Montenegro

There is **no specific "crypto exchange license"**.

All exchanges, regardless of fiat handling, are considered "obligated entities" under AML laws and must comply with those provisions.

**Custody Providers (of Virtual Assets):**

There is **no specific "crypto custody license"**.

Custody providers are subject to **AML/CTF obligations** as "obligated entities."

If the virtual assets held in custody are deemed to be "securities" under Montenegrin law, then a license from the **Capital Market Commission (KHOV)** for providing investment services (e.g., safekeeping of financial instruments) might be required. This is a case-by-case assessment.

There is **no specific "crypto payment processor license"**.

If the processing involves fiat currency (e.g., converting crypto payments into fiat for merchants), it could fall under the **Law on Payment Services** and require a license from the **CBCG** as a payment institution.

If the processing is purely crypto-to-crypto and does not touch fiat or traditional payment rails, the primary obligation would be **AML/CTF compliance**.

**AML/KYC (Anti-Money Laundering / Know Your Customer):** This is the most critical requirement for any VASP operating in Montenegro.

**Customer Due Diligence (CDD):** Implementing robust KYC procedures for all clients.

**Ongoing Monitoring:** Monitoring transactions and client relationships for suspicious activities.

**Reporting:** Reporting suspicious transactions (STRs) to the Financial Intelligence Unit (FZPCG).

**Risk Assessment:** Conducting a comprehensive risk assessment of ML/TF risks.

**Internal Controls:** Establishing internal policies, procedures, and controls for AML/CTF.

**AML Officer:** Appointment of a designated AML Officer and providing regular training to staff.

There are **no specific capital requirements** for being a VASP *solely* under AML obligations.

However, if a license from the **CBCG** (for payment services/e-money) or **KHOV** (for investment services) is required, then specific capital requirements would apply based on those respective laws. For instance, payment institutions have minimum capital requirements (e.g., €20,000 to €125,000 depending on services).

An entity generally needs to be **incorporated in Montenegro** to conduct business activities and be subject to local regulation.

A registered office and local management/personnel, including a local AML Officer, would typically be expected for AML compliance.

**Company Registration:** Establish a legal entity (e.g., LLC) in Montenegro with the Central Registry of Commercial Entities (CRPS).

**AML Framework Implementation:** Develop and implement comprehensive AML/CTF policies, procedures, and controls, appoint an AML Officer, and conduct a risk assessment.

**Registration/Notification with FZPCG:** As an "obligated entity" under the AML Law, VASPs are expected to register with or notify the **Financial Intelligence Unit (FZPCG)** of their activities and reporting obligations. The FZPCG provides guidance and oversight for AML compliance.

If payment services are involved (fiat transactions), apply for a **payment institution license from the Central Bank of Montenegro (CBCG)**, following their specific application procedures, which include extensive documentation, business plan, capital verification, and fit-and-proper assessments.

If the virtual assets are deemed securities, apply for the relevant **investment services license from the Capital Market Commission (KHOV)**.

**Law on Prevention of Money Laundering and Terrorism Financing:**

This is the core AML/CTF legislation. The current version (with amendments) is "Official Gazette of Montenegro", no. 33/2021, 15/2022, 100/2022 and 125/2023.

While finding a direct English translation of the latest consolidated law can be challenging, the **Financial Intelligence Unit (FZPCG)** is the primary authority for its implementation. Their website provides information and guidance:

**Financial Intelligence Unit of Montenegro (FZPCG):** https://www.fzpcg.gov.me/ (Check their "Legislation" or "Activities" section for relevant laws and guidelines).

**Central Bank of Montenegro (CBCG):**

Responsible for licensing payment institutions and electronic money institutions.

**CBCG Official Website:** https://www.cbcg.me/ (Look for sections on Payment Services, Licensing, or Regulations for Payment Institutions). The relevant law is the Law on Payment Services ("Official Gazette of Montenegro", no. 3/2024).

Responsible for regulating securities and investment services.

**KHOV Official Website:** https://www.khoc.me/ (Check for information on Investment Funds, Financial Instruments, and Licensing of Investment Companies).

**Evolving Landscape:** The regulatory landscape for virtual assets is rapidly evolving globally. Montenegro may introduce dedicated VASP licensing in the future, possibly aligning with EU directives like MiCA (Markets in Crypto-Assets).

