Monaco -- AML/CFT Compliance Regulatory Overview

**Loi n° 1.362 du 3 août 2009 relative à la lutte contre le blanchiment de capitaux, le financement du terrorisme et la corruption (consolidated version often available through legal databases):** Access via Journal de Monaco – search for "Loi 1.362" and its modifications for the most up-to-date text

This is the foundational AML/CFT law in Monaco. It has been significantly amended over the years to incorporate international standards, including those related to virtual assets. It defines "obliged entities" and outlines their general AML/CFT responsibilities.

**Ordonnance Souveraine n° 8.182 du 10 mars 2021 portant modification de l'ordonnance souveraine n° 2.318 du 3 août 2009 d'application de la loi n° 1.362 du 3 août 2009 modifiée, relative à la lutte contre le blanchiment de capitaux, le financement du terrorisme et la corruption, modifiée (Sovereign Ordinance No. 8.182 of March 10, 2021 amending Sovereign Ordinance No. 2.318 of August 3, 2009 implementing Law No. 1.362 of August 3, 2009, as amended, on the fight against money laundering, terrorist financing, and corruption)**

This is the critical piece of legislation specifically bringing virtual asset activities and VASPs under the scope of Monaco's AML/CFT regime. It defines virtual assets and virtual asset service providers and subjects them to the same AML/CFT obligations as traditional financial institutions.

It also stipulates that individuals or legal entities wishing to carry out VASP activities in Monaco must be **registered with the Service d'Information et de Contrôle sur les Circuits Financiers (SICCFIN)** and, in some cases, may require specific authorizations depending on the nature of services offered.

**Identification and Verification of the Client:**

**Natural Persons:** Obtain and verify the client's name, address, date and place of birth, nationality, and a unique identification number (e.g., passport or national ID card number). Verification must be based on reliable, independent source documents or data.

**Legal Entities:** Obtain and verify the name, legal form, address of the registered office, company registration number (if applicable), articles of association, and proof of legal existence and powers.

**Non-Face-to-Face Relationships:** Enhanced measures are required to mitigate the higher risk associated with non-face-to-face onboarding.

**Identification of the Beneficial Owner (BO):**

Identify the natural person(s) who ultimately own or control the client, directly or indirectly. For legal entities, this typically means anyone holding 25% or more of the shares or voting rights, or otherwise exercising control.

Verify the identity of the beneficial owner(s) using reliable, independent source documents or data.

For trusts or similar arrangements, identify the settlors, trustees, protectors, beneficiaries, and any other natural person exercising ultimate effective control over the trust.

**Understanding the Purpose and Intended Nature of the Business Relationship:**

VASPs must gather information about why the client wishes to engage in virtual asset services, the types of transactions anticipated, and the expected volume and frequency.

**Ongoing Monitoring of the Business Relationship:**

Continuously scrutinize transactions undertaken throughout the course of the relationship to ensure they are consistent with the VASP's knowledge of the client, their business, and risk profile.

Update client identification data and beneficial ownership information immediately upon any change, not merely on a regular basis.

**When Required:** In situations presenting a higher risk of money laundering or terrorist financing. This includes, but is not limited to:

Politically Exposed Persons (PEPs), their family members, and close associates.

Monaco is itself identified as a high-risk third country by the EU and is under increased monitoring by the FATF

Complex, unusually large transactions, or unusual patterns of transactions that have no apparent economic or lawful purpose.

Non-face-to-face business relationships where the risk factors are not mitigated.

Relationships involving new technologies or products that favor anonymity.

**Measures:** EDD typically involves obtaining additional information on the client and BO, conducting enhanced verification, scrutinizing the source of funds and wealth, obtaining senior management approval for establishing or continuing the business relationship, and conducting increased ongoing monitoring.

Permitted only in specifically defined low-risk situations, where the VASP is satisfied that the risks of money laundering and terrorist financing are low. Such situations are generally limited and subject to strict conditions.

**Reporting Obligation:** If a VASP knows, suspects, or has reasonable grounds to suspect that funds, virtual assets, or transactions are related to criminal activity (including money laundering, terrorist financing, or predicate offenses), they must immediately report this to SICCFIN. This applies to both completed and attempted transactions.

