Hungary

**VASP Registration:** Under the transposition of the EU's 5th and 6th Anti-Money Laundering Directives (AMLD5/AMLD6), custodial wallet providers are classified as Virtual Asset Service Providers (VASPs).

**Obligation:** VASPs, including those offering custodial services, are required to register with, or be licensed by, the Hungarian Financial Supervisory Authority (primarily the **Magyar Nemzeti Bank - MNB**, the Central Bank of Hungary, which oversees financial market supervision) for AML/CTF purposes.

**Purpose of Registration:** This registration primarily obliges the entity to comply with AML/CTF requirements, such as customer due diligence (KYC), transaction monitoring, and suspicious activity reporting, rather than specific operational custody rules.

**Act CXXXVI of 2013 on the prevention and combating of money laundering and terrorist financing (Pmtv.)** – This is Hungary's primary AML law, amended to include virtual asset service providers.

While a direct URL to the specific VASP section in English might be hard to find, the official text is available through Hungarian legal databases. The MNB provides guidance on financial market supervision.

**MNB (Magyar Nemzeti Bank) website:** https://www.mnb.hu/en (Look for publications related to financial market supervision, AML, and virtual assets).

There are **no specific, explicit statutory rules** under current Hungarian law specifically for the segregation of client crypto assets from the custodian's own assets.

However, general civil law principles, fiduciary duties, and good business practices would strongly suggest and often require such segregation to protect client interests in case of insolvency or operational issues.

**No specific, explicit statutory insurance/bonding requirements** for crypto custodians beyond general business insurance that any company would hold.

The emphasis is on AML compliance rather than prudential requirements for asset safeguarding.

**No specific, explicit mandates** for the use of cold storage (offline storage of private keys) under current Hungarian law.

However, industry best practices and general requirements for secure IT systems and risk management would naturally lead reputable custodians to employ cold storage or a hybrid approach.

**No formal legal definition** of a "qualified custodian" specifically for crypto assets under current Hungarian law.

The designation of a VASP for AML purposes doesn't equate to a "qualified custodian" in the sense of stringent operational and prudential requirements.

**Authorization as a CASP:** Under MiCA, any entity providing "custody and administration of crypto-assets on behalf of third parties" will be classified as a Crypto-Asset Service Provider (CASP) and will require **prior authorization** by a national competent authority (in Hungary, this will be the MNB).

**Scope:** This authorization is comprehensive and covers specific operational, organizational, and prudential requirements, going far beyond mere AML registration.

**Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (MiCA).**

**Explicit Mandate:** MiCA explicitly requires CASPs providing custody services to make adequate arrangements to safeguard the ownership rights of clients, particularly in the event of the CASP's insolvency.

Keep client crypto-assets and funds separate from their own crypto-assets and funds.

Maintain records and accounts that allow for the immediate segregation of client crypto-assets and funds from own assets and from those of other clients.

Return client crypto-assets and funds without undue delay upon their request.

**Regulatory Reference:** MiCA Regulation, **Article 67 ("Operating conditions for the custody and administration of crypto-assets on behalf of third parties").**

**Prudential Safeguards:** MiCA mandates specific prudential requirements for CASPs.

**Key Requirements (Article 67 & 60):**

CASPs offering custody services must have **professional indemnity insurance** covering specific risks (e.g., loss of private keys, operational errors, security breaches) or hold **sufficient own funds** to cover potential liabilities. The amount depends on the risks covered and is subject to detailed regulatory technical standards.

This is a significant change, introducing a financial safety net for clients.

**Indirect Mandates via Security & Operational Requirements:** While MiCA doesn't explicitly *mandate* "cold storage" by name, its stringent requirements for security and operational resilience effectively push custodians towards such solutions.

**Key Requirements (Article 67 & 59):**

CASPs must establish, implement, and maintain a sound **resilient technological infrastructure and security procedures** for the safekeeping of client crypto-assets.

They must establish a **policy for the safekeeping of crypto-assets**, including private keys, which includes clear procedures, access rights, and recovery measures.

Implement robust **internal control mechanisms** to ensure the integrity and security of client crypto-assets.

These requirements strongly imply the necessity of highly secure, often offline, solutions for managing private keys.

Under MiCA, an entity that successfully obtains authorization as a CASP to provide "custody and administration of crypto-assets on behalf of third parties" will effectively be the **"qualified custodian"** in the EU framework.

This authorization confirms compliance with the stringent requirements outlined in MiCA regarding capital, organization, operational resilience, and client asset protection.

The **MiCA Regulation** *is* the key piece of "pending" (now enacted but not fully applicable) legislation that will fully regulate crypto asset custody in Hungary and across the EU.

The MNB will be responsible for granting the necessary CASP authorizations and overseeing compliance with MiCA in Hungary.

