Croatia -- Sanctions Compliance Regulatory Overview

Croatia, as a Member State of the European Union (EU), is subject to the comprehensive sanctions regimes implemented by the EU. These EU sanctions are directly applicable in Croatian law, meaning they do not require specific national implementing legislation for their core provisions to take effect. Additionally, Croatian entities, especially Virtual Asset Service Providers (VASPs), must consider UN and potentially US (OFAC) sanctions due to their broad reach and the global nature of crypto.

Here's a breakdown of the cryptocurrency sanctions and restrictions applicable in Croatia:

1. Overarching Sanctions Frameworks and Compliance Requirements for VASPs

a. EU Sanctions Compliance

The EU implements two main types of sanctions: those mandated by UN Security Council Resolutions and autonomous EU sanctions. All EU sanctions are legally binding on all persons and entities within the EU, including VASPs operating in Croatia.

• Direct Applicability: EU regulations imposing sanctions are directly applicable in all Member States, including Croatia, without the need for national transposition.
• Legal Basis:
  • Treaty on European Union (TEU), Article 29: Provides the legal basis for the EU to adopt decisions on restrictive measures.
  • Treaty on the Functioning of the European Union (TFEU), Article 215: Provides the legal basis for the EU to adopt regulations to implement restrictive measures.
• Key Regulations:
  • Council Regulation (EC) No 2580/2001: On specific restrictive measures directed against certain persons and entities with a view to combating terrorism.
    • EUR-Lex: Council Regulation (EC) No 2580/2001
  • Council Regulation (EC) No 881/2002: Imposing specific restrictive measures directed against certain persons and entities associated with the ISIL (Da'esh) and Al-Qaeda organisations.
    • EUR-Lex: Council Regulation (EC) No 881/2002
  • Country-Specific Regulations: Numerous regulations impose sanctions on specific countries (e.g., Russia, Belarus, Syria, Iran, North Korea), including asset freezes, travel bans, and restrictions on trade and services. These are updated frequently.
    • The EU publishes a Consolidated List of Persons, Groups and Entities Subject to EU Financial Sanctions, which VASPs must screen against.
    • EU Sanctions Map (Official Tool for EU Sanctions Information)

b. UN Sanctions Compliance

UN sanctions are implemented in the EU through Council Regulations, making them directly applicable in Croatia.

• UN Security Council Resolutions: Mandate Member States to impose sanctions to address threats to international peace and security.
• Implementation: The EU transposes these resolutions into EU law, ensuring their uniform application across all Member States.
• United Nations Security Council Sanctions Committees

c. OFAC (U.S.) Sanctions Compliance

While Croatia is an EU member, entities with a global presence, US nexus (e.g., US customers, US dollar transactions, use of US-based blockchain analytics tools), or those dealing with US persons or technology, must also comply with sanctions imposed by the U.S. Office of Foreign Assets Control (OFAC).

• Extraterritorial Reach: OFAC sanctions can have extraterritorial implications, potentially impacting non-US persons who cause a violation or engage in transactions prohibited by OFAC.
• SDN List: VASPs should screen against OFAC's Specially Designated Nationals and Blocked Persons (SDN) List.
• Crypto-Specific Sanctions: OFAC has actively sanctioned crypto mixers, exchanges, and individuals involved in illicit finance using crypto, notably including entities like Tornado Cash and Garantex, and specific wallet addresses.
• U.S. Department of the Treasury – OFAC

2. Cryptocurrency-Specific Sanctions and Restrictions

The EU has specifically included crypto assets and related services within its sanctions framework, particularly in response to Russia's aggression against Ukraine.

• Russia Sanctions:
  • Council Regulation (EU) No 833/2014: Concerning restrictive measures in view of Russia's actions destabilising the situation in Ukraine, as amended multiple times.
    • Specifically, Article 5b was introduced by Council Regulation (EU) 2022/1904 (8th sanctions package) and subsequently reinforced. It initially prohibited providing crypto-asset wallet, account, or custody services to Russian persons/entities if the total value of crypto assets exceeded a certain threshold (initially EUR 10,000, later EUR 0).
    • Council Regulation (EU) 2022/2474 (9th sanctions package) removed the threshold, meaning a full prohibition on providing crypto-asset wallet, account, or custody services to Russian nationals, natural persons residing in Russia, or legal persons established in Russia.
    • This prohibition extends to any service that allows for the safe storage or control over crypto assets.
  • EUR-Lex: Council Regulation (EU) No 833/2014 (consolidated version) (check latest consolidated version for amendments).
  • EUR-Lex: Council Regulation (EU) 2022/1904 (8th package)
  • EUR-Lex: Council Regulation (EU) 2022/2474 (9th package)

3. VASP Compliance Requirements in Croatia

VASPs in Croatia are "obliged entities" under anti-money laundering and counter-terrorist financing (AML/CFT) laws, which inherently include sanctions compliance.

a. Croatian AML/CFT Law

Croatia has transposed the EU's AML Directives (4AMLD and 5AMLD) into national law, specifically the Zakon o sprječavanju pranja novca i financiranja terorizma (Anti-Money Laundering and Terrorist Financing Act).