**No Tipping-Off:** VASPs and their employees are strictly prohibited from disclosing to the customer or any third party that a STR has been made or that a money laundering/terrorist financing investigation is being conducted.

**Immunity from Liability:** Entities and their employees who report suspicions in good faith are protected from legal liability for breach of confidentiality or any negative consequences arising from such a report.

**Identification Data:** Records of all documents and data used for client identification and verification, including beneficial owners.

**Transaction Records:** Records of all transactions, including the amount, currency (both fiat and virtual asset), date, type of transaction, and parties involved. This includes the originator and beneficiary information for virtual asset transfers (often referred to as the "Travel Rule").

**Analysis and Decision-Making:** Records of all analysis undertaken for CDD, risk assessments, and the rationale behind any decisions regarding business relationships or transactions.

**STRs:** Copies of all suspicious transaction reports filed with SICCFIN.

**Duration:** Records must be retained for a minimum of **five years** from the end of the business relationship or the date of the occasional transaction. This period can be extended upon request by SICCFIN or judicial authorities.

**Service d'Information et de Contrôle sur les Circuits Financiers (SICCFIN):** This is Monaco's Financial Intelligence Unit (FIU) and the primary administrative authority responsible for combating money laundering, terrorist financing, and corruption. It supervises AML/CFT compliance for all financial sectors, including virtual assets.

**Role:** SICCFIN acts as Monaco's Financial Intelligence Unit (FIU) and is the administrative authority responsible for receiving, analyzing, and disseminating suspicious transaction reports. It is also the supervisory authority for AML/CFT compliance for many sectors, including virtual asset service providers. SICCFIN conducts inspections, issues guidance, and can impose administrative sanctions for non-compliance.

**Website:** https://www.siccfin.gouv.mc/ (or the English version: https://en.siccfin.gouv.mc/)

Implement a robust risk-based AML/CFT program.

Conduct thorough CDD, including BO identification and ongoing monitoring.

Report any suspicious activities to SICCFIN without delay.

Maintain comprehensive records for a minimum of five years.

Ensure adequate internal controls, staff training, and appointment of an AML/CFT Compliance Officer.

Monaco's specific regulatory framework for Virtual Asset Service Providers (VASPs) is not yet in place; the government has announced plans to introduce a new crypto framework by the end of 2026 to address gaps in its anti-money laundering regime.

Law No. 1.516 of 23 December 2021 on virtual assets, as amended by Law No. 1.575 of 17 June 2025

**Sovereign Ordinance No. 9.206 of 7 March 2022** implementing Law No. 1.516, which requires VASPs to obtain prior approval from the Minister of State after consulting the Commission de Contrôle des Activités Financières (CCAF) and to comply with AML/CFT obligations under the supervision of SICCFIN.

Enforcement in Monaco includes highly publicized, large-scale fines against specific entities, such as the €6 million fine imposed on UBS for compliance failures, alongside administrative warnings, corrective orders, or private settlements.

Monégasque authorities do publicize individual enforcement actions, as shown by the public disclosure of a €6 million fine against UBS for anti-money laundering failures, including details of specific violations like a 253-day delayed report.

**Commission de Contrôle des Activités Financières (CCAF):** The CCAF supervises all financial activities in the Principality, including the authorization and ongoing supervision of financial institutions and now, in consultation, VASPs.

**SICCFIN Annual Reports:** These reports provide aggregated statistics on suspicious activity reports, controls, and general trends, but typically do not name specific entities subject to enforcement or provide details of penalties.

