Croatia -- Travel Rule Implementation Regulatory Overview

The implementation of the FATF Travel Rule in Croatia is governed primarily by European Union legislation, which is directly applicable to all member states, including Croatia.

Here's a breakdown of the status:

1. Whether Adopted & Effective Date

• Adopted: Yes, through Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets (commonly known as the revised Transfer of Funds Regulation - TFR). As an EU Regulation, it is directly applicable in Croatia and does not require separate national transposition legislation for its core provisions.
• Effective Date: The provisions of Regulation (EU) 2023/1113 concerning crypto-asset transfers will apply from 30 December 2024.

Reference:

• Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets, and amending Directive (EU) 2015/849 and repealing Regulation (EU) 2015/847
  • EUR-Lex Link: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1113

2. Threshold Amounts

The TFR (EU) 2023/1113 sets out different requirements based on the transfer scenario and amount:

• VASP-to-VASP or VASP-to-Self-Hosted Wallet Transfers:
  • For all transfers of crypto-assets, regardless of amount, Crypto-Asset Service Providers (CASPs, i.e., VASPs) must obtain and retain full originator and beneficiary information.
• Self-Hosted Wallet to VASP Transfers:
  • If a CASP receives crypto-assets from a self-hosted wallet, it must verify if the originator is its own customer. If not, the CASP must request and obtain the necessary originator information from its customer (the beneficiary).
• Self-Hosted Wallet to Self-Hosted Wallet Transfers:
  • These are generally outside the direct scope of the TFR for CASPs, unless a CASP facilitates such a transfer or acts as an intermediary.
• De Minimis Rule (for Self-Hosted Wallets):
  • When a CASP initiates a transfer to a self-hosted wallet, or receives from one, and the transfer value is below EUR 1,000, the CASP is only required to obtain and retain the name of the originator and beneficiary, provided that the CASP is able to identify whether the transfer originated from or was sent to another CASP. If it's not able to determine that, then full information is required even for transfers below EUR 1,000.
  • This EUR 1,000 threshold specifically refers to when information from the counterparty (self-hosted wallet) is challenging to obtain. For transfers between two CASPs, full information is always required.

3. Which VASPs are Covered

The TFR (EU) 2023/1113 covers Crypto-Asset Service Providers (CASPs) as defined by the Markets in Crypto-Assets Regulation (MiCA - Regulation (EU) 2023/1114). This broad definition includes entities providing services related to crypto-assets, such as:

• Operating a trading platform for crypto-assets
• Exchanging crypto-assets for fiat currency or other crypto-assets
• Custody and administration of crypto-assets on behalf of third parties
• Transfer services for crypto-assets
• Advising on crypto-assets

Reference:

• Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937
  • EUR-Lex Link: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1114

4. Technical Implementation Requirements

The TFR (EU) 2023/1113 requires CASPs to:

• Obtain and transmit: Required originator and beneficiary information immediately and securely alongside the crypto-asset transfer.
• Accuracy: Ensure the information is accurate and complete.
• Retention: Retain the information for a period of five years (extendable to ten years by national law).
• Secure Methods: Use secure, reliable, and non-tamperable methods for transmitting this information.
• Responding to Requests: Respond fully and without delay to inquiries from competent authorities regarding the information.

While the TFR mandates what information needs to be transmitted and when, it does not specify a single technical protocol (e.g., TRISA, Shyft, OpenVASP). It is up to CASPs to implement secure and compliant technical solutions, which are expected to align with industry best practices and emerging standards for Travel Rule compliance.

5. Penalties for Non-Compliance

The TFR (EU) 2023/1113 mandates that Member States lay down rules on penalties applicable to infringements of the Regulation. These penalties must be:

• Effective, proportionate, and dissuasive.

In Croatia, the primary legislation governing AML/CTF obligations and associated penalties is the Law on the Prevention of Money Laundering and Terrorist Financing (Zakon o sprječavanju pranja novca i financiranja terorizma).

• Supervisory Authorities: The Croatian Financial Services Supervisory Agency (HANFA) and the Financial Intelligence Unit (FIU) / Ured za sprječavanje pranja novca (USPN) are the primary competent authorities responsible for supervising CASPs and enforcing AML/CTF regulations, including those derived from the TFR.
• National Penalties: The Croatian AML Law (currently in effect for general AML obligations) outlines administrative fines for various AML/CTF infringements. These fines can be substantial for legal entities and responsible persons within those entities, potentially including temporary bans on activities. Specific penalties for Travel Rule non-compliance will be applied under the framework of this national law, once the TFR provisions become effective and Croatian authorities issue specific guidance or amendments (if needed) to specify how those penalties apply to CASP Travel Rule breaches.

Reference (Croatian Legislation - generally available in Croatian):

• Zakon o sprječavanju pranja novca i financiranja terorizma (Law on the Prevention of Money Laundering and Terrorist Financing) - Latest consolidated version would be found in Narodne Novine, the official gazette of the Republic of Croatia.
  • Example search result (may not be latest version but indicates the law): https://narodne-novine.nn.hr/clanci/sluzbeni/2017_03_46_1130.html (This is an older version, newer amendments exist).
• Croatian Financial Services Supervisory Agency (HANFA): https://www.hanfa.hr/
• Financial Intelligence Unit (Ured za sprječavanje pranja novca - USPN): https://uspn.mup.hr/

In summary: Croatia is fully committed to the FATF Travel Rule through its membership in the EU, with the specific crypto-asset provisions taking effect on December 30, 2024, under the directly applicable TFR (EU) 2023/1113. Croatian supervisory bodies (HANFA, FIU) will enforce these rules, and non-compliance will incur penalties under existing national AML/CTF frameworks.