Latvia

**Financial Intelligence Unit (FIU) of Latvia (Finanšu izlūkošanas dienests - FID):** The primary authority responsible for registering and supervising VASPs for AML/CTPF compliance.

**Specific VASP section:** https://www.fid.gov.lv/uzraudziba/virtualo-asentu-pakalpojumu-sniedzeji (Note: Primarily in Latvian, use a translation tool.)

**Register of Enterprises of the Republic of Latvia (Latvijas Republikas Uzņēmumu reģistrs):** Responsible for the registration of legal entities in Latvia.

**Bank of Latvia (Latvijas Banka) / Financial and Capital Market Commission (FCMC):** While not the primary regulator for VASP registration, the FCMC (now integrated into the Bank of Latvia) oversees traditional financial institutions and may interact with VASPs that offer services overlapping with regulated financial activities (e.g., e-money issuance).

**Current Regime (Pre-MiCA): Registration.** Latvia requires entities engaged in virtual asset services to register with the FIU. This registration is primarily an AML/CTPF compliance obligation, meaning the focus is on preventing money laundering and terrorist financing, rather than prudential supervision (e.g., capital adequacy for consumer protection, market integrity, etc., which is typical of a full licensing regime).

**Future Regime (Post-MiCA): Licensing.** Once MiCA fully applies to VASPs (expected December 2024), Latvia will transition to a comprehensive licensing regime under MiCA. This will involve more stringent requirements, including prudential safeguards, operational resilience, and specific disclosures, and will likely be overseen by the Bank of Latvia (FCMC).

**Exchanges (Virtual Asset Exchange Service Providers):**

Entities offering services for the exchange of virtual assets against fiat currency or one or more other virtual assets. This covers both fiat-to-crypto, crypto-to-fiat, and crypto-to-crypto exchanges.

**Custody Providers (Virtual Asset Wallet Service Providers):**

Entities offering services to safeguard or administer virtual assets or instruments enabling control over virtual assets on behalf of third parties. This includes custodial wallet providers.

If a payment processor facilitates transactions directly involving virtual assets (e.g., accepting crypto payments on behalf of merchants and converting them to fiat, or enabling crypto-to-crypto payments), they will likely fall under the VASP definition as an exchange or potentially another VASP activity.

If a payment processor *only* handles fiat currency and does not touch virtual assets directly, but serves crypto businesses, they would be subject to traditional payment service regulations (PSD2/EMD) and overseen by the Bank of Latvia (FCMC), not the FIU's VASP register. However, their clients would still need VASP registration.

The applicant must be a legal entity registered in Latvia (typically a Limited Liability Company – SIA).

The company must have its registered office in Latvia.

**AML/CTPF Internal Control System (ICS):**

This is the core requirement. The company must establish a robust internal control system for AML/CTPF compliance, including:

**Risk Assessment:** A comprehensive assessment of the company's money laundering and terrorism financing risks.

**Client Due Diligence (CDD) and Enhanced Due Diligence (EDD):** Procedures for identifying and verifying clients, beneficial owners, and monitoring business relationships.

**Transaction Monitoring:** Systems for monitoring transactions for suspicious activities.

**Reporting:** Procedures for reporting suspicious transactions to the FIU.

**Record-keeping:** Maintaining records for a specified period (typically 5 years).

**Training:** Regular AML/CTPF training for employees.

The company must appoint a board member or an employee (who reports directly to the board) as the responsible person for AML/CTPF compliance (the AML Officer).

The AML Officer must have sufficient knowledge, experience, and authority. They must be a resident of Latvia or an EU/EEA member state.

The FIU assesses the suitability of the appointed AML officer.

The management board members, beneficial owners, and the AML officer must meet "fit and proper" criteria. This involves checks for criminal records, financial misconduct, and professional integrity.

The FIU will assess the reputation, experience, and financial soundness of these individuals.