*Example Report (latest available provides context for 2022 activities):* https://www.siccfin.mc/wp-content/uploads/2023/07/Rapport_annuel_2022_SICCFIN.pdf (in French)

**Monaco's Legal Framework for Virtual Assets:**

**Law No. 1.516 of 23 December 2021 (Loi n° 1.516 du 23/12/2021 sur les actifs virtuels):** https://legimonaco.mc/305/legismclois.nsf/baf3e32b6183e874c125785000350d26/f675628b0561ae33c125879700344d2d?OpenDocument (in French)

**Sovereign Ordinance No. 9.206 of 7 March 2022 (Ordonnance Souveraine n° 9.206 du 07/03/2022 portant application de la loi n° 1.516 sur les actifs virtuels):** https://legimonaco.mc/305/legismclois.nsf/baf3e32b6183e874c125785000350d26/8966c8b9d997f37bc12587e60049ce41?OpenDocument (in French)

**MONEYVAL Reports:** Monaco is regularly assessed by MONEYVAL (Council of Europe's Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism). These reports provide an overview of Monaco's AML/CFT framework and its effectiveness, including for virtual assets.

*Example (latest follow-up report for Monaco, Oct 2023):* https://www.coe.int/en/web/moneyval/-/moneyval-publishes-a-follow-up-report-on-monaco

**Loi n° 1.482 du 17 décembre 2019 relative aux actifs numériques (Law No. 1.482 of December 17, 2019 on Digital Assets):** This law defines digital assets, regulates initial coin offerings (ICOs), and requires VASPs to obtain authorization from the *Commission de Contrôle des Activités Financières* (CCAF).

**Loi n° 1.362 du 3 août 2009 modifiée, relative à la lutte contre le blanchiment de capitaux, le financement du terrorisme et la corruption (Law No. 1.362 of August 3, 2009, as amended, on the Fight against Money Laundering, Terrorist Financing, and Corruption):** This is the cornerstone AML/CFT law in Monaco. It designates VASPs as obliged entities and sets out their obligations, including customer due diligence (CDD), ongoing monitoring, record-keeping, and suspicious transaction reporting (STR) to the *Service d'Information et de Contrôle sur les Circuits Financiers* (SICCFIN).

**Sovereign Ordinances and Ministerial Decrees:** These instruments detail the implementation of international sanctions regimes (UN, EU) into Monegasque law.

**Compliance:** As a UN member state, Monaco is legally bound to implement all sanctions imposed by the United Nations Security Council (UNSC) under Chapter VII of the UN Charter. These sanctions are primarily focused on terrorism, proliferation of weapons of mass destruction, and specific regimes/individuals.

**Implementation:** UN sanctions are typically transposed into Monegasque law through Sovereign Ordinances, making them directly applicable and enforceable within the Principality.

**Requirements for VASPs:** VASPs must immediately freeze funds and economic resources belonging to, or controlled by, individuals and entities designated on UN sanctions lists. They must also prohibit making funds or economic resources available to such sanctioned parties.

**Legal Reference:** UN Security Council Resolutions (e.g., those establishing sanctions committees like ISIL (Da'esh) and Al-Qaida Sanctions Committee) are implemented via Monaco's legal framework. An example of Monaco's implementing legislation would be a Sovereign Ordinance specifically referring to a UNSC resolution.

**Compliance:** While Monaco is not an EU member state, it has a close relationship with the EU and typically *transposes* or *mirrors* EU sanctions regulations into its national law, especially those concerning financial activities. This ensures alignment with its major economic partners and maintains its reputation as a sound financial center.

**Implementation:** EU restrictive measures (sanctions) are typically adopted by Monaco through Sovereign Ordinances or Ministerial Decrees, which reference the specific EU Council Regulations. This makes them legally binding within Monaco.

**Requirements for VASPs:** VASPs must comply with the adopted EU sanctions, which include:

**Asset Freezes:** Freezing funds and economic resources of designated individuals and entities (persons, groups, entities).

**Prohibition on Making Funds Available:** Not making funds or economic resources directly or indirectly available to or for the benefit of designated persons.

**Specific Sectoral Sanctions:** Adhering to restrictions on certain goods, services, or technologies (e.g., dual-use goods, luxury items, financial services, crypto-asset services for specific regions like Russia).

**Travel Bans:** Though less directly applicable to VASPs, these often accompany financial sanctions.

*General reference for EU sanctions:* EUR-Lex database (https://eur-lex.europa.eu/) for Council Regulations.

*Monaco's implementation:* Search the Journal de Monaco (https://journaldemonaco.gouv.mc/) for Sovereign Ordinances related to specific restrictive measures.

