however, will be subject to the VASP's AML/CFT procedures.

**Taxation:** The Ministry of Finance generally treats virtual assets as property for tax purposes, and capital gains from their sale are typically subject to income tax.

*Official Source (Georgian Parliament):* https://matsne.gov.ge/ka/document/view/154749?publication=8

**Law of Georgia on Facilitating the Suppression of Money Laundering and Terrorism Financing (Law N5183-IIs, adopted December 29, 2006, as amended):** This is the fundamental AML/CFT law in Georgia. It was significantly amended in **2023** to explicitly include Virtual Asset Service Providers (VASPs) as "obliged entities" (or "reporting entities"), bringing them under the scope of AML/CFT regulations.

**National Bank of Georgia (NBG) Resolution N111/04 of July 13, 2023, "On Approving the Rules for Regulation of Activities of Virtual Asset Service Providers":** This crucial resolution by the NBG provides detailed rules and guidelines for the licensing, supervision, and AML/CFT compliance of VASPs. It elaborates on the requirements stipulated in the main AML law.

**National Bank of Georgia (NBG) Ordinance N59/04 of April 2, 2024, "On the Approval of Rules for Reporting and Publication of Information by Virtual Asset Service Providers":** This ordinance further specifies reporting and publication requirements, including those relevant for AML/CFT oversight.

**Identification and Verification of the Customer:**

**For Individuals:** Obtaining and verifying details such as full name, date and place of birth, address, nationality, and identification document details (e.g., passport or ID card number, issuing authority, expiry date). Verification typically involves reliable, independent source documents or data.

**For Legal Entities:** Obtaining and verifying the legal entity's name, legal form, registration number, registered address, and the names of individuals authorized to act on behalf of the entity. Verification involves official corporate documents.

Identifying the natural person(s) who ultimately own or control the customer, and verifying their identity. This applies to both individual and legal entity customers. For legal entities, this typically means identifying individuals holding 25% or more of the shares or voting rights, or otherwise exercising control.

**Purpose and Intended Nature of the Business Relationship:**

Understanding the purpose and nature of the customer's activities and the intended business relationship with the VASP. This helps assess the risk profile.

Continuously monitoring the business relationship and transactions to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile, including the source of funds or wealth.

Applying EDD measures for higher-risk situations, such as relationships with Politically Exposed Persons (PEPs), customers from high-risk jurisdictions, or complex and unusual transactions. EDD may involve obtaining additional information on the source of funds/wealth, purpose of transactions, and senior management approval for the relationship.

VASPs may apply SDD in specified lower-risk scenarios, as permitted by the NBG.

**Identification of Suspicion:** VASPs must establish systems and controls to identify transactions or activities that are unusual or give rise to a suspicion of money laundering or terrorism financing.

**Reporting Obligation:** If a VASP knows, suspects, or has reasonable grounds to suspect that funds are the proceeds of a criminal activity, or are related to terrorism financing, it must promptly report this to the LEPL Financial Monitoring Service of Georgia.

**Content of Report:** The report must include all available information concerning the customer, the transaction(s), and the grounds for suspicion.

**No Tipping-Off:** VASPs and their employees are prohibited from disclosing to the customer or any third party that a STR has been, or will be, submitted.

**Duration:** Records must be kept for a period of **at least five years** following the termination of a business relationship or the date of an occasional transaction.

**CDD Information:** All documents and data obtained during the CDD process (identification documents, beneficial ownership information, risk assessments).

**Transaction Records:** Details of all transactions, including amounts, types of virtual assets, currencies involved, dates, times, and parties to the transaction. This should allow for the reconstruction of individual transactions.

**Correspondence:** Records of internal and external communication related to AML/CFT, including any STRs filed and the analysis supporting the decision to file or not file a report.

**Risk Assessments:** Documentation of institutional and customer-specific risk assessments.

**National Bank of Georgia (NBG):**

The NBG is the main supervisory authority for VASPs in Georgia. It is responsible for licensing, regulating, and overseeing the compliance of VASPs with the AML/CFT framework, including CDD and record-keeping requirements, as well as general prudential regulation.

