Kazakhstan -- Sanctions Compliance Regulatory Overview

Kazakhstan, as a member of the United Nations and an active participant in global anti-money laundering (AML) and counter-terrorist financing (CFT) efforts, including through the Eurasian Group on Combating Money Laundering and Financing of Terrorism (EAG), adheres to international sanctions regimes.

For Virtual Asset Service Providers (VASPs) operating in Kazakhstan, particularly within the Astana International Financial Centre (AIFC), compliance with these global standards is paramount.

I. International Sanctions Regimes (Global Applicability)

VASPs in Kazakhstan are directly or indirectly bound by the following major international sanctions regimes:

• A. UN Sanctions:

  • Requirement: As a UN member state, Kazakhstan is obligated to implement all UN Security Council resolutions imposing sanctions. These are universally binding.
  • Compliance: VASPs must screen customers and transactions against the UN Security Council Consolidated List (individuals and entities associated with terrorism and proliferation of weapons of mass destruction, and other sanction programs).
  • Legal Reference: UN Security Council Resolutions.
  • URL: UN Security Council Consolidated List

• B. OFAC (U.S.) Sanctions:

  • Requirement: While OFAC sanctions are primarily U.S. law, their extra-territorial reach is significant. Any VASP that deals with U.S. persons (citizens, residents, entities), uses U.S. financial systems (e.g., for USD transactions), or handles U.S.-origin technology or services, falls under OFAC's jurisdiction. Given the global nature of crypto, avoiding a U.S. nexus can be challenging.
  • Compliance: VASPs must screen against OFAC's Specially Designated Nationals And Blocked Persons List (SDN List) and other relevant sanctions lists specific to programs (e.g., Russia/Ukraine, Iran, North Korea).
  • Legal Reference: Executive Orders and U.S. Treasury Department Regulations (e.g., 31 CFR Chapter V).
  • URL: OFAC Sanctions List Search

• C. EU Sanctions:

  • Requirement: Similar to OFAC, EU sanctions have extra-territorial implications for any entity or individual doing business with EU persons, entities, or utilizing EU financial infrastructure. Many international crypto exchanges and platforms have an EU presence or serve EU customers.
  • Compliance: VASPs must screen against the EU Consolidated Financial Sanctions List.
  • Legal Reference: EU Council Regulations.
  • URL: EU Sanctions Map / Consolidated List

II. Kazakhstan's Domestic Legal Framework for AML/CFT and Sanctions

Kazakhstan has developed a robust framework to combat money laundering and terrorist financing, which inherently includes sanctions compliance.

• A. National Legislation:

  • Law of the Republic of Kazakhstan "On Counteracting Legalization (Laundering) of Criminal Proceeds and Financing of Terrorism" (No. 191-IV dated August 28, 2009, as amended): This is the primary AML/CFT law. It designates the Financial Monitoring Agency (FMA) as the competent authority and outlines the obligations of "financial organizations" and other reporting entities (which, under FATF standards, includes VASPs). It requires reporting entities to identify customers, monitor transactions, and report suspicious activities, including those related to terrorism financing and proliferation, which often involves sanctions screening.
    • Legal Reference: Закон Республики Казахстан "О противодействии легализации (отмыванию) доходов, полученных преступным путем, и финансированию терроризма" от 28 августа 2009 года № 191-IV.
    • URL (Kazakh/Russian): Adilet.zan.kz - Law on AML/CFT
  • Law of the Republic of Kazakhstan "On Digital Assets in the Republic of Kazakhstan" (No. 4-VIII dated February 6, 2023): This law regulates the issuance, circulation, and mining of digital assets. While primarily focused on licensing and operations, it integrates digital asset activities into the existing AML/CFT framework, thereby extending sanctions compliance obligations to licensed crypto entities.
    • Legal Reference: Закон Республики Казахстан "О цифровых активах в Республике Казахстан" от 6 февраля 2023 года № 4-VIII ЗРК.
    • URL (Kazakh/Russian): Adilet.zan.kz - Law on Digital Assets
  • Financial Monitoring Agency (FMA): The FMA is Kazakhstan's Financial Intelligence Unit (FIU) and the primary body responsible for enforcing AML/CFT laws, including monitoring compliance with international sanctions.
    • URL: Official FMA Website

• B. Astana International Financial Centre (AIFC):

  • Specific Regime: The AIFC operates under a separate legal system based on English common law, with its own independent financial regulator, the AIFC Financial Services Authority (AFSA). The AIFC is a key hub for crypto regulation in Kazakhstan.
  • AFSA Rules: The AFSA has specific rules for VASPs (referred to as "Distributed Ledger Technology Businesses" or DLT Businesses). These rules comprehensively incorporate FATF standards for AML/CFT and explicitly require compliance with international sanctions regimes. AFSA-regulated firms are expected to:
    • Identify, assess, and understand their money laundering and terrorist financing risks, including sanctions risks.
    • Implement robust Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures.
    • Screen customers and transactions against relevant sanctions lists (UN, OFAC, EU).
    • Report suspicious transactions (STRs) to the AFSA and/or relevant law enforcement bodies.
  • Legal Reference: AIFC Acts, AIFC Financial Services Authority (AFSA) Rules, particularly the AIFC Anti-Money Laundering and Counter-Terrorist Financing Rules and Conduct of Business Rules.
  • URL: AIFC Regulatory Framework - AFSA (Look for AML/CTF Rules and DLT Rules).