**Compliance:** The US Office of Foreign Assets Control (OFAC) sanctions are extra-territorial. While Monaco does not have a legal obligation to enforce OFAC sanctions directly through its national law, any Monegasque VASP that:

Deals with US persons (citizens, residents, entities).

Uses US financial institutions or payment processors.

Facilitates transactions involving US-origin technology or services.

**Requirements for VASPs:** VASPs must screen all their customers and transactions against OFAC's various sanctions lists, particularly the Specially Designated Nationals and Blocked Persons (SDN) List. They must also be aware of sectoral sanctions (e.g., Russia-related SSI List) and broader country-based sanctions programs.

**Legal Reference:** U.S. Treasury Department, Office of Foreign Assets Control (OFAC) website (https://ofac.treasury.gov/).

**Initial Onboarding:** Before establishing any business relationship.

**Ongoing Monitoring:** Regularly throughout the business relationship, particularly when lists are updated.

**Per-Transaction Screening:** For higher-risk transactions or for specific geographic areas.

**UN Sanctions Lists:** Consolidated lists published by the UN Security Council Sanctions Committees.

**EU Sanctions Lists:** The consolidated list of persons, groups, and entities subject to EU financial sanctions.

**OFAC Sanctions Lists:** Primarily the SDN List, but also other lists relevant to specific programs (e.g., SSI List, Non-SDN Palestinian Legislative Council List).

**Domestic Lists (if applicable):** Any specific lists published by SICCFIN or other Monegasque authorities.

**Prohibition on Services:** VASPs cannot offer services (e.g., exchange, custody, transfer) to individuals or entities located in, or ordinarily resident in, comprehensively sanctioned jurisdictions (e.g., Cuba, Iran, North Korea, Syria under OFAC; specific regions under EU sanctions like Crimea, Donetsk, Luhansk).

**Heightened Due Diligence:** Transactions involving high-risk jurisdictions or jurisdictions under specific sanctions programs (even if not comprehensive bans) require enhanced due diligence and scrutiny.

**Origin/Destination of Funds:** VASPs must identify the origin and destination of virtual assets to ensure they are not directly or indirectly linked to sanctioned entities or regions.

**IP Address Blocking:** Implementing technical controls like IP blocking for regions subject to comprehensive sanctions can be part of a robust compliance program.

**Administrative Sanctions (imposed by SICCFIN):**

**Fines:** Significant monetary fines, which can be substantial and proportionate to the seriousness of the breach.

**Temporary or Permanent Suspension:** Suspension or revocation of operating licenses or authorization for VASPs.

**Specific Injunctions:** Orders to implement specific corrective measures.

**Imprisonment:** Individuals (e.g., compliance officers, directors) found responsible for serious violations, especially those involving intentional breaches or gross negligence, can face terms of imprisonment.

**Criminal Fines:** Substantial fines imposed by the judiciary.

**Reputational Damage:** Significant damage to the VASP's reputation, making it difficult to operate or secure banking relationships.

**Loss of License:** Permanent revocation of authorization.

**Loi n° 1.362 du 3 août 2009 sur la lutte contre le blanchiment de capitaux, le financement du terrorisme et la corruption (as amended), Titre VI (Sanctions).** Specific articles within this title detail the administrative and criminal penalties.

**Monaco's implementation of UN Lists:** The consolidated list of individuals and entities designated by UN Security Council sanctions committees.

**Monaco's implementation of EU Lists:** The consolidated list of persons, groups, and entities subject to EU restrictive measures.

**No separate "Monaco Sanctions List" for crypto:** VASPs will primarily be concerned with ensuring their compliance programs correctly integrate and screen against the international lists that Monaco has legally adopted.

Comprehensive screening against UN, EU (as transposed by Monaco), and OFAC sanctions lists.

Due diligence on all customers and transactions.

Understanding and adherence to geographic restrictions.

Procedures for asset freezing and reporting of hits or suspicious activities to SICCFIN.

Regular updates to screening systems and policies to reflect changes in sanctions regimes.