**Exchanges (Virtual Asset Exchange Services):**

This includes providers that facilitate the exchange of virtual assets for fiat currency (e.g., EUR to BTC) or for other virtual assets (e.g., BTC to ETH).

They are categorized as "providers of services related to virtual currency."

**Custody Providers (Virtual Asset Custodian Wallet Providers):**

This refers to entities that provide services to safeguard private cryptographic keys on behalf of their customers, to hold, store, and transfer virtual assets.

They are categorized as "providers of virtual currency safekeeping services."

**Payment Processors (related to virtual assets):**

If a payment processor exclusively handles crypto-to-crypto transactions, it falls under the "exchanges" category above and requires VASP registration.

If a payment processor handles **fiat-to-crypto or crypto-to-fiat transactions** (e.g., receiving EUR for BTC, or sending EUR after a BTC sale), it likely triggers the need for **both**:

**VASP registration** for the virtual asset aspect.

Potentially, a separate **payment institution license** (or e-money institution license) from the MNB under the Hungarian transposition of PSD2 (Payment Services Directive 2) for handling fiat currency funds. This is a critical distinction, as traditional payment services licenses come with higher capital, operational, and regulatory burdens. Pure crypto-to-crypto services generally avoid this additional license.

**Comprehensive AML/CTF Policy:** Development and implementation of robust internal policies, controls, and procedures to prevent money laundering and terrorist financing.

**Customer Due Diligence (CDD):** Procedures for identifying and verifying the identity of customers (Know Your Customer - KYC), including beneficial owners. This includes ongoing monitoring of business relationships.

**Risk Assessment:** A documented, institution-wide risk assessment of ML/TF risks, regularly updated.

**Transaction Monitoring:** Systems and procedures for monitoring transactions for suspicious activities.

**Suspicious Transaction Reporting (STR):** Procedures for reporting suspicious transactions to the Hungarian Financial Intelligence Unit (FIU), which operates within the National Tax and Customs Administration (NAV).

**AML Officer:** Appointment of a qualified and experienced senior management AML Officer with adequate authority and resources.

**Employee Training:** Regular AML/CTF training for relevant staff.

**Record Keeping:** Maintaining records of customer data and transactions for the statutory period (typically 8 years).

Unlike traditional financial institutions, Hungarian law **does not specify a fixed minimum capital requirement solely for VASP registration under the AML Act.**

However, the MNB will assess the applicant's **financial soundness and stability** to ensure it has sufficient resources to operate the business, fulfill its obligations, and implement robust AML/CTF controls. This implies demonstrating adequate operational capital.

**Crucially:** If the VASP also qualifies as a **payment institution** (e.g., handling fiat currency as part of its services), then specific **minimum capital requirements defined by PSD2** (transposed into Hungarian law) would apply. These are significantly higher (e.g., minimum EUR 20,000 to EUR 125,000 depending on services).

**Legal Entity:** The applicant must be a legal entity established and registered in Hungary (e.g., a Kft. - Limited Liability Company).

**Registered Office:** A registered office in Hungary is required.

**Management:** While not always strictly requiring Hungarian residency for all directors, the MNB expects effective management to be based in Hungary or easily accessible, with sufficient knowledge of Hungarian law and the local regulatory environment. The AML Officer, in particular, should be readily available and knowledgeable about Hungarian AML requirements.

Owners, management, and key personnel (especially the AML Officer) must meet "fit and proper" criteria, demonstrating good repute, integrity, and competence. The MNB will assess their background, qualifications, and experience.

**IT Security and Operational Resilience:**

Robust IT security measures, data protection protocols, and operational resilience frameworks are expected to protect customer assets and data, and ensure continuity of services.

A detailed business plan outlining the nature of the services, target market, operational structure, financial projections, and compliance strategy.

**Establish a Hungarian Legal Entity:** Form a company (e.g., Kft.) in Hungary.

**Develop Internal Policies:** Prepare comprehensive AML/CTF policies, procedures, risk assessment, and internal control manuals tailored to the specific VASP services.

**Gather Documentation:** Compile all necessary corporate documents, details of ownership and management, financial statements/projections, IT security policies, and the business plan.

**Application Submission to MNB:** Submit the complete application package to the Magyar Nemzeti Bank. The application must demonstrate full compliance with the requirements of the Hungarian AML Act.

**MNB Review and Assessment:** The MNB will review the application, potentially request further information or clarifications, and conduct interviews with key personnel. They will assess the robustness of the AML/CTF framework and the applicant's capacity to comply.

**Decision:** Upon satisfactory review, the MNB will approve the registration. If deficiencies are found, they will communicate these, allowing for rectification.

**Ongoing Compliance:** Once registered, the VASP is subject to ongoing supervision by the MNB, including regular reporting obligations and potential on-site inspections.

