Cambodia -- Licensing Requirements Regulatory Overview

**Law on Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT Law):**

**Date:** Passed in 2020. This law replaced the previous 2007 AML/CFT Law and was enacted to bring Cambodia's framework closer to international standards, particularly the FATF Recommendations.

**Key Provisions:** Defines money laundering and terrorist financing offenses, establishes the legal framework for identifying, verifying, and reporting suspicious activities, and outlines penalties for non-compliance. It also identifies "reporting entities" (or "obliged entities") that must comply. VASPs, by the nature of their services, are generally considered reporting entities under this broad definition, especially concerning the movement of value.

**Prakas on the Implementation of the Law on Anti-Money Laundering and Combating the Financing of Terrorism (Prakas 285 on AML/CFT)**

**Issuing Body:** National Bank of Cambodia (NBC) and the Ministry of Economy and Finance.

**Key Provisions:** Provides detailed regulations and guidelines for financial institutions and other reporting entities (which would encompass VASPs) on how to implement the AML/CFT Law, including specific requirements for customer due diligence, suspicious transaction reporting, and record-keeping.

**Identification and Verification of Customers:**

**For Individuals:** Obtaining and verifying proof of identity (e.g., national ID card, passport, driver's license), date of birth, address, and nationality.

**For Legal Entities/Corporations:** Obtaining and verifying legal name, address, proof of incorporation/registration (e.g., certificate of incorporation, business license), names of directors/senior management, and beneficial owners.

**Method:** Verification must be performed using reliable, independent source documents, data, or information.

Identifying and taking reasonable measures to verify the identity of the beneficial owner(s) of the customer, especially for legal entities. This typically means identifying individuals who ultimately own or control more than a specified percentage (e.g., 25%) of the entity, or who exercise control through other means.

**Purpose and Intended Nature of Business Relationship:**

Understanding the purpose and intended nature of the business relationship or transaction (e.g., why the customer wants to use virtual asset services, expected transaction volumes, types of assets).

Conducting ongoing due diligence on the business relationship and scrutinizing transactions undertaken throughout the course of that relationship to ensure that the transactions are consistent with the VASP's knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds.

Ensuring that documents, data, or information collected under the CDD process are kept up-to-date.

Implementing a risk-based approach to CDD, which means:

**Simplified Due Diligence (SDD):** Permitted in low-risk situations, with sufficient measures to mitigate any potential risks.

**Enhanced Due Diligence (EDD):** Required for high-risk customers, business relationships, or transactions (e.g., Politically Exposed Persons - PEPs, customers from high-risk jurisdictions, complex or unusually large transactions, new technologies with inherent anonymity).

Screening customers against relevant national and international sanctions lists (e.g., UN Security Council sanctions) and PEP lists.

**Obligation to Report:** Any VASP that suspects or has reasonable grounds to suspect that funds or other assets, regardless of the amount, are derived from criminal activity, or are related to terrorist financing, must report promptly.

**Recipient:** The **Cambodia Financial Intelligence Unit (CAFIU)**.

**Timeline:** Reports must be made without delay, typically within 24-48 hours of forming the suspicion.

**Content of Report:** The report should include all available information concerning the customer, the transaction(s), the nature of the suspicion, and any supporting documents.

**No Tipping-Off:** VASPs and their employees are prohibited from disclosing to the customer or to third parties that an STR has been or will be submitted.

Records of all transactions, including virtual asset transfers (sender, receiver, amount, timestamp, type of virtual asset, associated fiat currency conversions).

All CDD/KYC information obtained for customers, including identification documents, verification data, and beneficial ownership information.

Records of all suspicious transaction reports filed, including internal analysis and supporting documentation.

Records of internal policies, procedures, and training related to AML/CFT compliance.

**Duration:** Records must be maintained for a minimum period of **five (5) years** after the business relationship has ended or after the date of the transaction.

