Georgia -- AML/CFT Compliance Regulatory Overview

**Law of Georgia on Facilitating the Suppression of Money Laundering and Terrorism Financing (Law N5183-IIs, adopted December 29, 2006, as amended):** This is the fundamental AML/CFT law in Georgia. It was significantly amended in **2023** to explicitly include Virtual Asset Service Providers (VASPs) as "obliged entities" (or "reporting entities"), bringing them under the scope of AML/CFT regulations.

**National Bank of Georgia (NBG) Resolution N111/04 of July 13, 2023, "On Approving the Rules for Regulation of Activities of Virtual Asset Service Providers":** This crucial resolution by the NBG provides detailed rules and guidelines for the licensing, supervision, and AML/CFT compliance of VASPs. It elaborates on the requirements stipulated in the main AML law.

**National Bank of Georgia (NBG) Ordinance N59/04 of April 2, 2024, "On the Approval of Rules for Reporting and Publication of Information by Virtual Asset Service Providers":** This ordinance further specifies reporting and publication requirements, including those relevant for AML/CFT oversight.

**Identification and Verification of the Customer:**

**For Individuals:** Obtaining and verifying details such as full name, date and place of birth, address, nationality, and identification document details (e.g., passport or ID card number, issuing authority, expiry date). Verification typically involves reliable, independent source documents or data.

**For Legal Entities:** Obtaining and verifying the legal entity's name, legal form, registration number, registered address, and the names of individuals authorized to act on behalf of the entity. Verification involves official corporate documents.

Identifying the natural person(s) who ultimately own or control the customer, and verifying their identity. This applies to both individual and legal entity customers. For legal entities, this typically means identifying individuals holding 25% or more of the shares or voting rights, or otherwise exercising control.

**Purpose and Intended Nature of the Business Relationship:**

Understanding the purpose and nature of the customer's activities and the intended business relationship with the VASP. This helps assess the risk profile.

Continuously monitoring the business relationship and transactions to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile, including the source of funds or wealth.

Applying EDD measures for higher-risk situations, such as relationships with Politically Exposed Persons (PEPs), customers from high-risk jurisdictions, or complex and unusual transactions. EDD may involve obtaining additional information on the source of funds/wealth, purpose of transactions, and senior management approval for the relationship.

VASPs may apply SDD in specified lower-risk scenarios, as permitted by the NBG.

**Identification of Suspicion:** VASPs must establish systems and controls to identify transactions or activities that are unusual or give rise to a suspicion of money laundering or terrorism financing.

**Reporting Obligation:** If a VASP knows, suspects, or has reasonable grounds to suspect that funds are the proceeds of a criminal activity, or are related to terrorism financing, it must promptly report this to the LEPL Financial Monitoring Service of Georgia.

**Content of Report:** The report must include all available information concerning the customer, the transaction(s), and the grounds for suspicion.

**No Tipping-Off:** VASPs and their employees are prohibited from disclosing to the customer or any third party that a STR has been, or will be, submitted.

**Duration:** Records must be kept for a period of **at least five years** following the termination of a business relationship or the date of an occasional transaction.

**CDD Information:** All documents and data obtained during the CDD process (identification documents, beneficial ownership information, risk assessments).

**Transaction Records:** Details of all transactions, including amounts, types of virtual assets, currencies involved, dates, times, and parties to the transaction. This should allow for the reconstruction of individual transactions.

**Correspondence:** Records of internal and external communication related to AML/CFT, including any STRs filed and the analysis supporting the decision to file or not file a report.

**Risk Assessments:** Documentation of institutional and customer-specific risk assessments.

**National Bank of Georgia (NBG):**

The NBG is the main supervisory authority for VASPs in Georgia. It is responsible for licensing, regulating, and overseeing the compliance of VASPs with the AML/CFT framework, including CDD and record-keeping requirements, as well as general prudential regulation.

**LEPL Financial Monitoring Service of Georgia (FMS):**

The FMS is Georgia's Financial Intelligence Unit (FIU). It is the central authority for receiving, analyzing, and disseminating suspicious transaction reports (STRs) and other financial intelligence to law enforcement agencies. VASPs report their STRs directly to the FMS.

*While a direct English URL for the specific amended law might be difficult to provide from an official government portal, the Law can be found in Georgian on legislations.gov.ge.*

**National Bank of Georgia Resolution No. 126/04 of December 29, 2022, "On Approval of the Rules for Regulation of Virtual Asset Service Providers" (NBG VASP Rules):** This is the core regulatory document that details the licensing, operational requirements, and AML/CFT obligations for VASPs, including the Travel Rule.

*This resolution is the practical implementation of the AML/CFT Law amendments regarding VASPs.*

*General NBG press releases on VASP regulation often cite this resolution:* NBG News & Press Releases (You may need to search for "virtual assets" or "VASP" within their news section).

The amendments to Georgia's AML/CFT Law bringing VASPs under its scope became effective earlier.

The **NBG VASP Rules (Resolution No. 126/04)**, which fully detail the Travel Rule obligations, became **effective on March 1, 2023**. From this date, VASPs operating in Georgia were required to be licensed by the NBG and adhere to all regulatory requirements, including the Travel Rule.

**All Transactions:** For *all* virtual asset transfers, regardless of amount, VASPs are required to collect and retain certain basic transaction information (e.g., transaction ID, amount, timestamp, wallet addresses).

**1,000 GEL (Georgian Lari) Threshold:** For virtual asset transfers exceeding the equivalent of **1,000 GEL**, VASPs are required to collect and transmit *full* originator and beneficiary information (as per FATF Recommendation 16). This applies to both domestic and cross-border transactions.

*Note: 1,000 GEL is approximately \$370-380 USD as of late 2023/early 2024, which is significantly lower than the FATF's suggested \$1,000/€1,000 threshold for inter-VASP information sharing, making Georgia's threshold more stringent.*

**Exchange** between virtual assets and fiat currencies.

**Exchange** between one or more forms of virtual assets.

**Safekeeping and/or administration** of virtual assets or instruments enabling control over virtual assets.

**Participation in and provision of financial services** related to an issuer's offer and/or sale of a virtual asset.

**Collect Required Information:** Obtain and hold accurate and meaningful originator and beneficiary information (name, address, account number/wallet address, etc.) for transactions above the 1,000 GEL threshold.

**Transmit Information:** Ensure that the required originator and beneficiary information is immediately and securely transmitted to the beneficiary VASP (or held available to the originator VASP for direct transfers not involving another VASP).

**Data Accuracy and Verification:** Take reasonable measures to verify the accuracy of the collected information.

**Data Retention:** Retain all collected information for at least **5 years** following the transaction, in accordance with AML/CFT data retention requirements.

**Risk-Based Approach:** Implement a risk-based approach to identify and mitigate money laundering and terrorist financing risks associated with virtual asset transfers.

**Interoperability:** Be able to share the required information with other VASPs, implying the need for solutions that facilitate such data exchange (e.g., using industry-standard Travel Rule protocols).

**Administrative Fines:** Substantial monetary penalties, which can be significant depending on the severity and recurrence of the violation.

**License Suspension:** Temporary suspension of the VASP's operating license.

**License Revocation:** Permanent revocation of the VASP's license, effectively forcing the entity to cease operations in Georgia.

**Other Supervisory Measures:** The NBG has broad powers to impose other corrective actions and supervisory measures to ensure compliance.

**Criminal Liability:** In cases of severe and intentional breaches related to money laundering or terrorist financing, individuals and management could face criminal charges under relevant provisions of the Georgian Criminal Code.