While not explicitly stated as a minimum number of employees, the company must demonstrate sufficient substance and resources in Latvia to effectively manage its operations and comply with AML/CTPF obligations.

The company's management and decision-making processes should predominantly take place in Latvia or another EU/EEA member state.

There is **no specific minimum share capital requirement explicitly for VASP registration** beyond the general company incorporation requirements for a Latvian SIA.

For a standard SIA, the minimum share capital is €2,800. A micro-SIA can be established with a share capital of €1 if certain conditions are met, but this is less common for regulated businesses.

However, while there's no prescriptive capital minimum for VASP registration, the company must demonstrate **sufficient financial resources and solvency** to establish and maintain its operations, comply with its AML/CTPF obligations, and cover potential operational risks. The FIU will assess the financial stability and resources of the applicant.

A comprehensive business plan outlining the services, target market, operational structure, technological setup, and risk management framework.

**Establish a Latvian Legal Entity:** Register a Limited Liability Company (SIA) with the Register of Enterprises.

**Develop AML/CTPF Internal Control System (ICS):** Prepare a detailed AML/CTPF policy and internal procedures, tailored to the company's specific business model and risks. This is a critical and often time-consuming step.

**Appoint AML Officer:** Identify and appoint a suitable AML Officer who meets the legal requirements.

**Prepare Application Documents:** Compile all necessary documents, which generally include:

Certified copy of the AML/CTPF ICS.

CVs, education documents, and background check information for board members, beneficial owners, and the AML officer.

Information on IT systems and security measures.

**Submit Application to the FIU:** The complete application package is submitted to the Financial Intelligence Unit.

**FIU Review and Due Diligence:** The FIU will review the application, conduct due diligence on the company, its management, and beneficial owners, and assess the adequacy of the AML/CTPF ICS. This often involves interviews and requests for additional information.

**Registration Decision:** If the FIU is satisfied, the company will be registered as a VASP in Latvia and included in the public register of VASPs.

**Ongoing Compliance:** Once registered, the VASP must continuously comply with the AML/CTPF Law, its internal control system, and any additional requirements or guidance issued by the FIU. Regular reporting and audits may be required.

**Requirement:** Entities providing services of **custodial wallet providers** (which includes safekeeping or administration of virtual assets or instruments enabling control over virtual assets on behalf of clients) are considered Virtual Asset Service Providers (VASPs). They are required to register with the Latvian Financial Intelligence Unit (FID).

**Process:** The registration involves demonstrating compliance with AML/CTF requirements, including:

Developing and implementing robust internal control systems.

Appointing a responsible person for AML/CTF compliance.

Conducting customer due diligence (CDD) and ongoing monitoring.

Ensuring the fitness and propriety of management and beneficial owners.

**Law on the Prevention of Money Laundering and Terrorism Financing (AML/CFT Law)** (Nozagoto noziedzīgi iegūtu līdzekļu legalizācijas un terorisma finansēšanas novēršanas likums): This is the primary law regulating AML/CFT, which also covers sanctions compliance for obligated entities, including VASPs.

**Financial Intelligence Unit of Latvia (FID) website on VASPs:**

**Current Status:** Under the current AML framework, there are no explicit, specific rules mandating the segregation of client crypto assets for non-bank VASPs. However, general good practice, risk management principles, and the expectation of investor protection inherent in financial services would strongly suggest that reputable custodians segregate client assets from their own operational funds. For traditional financial institutions providing crypto services, existing segregation rules for client funds/assets would generally apply.

**Current Status:** There are no explicit insurance or bonding requirements specifically for custodial VASPs under the current AML registration regime in Latvia. However, the FID expects VASPs to have robust internal controls and risk management procedures, which may indirectly lead to considering insurance as a best practice for operational risks.