**Accessibility:** Records must be readily accessible to the competent authorities (e.g., NBC, CAFIU) upon request.

**National Bank of Cambodia (NBC)**

**Role:** The primary regulatory and supervisory authority for financial institutions in Cambodia. This includes setting out detailed regulations (Prakas) and supervising the implementation of AML/CFT requirements by financial institutions. While there isn't a specific licensing regime for VASPs yet, NBC's general authority over financial activities means it plays a crucial role in ensuring AML compliance in this sector. NBC has also previously issued warnings regarding the risks of cryptocurrency.

**Cambodia Financial Intelligence Unit (CAFIU)**

**Role:** Operates as a department within the National Bank of Cambodia. CAFIU is the central national authority responsible for receiving, analyzing, and disseminating suspicious transaction reports (STRs) and other financial information concerning potential money laundering and terrorist financing.

**URL:** As a department within NBC, its information is typically integrated with the NBC website.

**Securities and Exchange Regulator of Cambodia (SERC) Official Website:**

**Role:** While NBC focuses on banking and general financial stability, SERC is responsible for regulating Cambodia's securities market. If a virtual asset is deemed a security (e.g., an "initial coin offering" or "security token offering"), SERC's regulations would apply, potentially including specific AML/CFT requirements for securities firms. SERC has also issued warnings regarding unregulated crypto activities.

**National Coordination Committee for AML/CFT (NCC)**

**Role:** This high-level committee, involving various ministries and institutions, is responsible for coordinating the overall national policy and strategy on AML/CFT.

**Evolving Landscape:** The regulatory framework for virtual assets is still evolving globally and in Cambodia. VASPs should monitor for new laws, Prakas, and guidelines.

**FATF Standards:** Cambodia's regulatory efforts are heavily influenced by FATF Recommendations. VASPs should ensure their compliance programs align with these international standards, especially Recommendation 15 which specifically addresses new technologies and virtual assets.

**Lack of Specific Licensing:** As of the latest information, Cambodia does not have a dedicated, comprehensive licensing framework for VASPs akin to those in some other jurisdictions. This means that while AML/CFT obligations apply, the broader operational legality and specific regulatory permissions for operating a VASP business might fall under existing general business laws or remain in a less defined state. This poses both opportunities and risks for operators.

**Warnings from Authorities:** Both NBC and SERC have historically issued warnings about the risks associated with cryptocurrencies and the importance of exercising caution due to the lack of specific regulations and investor protection mechanisms.

**Joint Public Statement on the Trading, Advertising, and Circulation of Cryptocurrency (2018):**

This is the foundational warning from the **National Bank of Cambodia (NBC), Securities and Exchange Regulator of Cambodia (SERC), and Cambodian Financial Intelligence Unit (CAFIU)**. It explicitly states that "the trading, buying, selling, and advertising of cryptocurrency and other digital assets are illegal activities" unless authorized by the relevant authorities.

While a direct URL to the original statement on an official government website can be elusive, its content is widely cited:

*Reference Article (summarizing the statement):* **DFDL Cambodia - Alert on Cryptocurrency Activities (2018):** https://www.dfdl.com/resources/legal-and-tax-alerts/cambodia-alert-on-cryptocurrency-activities/ (This provides a good summary of the original joint warning.)

*Another Reference:* **Tilleke & Gibbins - Cambodia’s Official Warning on Cryptocurrency (2018):** https://www.tilleke.com/insights/cambodias-official-warning-on-cryptocurrency/

While not specific to crypto licensing, this law would form the basis for any future AML/CFT requirements imposed on virtual asset activities.

**Official Link (Khmer, usually requires finding English translation from legal firms):** The official text is usually in Khmer. Reputable legal firms often provide English translations or summaries.

*Reference:* The **FATF Mutual Evaluation Report for Cambodia** (2017) references the law extensively. While not the law itself, it demonstrates Cambodia's commitment to AML/CFT:

**FATF - Mutual Evaluation Report of Cambodia (2017):** https://www.fatf-gafi.org/content/dam/fatf-gafi/mer/MER-Cambodia-2017.pdf (See Section 3 for legal framework details).

*Reference to a later amendment:* **Sub-Decree No. 34 on the Implementation of the Law on Anti-Money Laundering and Combating the Financing of Terrorism (2020):** While difficult to find a direct official English URL, this sub-decree further strengthens the AML/CFT framework.

