Croatia -- Custody Regulations Regulatory Overview

Croatia, as a member state of the European Union, currently operates under a regulatory framework that integrates both national legislation (primarily for Anti-Money Laundering/Counter-Terrorist Financing - AML/CTF) and significant upcoming EU-level regulations, most notably the Markets in Crypto-Assets Regulation (MiCA).

It's crucial to understand the distinction between the current AML-focused regime and the comprehensive regulatory framework that MiCA will introduce.

Current Regulatory Landscape (Pre-MiCA - Primarily AML/CTF Focused)

Currently, specific, detailed regulations solely dedicated to crypto-asset custody in Croatia are limited. The primary regulatory framework affecting entities providing crypto custody services stems from AML/CTF legislation, which designates such service providers as Virtual Asset Service Providers (VASPs).

1. Custodial License Requirements (Current):

   • There is no specific "custody license" in Croatia dedicated solely to crypto assets.

   • However, entities providing services related to virtual assets, including the safeguarding/custody of virtual assets, are considered VASPs.

   • VASPs are required to register with the Ministry of Finance – Financial Intelligence Office (Ured za sprječavanje pranja novca) as part of their AML/CTF obligations.

   • This registration requires compliance with the Croatian Anti-Money Laundering and Terrorist Financing Act (Zakon o sprječavanju pranja novca i financiranja terorizma), which transposes EU AML Directives (specifically AMLD5).

   • Compliance entails:

     • Implementing robust KYC/CDD (Know Your Customer/Customer Due Diligence) procedures.
     • Transaction monitoring.
     • Reporting suspicious activities to the Financial Intelligence Office.
     • Appointing an AML Officer.
     • Establishing internal AML policies and procedures.

   • Regulatory Reference:

     • Zakon o sprječavanju pranja novca i financiranja terorizma (Anti-Money Laundering and Terrorist Financing Act):
       • Latest consolidated version (in Croatian): Narodne Novine No. 108/17, 39/19, 151/22.
       • You can typically find the official text on the website of the Official Gazette (Narodne Novine): https://narodne-novine.nn.hr/ (search for the specific law number).
     • Ministry of Finance – Financial Intelligence Office (Ured za sprječavanje pranja novca):
       • Website: https://www.mfin.gov.hr/ (navigate to the Financial Intelligence Office section).

2. Segregation of Client Assets Rules (Current):

   • Explicit national rules for the segregation of client crypto assets from the firm's own assets are not specifically detailed within the current AML/CTF framework.
   • However, general principles of sound financial management, consumer protection, and impending EU regulations (MiCA) would strongly advocate for such segregation as a best practice.

3. Insurance/Bonding Requirements (Current):

   • There are no specific national insurance or bonding requirements explicitly mandated for crypto custody providers under the current AML/CTF framework.

4. Cold Storage Mandates (Current):

   • There are no explicit national mandates for cold storage of crypto assets. Operational security measures, including the use of cold storage, are generally considered best practices for secure custody but are not yet regulatory requirements.

5. Qualified Custodian Definitions (Current):

   • There is no specific definition of a "qualified custodian" for crypto assets within current Croatian national law. The concept of "qualified" custodian is more comprehensively introduced with the advent of MiCA.

Pending/Upcoming Regulatory Landscape (MiCA - Markets in Crypto-Assets Regulation)

The most significant development for crypto custody in Croatia (and the entire EU) is the Markets in Crypto-Assets Regulation (MiCA). MiCA provides a comprehensive legal framework for crypto-assets and crypto-asset service providers (CASPs), including those offering "custody and administration of crypto-assets on behalf of clients."

MiCA entered into force on June 29, 2023. Rules for CASPs (including custodians) will become fully applicable from December 30, 2024. Croatian national legislation will need to align with MiCA's requirements.