**Current Status:** There are no specific legislative mandates for the exclusive use of cold storage for virtual assets in Latvia. However, robust security measures for the safekeeping of client assets are expected. Industry best practices widely adopt multi-signature wallets, cold storage, and hardware security modules (HSMs) to mitigate theft and unauthorized access risks. Regulators expect VASPs to implement state-of-the-art cybersecurity measures.

**Current Status:** The Latvian AML law refers to "custodial wallet providers" as a type of VASP requiring registration. There isn't a specific definition of a "qualified custodian" that goes beyond meeting the VASP registration requirements and AML/CTF obligations.

Titles III (Asset-referenced tokens) and IV (E-money tokens) apply from **30 June 2024**.

The remaining provisions, including those for custody of other crypto-assets, apply from **30 December 2024**.

**Requirement:** Under MiCA, providing "custody and administration of crypto-assets on behalf of clients" will require a full authorization (license) from the competent authority in the home Member State – in Latvia, this will be the **Bank of Latvia (Latvijas Banka)**.

**Authorization Process:** CASPs will need to meet stringent requirements, including:

Specific organizational requirements (e.g., robust governance arrangements, internal control mechanisms).

Specific rules on the safekeeping of client crypto-assets.

Detailed information technology and security arrangements.

Suitability of management and shareholders.

**Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA):**

**Latvijas Banka (Bank of Latvia) website:** (Will provide specific guidance as MiCA implementation approaches)

**Mandate:** MiCA explicitly mandates strict segregation of client crypto-assets.

CASPs providing custody services must hold crypto-assets belonging to their clients separately from their own assets.

They must also hold crypto-assets on behalf of clients in separate wallets or accounts from crypto-assets held on behalf of other clients (unless explicit consent for omnibus accounts is obtained and specific conditions are met).

Client crypto-assets are not part of the CASP's insolvency estate.

**Regulatory Reference:** **MiCA, Article 67 (Protection of clients' crypto-assets)**.

**Prudential Safeguards:** MiCA requires CASPs to have prudential safeguards, which can be in the form of:

A combination of own funds and an insurance policy.

The amount of these safeguards is determined by the specific services offered and the volume of assets under custody, calculated as the higher of a fixed minimum amount or a percentage of the average of the previous year's fixed overheads.

**Liability:** MiCA also makes CASPs liable to their clients for any loss of client crypto-assets due to the CASP's failure or misconduct, explicitly strengthening the need for robust safeguards and potential insurance.

**Regulatory Reference:** **MiCA, Article 68 (Liability of CASPs for crypto-assets and funds of clients)** and **Article 67 (Protection of clients' crypto-assets)**.

**Security Standards:** While MiCA does not explicitly mandate "cold storage," it requires CASPs to:

Develop and maintain robust IT systems and security protocols.

Use the best available security standards to protect the private keys and crypto-assets.

Have a sound business continuity plan.

These requirements implicitly necessitate advanced security measures, making cold storage a common and expected best practice for a significant portion of assets under custody.

**Definition:** Under MiCA, an entity authorized to provide "custody and administration of crypto-assets on behalf of clients" becomes a "qualified custodian" by virtue of obtaining the MiCA authorization. This authorization confirms that the entity meets all the stringent requirements set out in the regulation regarding capital, governance, IT security, segregation, and other operational rules.

**Regulatory Reference:** **MiCA, Article 3(1)(10) (definition of 'custody and administration of crypto-assets on behalf of clients')** and **Title V (Authorisation and operating conditions for CASPs)**.

**Regulator:** Latvijas Banka (previously FCMC)

**Targeted Entities:** Virtual Asset Service Providers (VASPs), including crypto exchanges, custodial wallet providers, and those facilitating crypto-fiat conversions.

**Violation Types:** Primarily non-compliance with Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) requirements, including:

Failure to adequately perform customer due diligence (CDD) and know-your-customer (KYC) procedures.

Failure to properly identify and report suspicious transactions.

Failure to implement robust internal control systems.

Operating without proper registration or licensing as a VASP.