**Legal Advice:** Due to the complex and evolving nature, and the application of existing laws by analogy, it is **imperative to seek specialized legal advice** from Montenegrin lawyers experienced in financial regulation before engaging in any virtual asset activities. They can provide precise guidance based on your specific business model.

**Law on Prevention of Money Laundering and Terrorism Financing (Zakon o sprječavanju pranja novca i finansiranja terorizma):** This is the primary legislation. While an official English translation with a direct URL might be hard to find, the official Montenegrin legal gazette (Službeni list Crne Gore) publishes it. The most relevant amendments were made in 2021 to address virtual assets.

Custody and/or administration of virtual assets or instruments enabling control over virtual assets.

Participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset.

Exchanges between virtual assets and fiat currencies.

Exchanges between one or more forms of virtual assets.

Collect required originator and beneficiary information.

Transmit this information securely and reliably to the beneficiary VASP (or store it for non-VASP beneficiaries).

Screen transactions for sanctions compliance and suspicious activity.

Respond to requests for information from competent authorities.

**Administrative Fines:** Significant monetary penalties for legal entities and responsible persons within those entities.

**Revocation of Licenses:** Suspension or permanent revocation of operating licenses for VASPs.

**Criminal Charges:** In cases of severe or intentional non-compliance, particularly where money laundering or terrorism financing is involved, criminal charges can be brought against individuals and corporate officers.

The penalties are designed to be proportionate and dissuasive, reflecting the severity of the violation.

*Reference (Montenegrin Legal Gazette):* You would typically find it on the official portal of "Službeni list Crne Gore".

**Financial Intelligence Unit (FIU) of Montenegro (Uprava za sprečavanje pranja novca i finansiranja terorizma - USPNFT):** This is the main supervisory body for AML/CFT compliance, including for VASPs. Their website may contain guidance.

*Website:* https://www.uspnft.gov.me/ (Content primarily in Montenegrin).

*Reference:* **MONEYVAL Follow-up report and technical compliance re-rating of Montenegro** (Adopted: 10 May 2023).

*Relevant excerpt from the May 2023 Moneyval report (page 14):* "Montenegro has addressed the deficiencies identified in its AML/CFT Law and bylaws regarding FATF R.15 (virtual assets and VASPs) and it has been re-rated from PC to C. The AML/CFT law has been amended in 2021 by transposing EU 5AMLD, which now includes a comprehensive framework for VASPs. The requirements for obliged entities (VASPs) are fully incorporated into the AML/CFT Law and bylaws. They include customer due diligence, reporting suspicious transactions, and requirements for record-keeping and travel rule."

**Definition of VASP:** Article 2(1)(7) defines a "virtual asset service provider" as a legal entity that, as its regular business activity, provides one or more of the virtual asset services specified in Article 18.

**Custody Service:** Article 18(1)(2) specifies "custody of digital assets for third parties" as a regulated virtual asset service.

**Licensing Authority:** The Capital Market Authority (KAP) is responsible for issuing, supervising, and revoking licenses for VASPs (Article 20).

**Licensing Conditions (Article 21):** Applicants for a VASP license must meet several conditions, including:

Legal entity established in Montenegro.

Adequate organizational structure, internal control mechanisms, and risk management systems.

Suitable professional qualifications and reputation of management and key personnel.

Adequate technical and security measures for the safekeeping and protection of digital assets.

**Minimum capital requirements** and guarantees for covering potential liabilities.

**Measures for the protection of client assets.**

Possession of a cybersecurity certificate.

**Law on Blockchain, Digital Assets and Individual Digital Identifiers** (Zakon o blokčejnu, digitalnoj imovini i individualnim digitalnim identitetima) - Official publication in the "Official Gazette of Montenegro," No. 80/23.

*While an official English translation by the government may not be directly available online, legal firms often provide summaries. The Montenegrin text is the authoritative source.*

**Capital Market Authority (KAP) website:** https://www.kap.co.me/ (For official announcements and forms related to licensing)

**Article 21(1)(9) of the Law on Blockchain, Digital Assets and Individual Digital Identifiers** explicitly requires VASPs to implement "measures for the protection of client assets." This typically implies segregation, ensuring that client assets are identifiable and separate from the VASP's own assets, to prevent commingling and protect clients in case of VASP insolvency. While the law doesn't detail *how* assets must be segregated (e.g., separate wallets, omnibus accounts with clear ledgering), the requirement for "measures for the protection of client assets" is the legal basis.