**National Bank of Cambodia (NBC) Official Website:**

Regularly check the NBC's official announcements section for any updates, though specific crypto licensing announcements are unlikely in the short term.

Similar to NBC, check SERC announcements.

Units in collective investment schemes

Any other instruments specified by the SECC

**Investment of Money (or assets with monetary value):** A person provides value.

**In a Common Enterprise:** The investor's fortunes are linked to the success or failure of the enterprise.

**With an Expectation of Profit:** The investor anticipates financial gain.

**Derived from the Efforts of Others:** The profits are primarily generated through the managerial or entrepreneurial efforts of the issuer or a third party, rather than the investor's own efforts.

**Explicitly Regulated Digital Securities:** Any digital asset that represents a traditional security (e.g., tokenized shares, tokenized bonds) and is authorized and regulated by the SECC. These are considered securities by definition and must comply with all securities laws. The SECC has shown openness to *tokenized traditional assets* issued within its regulatory purview.

**Prohibited Decentralized Cryptocurrencies:** Most decentralized cryptocurrencies (like Bitcoin, Ethereum, etc.) are currently considered illegal for trading and issuance in Cambodia, as per the 2018 Joint Statement. While not explicitly classified as "securities" *for regulatory purposes* (because they're outright banned), if they were to be allowed, many would likely fall under the "investment contract" definition due to their characteristics (speculative investment, expectation of profit from developers' efforts).

**Utility Tokens (with investment features):** If a utility token is marketed with an expectation of profit, appreciation, or provides governance rights that have economic value tied to the success of an underlying project driven by an issuer, it would likely be considered a security if it were to be issued legally.

**Security Token Offerings (STOs):** If permitted, STOs (which are explicitly designed to represent ownership in an underlying asset or revenue stream) would inherently be classified as securities.

**Registration:** Issuers must be licensed by the SECC and obtain specific approval for their offering. This involves submitting detailed disclosure documents, a prospectus, and financial information, similar to traditional securities offerings.

**Compliance:** Issuers must comply with all relevant provisions of the Securities Law and SECC regulations, including reporting obligations, corporate governance, and investor protection measures.

**Exemptions:** General exemptions from registration might apply for certain types of offerings, such as private placements to sophisticated investors or small offerings, as defined in SECC regulations, but these would apply to the underlying security, not specifically to its tokenized form. There are no specific "crypto-token" exemptions.

There are **no registration requirements** because their issuance and trading are declared illegal. Any attempt to issue such tokens would be in violation of the 2018 Joint Statement.

**Regulated Exchanges:** Secondary trading must occur on a regulated exchange licensed by the SECC (e.g., the Cambodia Securities Exchange, or a specific Digital Asset Exchange if and when one is licensed for such products).

**Market Integrity:** Trading activities would be subject to rules against market manipulation, insider trading, and other illicit practices, with robust clearing and settlement procedures.

**Investor Protection:** Exchanges and brokers involved in trading must adhere to investor protection rules, including disclosure of risks and know-your-customer (KYC) / anti-money laundering (AML) / combating the financing of terrorism (CFT) procedures.

**No Legal Secondary Trading:** There are no legal secondary trading rules because the trading of such cryptocurrencies is deemed illegal in Cambodia as per the 2018 Joint Statement. Any trading would occur outside the regulated financial system and carry significant legal risks for participants.

**Public Warnings and Prohibition:** The most significant enforcement action has been the general prohibition itself and repeated public warnings from the NBC and SECC. These warnings aim to prevent individuals and businesses from engaging in crypto-related activities, making further explicit enforcement cases for *securities classification* less necessary given the broader ban.

**Investigations and Shutdowns:** While specific details on successful prosecutions are less publicly available, Cambodian authorities have stated their intent to investigate and take action against individuals and entities involved in illegal cryptocurrency operations. This often involves collaborating with law enforcement to identify and shut down platforms or schemes.

**Focus on AML/CFT:** Beyond the securities aspect, the NBC and financial intelligence unit (FIU) would also enforce the **Law on Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT Law)** against any use of cryptocurrencies for illicit financial activities, irrespective of their securities classification.