**LEPL Financial Monitoring Service of Georgia (FMS):**

The FMS is Georgia's Financial Intelligence Unit (FIU). It is the central authority for receiving, analyzing, and disseminating suspicious transaction reports (STRs) and other financial intelligence to law enforcement agencies. VASPs report their STRs directly to the FMS.

*While a direct English URL for the specific amended law might be difficult to provide from an official government portal, the Law can be found in Georgian on legislations.gov.ge.*

**National Bank of Georgia Resolution No. 126/04 of December 29, 2022, "On Approval of the Rules for Regulation of Virtual Asset Service Providers" (NBG VASP Rules):** This is the core regulatory document that details the licensing, operational requirements, and AML/CFT obligations for VASPs, including the Travel Rule.

*This resolution is the practical implementation of the AML/CFT Law amendments regarding VASPs.*

*General NBG press releases on VASP regulation often cite this resolution:* NBG News & Press Releases (You may need to search for "virtual assets" or "VASP" within their news section).

The amendments to Georgia's AML/CFT Law bringing VASPs under its scope became effective earlier.

The **NBG VASP Rules (Resolution No. 126/04)**, which fully detail the Travel Rule obligations, became **effective on March 1, 2023**. From this date, VASPs operating in Georgia were required to be licensed by the NBG and adhere to all regulatory requirements, including the Travel Rule.

**All Transactions:** For *all* virtual asset transfers, regardless of amount, VASPs are required to collect and retain certain basic transaction information (e.g., transaction ID, amount, timestamp, wallet addresses).

**1,000 GEL (Georgian Lari) Threshold:** For virtual asset transfers exceeding the equivalent of **1,000 GEL**, VASPs are required to collect and transmit *full* originator and beneficiary information (as per FATF Recommendation 16). This applies to both domestic and cross-border transactions.

*Note: 1,000 GEL is approximately \$370-380 USD as of late 2023/early 2024, which is significantly lower than the FATF's suggested \$1,000/€1,000 threshold for inter-VASP information sharing, making Georgia's threshold more stringent.*

**Exchange** between virtual assets and fiat currencies.

**Exchange** between one or more forms of virtual assets.

**Safekeeping and/or administration** of virtual assets or instruments enabling control over virtual assets.

**Participation in and provision of financial services** related to an issuer's offer and/or sale of a virtual asset.

**Collect Required Information:** Obtain and hold accurate and meaningful originator and beneficiary information (name, address, account number/wallet address, etc.) for transactions above the 1,000 GEL threshold.

**Transmit Information:** Ensure that the required originator and beneficiary information is immediately and securely transmitted to the beneficiary VASP (or held available to the originator VASP for direct transfers not involving another VASP).

**Data Accuracy and Verification:** Take reasonable measures to verify the accuracy of the collected information.

**Data Retention:** Retain all collected information for at least **5 years** following the transaction, in accordance with AML/CFT data retention requirements.

**Risk-Based Approach:** Implement a risk-based approach to identify and mitigate money laundering and terrorist financing risks associated with virtual asset transfers.

**Interoperability:** Be able to share the required information with other VASPs, implying the need for solutions that facilitate such data exchange (e.g., using industry-standard Travel Rule protocols).

**Administrative Fines:** Substantial monetary penalties, which can be significant depending on the severity and recurrence of the violation.

**License Suspension:** Temporary suspension of the VASP's operating license.

**License Revocation:** Permanent revocation of the VASP's license, effectively forcing the entity to cease operations in Georgia.

**Other Supervisory Measures:** The NBG has broad powers to impose other corrective actions and supervisory measures to ensure compliance.

**Criminal Liability:** In cases of severe and intentional breaches related to money laundering or terrorist financing, individuals and management could face criminal charges under relevant provisions of the Georgian Criminal Code.