**Act LIII of 2017 on the Prevention and Combatting of Money Laundering and Terrorist Financing (Pmt. 2017):**

This is the primary Hungarian law transposing the EU AMLD directives. It defines virtual assets and virtual asset service providers and sets out their obligations.

**Reference (Hungarian name):** 2017. évi LIII. törvény a pénzmosás és a terrorizmus finanszírozása megelőzéséről és megakadályozásáról.

*General search page for Hungarian laws:* https://njt.hu/ (You'll need to search within for the specific act number and year).

**Magyar Nemzeti Bank (MNB) Website:**

The MNB's website is the official source for guidelines, application forms, and specific requirements for VASPs. Look for sections related to AML/CTF supervision, financial market supervision, or specific guidance on virtual asset services.

**MNB Supervision section (often where AML guidance resides):** https://www.mnb.hu/felugyelet (You may need to navigate or use the search function for "virtuális valuta szolgáltató" or "pénzmosás megelőzés")

**EU Anti-Money Laundering Directives (Underlying Framework):**

While not Hungarian law directly, the Hungarian AML Act transposes these directives.

**AMLD5 (Directive (EU) 2018/843):** https://eur-lex.europa.eu/eli/dir/2018/843/oj

**AMLD6 (Directive (EU) 2018/1673):** https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32018L1673

**Article 215 of the Treaty on the Functioning of the European Union (TFEU):** Provides the legal basis for the EU to adopt restrictive measures (sanctions).

**Various Council Regulations:** Specific regulations detail the sanctions regimes for particular countries or individuals (e.g., Russia, Iran, Syria, DPRK).

Prohibits making funds and economic resources available, directly or indirectly, to designated persons, entities, or bodies.

**Definition of "Funds" and "Economic Resources":** Recent EU sanctions regulations, particularly concerning Russia, have explicitly clarified that "funds" and "economic resources" include "crypto-assets." This means VASPs must freeze any crypto assets belonging to sanctioned individuals or entities.

**Obligation:** VASPs must immediately freeze virtual assets held by or on behalf of designated persons and report this to the competent authorities (in Hungary, typically the Hungarian National Bank - MNB, or the National Tax and Customs Administration - NAV, depending on the specific reporting requirement).

**Prohibition on Making Funds/Economic Resources Available:**

VASPs are prohibited from directly or indirectly making any virtual assets or related services available to, or for the benefit of, sanctioned individuals or entities. This applies to all transactions, including transfers, exchanges, or facilitation of access to virtual assets.

Some EU sanctions regimes (e.g., against Russia) include sectoral restrictions, which might impact certain crypto-related activities. For instance, prohibitions on providing certain services, or dealing with specific types of assets, apply to virtual assets as well.

**Mandatory:** VASPs in Hungary must implement robust screening procedures for all customers (during onboarding and ongoing monitoring) and transactions against EU sanctions lists.

**EU Consolidated Sanctions List:** VASPs must regularly check their customer base and transaction parties against the EU's consolidated list of persons, groups, and entities subject to EU financial sanctions. This list is updated frequently.

**Automated Solutions:** Due to the dynamic nature of crypto transactions and sanctions lists, automated screening tools are highly recommended for VASPs.

Certain EU sanctions target specific geographic areas (e.g., Crimea and Sevastopol, non-government-controlled areas of Ukraine). VASPs must ensure they do not conduct or facilitate transactions that directly or indirectly benefit these regions or violate specific prohibitions related to them.

**EUR-Lex:** Official source for EU legislation (e.g., for specific Council Regulations).

*Example for Russia:* Council Regulation (EU) No 833/2014 and Council Regulation (EU) No 269/2014. These have been amended multiple times to include crypto assets. (Search on EUR-Lex for the latest consolidated versions).

**EU Sanctions Map:** Provides an overview of current EU sanctions regimes: https://www.sanctionsmap.eu/

**Consolidated Financial Sanctions List:** Accessible via the EU Sanctions Map or specific Council Decisions.

UN sanctions are almost always incorporated into EU law through EU Council Regulations, making them directly applicable and enforceable in Hungary. Therefore, compliance with EU sanctions generally ensures compliance with UN sanctions.

**Obligation:** VASPs must adhere to these measures, including screening against the UN Consolidated Sanctions List.

**UN Security Council Resolutions:** https://www.un.org/securitycouncil/content/resolutions

**UN Security Council Consolidated List:** https://www.un.org/sc/suborg/en/sanctions/un-sc-consolidated-list

**De-risking by Correspondent Banks:** International banks often comply with OFAC, and a VASP failing to do so might be de-risked.

**Reputational Damage:** Being associated with OFAC violations can harm a VASP's reputation.

**Risk of Secondary Sanctions:** In some cases, OFAC can impose secondary sanctions on non-U.S. persons dealing with sanctioned entities.

**Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (2017. évi LIII. törvény a pénzmosás és terrorizmus finanszírozása megelőzéséről és megakadályozásáról):** This is the core Hungarian law implementing the EU's 5th and 6th Anti-Money Laundering Directives.

**Obligations for VASPs:** VASPs are defined as "service providers for virtual asset-related activities" and are subject to the same AML/CFT obligations as traditional financial institutions. These include:

**Customer Due Diligence (CDD):** Identifying and verifying customers and beneficial owners.

**Ongoing Monitoring:** Monitoring transactions and customer relationships.

**Risk Assessment:** Implementing a risk-based approach to identify and mitigate ML/TF risks, including sanctions risks.

**Reporting Obligations:** Reporting suspicious transactions to the Hungarian Financial Intelligence Unit (FIU), which is part of the National Tax and Customs Administration (NAV).

**Sanctions Compliance:** The AML law implicitly requires compliance with international sanctions regimes by mandating comprehensive risk management and customer due diligence.

Under Act LIII of 2017, VASPs must conduct comprehensive due diligence, which explicitly includes screening against sanctions lists. While the Act doesn't specify *which* lists, it's understood to mean the legally binding EU (and by extension UN) lists. Prudent VASPs will also include OFAC lists.

**Internal Controls:** VASPs must have robust internal policies, procedures, and controls to detect and prevent sanctions violations.

Hungary generally does not maintain a separate national sanctions list for international purposes that would diverge significantly from or add to the EU's consolidated lists. Instead, it fully implements and enforces EU sanctions.

There are no specific "crypto-sanctions lists" maintained by Hungary; rather, existing sanctions apply to all forms of "funds" and "economic resources," which now explicitly include virtual assets under EU law.

**Act LIII of 2017:** Searchable on Hungary's National Legal Database (Nemzeti Jogszabálytár - NJT).

*Direct link (might require Hungarian language skills):* https://njt.hu/jogszabaly/2017-53-20-22.1

**Magyar Nemzeti Bank (MNB):** The MNB is the financial supervisor. Its website contains guidance and regulations for financial service providers, including VASPs.

Issuing warnings against unlicensed service providers (often foreign entities).

Providing guidance and requiring registration for Virtual Asset Service Providers (VASPs) under AML rules.

Referring cases of suspected fraud or money laundering to law enforcement (police, public prosecutor).

**Regulator Name:** Magyar Nemzeti Bank (MNB - Hungarian National Bank)

**Entity Targeted:** Xifra Lifestyle (also known as Xifra Global, Xifra LLC)

**Violation Type:** Unlicensed financial service provision (offering investment services related to cryptocurrency trading without the necessary MNB authorization) and operating a scheme with characteristics of a pyramid scheme.

**Penalty Amount:** The MNB issued a public warning and a cease-and-desist order. While no specific administrative *fine* amount was publicly disclosed by the MNB in its initial announcement, the action effectively prohibited the entity from operating in Hungary and referred the case to law enforcement for potential criminal proceedings.

**Date:** MNB's public announcement was on **November 25, 2022**.

**Outcome:** The MNB prohibited Xifra Lifestyle from offering its services to Hungarian residents. The MNB also filed a criminal complaint against the unknown perpetrators. The platform subsequently largely ceased operations in Hungary.

**MNB Press Release (Hungarian):** https://www.mnb.hu/sajtoszoba/sajtokozlemenyek/2022-evi-sajtokozlemenyek/a-penzugyi-fogyasztovert-vedelmeben-figyelmeztet-az-mnb-a-xifra-lifestyle-cryptovaluta-alapu-befektetesekkel-kapcsolatos-piramisjatek-gyanus-tevekenysegevel-kapcsolatban

**English News Summary (referencing MNB action):** https://www.globenewswire.com/news-release/2022/12/06/2568527/0/en/Global-authorities-crack-down-on-Xifra-Lifestyle-and-its-affiliates.html

**Police Investigations:** Hungarian police frequently conduct investigations and make arrests related to cryptocurrency fraud, scams, and money laundering. However, these are criminal proceedings targeting individuals or criminal groups, rather than administrative enforcement actions by a financial regulator against a formal "entity" with a specific "penalty amount" in the same way the MNB acts. The outcomes are typically arrests, charges, and eventual court sentences, which are distinct from regulatory fines.

**Tax Authority (NAV):** The National Tax and Customs Administration (NAV) enforces tax laws on crypto income and transactions, but these are typically individual or corporate audits and assessments rather than publicly announced "enforcement actions" against specific crypto *platforms* with a universal "penalty."

**MNB Warnings:** The MNB often issues general warnings to consumers about the risks of crypto, or specific warnings about unlicensed foreign entities, without a formal "fine" or "penalty amount" attached, but these are crucial in protecting consumers and maintaining market integrity.