Lack of sufficient risk management for crypto assets.

**Penalty Amount:** Varies depending on the severity of the violation, ranging from warnings and administrative measures to significant fines. However, publicly reported large fines against *pure crypto businesses* are scarce.

**Date:** Ongoing, as part of continuous supervision. Specific enforcement dates are typically tied to investigation conclusions.

**Outcome:** Remedial actions required, potential fines, or in severe cases, withdrawal of registration/license.

**Focus on Traditional Finance:** Latvia's regulatory scrutiny has historically been very strong on traditional banking due to past large-scale money laundering scandals. Crypto enforcement might be subsumed under general AML rather than highlighted as "crypto enforcement."

**Preventative Measures:** Regulators often prioritize issuing guidance, warnings, and working with firms to establish compliance before resorting to public, large-scale fines, especially in a nascent regulatory area.

**Confidentiality:** Smaller administrative fines or warnings might not be publicly announced unless they are deemed significant enough to impact market stability or public trust.

**Latvijas Banka's (formerly FCMC) Regulatory Approach to Virtual Assets:**

The regulator has consistently issued guidelines and required VASPs to register and comply with AML/CTF obligations. Any failure in these areas would lead to enforcement.

*Note:* This link leads to Latvijas Banka's general AML/CTF policy page, under which VASP supervision falls. Specific enforcement actions against VASPs would be listed in their news releases if publicly disclosed.

**FCMC's Earlier Stance on Virtual Currencies (pre-2023 merge):**

The FCMC had emphasized the risks of virtual currencies and the importance of AML/CTF compliance. This laid the groundwork for current enforcement.

**Example (Historical but shows approach):** The FCMC warned against the risks of investing in virtual currencies and noted that companies providing services related to them are subject to AML/CTF law.

**Source URL (FCMC archive – may require searching within their news section for specific dates/topics):** Historically, news releases were available on `fktk.lv` (now redirects to `bank.lv`). Searching the Bank of Latvia's news archives for "virtual assets" or "kriptovalūta" might yield specific announcements, but they are generally guidance or warnings, not specific public fines against crypto firms.

**UN Security Council Resolutions:** Directly binding on UN member states, implemented through EU regulations and national law.

**EU Regulations:** Directly applicable in all EU member states, including Latvia. These cover a wide range of restrictive measures (asset freezes, travel bans, sectoral sanctions, etc.) against individuals, entities, and countries.

**U.S. OFAC Sanctions:** While not directly legally binding on Latvian entities unless they have a U.S. nexus (e.g., U.S. persons involved, transactions in U.S. dollars, U.S. origin technology), prudent VASPs operating internationally or with U.S. counterparties often screen against OFAC lists to mitigate significant financial, reputational, and legal risks.

**Law on International and National Sanctions (Starptautisko un nacionālo sankciju likums):** This specific law regulates the procedure for the implementation and supervision of international and national sanctions in Latvia.

Link to Sanctions Law (Latvian)

**Risk-Based Approach:** VASPs must implement a risk-based approach to identify, assess, understand, and mitigate their money laundering, terrorist financing, and sanctions risks. This includes specific risks associated with virtual assets.

**Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD):**

**Identification and Verification:** Ascertaining the identity of customers and beneficial owners.

**Sanctions Screening:** A critical part of CDD/EDD. Customers, their beneficial owners, and, where applicable, their counterparties must be screened against relevant sanctions lists.

**Understanding Business Relationships:** Obtaining information on the purpose and intended nature of the business relationship.

**Ongoing Monitoring:** Regularly reviewing transactions and updating CDD information, including re-screening against sanctions lists.

**Transaction Monitoring:** VASPs must monitor transactions for suspicious activities, including those that might indicate attempts to circumvent sanctions. This requires a deep understanding of typical transaction patterns and identifying deviations.