**Key Takeaway:** The GDBF views virtual currencies as "money" or "monetary value" for the purposes of the Money Transmission Act when they are used as a medium of exchange. Therefore, activities involving the transmission or holding of virtual currency on behalf of others may require a money transmitter license.

**No specific "custodial license" for digital assets.**

**Money Transmitter License (MTL):** If a business engages in the "transmission of money" or "receiving money or monetary value for transmission" on behalf of others, including virtual currency, it is likely required to obtain a Money Transmitter License from the GDBF.

The GDBF Advisory explicitly states: "Engaging in the business of selling, issuing, or otherwise transmitting virtual currency for value or receiving virtual currency for transmission requires a money transmitter license."

**Relevant Statute:** O.C.G.A. § 7-1-681(a)(11) defines "money transmission" broadly.

**Licensing Authority:** Georgia Department of Banking and Finance (GDBF)

**Application Process:** Managed through the Nationwide Multistate Licensing System & Registry (NMLS).

**No explicit *crypto-specific* asset segregation rules.**

**Implicit Requirements from MTL:** While not explicitly detailing crypto asset segregation, the Georgia Money Transmission Act does require licensees to maintain certain financial standards to ensure the protection of customer funds.

**Permissible Investments:** O.C.G.A. § 7-1-686 requires licensees to maintain "permissible investments" (such as cash, government securities, etc.) with an aggregate market value at least equal to the aggregate amount of all outstanding money transmission obligations in Georgia. This ensures liquidity to cover customer claims, even if not strict *asset-specific* segregation.

The GDBF, in its supervisory role, would expect sound internal controls and accounting practices to clearly distinguish customer assets from company assets, regardless of explicit crypto-specific rules.

**Surety Bond:** Holders of a Georgia Money Transmitter License are required to obtain a surety bond.

**Statutory Basis:** O.C.G.A. § 7-1-683 outlines the application requirements, which include securing a surety bond.

**Amount:** The minimum bond amount is typically **$250,000**, and it can be increased by the Commissioner based on the licensee's volume of money transmission activity, not to exceed **$2,000,000**.

The GDBF Advisory also references these bond requirements.

**No specific mandate for cold storage in Georgia's current laws or guidance.**

**Best Practices:** While not legally mandated by Georgia state law, cold storage is widely recognized as an industry best practice for securing digital assets and is often a component of robust cybersecurity frameworks adopted by compliant firms. Regulators generally expect licensees to implement appropriate security measures proportionate to the risks involved.

**No specific "qualified custodian" definition within Georgia state law for digital assets.**

**Federal Context:** The term "qualified custodian" is primarily defined at the federal level by the U.S. Securities and Exchange Commission (SEC) under the Custody Rule (Rule 206(4)-2 of the Investment Advisers Act of 1940). This rule applies to SEC-registered investment advisers and requires them to hold client funds and securities with a "qualified custodian."

While Georgia doesn't have its own definition for crypto, if a firm operating in Georgia is also an SEC-registered investment adviser and custodies digital assets that are considered "securities," then the federal "qualified custodian" requirements would apply to that firm.

A qualified custodian under federal law generally includes banks, savings associations, registered broker-dealers, and registered futures commission merchants. For digital assets, the application of this definition is complex and still evolving at the federal level.

As of my last update (early 2024), there is **no specific, comprehensive digital asset custody legislation actively moving through the Georgia General Assembly** that would create a distinct licensing framework or specific rules for digital asset custodians (like those seen in states such as Wyoming or New York).

Legislative activity often focuses on broader blockchain studies, pilot programs, or minor amendments to existing financial laws. However, the legislative landscape is dynamic, and it's always advisable to check the current session's legislative trackers (e.g., Georgia General Assembly website) for the latest information.

**Consult the Georgia Department of Banking and Finance's official website and advisories.**

**Seek legal counsel specializing in financial services and cryptocurrency regulation in Georgia** to ensure full compliance, as interpretations and legislative efforts can evolve.