**Article 21(1)(7) of the Law on Blockchain, Digital Assets and Individual Digital Identifiers** states that a VASP must meet "minimum capital requirements" and provide "guarantees for the coverage of potential liabilities arising from the provision of virtual asset services."

These "guarantees" can take various forms, including professional indemnity insurance or other financial instruments designed to cover risks such as cyber-attacks, operational failures, or loss of client assets. The specific nature and amount of these guarantees are likely to be detailed in subordinate legislation or regulations issued by the Capital Market Authority.

While cold storage (offline storage) is widely recognized as a best practice for securing a significant portion of digital assets, especially those not actively used for trading, the law does not explicitly mandate it. The VASP is responsible for establishing a robust security framework that includes appropriate hot, warm, and cold storage solutions based on their risk assessment and operational needs. The regulator will assess the adequacy of these measures during the licensing process and ongoing supervision.

Montenegro's **Law on Blockchain, Digital Assets and Individual Digital Identifiers** defines and regulates **Virtual Asset Service Providers (VASPs)** that offer custody services. Any entity meeting the licensing requirements under this law, including capital, technical, organizational, and fit-and-proper criteria, would effectively be considered a "qualified" provider of digital asset custody services within Montenegro. The law does not differentiate between existing financial institutions and new crypto-native entities, as long as they meet the VASP licensing conditions.

While the law doesn't use the exact term "qualified custodian," it establishes a framework where only licensed and compliant entities can provide custody services, thus ensuring a level of qualification.

**Subordinate Legislation and Guidance:** The Capital Market Authority (KAP) and the Central Bank of Montenegro (CBCG) are expected to issue detailed bylaws, regulations, and guidance to clarify the implementation of the Blockchain Law, including specific requirements for capital, guarantees, risk management, and cybersecurity for VASPs providing custody services. These will provide the practical details for compliance.

**EU Alignment (MiCA):** Montenegro is an EU candidate country. The European Union's comprehensive **Markets in Crypto-Assets Regulation (MiCA)** came into full effect in December 2024 for VASPs. While Montenegro has passed its own law, it will eventually need to harmonize its legislation with MiCA as part of its EU accession process. This could lead to amendments or further refinement of the Montenegrin framework to fully align with MiCA's robust requirements for crypto-asset service providers (CASPs), including those offering custody. MiCA sets very detailed requirements for operational resilience, governance, client asset segregation, and liability for custody providers.

**European Union's Markets in Crypto-Assets (MiCA) Regulation:**

Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937.

Official EU Legal Text: https://eur-lex.europa.eu/eli/reg/2023/1114/oj

**Montenegro's EU Accession Process:** General information can be found on the European Commission's website.

Special State Prosecutor's Office (SDT - Specijalno državno tužilaštvo)

**Entity Targeted:** Do Kwon (and his associate Hon Chang Joon)

**Violation Type (Montenegro Specific):** Forgery of documents (using fake Costa Rican and Belgian passports for illegal entry and travel).

*Note:* The underlying reasons for international attention were massive alleged cryptocurrency fraud and capital markets violations (from South Korea and the United States), leading to extradition requests.

**Penalty Amount (for local charges):**

**Do Kwon:** Sentenced to four months in prison.

**Hon Chang Joon:** Sentenced to four months in prison.

*Note:* This was for the document forgery charge. The extradition proceedings are separate and ongoing.

**Local Conviction:** June 19, 2023 (subsequently upheld on appeal)

**Extradition Saga:** Ongoing since arrest.

Do Kwon and his associate were convicted in Montenegro for using forged passports and served their sentences.

A complex and protracted legal battle ensued regarding extradition requests from both South Korea and the United States. Montenegrin courts have issued conflicting rulings on his extradition, leading to multiple appeals and political interventions, delaying a final decision for over a year. As of mid-2024, the extradition process remains highly contested and unresolved, with the Montenegrin Supreme Court recently annulling prior extradition decisions.

**Reuters - Do Kwon gets four months in prison for forged passport in Montenegro:**

**Bloomberg - Do Kwon Extradition to US Backed by Montenegro’s Top Court:**

**CoinDesk - Montenegro's Supreme Court Halts Do Kwon's Extradition:**

**AP News - Do Kwon, a South Korean cryptocurrency fugitive, is arrested in Montenegro for using a fake passport:**