Iran -- AML/CFT Compliance Regulatory Overview

**FATF Blacklisting:** Iran is currently on the FATF's "Public Statement – High-Risk Jurisdictions Subject to a Call for Action," meaning it is subject to a call for countries to apply enhanced due diligence and, in the most serious cases, countermeasures to protect the international financial system from the ongoing money laundering, terrorist financing, and proliferation financing (ML/TF/PF) risks emanating from Iran. This significantly impacts any international VASP's ability or willingness to operate in or with Iran.

**International Sanctions:** Iran is under extensive international sanctions (primarily from the US), which prohibit most financial transactions involving Iranian entities or individuals, further complicating VASP operations.

**Evolving Domestic Stance:** Iran's stance on cryptocurrencies has evolved from outright bans to allowing regulated mining and exploring the use of crypto for bypassing sanctions (e.g., import payments), while generally maintaining strict controls over public trading and use for domestic payments.

**Law on Combating Money Laundering (LCML):**

**Legislation Name:** "Law on Combating Money Laundering" (Qanun Mobaraze ba Pulshui), initially passed in 2008 and amended in 2019.

**Purpose:** This is the foundational AML law in Iran, establishing general obligations for reporting entities (which would include any authorized financial service providers, including VASPs if fully integrated into the financial system).

**Key Provisions:** Defines money laundering offenses, sets reporting obligations, establishes the Supreme Council for Combating Money Laundering and Financing of Terrorism, and outlines the role of the Financial Intelligence Unit (FIU).

**Law on Combating the Financing of Terrorism (LCFT):**

**Legislation Name:** "Law on Combating the Financing of Terrorism" (Qanun Mobaraze ba Taman-e Terrorizm), enacted in 2015 and amended in 2019.

**Purpose:** Addresses the financing of terrorism. Any VASP, if operating, would be subject to its provisions, especially regarding sanctions screening and suspicious transaction reporting.

**Central Bank of Iran (CBI) Regulations and Directives:**

The CBI is the primary regulator for financial services and has issued directives concerning virtual assets.

**Early Stance (2018):** The CBI initially banned all dealings in cryptocurrencies by banks and financial institutions, citing money laundering risks.

**Evolving Stance (2019-Present):** The CBI later allowed cryptocurrency mining as an industrial activity, requiring miners to obtain licenses and sell their mined crypto to the CBI for import financing. However, the use of cryptocurrencies for domestic payments is generally prohibited, and public trading platforms for major cryptocurrencies face significant restrictions or are not officially sanctioned in a broad retail sense.

**Applying Existing AML:** The CBI's stance implies that *any* entity authorized to deal with virtual assets (e.g., licensed miners selling to CBI, or potentially future regulated exchanges) would be subject to existing AML/CFT laws and CBI directives regarding KYC, transaction monitoring, and reporting.

National ID number (National Code for Iranians)

Verification through official documents (e.g., National ID card, passport).

Legal form (e.g., company, partnership)

Registered address and principal place of business

Details of directors, senior management, and beneficial owners (shareholders owning 25% or more, or controlling persons).

Verification through official corporate documents (e.g., certificate of incorporation, articles of association).

**Purpose and Nature of Business Relationship:**

Understanding the purpose for which the customer intends to use the VASP's services (e.g., mining, trading, remittance, specified payment).

Understanding the expected nature and volume of transactions.

Scrutinizing transactions throughout the course of the relationship to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile.

Regularly updating customer information and risk assessment.

Required for high-risk customers, politically exposed persons (PEPs), and transactions identified as high-risk (e.g., large value transactions, complex structures, transactions from high-risk jurisdictions).

Includes measures like obtaining additional information on the customer and their source of funds/wealth, obtaining senior management approval for the relationship, and increased monitoring.

Especially critical for virtual assets, VASPs would need to establish the legitimate source of funds used to acquire virtual assets and the source of wealth of the customer.

Screening customers against domestic (if any specific to crypto) and international sanctions lists (though international sanctions might preclude VASP interaction altogether).

**Obligation to Report:** VASPs, if authorized, would be obligated to report any suspicious transactions or activities to the Financial Intelligence Unit (FIU). This includes transactions that are inconsistent with a customer's known legitimate activities, or those that suggest money laundering, terrorist financing, or proliferation financing.