**Role:** The primary body responsible for approving and supervising Digital Asset Offerings (DAOs) under Law No. 1.492. It ensures compliance with the requirements for transparency, investor protection, and market integrity related to these public offerings.

**Role:** Monaco's Financial Intelligence Unit (FIU), responsible for enforcing anti-money laundering and counter-terrorist financing (AML/CTF) regulations across all financial sectors, including virtual assets. Virtual asset service providers (VASPs) are subject to SICCFIN's oversight regarding their AML/CTF obligations.

**Law No. 1.492 of July 8, 2020 on virtual assets:**

**Purpose:** This is the foundational law for virtual assets in Monaco. It defines "virtual assets" and "Digital Asset Offerings (DAOs)," establishing a framework for their issuance. It sets out the conditions and procedures for obtaining authorization from the CCAF for a DAO, including requirements for transparency, information disclosure, and issuer responsibility. The law aims to create a secure legal environment for blockchain projects.

**URL (Official Text - Journal de Monaco):** https://journaldemonaco.gouv.mc/Journaux/2020/Journal-8495/Loi-n-1.492-du-8-juillet-2020-sur-les-actifs-virtuels

**Sovereign Ordinance No. 8.239 of 23 October 2020 on the application of Law No. 1.492 of July 8, 2020 on virtual assets:**

**Purpose:** This ordinance provides the specific implementing details and procedures for Law No. 1.492, outlining the practical steps for obtaining DAO authorization and the ongoing obligations of authorized issuers.

**Law No. 1.362 of 8 July 2009 on the fight against money laundering, terrorist financing and corruption, as amended:**

**Date:** Original law July 8, 2009, significantly amended over time (e.g., in 2020 and 2022) to incorporate FATF recommendations and include virtual assets.

**Purpose:** This comprehensive AML/CTF law applies to all financial activities in Monaco, including those involving virtual assets. It mandates obligations for designated non-financial businesses and professions (DNFBPs) and financial institutions, including virtual asset service providers (VASPs), to conduct customer due diligence (KYC), transaction monitoring, and suspicious activity reporting to SICCFIN.

**URL (Consolidated text, unofficial source as official updates can be complex):** https://www.legimonaco.mc/625/legimonaco/Lois/2009/Loi-n-1-362-du-8-juillet-2009-relative-a-la-lutte-contre-le-blanchiment-de-capitaux-le-financement-du-terrorisme-et-la-corruption.html (This is a legal information portal for Monaco laws, not the official Journal, but often more up-to-date with amendments).

**No Specific Licensing for Trading (yet):** Law No. 1.492 primarily regulates the *issuance* of virtual assets (DAOs) and does not establish a distinct licensing regime specifically for virtual asset trading platforms or exchanges *as such*. Unlike some other jurisdictions, there isn't a dedicated "crypto exchange license" yet.

**Strong AML/CTF Obligations:** Any entity operating a virtual asset exchange, custody service, or other virtual asset service provider (VASP) in Monaco is strictly subject to the **AML/CTF framework** overseen by SICCFIN. This means they must:

Implement robust customer due diligence (Know Your Customer - KYC) procedures.

Monitor transactions for suspicious activities.

Report suspicious transactions to SICCFIN.

**General Business Licensing:** Companies wishing to establish a virtual asset trading platform or exchange in Monaco would also need to comply with general business establishment and licensing requirements applicable to any commercial entity in the Principality.

**Cautious but Open:** Monaco is keen to attract innovative blockchain and fintech businesses, and its DAO framework is a testament to this. However, it prioritizes financial integrity and investor protection. While not banning trading or exchanges, it ensures that any activities within its jurisdiction comply with international AML/CTF standards and its domestic legal framework.

**Adopted:** Yes, the FATF Travel Rule requirements are incorporated into Monegasque law.

**Key Legislation:** The primary legislative text that updated Monaco's AML/CFT framework to specifically address virtual assets and implement the Travel Rule is **Ordonnance Souveraine n° 8.761 du 10 novembre 2021 modifiant l'Ordonnance Souveraine n° 1.362 du 3 août 2009 relative à la lutte contre le blanchiment de capitaux, le financement du terrorisme et la corruption** (Sovereign Ordinance No. 8.761 of November 10, 2021, amending Sovereign Ordinance No. 1.362 of August 3, 2009, on the fight against money laundering, terrorist financing, and corruption).

