Montenegro -- AML/CFT Compliance Regulatory Overview

Montenegro has progressively aligned its Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) framework with international standards, particularly those set by the Financial Action Task Force (FATF) and relevant EU Directives (e.g., 5AMLD, 6AMLD). This includes extending requirements to Virtual Asset Service Providers (VASPs).

Here's a breakdown of the AML/KYC requirements for cryptocurrency/virtual asset service providers in Montenegro:

AML/CFT Legislation

The primary legislation governing AML/CFT in Montenegro, which extends to VASPs, is:

1. Law on Prevention of Money Laundering and Terrorist Financing
   • Official Gazette of Montenegro, No. 042/2015, 052/2016, 080/2017, 070/2019, 014/2021 (and subsequent amendments if any).
   • This law defines "obliged entities" and outlines their AML/CFT responsibilities. With the latest amendments, VASPs are explicitly included or fall under broader categories that capture their activities. The law is designed to transpose EU AML Directives into Montenegrin national law.

VASPs are generally considered "obliged entities" if they engage in activities such as:

• Exchange between virtual assets and fiat currencies.
• Exchange between one or more forms of virtual assets.
• Transfer of virtual assets.
• Custody and/or administration of virtual assets or instruments enabling control over virtual assets.
• Participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset.

Customer Due Diligence (CDD) Requirements

VASPs in Montenegro, as obliged entities, must implement robust CDD measures, following a risk-based approach:

1. Identification and Verification of Customer Identity:
   • Individuals: Obtain and verify identity through reliable, independent sources (e.g., government-issued ID, proof of address, date of birth, nationality).
   • Legal Entities: Obtain and verify legal name, legal form, address, proof of incorporation/registration, beneficial ownership information (identifying natural persons who ultimately own or control more than a certain percentage, usually 25%, or exercise control through other means), and the identity of persons authorized to act on behalf of the entity.
2. Purpose and Intended Nature of the Business Relationship: Understand the reason for the business relationship and the nature of anticipated transactions.
3. Ongoing Monitoring: Continuously monitor the business relationship and transactions to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile. This includes keeping documentation and data up-to-date.
4. Enhanced Due Diligence (EDD): Required for higher-risk situations, including:
   • Politically Exposed Persons (PEPs) and their close associates/family members.
   • Customers from high-risk third countries identified by the FATF or national authorities.
   • Complex, unusually large transactions, or unusual patterns of transactions that have no apparent economic or lawful purpose.
   • Non-face-to-face relationships (though technology can mitigate some risks).
   • Transactions involving anonymity-enhancing cryptocurrencies.
   • Source of funds and source of wealth for significant transactions or high-risk customers.
5. Simplified Due Diligence (SDD): Permitted for low-risk situations, provided sufficient analysis confirms the low risk.

Suspicious Transaction Reporting (STR)

VASPs are legally obliged to report any suspicious transactions or activities to the Financial Intelligence Unit (FIU) of Montenegro.

• Obligation: Report immediately (without delay) any transaction, or attempted transaction, where there are reasonable grounds to suspect money laundering or terrorist financing, regardless of the amount.
• No Tipping-Off: VASPs and their employees are prohibited from disclosing to the customer or any third party that a suspicious transaction report has been or will be made.

Record-Keeping Obligations

VASPs must maintain comprehensive records:

• CDD Records: All data obtained through the CDD process (identification documents, verification documents, beneficial ownership information, etc.).
• Transaction Records: Records of all transactions carried out by the customer, including amounts, types of virtual assets, dates, and parties involved.
• Business Correspondence: Relevant correspondence regarding the business relationship.
• Duration: Records must be kept for at least 5 years after the termination of the business relationship or after an occasional transaction. These records must be readily available to the supervisory authority upon request.

Overseeing Authority

Compliance with AML/CFT requirements for VASPs in Montenegro is overseen by:

1. Administration for the Prevention of Money Laundering and Terrorist Financing (APMLTF)

   • This is Montenegro's Financial Intelligence Unit (FIU). It is the primary body for receiving and analyzing suspicious transaction reports and for enforcing the general AML/CFT framework across all obliged entities, including VASPs.
   • URL: https://www.uzn.gov.me/ (sometimes referred to as UZN)

2. Capital Market Authority (KHOV - Komisija za hartije od vrijednosti)

   • While the APMLTF handles STRs and general AML/CFT enforcement, the Capital Market Authority is typically responsible for the licensing, supervision, and prudential oversight of financial services firms, which now includes VASPs, especially if their activities involve financial instruments or public offerings. The KHOV would likely be involved in ensuring that VASPs have adequate internal controls and risk management systems, including AML/CFT compliance programs, as part of their licensing requirements.
   • URL: http://www.khov.co.me/ (or https://khov.co.me/)

It's crucial for any VASP operating or intending to operate in Montenegro to consult the latest legislation and seek local legal advice to ensure full compliance, as regulations can be subject to change and interpretation.