**FIU:** The primary FIU in Iran is located within the **Secretariat of the High Council for Combating Money Laundering and Financing of Terrorism**, which is part of the Ministry of Economy and Financial Affairs.

**No Tipping-Off:** VASPs are prohibited from informing the customer or any third party that an STR has been filed.

**Transaction Records:** All transaction data, including dates, amounts, types of assets, sender/receiver information, and IP addresses.

**CDD Records:** All documents and data obtained during the CDD process (identification, verification, risk assessment).

**STRs:** Copies of all suspicious transaction reports filed.

**Duration:** Records are typically required to be kept for at least **five to ten years** after the business relationship has ended or the transaction has occurred.

**Central Bank of Iran (CBI):**

**Role:** The main financial regulator, responsible for licensing, supervision, and issuing specific directives regarding virtual assets and their interaction with the financial system.

**High Council for Combating Money Laundering and Financing of Terrorism:**

**Role:** The main policy-making body for AML/CFT in Iran, providing strategic direction and overseeing the implementation of the LCML and LCFT. Its secretariat houses the FIU.

**URL:** Information is typically integrated with the Ministry of Economy and Financial Affairs.

**Ministry of Economy and Financial Affairs:**

**Role:** Broader oversight of financial policy and the umbrella ministry under which the High Council and FIU operate.

**No General Retail VASP Market:** There is no established, government-sanctioned, retail-facing VASP market (like open crypto exchanges) for the general public in Iran due to the general ban on crypto for payments and significant restrictions on trading.

**Focus on Licensed Mining:** The primary regulated VASP-related activity is licensed cryptocurrency mining, where mined crypto must be sold to the CBI or authorized entities for specific purposes (like import financing). These licensed entities would be subject to strict AML/CFT checks by the CBI.

**International Isolation:** Due to FATF blacklisting and international sanctions, it is virtually impossible for any reputable international VASP to legally offer services to Iranian citizens or entities, regardless of Iran's domestic regulations. Doing so would expose them to severe regulatory and reputational risks.

**Central Bank of Iran (CBI):** The primary regulator for financial and monetary affairs, including cryptocurrencies. Its stance has largely been to ban banks and financial institutions from dealing in cryptocurrencies and to restrict their use for domestic payments. The CBI is also involved in developing a national digital currency (CBDC).

**Ministry of Industry, Mines, and Trade (MIMT):** Responsible for licensing and regulating cryptocurrency mining operations.

**Securities and Exchange Organization (SEO):** Traditionally regulates securities in Iran under the Securities Market Law of the Islamic Republic of Iran (2005). However, its direct role in classifying *private cryptocurrency tokens* as securities for public offerings is minimal, largely because such offerings are not openly permitted or have been discouraged by the CBI.

**National Cyberspace Center (NCC) / Economic Council / Parliament:** These bodies are involved in drafting and approving broader legislation concerning digital assets and cyberspace, which may eventually include more detailed provisions for crypto classification.

**Traditional Securities Law:** Iran's Securities Market Law of 2005 defines "securities" generally to include shares, bonds, mutual fund units, and other instruments that grant ownership rights, debt claims, or partnership interests.

**Lack of Specific Crypto Guidance:** The challenge with private crypto tokens is that they haven't been explicitly brought under this existing framework for public offerings. The regulatory emphasis has been on banning or heavily restricting their use rather than establishing a formal classification process for investor protection in a public market context.

**Implicit Interpretation (Hypothetical):** If a private token were to be issued seeking public investment with an expectation of profit derived from the efforts of others (similar to the Howey test's criteria), it would likely face significant scrutiny and potential prohibition under existing financial regulations, rather than being formally classified and regulated as a security by the SEO. The primary concern would be capital flight, AML, and monetary stability, as opposed to investor protection in a nascent token market.

**No specific private crypto tokens are formally recognized and regulated as securities for public offering in Iran.**

**National Digital Currency (CBDC):** The CBI has been developing a national digital currency, often referred to as "Paymon" or the "Digital Rial." This is a central bank-issued currency, not a public investment security, intended for domestic payments and interbank settlements.