This Ordinance amended the fundamental AML/CFT law: **Loi n° 1.362 du 3 août 2009 relative à la lutte contre le blanchiment de capitaux, le financement du terrorisme et la corruption**.

*Note: While the primary law is from 2009, it has been significantly amended over time to align with updated FATF recommendations, with the 2021 Ordinance being crucial for virtual assets.*

**Effective Date:** The Sovereign Ordinance n° 8.761 entered into force upon its publication, which was **November 19, 2021**.

Monaco generally follows the FATF Recommendation 16 for wire transfers and its application to virtual assets.

**For VASP-to-VASP transfers:** There is effectively **no de minimis threshold** for the mandatory information exchange for transfers between two obliged entities (VASPs). Full originator and beneficiary information must be collected and transmitted for *all* virtual asset transfers, regardless of value, between registered VASPs.

**For transfers involving an unhosted wallet (or transfers not between two obliged entities):** When a VASP initiates or receives a virtual asset transfer with an unhosted wallet, due diligence requirements (including collecting information about the originator/beneficiary) typically kick in. The **EUR 1,000 threshold** (or equivalent in other currencies/virtual assets) usually applies in scenarios where a VASP is interacting with a non-VASP entity, requiring the VASP to obtain and hold relevant information for transactions above this amount. Below this threshold, simplified due diligence might apply, but transaction monitoring remains crucial.

**Custody of digital assets or cryptographic keys** on behalf of third parties.

**Exchange services** between digital assets and fiat currencies, or between different digital assets.

**Operation of a trading platform** for digital assets.

**Transfer of digital assets** (which directly implicates the Travel Rule).

**Investment advice** on digital assets.

**Ensure the secure transmission** of the required originator and beneficiary information to the beneficiary VASP (or to the originator VASP when receiving funds).

**Adopt reliable and interoperable solutions** to facilitate this information exchange, allowing for seamless communication with other VASPs, domestically and internationally.

**Implement systems** that can handle both incoming and outgoing Travel Rule data.

**Verify the accuracy** of the information received and take appropriate action if discrepancies or missing information are identified.

**Maintain records** of all collected and transmitted information for at least five years.

**Name** (of the customer who initiated the transfer).

**Account number** (or unique transaction identifier, e.g., the sending wallet address/ID).

**Physical address** (of the customer).

**National identity number, customer identification number, or date and place of birth** (depending on the VASP's CDD records).

**Name** (of the customer who is the intended recipient).

**Administrative Sanctions:** The supervisory authorities (such as the Direction de l'Expansion Économique - DEE, and the Service d'Information et de Contrôle sur les Circuits Financiers - SICCFIN) can impose administrative sanctions, which may include:

Temporary or permanent withdrawal of authorization or registration.

Appointment of a provisional administrator.

**Financial Penalties:** Substantial monetary fines can be levied on institutions and their responsible individuals. These fines can range from thousands to millions of Euros, depending on the severity and recurrence of the breach. For example, severe breaches of AML/CFT obligations can lead to fines of up to EUR 5 million for legal entities and EUR 1 million for individuals, or even a percentage of the annual turnover.

**Criminal Penalties:** In cases of deliberate or systematic non-compliance, particularly where it facilitates money laundering or terrorist financing, criminal charges can be brought against the VASP and its management. This can result in imprisonment for individuals and higher fines for legal entities.

**Direction de l'Expansion Économique (DEE):** Responsible for the registration and supervision of VASPs in Monaco.

**Ordonnance Souveraine n° 8.761 du 10 novembre 2021 (the key implementing text for virtual assets and Travel Rule):** Journal de Monaco - Ordonnance Souveraine n° 8.761 du 10 novembre 2021

**Direction de l'Expansion Économique (DEE) – VASP Registration and Supervision:** DEE - Activités de Services sur Actifs Numériques (French)