**Suspicious Activity Reports (SARs):** If a VASP suspects that funds or virtual assets are related to criminal activity (including sanctions evasion), it must file an SAR with the **Financial Intelligence Unit (FIU) of Latvia** (Finanšu izlūkošanas dienests – FID).

**Freezing of Funds/Assets:** In cases where an individual or entity is identified as sanctioned, the VASP must immediately freeze their assets (both fiat and virtual assets) and report the freeze to the FIU without tipping off the client.

**Internal Controls and Procedures:** VASPs must establish robust internal policies, controls, and procedures for sanctions compliance, risk management, record-keeping, and employee training. This includes:

Defined procedures for handling hits/alerts.

**Technology Solutions:** Given the volume of transactions and dynamic nature of sanctions lists, VASPs typically employ automated screening and transaction monitoring software.

**OFAC SDN List:** Link to OFAC SDN List

**EU Consolidated Sanctions List:** Link to EU Sanctions Map (official interactive tool by the EU)

**UN Sanctions Lists:** Link to UN Security Council Sanctions Committees

**EU Sanctions Lists:** The comprehensive list of individuals and entities subject to EU asset freezes and other restrictive measures.

**UN Sanctions Lists:** Individuals and entities designated by the UN Security Council.

**National Sanctions List (Latvia):** Latvia maintains its own Sanctions Register, administered by the FIU, which consolidates and specifies the application of international sanctions within Latvia and may include national designations.

Link to FID Sanctions Register (Latvian)

**Onboarding:** During the initial CDD process for every new customer and beneficial owner.

**Ongoing Monitoring:** Regularly (e.g., daily) screening existing customers and beneficial owners against updated sanctions lists.

**Transaction Screening:** Screening counterparties or specific transaction details where applicable and feasible.

**Prohibited Jurisdictions:** Avoiding engagement with customers, transactions, or virtual assets originating from or destined for countries subject to comprehensive embargoes or targeted sanctions (e.g., North Korea, Iran, specific regions like Crimea).

**High-Risk Jurisdictions:** Applying enhanced due diligence for transactions involving jurisdictions identified by the Financial Action Task Force (FATF) or the EU as high-risk for ML/TF.

**Specific Economic Sector Restrictions:** EU sanctions can impose restrictions on certain economic sectors in specific countries (e.g., energy, finance, defense in relation to Russia). VASPs must ensure that virtual asset transactions do not facilitate circumvention of these sectoral sanctions.

**Administrative Fines:** Substantial monetary penalties imposed by the Bank of Latvia (supervisory authority) or the FIU. The AML/CFT Law allows for fines up to 10% of the VASP's annual turnover or €5,000,000, whichever is higher, for serious breaches. For individuals, fines can range up to several hundred thousand euros.

*Reference:* Articles 49-51 of the AML/CFT Law (Latvian).

**Withdrawal of License/Registration:** The Bank of Latvia can suspend or revoke a VASP's registration, effectively prohibiting them from operating.

**Criminal Liability:** Sanctions evasion, money laundering, and terrorist financing are serious criminal offenses in Latvia. Individuals involved can face:

**Imprisonment:** Up to several years, depending on the severity and scale of the offense.

**Confiscation of Assets:** Criminal proceeds and assets used in the commission of the crime can be confiscated.

*Reference:* The Criminal Law of Latvia (Krimināllikums) contains provisions for money laundering (Article 195) and financing of terrorism (Article 77.2), which would apply to sanctions evasion.

**Reputational Damage:** Significant harm to the VASP's reputation, leading to loss of customers, banking relationships, and investor trust.

**FID Sanctions Register:** This register consolidates information on individuals and entities subject to international (UN, EU) and any specific national sanctions. While primarily reflecting EU/UN lists, it serves as the official national reference point for applying sanctions within Latvia.

