Kyrgyzstan -- AML/CFT Compliance Regulatory Overview

Kyrgyzstan, as a member of the Eurasian Group on Combating Money Laundering and Financing of Terrorism (EAG) – an Associate Member of the Financial Action Task Force (FATF) – is committed to implementing international standards for anti-money laundering and combating the financing of terrorism (AML/CFT). While a dedicated, comprehensive licensing and regulatory framework solely for cryptocurrency/virtual asset service providers (VASPs) is still developing, existing AML/CFT legislation, influenced by FATF recommendations, applies to entities dealing with virtual assets.

The FATF's Recommendation 15 specifically calls for virtual assets and VASPs to be subject to AML/CFT regulations, licensed or registered, and subject to effective systems for monitoring and ensuring compliance. Kyrgyzstan is working towards aligning its national legislation with these recommendations.

1. AML/CFT Legislation in Kyrgyzstan

The primary legislative act governing AML/CFT in Kyrgyzstan is:

• Law of the Kyrgyz Republic on Combating the Financing of Terrorism and Legalization (Laundering) of Criminal Proceeds (No. 87, dated July 25, 2011, with subsequent amendments). This law establishes the legal and organizational framework for AML/CFT, defines the obligations of reporting entities, and outlines the role of the financial intelligence unit.

Note: While this law doesn't explicitly name "cryptocurrency" or "virtual assets" in its original text, its broad definitions of "monetary funds or other property" and "operations with monetary funds or other property" can be interpreted to cover transactions involving virtual assets, especially as global standards evolve. VASPs are typically considered "reporting entities" or "financial institutions" under the broader definitions for AML/CFT purposes.

2. Customer Due Diligence (CDD) Requirements for VASPs

Under the existing AML/CFT framework, VASPs are expected to apply CDD measures similar to traditional financial institutions. These include:

• Identification and Verification:
  • For individuals: Full name, date and place of birth, citizenship, residential address, identification document details (e.g., passport, national ID number). Verification through reliable, independent sources (e.g., government-issued documents, utility bills).
  • For legal entities: Full name, legal form, registration number, legal address, tax identification number (TIN), details of beneficial owners, directors, and authorized signatories. Verification through company registration documents, articles of association, and public registries.
• Beneficial Ownership Identification: VASPs must identify and take reasonable measures to verify the identity of the beneficial owner(s) of the customer, including those who ultimately own or control the customer, or the person on whose behalf a transaction is being conducted. Thresholds (e.g., 25% ownership or control) typically apply.
• Purpose and Intended Nature of Business Relationship: Understanding the purpose and intended nature of the business relationship (e.g., why the customer is using virtual assets, expected transaction volumes and types).
• Ongoing Monitoring: Continuously monitoring the business relationship and transactions to ensure that they are consistent with the VASP's knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds.
• Risk-Based Approach: VASPs must adopt a risk-based approach to CDD. This means applying enhanced due diligence (EDD) for higher-risk customers (e.g., Politically Exposed Persons (PEPs), customers from high-risk jurisdictions, complex structures, large transactions) and simplified due diligence (SDD) for lower-risk scenarios where permitted.

3. Suspicious Transaction Reporting (STR)

VASPs, like other reporting entities, are obligated to report suspicious transactions to the financial intelligence unit.

• Obligation to Report: If a VASP has grounds to suspect that funds or other property, regardless of the amount, are related to the financing of terrorism or legalization (laundering) of criminal proceeds, it must immediately report such suspicions.
• No Tipping-Off: VASPs and their employees are prohibited from disclosing to the customer or third parties that a suspicious transaction report (STR) has been filed, or that an investigation into money laundering or terrorist financing is being conducted.
• Timelines: Reports should typically be filed "without delay" after the suspicion arises.

4. Record-Keeping Obligations

VASPs are required to maintain records for a specified period to assist with potential investigations:

• Customer Identification Data: Records of all documents obtained during CDD, including identification and verification information, beneficial ownership details, and account details.
• Transaction Records: Records of all transactions conducted, including amounts, types of virtual assets, dates, sender and recipient information, and any associated messages or instructions.
• Analysis of Complex/Unusual Transactions: Records of any internal findings, analysis, or documentation related to complex, unusual, large, or high-risk transactions.
• Retention Period: Records must generally be kept for a minimum period of five years from the date of the transaction or the termination of the business relationship.

5. Authority Overseeing Compliance

The primary authority responsible for overseeing AML/CFT compliance, including for entities dealing with virtual assets under the existing framework, is:

• The State Service for Financial Intelligence (SSFI) under the Ministry of Finance of the Kyrgyz Republic.
  • Role: The SSFI acts as Kyrgyzstan's Financial Intelligence Unit (FIU). It is responsible for receiving, analyzing, and disseminating suspicious transaction reports to law enforcement agencies, as well as for developing and implementing AML/CFT policies and overseeing compliance by reporting entities.
  • Official Website (in Russian/Kyrgyz, may have limited English content): http://www.fiu.gov.kg/

Important Considerations for VASPs in Kyrgyzstan:

• Evolving Landscape: The regulatory landscape for virtual assets is constantly evolving globally and in Kyrgyzstan. VASPs should monitor for any new specific laws, regulations, or guidance related to cryptocurrencies issued by the SSFI or the National Bank of the Kyrgyz Republic.
• National Bank of the Kyrgyz Republic (NBKR): While the SSFI is the primary AML/CFT supervisor, the NBKR also plays a crucial role in maintaining financial stability and overseeing the financial sector. The NBKR has historically issued warnings regarding the risks of cryptocurrencies. Any future comprehensive regulatory framework for VASPs might involve the NBKR, especially if virtual assets are classified as financial instruments or securities.
• FATF Standards: Adherence to FATF recommendations is paramount. VASPs should ensure their compliance programs are aligned with the latest FATF guidance on virtual assets.

Given the dynamic nature of this sector, VASPs operating or planning to operate in Kyrgyzstan should seek expert legal counsel to ensure full compliance with current and emerging AML/CFT requirements.