**Fraud Cases:** Any crypto-related scam or fraudulent scheme would be prosecuted under general criminal laws concerning fraud, rather than specific securities law violations related to token classification, due to the overarching illegality of the assets themselves.

*Note: You would need to navigate this site to find the Law on the Issuance and Trading of Non-Government Securities and related Prakas (regulations) and circulars. The English version of the laws might be found under "Regulations" or "Laws."*

**National Bank of Cambodia (NBC):**

*Note: Look for press releases, circulars, and information related to financial stability, AML/CFT, and Project Bakong.*

**Joint Public Statement (June 11, 2018):**

This law is foundational for financial crime prevention. You would typically find it on the Council of Ministers' website or the General Secretariat of the National Council for AML/CFT.

**Restrictive/Effective Ban:** Cambodia's approach is not a comprehensive regulatory framework for virtual assets. Instead, it is a restrictive one, bordering on an effective ban for most practical purposes, especially concerning local issuance, trading platforms, and financial institutions' involvement.

**Focus on Warnings and Prohibition:** The primary regulatory actions have been joint warnings and directives prohibiting licensed entities from engaging in crypto-related activities, citing high risks to financial stability, consumer protection, and potential for illicit activities.

**No Legal Tender Status:** Cryptocurrencies are explicitly not recognized as legal tender.

**National Bank of Cambodia (NBC)**:

**Role:** Oversees banking and financial institutions, manages monetary policy, and ensures financial stability. The NBC has been central to issuing warnings and directives regarding virtual assets due to concerns over financial stability, consumer protection, and anti-money laundering (AML).

**URL:** National Bank of Cambodia

**Role:** Regulates Cambodia's securities market. While not directly regulating virtual assets as securities, the SERC has participated in joint warnings, especially concerning the unauthorized issuance and trading of assets that might resemble securities.

**URL:** Securities and Exchange Regulator of Cambodia

**General-Commissariat of National Police (GCNP)**:

**Role:** Involved in enforcement and prevention of criminal activities, including those potentially associated with unregulated virtual asset schemes.

**Joint Announcement/Directive (July 11, 2018):**

**Issued by:** National Bank of Cambodia (NBC), Securities and Exchange Regulator of Cambodia (SERC), and General-Commissariat of National Police.

**Key Content:** This landmark announcement explicitly warned the public against "the issuance, circulation, and trading of cryptocurrencies/digital currencies," stating that these activities are **not permitted** without obtaining a license from relevant authorities. Crucially, no such licenses have been issued or are contemplated for general crypto trading or issuance. The announcement highlighted the high risks, lack of consumer protection, and potential for money laundering and terrorism financing. It effectively banned licensed financial institutions from engaging in crypto-related services.

**Reference:** While a direct link to the original joint press release on official websites can be difficult to locate years later, this directive was widely reported by reputable news outlets and is the cornerstone of Cambodia's current regulatory posture.

*Examples of news reports referencing the directive:*

Phnom Penh Post Article (July 11, 2018)

Reuters Article (July 12, 2018)

**Law on Banking and Financial Institutions:** Provides the NBC with powers to regulate financial activities.

**Law on Foreign Exchange:** Grants the NBC authority over foreign currency transactions.

**Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) laws:** These general laws would apply to any financial activity and could be used against illicit crypto activities, even if crypto is not explicitly defined in them.

**Discouraged and High Risk:** While the direct ownership of cryptocurrencies by individuals is not explicitly illegal, engaging in their issuance, circulation, or trading without an official license is prohibited. Since no such licenses are granted for general crypto activities, this effectively makes organized trading illegal.

**Lack of Consumer Protection:** The authorities repeatedly warn that there is no legal recourse or protection for investors in case of losses or fraud.

**Not Permitted/Illegal:** Operating a cryptocurrency exchange in Cambodia without a license is illegal. As no licenses are being issued for virtual asset exchanges, setting up or operating such a platform within Cambodia is effectively prohibited.

**Financial Institutions Prohibition:** Licensed banks and financial institutions are explicitly prohibited from accepting cryptocurrencies, facilitating their exchange, or engaging in any related transactions.