**Mining as a Regulated Activity:** The tokens acquired through licensed mining operations (e.g., Bitcoin, Ethereum) are treated as commodities or assets that can be used for specific purposes (like paying for imports), but the act of mining itself is a licensed industrial activity, and the tokens are not classified as securities by the MIMT in this context.

**Tokens for International Trade:** In 2022, a law was passed allowing the use of cryptocurrencies for import payments. These tokens are treated as a means of exchange for international trade, not as domestic securities.

**There are no formalized registration or exemption requirements for private crypto token issuers seeking to conduct public offerings in Iran.** This is because such activities are generally not permitted or are severely restricted.

Any entity attempting to launch an Initial Coin Offering (ICO) or similar token sale to the Iranian public would likely face regulatory challenges, including potential bans or legal action from the CBI, given the restrictions on cryptocurrency activities by financial institutions and the general public.

The focus of Iranian authorities is on preventing unauthorized financial activities and capital flight, not on providing a framework for public token offerings.

**No formal rules exist for the secondary trading of private crypto tokens *as securities*.**

**General Cryptocurrency Trading:** While a full ban on individuals owning or trading cryptocurrencies is difficult to enforce, the CBI has repeatedly warned against their use and banned financial institutions from dealing with them.

**Exchanges:** Many local crypto exchanges operate in a legal grey area, requiring users to comply with AML/KYC norms, often to avoid outright shutdowns. However, these are typically platforms for exchanging general cryptocurrencies (like Bitcoin for Rial), not regulated securities trading platforms for tokenized assets.

**Licensed Platforms:** The government has indicated a desire to license exchanges, primarily to control the flow of capital and ensure AML compliance, rather than regulating a securities market for tokens.

**Unauthorized Crypto Exchange Operations:** Several arrests have been made, and exchanges have been shut down for operating without proper authorization or for facilitating illegal activities (like capital flight or prohibited domestic payments).

**Use of Crypto for Domestic Payments:** Individuals and businesses attempting to use cryptocurrencies for everyday transactions within Iran have faced warnings and potential legal action, as this goes against the CBI's prohibition on crypto as legal tender.

**Unlicensed Mining Operations:** Authorities frequently crack down on unlicensed crypto mining farms, especially those illegally using subsidized electricity.

**Capital Flight:** Any significant movement of capital out of the country via cryptocurrencies is a major concern and subject to stringent enforcement.

**2018:** The CBI officially banned Iranian banks and financial institutions from dealing in cryptocurrencies, citing money laundering and financing of terrorism concerns.

**Ongoing (2020-Present):** Numerous reports of police raids on illegal crypto mining operations, resulting in confiscation of equipment and arrests.

**Ongoing:** Warnings issued by the CBI and law enforcement against illegal cryptocurrency exchanges and platforms that do not adhere to AML/KYC regulations or facilitate prohibited activities. The judiciary has often highlighted the risks associated with investing in unregulated crypto schemes.

**Central Bank of Iran (CBI) Statements/Circulars:**

The CBI's stance on prohibiting banks from dealing with cryptocurrencies was formalized in a circular in **April 2018**. While a direct English-language URL to the official circular is difficult to obtain, it has been widely reported by reputable news agencies.

*General CBI website (Farsi):* https://www.cbi.ir/ - Navigate to "News" or "Circulars" for updates, which would need translation.

**Ministry of Industry, Mines, and Trade (MIMT) Regulations on Mining:**

The MIMT issued regulations in **2019 and subsequent amendments** for licensing cryptocurrency mining farms, treating it as an industrial activity. These regulations detail energy tariffs, licensing procedures, and export requirements for mined crypto.

*General MIMT website (Farsi):* https://www.mimt.gov.ir/ - Specific regulations on crypto mining are usually found in their "Laws and Regulations" section, requiring translation.

**Law on Using Cryptocurrencies for Import Payments:**

Approved in **2022**, allowing registered importers to use cryptocurrencies to pay for imports. This was a significant shift, but it specifically targets international trade, not domestic securities offerings.

*Often reported by Iranian English news outlets like Tehran Times or Mehr News Agency.*

**Securities Market Law of the Islamic Republic of Iran (2005):**

This is the fundamental law governing securities in Iran. While it doesn't mention crypto, it's the basis for what *would* constitute a security if tokens were brought under the SEO's purview.