**Partial (currently transitioning to Comprehensive):**

**Current State:** The primary focus is on AML/CFT compliance. Virtual Asset Service Providers (VASPs), such as crypto exchanges and custodian wallet providers, are required to register and adhere to strict AML/CFT obligations. Beyond AML/CFT, there isn't a specific licensing regime for most crypto-asset services *yet*, unless the crypto asset qualifies as a security or other regulated financial instrument under existing laws.

**Future State (with MiCA):** Latvia will fully implement the EU's MiCA regulation, which introduces a comprehensive and harmonized regulatory framework for crypto-asset issuers and service providers across the EU. This will move Latvia's approach from partial to comprehensive, covering authorization, operational requirements, consumer protection, and market abuse rules.

**Bank of Latvia (Latvijas Banka):**

Effective January 1, 2023, the Financial and Capital Market Commission (FCMC), which previously supervised financial markets, was merged into the Bank of Latvia.

Therefore, the **Bank of Latvia** is now the primary competent authority responsible for the supervision of virtual asset service providers (VASPs) regarding AML/CFT compliance in Latvia. It will also be the national competent authority for enforcing MiCA in Latvia.

**Directive (EU) 2018/843 (Fifth Anti-Money Laundering Directive - AMLD5):** This directive mandated that crypto exchanges and custodian wallet providers be subject to AML/CFT rules and register with national authorities. (Effective in EU: July 2018).

**Directive (EU) 2021/73 (Sixth Anti-Money Laundering Directive - AMLD6):** Further enhanced the EU's AML/CFT framework, including expanding the list of predicate offenses for money laundering. (Effective in EU: March 2021).

**Dates:** Rules for asset-referenced tokens (ARTs) and e-money tokens (EMTs) apply from **30 June 2024**. Rules for all other crypto-assets and crypto-asset service providers (CASPs) apply from **30 December 2024**.

**Likums par noziedzīgi iegūtu līdzekļu legalizācijas un terorisma un proliferācijas finansēšanas novēršanu (Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing):** This is Latvia's primary AML/CFT law, transposing the EU AML directives into national legislation. It defines VASPs and sets forth the requirements for their registration and ongoing compliance with AML/CFT measures.

**Latest Consolidated Version (via Likumi.lv, the official Latvian legal portal):** https://likumi.lv/ta/id/292850-likums-par-noziedzīgi-iegutu-lidzeklu-legalizacijas-un-terorisma-un-proliferacijas-finansesanas-noversanu

**Tax Laws:** Existing tax legislation (e.g., Personal Income Tax Law, Corporate Income Tax Law) applies to income and profits derived from virtual asset activities.

**Legal but Regulated:** Crypto trading and the operation of crypto exchanges are legal in Latvia. However, they are subject to significant regulatory oversight, primarily for AML/CFT purposes.

Entities operating as **Virtual Asset Service Providers (VASPs)** in Latvia (which include crypto exchanges, custodian wallet providers, and certain other service providers facilitating virtual asset transactions) are required to **register with the Bank of Latvia**.

This registration entails demonstrating robust internal control systems for AML/CFT, conducting Know Your Customer (KYC) checks, monitoring transactions for suspicious activities, and reporting to the Financial Intelligence Unit (FIU) of Latvia.

**No Specific "Licensing" (pre-MiCA):** Currently, the registration primarily addresses AML/CFT obligations. It is not a full operational license in the way traditional financial institutions obtain licenses. There are no specific conduct-of-business rules, capital requirements, or specific consumer protection measures for VASPs beyond the general consumer protection laws, unless the asset is deemed a security.

Once MiCA fully applies, the current AML-focused registration will be largely superseded by a more comprehensive authorization and licensing regime for **Crypto-Asset Service Providers (CASPs)**.

CASPs will need to obtain authorization from the Bank of Latvia (or another EU competent authority if passporting services) to offer services such as operating a trading platform for crypto-assets, providing custody and administration of crypto-assets, exchanging crypto-assets for fiat or other crypto-assets, providing advice on crypto-assets, or portfolio management.