• Legal Reference: Zakon o sprječavanju pranja novca i financiranja terorizma (NN 108/17, 39/19, 151/22).
  • Narodne Novine (Official Gazette of the Republic of Croatia) (Check for latest consolidated version, e.g., on official legal databases).
• Obligations for VASPs: The Act designates providers of services related to virtual currencies as obliged entities. They must:
  • Conduct Customer Due Diligence (CDD): Identify and verify customers and beneficial owners (UBOs).
  • Ongoing Monitoring: Monitor transactions and business relationships for suspicious activity.
  • Sanctions Screening: Implement robust systems to screen customers, beneficial owners, and transactions against all relevant sanctions lists (EU, UN, and potentially OFAC). This is a critical component of CDD and ongoing monitoring.
  • Reporting: Report suspicious transactions or activities to the Croatian Financial Intelligence Office (Ured za sprječavanje pranja novca).
  • Risk Assessment: Conduct institutional and customer risk assessments, including sanctions risk.

b. MiCA Regulation (Markets in Crypto-Assets)

While not directly a sanctions regulation, the MiCA Regulation (Regulation (EU) 2023/1114) will establish a harmonized regulatory framework for crypto-asset services in the EU, including licensing requirements for VASPs. It will further reinforce AML/CFT obligations, thereby strengthening sanctions compliance requirements for licensed VASPs.

• Legal Reference: Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets.
  • EUR-Lex: MiCA Regulation (EU) 2023/1114
• Applicability: Full applicability begins in stages, with Title II (regarding asset-referenced tokens and e-money tokens) applicable from 30 June 2024, and Title III (regarding other crypto-assets) and IV (regarding crypto-asset service providers) applicable from 30 December 2024.

4. Sanctioned Entity Screening Obligations

VASPs in Croatia have a legal obligation to screen all customers (both at onboarding and on an ongoing basis), beneficial owners, and transaction counterparties against relevant sanctions lists.

• EU Consolidated List: Mandatory screening against the EU's consolidated list, which includes individuals and entities designated under various EU sanctions regimes.
  • EU Sanctions Map / Consolidated List (This tool includes links to the consolidated lists for various regimes).
• UN Sanctions Lists: Screening against lists published by UN Security Council Sanctions Committees (e.g., Al-Qaeda Sanctions List, ISIL (Da'esh) and Al-Qaeda Sanctions List, Taliban Sanctions List).
• OFAC SDN List: Highly recommended for VASPs with any US nexus or global operations.
  • OFAC SDN List

Screening must be continuous and robust, utilizing reliable data sources and technology to identify potential matches and red flags.

5. Geographic Restrictions

Geographic restrictions are a direct consequence of EU, UN, and OFAC sanctions. For crypto, these are particularly stringent regarding Russia:

• EU Sanctioned Countries: VASPs in Croatia are prohibited from engaging in transactions or providing services (including crypto services) to, from, or for the benefit of individuals or entities in countries or regions under comprehensive EU sanctions (e.g., specific regions of Ukraine, Syria, North Korea, Iran, Russia as specifically outlined for crypto).
• Russia-Specific Crypto Ban: As detailed above, a full prohibition on providing crypto-asset wallet, account, or custody services to Russian nationals, natural persons residing in Russia, or legal persons established in Russia.
• OFAC Restricted Jurisdictions: OFAC also maintains various sanctions programs targeting specific countries (e.g., Cuba, Iran, North Korea, Syria, Venezuela) and regions, which would prohibit transactions involving those jurisdictions.

6. Penalties for Violations

Violations of sanctions in Croatia can lead to severe administrative and criminal penalties, as well as significant reputational damage.

• Administrative Penalties (Zakon o sprječavanju pranja novca i financiranja terorizma):
  • The Croatian AML Act provides for substantial fines for legal persons (VASPs) and responsible persons within those entities for non-compliance with AML/CFT obligations, including sanctions screening and reporting. Fines can range from tens of thousands to millions of Croatian Kuna (or Euros once Croatia adopts the Euro fully).
  • Specific penalties are detailed in the Act (e.g., Articles 110-113 of the 2017 version, subsequent amendments may renumber or modify).
• Criminal Penalties:
  • Serious breaches, particularly those involving financing terrorism or money laundering, can lead to criminal prosecution under the Croatian Criminal Code (Kazneni zakon), resulting in imprisonment for individuals and significant fines or forced dissolution for legal entities.
• Other Consequences:
  • Revocation of License: VASPs could lose their operating license.
  • Reputational Damage: Loss of trust from customers and financial partners.
  • De-risking: Banks and other financial institutions may cease providing services to non-compliant VASPs.
  • Secondary Sanctions (OFAC): For violations of OFAC sanctions, even non-US entities can face penalties, be added to the SDN list, or lose access to the US financial system.

7. Country-Specific Sanctions Lists for Crypto

Croatia, as an EU member, implements the EU's sanctions regime. Croatia does not maintain its own separate, independent "country-specific sanctions list" specifically for crypto that differs from or adds to the EU lists.

• Implementation of EU Lists: Croatian authorities, primarily the Ministry of Foreign and European Affairs (MVEP) and the Ministry of Finance (including the Financial Intelligence Office), are responsible for implementing and enforcing the EU's restrictive measures. They monitor compliance with the EU consolidated lists.
• Guidance from National Authorities: While no separate list exists, Croatian regulators (like HANFA for VASPs, and the Financial Intelligence Office) may issue specific guidance or directives on applying EU sanctions within the Croatian context.
  • Croatian Ministry of Foreign and European Affairs (MVEP) - International Restrictive Measures (The MVEP portal often provides links and information on the EU's restrictive measures).
  • Croatian Financial Services Supervisory Agency (HANFA) - Regulator for financial services, including virtual asset service providers under MiCA.

Disclaimer: This information is for general guidance and informational purposes only and does not constitute legal advice. Given the dynamic nature of sanctions and cryptocurrency regulations, it is essential for VASPs operating in Croatia to consult with legal professionals specializing in EU and Croatian law to ensure full compliance with all applicable requirements.