*Often referenced in legal analyses; official English translations are scarce.*

**Draft Comprehensive Digital Currency Regulation / Law on the Organization of Cyberspace:**

Various drafts have been under discussion by different governmental bodies (Parliament, Economic Council, National Cyberspace Center) for several years. These drafts are expected to provide a more holistic framework for digital assets, including potential classifications, but are still *in progress* and subject to change.

*News reports often provide updates on these drafts; direct official URLs are not usually public until final approval.*

**Whether Adopted:** **No, the FATF Travel Rule has not been adopted in Iran.** Iran remains on the FATF's list of High-Risk Jurisdictions due to its failure to enact the Palermo and TF Conventions and other fundamental deficiencies. Implementing a specific measure like the Travel Rule is not on the agenda when the foundational AML/CFT framework is not in place.

**Effective Date:** **Not applicable.** Since the rule has not been adopted, there is no effective date.

**Threshold Amounts:** **Not applicable.** Without adoption, there are no defined threshold amounts for the Travel Rule.

**Which VASPs are Covered:** **Not applicable.** There is no regulatory framework in Iran that mandates VASPs to comply with the FATF Travel Rule. Domestic regulations regarding virtual assets are primarily focused on controlling their use within the country and have not incorporated international AML/CFT standards to this extent.

**Technical Implementation Requirements:** **Not applicable.** No technical implementation requirements exist for the Travel Rule in Iran.

**For Iran (at the international level):** The primary "penalty" for Iran's non-compliance with FATF recommendations (including the implicit non-implementation of the Travel Rule) is its continued presence on the FATF blacklist. This results in severe economic sanctions from the international community, financial isolation, difficulty accessing global financial systems, and increased scrutiny and due diligence requirements for any entity attempting to transact with Iranian entities. International financial institutions are strongly discouraged from engaging in transactions with Iran.

**FATF Public Statement on High-Risk Jurisdictions Subject to a Call for Action (February 2020, still current):** The FATF stated that "Given Iran’s failure to enact the Palermo and TF Conventions in line with the FATF Standards, the FATF suspended its call for members and urged all members to apply counter-measures and enhanced due diligence in February 2020. Iran will remain on the FATF statement on High-Risk Jurisdictions Subject to a Call for Action until the full Action Plan has been completed."

**URL:** https://www.fatf-gafi.org/publications/high-risk-and-other-monitored-jurisdictions/documents/call-for-action-february-2020.html (This is the last comprehensive update regarding Iran's status on the blacklist, which remains unchanged).

**For Domestic Entities in Iran (related to crypto activities):** While not directly linked to the Travel Rule, Iran has implemented domestic regulations concerning virtual assets, primarily focused on control and preventing their use for illicit purposes or circumventing sanctions.

For example, in 2018, the Central Bank of Iran (CBI) initially banned the use of cryptocurrencies by banks and financial institutions, though this stance has evolved somewhat, especially concerning crypto mining for electricity export. The use of cryptocurrencies for payments within the country remains largely prohibited.

**Specific Legislation/Guidance (Domestic):** Finding direct, current, and publicly accessible English translations of specific Iranian legislation on virtual assets with URLs can be challenging due to language barriers and the nature of Iranian legal publications. However, news reports and analyses often cite:

**Central Bank of Iran (CBI) Directives:** The CBI has issued various directives over the years, often reported by state media or financial news outlets, that govern the use and holding of cryptocurrencies by financial institutions and the public. These directives typically aim to prevent capital flight and maintain monetary control.

**Governmental Decrees:** The Iranian government has also issued decrees, particularly concerning the licensing of cryptocurrency mining operations.

**General Penalties:** Any individual or entity engaging in unauthorized cryptocurrency activities (e.g., using crypto for payments, operating an unlicensed exchange, or engaging in money laundering using crypto) would be subject to penalties under existing Iranian laws related to financial crimes, foreign exchange regulations, and unlicensed financial activities. These penalties could include fines, imprisonment, and asset confiscation. However, these are *domestic penalties for domestic illicit activities* and not specific penalties for non-compliance with the international FATF Travel Rule.