MiCA will introduce strict organizational, prudential, and conduct-of-business requirements for CASPs, along with rules for market integrity and consumer protection.

**Taxation:** Profits from crypto trading are generally subject to personal income tax (for individuals) or corporate income tax (for companies) according to existing Latvian tax laws. The exact tax treatment can depend on the classification of the activity (e.g., as capital gains, business income, or speculative income).

**Adopted:** Yes. The FATF Travel Rule requirements are incorporated into Latvian law, primarily through the **Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing (NILLTPFN)**.

**Effective Date:** The legal framework for regulating Virtual Asset Service Providers (VASPs) and requiring their registration in Latvia became effective on **July 1, 2021**. This included the obligation for VASPs to comply with AML/CFT requirements, which encompass the Travel Rule.

The Financial and Capital Market Commission (FCMC), which was the primary regulator for financial services (now merged into Latvijas Banka), issued detailed **Recommendations for virtual asset service providers in implementing the requirements of the Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing** in July 2021, providing practical guidance for implementation.

**VASP-to-VASP Transfers:** For transfers between two VASPs, the Travel Rule information (originator and beneficiary details) must be obtained and transmitted **regardless of the amount of the transaction.** There is no minimum threshold for VASP-to-VASP transfers.

**Transactions Involving Unhosted Wallets:** When a VASP sends virtual assets to or receives virtual assets from an unhosted (self-hosted) wallet:

If the transaction value is **EUR 1,000 or more**, the VASP must apply enhanced customer due diligence (CDD) measures to ascertain the identity of the owner of the unhosted wallet.

For transactions *below* EUR 1,000, VASPs still need to apply a risk-based approach, but enhanced CDD for identifying the unhosted wallet owner is not automatically triggered by a threshold.

Exchange between virtual assets and fiat currencies.

Exchange between one or more forms of virtual assets.

Custody and/or administration of virtual assets or instruments enabling control over virtual assets.

Participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset.

**Collect Information:** Obtain the necessary originator and beneficiary information as prescribed by the Travel Rule (e.g., name, account number/wallet address, physical address, national ID number/customer ID, date of birth for individuals; legal name, registered address, registration number for legal entities).

**Store Information:** Maintain records of this information securely and in a manner that allows for retrieval and submission to competent authorities upon request, for a period of at least five years (and potentially up to 10 years).

**Transmit Information:** Have robust internal control systems and procedures to securely transmit the required information to the beneficiary VASP during or before the transaction execution.

**Risk Assessment:** Implement effective risk management procedures for transactions involving virtual assets, especially those involving unhosted wallets or high-risk jurisdictions.

**Data Protection:** Ensure compliance with personal data protection regulations (e.g., GDPR) when collecting, storing, and transmitting personal data related to virtual asset transactions.

For legal entities, fines can be up to **EUR 5,000,000** or up to **10% of the total annual turnover** (whichever is higher), in serious or repeated cases.

For individuals (e.g., board members), fines can be up to **EUR 700,000**.

Withdrawal or suspension of a VASP's registration/license.

Public statements (naming and shaming) about the non-compliant entity and the nature of the breach.

Ordering cessation of illegal practices.

**Criminal Liability:** In cases of severe and intentional money laundering or terrorism financing, individuals involved can face criminal charges and imprisonment under the Latvian Criminal Law.

*Note: An official English translation may not be directly available online for free; however, the FCMC (now Latvijas Banka) guidance provides the practical application.*

**FCMC (now Latvijas Banka) Recommendations for virtual asset service providers:**

Direct link to the English PDF document (dated 14 July 2021): https://www.bank.lv/en/images/stories/publikacijas/norm_akti/fktk_ieteikumi_vasp_anglu_valoda.pdf

*Section 7, "Requirements for Money or Virtual Asset Transfers," specifically addresses the Travel Rule, including thresholds and information requirements (pages 20-22 of the PDF).*