1. Custodial License Requirements (Under MiCA):

   • Entities providing "custody and administration of crypto-assets on behalf of clients" will be categorized as Crypto-Asset Service Providers (CASPs).
   • Authorization: CASPs will require an authorization from their competent national authority (in Croatia, this is expected to be the Croatian Financial Services Supervisory Agency - HANFA, or another designated authority).
   • This authorization will be subject to strict requirements, including:
     • Robust organizational arrangements.
     • Sound governance arrangements.
     • Internal control mechanisms.
     • Operational resilience.
     • Prudential requirements (e.g., minimum capital).

2. Segregation of Client Assets Rules (Under MiCA):

   • Explicitly mandated: MiCA Article 68, titled "Safeguarding of clients' crypto-assets and funds," states that CASPs providing custody services shall:
     • "act honestly, fairly and professionally in accordance with the best interests of their clients."
     • "make adequate arrangements to safeguard the ownership rights of clients in crypto-assets and prevent the use of clients' crypto-assets for their own account."
     • "keep separate any crypto-assets held on behalf of clients from their own crypto-assets."
     • "keep records and accounts that enable them, at any time and without delay, to distinguish crypto-assets held on behalf of one client from those held on behalf of other clients, and from their own crypto-assets."

3. Insurance/Bonding Requirements (Under MiCA):

   • Mandated: MiCA Article 67, "Prudential requirements of crypto-asset service providers," requires CASPs to have:
     • A minimum amount of own funds (capital requirements).
     • Professional indemnity insurance or own funds, which shall be at least the higher of:
       • The amount of own funds required for that CASP.
       • One tenth of the fixed overheads of the preceding year.
     • This insurance is specifically for covering professional liability risks.

4. Cold Storage Mandates (Under MiCA):

   • MiCA does not explicitly mandate "cold storage" as the only permissible method. However, it strongly emphasizes operational resilience and safeguarding of client crypto-assets.
   • Article 68 requires CASPs to implement "robust safeguarding arrangements" for the crypto-assets and access keys, including appropriate IT systems and security protocols. This implies that secure storage solutions (like cold storage, multi-signature wallets, hardware security modules) would be necessary to meet these requirements.
   • It also requires CASPs to establish and maintain a policy on the recovery of crypto-assets in case of loss.

5. Qualified Custodian Definitions (Under MiCA):

   • While MiCA doesn't use the exact term "qualified custodian" in the US sense, the authorization process and ongoing supervision of CASPs providing custody services effectively establish them as "qualified" in the EU context.
   • Only authorized CASPs meeting the stringent requirements of MiCA will be permitted to offer these services.

6. Pending Custody Legislation:

   • MiCA is the primary pending legislation. Its direct applicability will largely supersede the current fragmented approach.

   • Croatia, like other EU member states, will need to adapt its national laws (e.g., the Law on the Croatian Financial Services Supervisory Agency, or specific implementing acts) to fully integrate MiCA's provisions and designate competent authorities (likely HANFA) for authorization and supervision.

   • Regulatory Reference:

     • Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets (MiCA):
       • Official Text (EUR-Lex): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1114
     • Croatian Financial Services Supervisory Agency (HANFA): Expected to be a key competent authority under MiCA for Croatia.
       • Website: https://www.hanfa.hr/

Summary:

Currently, crypto custody in Croatia is primarily regulated through the AML/CTF framework, requiring VASP registration with the Ministry of Finance. Specific, detailed rules for asset segregation, insurance, cold storage, or a definition of a "qualified custodian" are largely absent at the national level.

However, the Markets in Crypto-Assets Regulation (MiCA) will fundamentally transform this landscape from December 30, 2024. MiCA will introduce a comprehensive authorization regime for crypto-asset service providers (CASPs), including custodians, along with explicit mandates for client asset segregation, prudential requirements (including professional indemnity insurance), and robust operational safeguarding measures. Croatian authorities, particularly HANFA, will be responsible for implementing and supervising these new EU-wide rules.

It is highly recommended to consult with legal professionals specializing in Croatian and EU financial law for specific guidance on compliance.