III. Sanctions Compliance Requirements for VASPs

VASPs operating in or from Kazakhstan (including the AIFC) must implement a robust compliance program that includes:

• Know Your Customer (KYC) and Customer Due Diligence (CDD): Thorough identification and verification of customers, including beneficial owners, source of funds, and nature of business.
• Sanctioned Entity Screening: Automated and ongoing screening of all customers, beneficial owners, and transaction counterparties against the UN Consolidated List, OFAC SDN List, EU Consolidated Financial Sanctions List, and any other relevant national or international lists.
• Transaction Monitoring: Real-time and retrospective monitoring of all crypto transactions for unusual patterns, high-risk jurisdictions, and direct/indirect links to sanctioned entities or jurisdictions.
• Geographic Restrictions: Implementing controls to prevent transactions involving sanctioned jurisdictions (e.g., North Korea, Iran, sanctioned regions of Ukraine/Russia) or entities based in those regions.
• Risk-Based Approach: Developing and implementing a risk-based approach to AML/CFT and sanctions compliance, proportionate to the VASP's risk profile, customer base, products, and geographies of operation.
• Reporting Obligations: Prompt reporting of any confirmed or suspected sanctions hits, as well as suspicious transactions, to the Financial Monitoring Agency (FMA) or the AFSA (for AIFC-regulated entities).
• Training and Internal Controls: Regular training for staff on sanctions compliance, maintaining up-to-date policies and procedures, and conducting independent audits of the compliance program.

IV. Geographic Restrictions

Geographic restrictions are primarily enforced through the international sanctions regimes described above. VASPs must be vigilant about transactions originating from, destined for, or involving individuals/entities in:

• UN-sanctioned countries: E.g., North Korea (DPRK), Iran (specific programs), Afghanistan (Taliban).
• OFAC-sanctioned jurisdictions: E.g., Cuba, Iran, North Korea, Syria, Venezuela, and specific regions of Ukraine (Crimea, DPR, LPR).
• EU-sanctioned jurisdictions: Similar to OFAC, with specific focus on certain regions or entities.

Transactions involving these regions or their nationals often trigger heightened scrutiny and are frequently prohibited or require specific licenses.

V. Penalties for Violations

Violations of AML/CFT and sanctions laws in Kazakhstan can result in severe penalties, including:

• Administrative Fines: Significant monetary penalties for non-compliance, varying based on the severity and frequency of the violation.
• Criminal Charges: Individuals and corporate officers can face criminal prosecution, imprisonment, and asset forfeiture for serious breaches, particularly those involving terrorism financing, money laundering, or willful evasion of sanctions.
• License Revocation: VASPs found to be in egregious non-compliance may have their licenses suspended or revoked by the FMA or AFSA.
• Reputational Damage: Loss of trust and severe damage to reputation, impacting business viability.
• International Sanctions: Firms or individuals operating in Kazakhstan who violate OFAC or EU sanctions may also face direct penalties from U.S. or EU authorities, including being added to sanctions lists themselves.

VI. Country-Specific Sanctions Lists

Kazakhstan generally does not maintain its own independent international sanctions list in the same manner as the UN, U.S. (OFAC), or EU. Instead, its legal framework (particularly the AML/CFT Law) mandates that financial institutions and reporting entities, including VASPs, comply with:

1. UN Security Council sanctions lists.
2. Lists of individuals and entities associated with terrorism and proliferation of weapons of mass destruction, compiled by the competent national authorities (e.g., the FMA in conjunction with other law enforcement/security bodies), which are often based on or mirror UN lists.
3. Through its AML/CFT obligations, Kazakhstan implicitly requires compliance with other major international lists (like OFAC and EU) for entities with international operations or exposure to those jurisdictions.

Therefore, for VASPs, the focus should be on diligently screening against the UN Consolidated List, and where relevant (which is almost always in the crypto space), OFAC's SDN list and the EU Consolidated List.

Conclusion

VASPs operating in Kazakhstan, whether nationally licensed or within the AIFC, must establish comprehensive, risk-based AML/CFT and sanctions compliance programs. This includes robust KYC/CDD, continuous screening against relevant international sanctions lists (UN, OFAC, EU), vigilant transaction monitoring, adherence to geographic restrictions, and prompt reporting of suspicious activities. Failure to comply can lead to significant financial penalties, criminal prosecution, and loss of operating licenses.

Disclaimer: This information is for general informational purposes only and does not constitute legal advice. It is essential to consult with legal professionals specializing in Kazakhstani law and international sanctions for specific advice regarding compliance obligations.