Nepal -- AML/CFT Compliance Regulatory Overview

It is crucial to understand that cryptocurrencies and virtual assets are currently illegal in Nepal. The Nepal Rastra Bank (NRB), the central bank and monetary authority, has repeatedly issued directives and notices prohibiting the transaction, mining, and use of cryptocurrencies within Nepal.

Given this outright prohibition, there are no specific AML/KYC requirements for legally operating cryptocurrency/virtual asset service providers (VASPs) in Nepal, as such entities are not permitted to operate.

However, if Nepal were to legalize and regulate virtual assets in the future, it would undoubtedly implement AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism) and KYC (Know Your Customer) requirements aligned with international standards, particularly those set by the Financial Action Task Force (FATF). Below, I will outline what such a framework would likely entail, based on Nepal's existing AML/CFT regime for traditional financial institutions and global best practices for VASPs.

Current Legal Status of Cryptocurrencies in Nepal

The Nepal Rastra Bank (NRB) has issued several circulars and notices prohibiting all activities related to cryptocurrencies and virtual assets. Key directives include:

1. Circular dated 13 August 2021: Reinstated and reiterated the ban on all transactions involving cryptocurrencies, stating that they are illegal and warning against their use.
2. Public Notice dated 24 January 2022: Explicitly warned the public against the use, trading, mining, or soliciting of virtual currencies, virtual assets, and hype network (pyramid scheme) related transactions, stating that they are illegal and punishable under existing laws.
3. Money Laundering Prevention Act, 2008 (MLPA): While not explicitly naming virtual assets, the broad definition of "assets" and "economic crime" could potentially be interpreted to cover illicit activities involving virtual assets, even in their prohibited status.

Implication: Since VASPs are not permitted to operate, there are no formal regulatory AML/KYC obligations for them. Any individual or entity engaging in cryptocurrency activities in Nepal is doing so illegally and faces potential penalties.

Hypothetical AML/KYC Framework (If Cryptocurrencies Were Legalized and Regulated in Nepal)

If Nepal were to adopt a regulatory framework for virtual assets, it would likely extend its existing robust AML/CFT regime to cover VASPs, following FATF recommendations.

1. AML/CFT Legislation

The primary legislation that would form the basis for AML/KYC requirements would be:

• Money Laundering Prevention Act, 2008 (MLPA): This is the foundational law for AML in Nepal. It defines money laundering, establishes reporting obligations, and sets penalties.
• Money Laundering Prevention Rules, 2008: These rules provide detailed procedures and guidelines for implementing the MLPA.
• Terrorist Activities (Control and Punishment) Act, 2002: Addresses the financing of terrorism, which is a component of CFT.
• Relevant Directives from Nepal Rastra Bank (NRB): The NRB issues specific directives and guidelines for financial institutions, and it would likely extend or create new ones for VASPs.

2. Customer Due Diligence (CDD) Requirements

VASPs would be required to implement comprehensive CDD measures, including:

• Identification and Verification:
  • Individuals: Obtain and verify identity using reliable, independent source documents (e.g., national ID card, passport, driving license). This would include name, address, date of birth, nationality, and unique identification number.
  • Legal Persons/Arrangements: Obtain and verify legal name, legal form, proof of incorporation/existence, names of directors/partners, legal powers, and beneficial ownership information.
• Beneficial Ownership: Identify and verify the natural person(s) who ultimately own or control the customer, or on whose behalf a transaction is being conducted.
• Purpose and Intended Nature of Business Relationship: Understand the reason for the customer's interaction with the VASP and the expected nature of their virtual asset activities.
• Ongoing Monitoring: Continuously monitor the business relationship and transactions to ensure consistency with the VASP's knowledge of the customer, their business, and risk profile, including the source of funds/virtual assets.
• Enhanced Due Diligence (EDD): Apply EDD for higher-risk customers, relationships, or transactions (e.g., customers from high-risk jurisdictions, high-volume transactions, complex structures, new and unusual payment mechanisms).
• Politically Exposed Persons (PEPs): Implement specific measures for PEPs, including obtaining senior management approval for establishing business relationships, taking reasonable measures to establish the source of wealth and funds, and conducting enhanced ongoing monitoring.

3. Suspicious Transaction Reporting (STR)

VASPs would be obligated to:

• Report Suspicious Transactions: Report any transaction, attempted transaction, or activity where there are reasonable grounds to suspect it is related to money laundering or terrorist financing to the Financial Information Unit (FIU-Nepal).
• Timeliness: Reports must be filed promptly, typically within a few days of the suspicion being formed.
• No Tipping-Off: Prohibit the VASP or its employees from disclosing to the customer or any third party that a suspicious transaction report has been filed.
• Internal Systems: Establish internal policies, procedures, and controls to detect and report suspicious transactions, including employee training and designated reporting officers.

4. Record-Keeping Obligations

VASPs would be required to maintain records for a specified period:

• CDD Records: All documents and data obtained during the CDD process (identification documents, beneficial ownership information).
• Transaction Records: Records of all virtual asset transactions, including sender and recipient information (applying the FATF "Travel Rule"), transaction amounts, dates, and types of virtual assets.
• STRs and Related Documents: Copies of all suspicious transaction reports filed and any supporting documentation.

The typical retention period for these records in Nepal is at least five (5) years from the termination of the business relationship or the date of the transaction, as stipulated by the Money Laundering Prevention Act and Rules.

5. Authority Overseeing Compliance

In the event of legalization and regulation, the following authorities would likely oversee AML/CFT compliance for VASPs:

• Nepal Rastra Bank (NRB): As the central bank and primary financial sector regulator, the NRB would be responsible for licensing, regulating, and supervising VASPs, issuing directives, and conducting compliance oversight.
  • Website: https://www.nrb.org.np/
• Financial Information Unit (FIU-Nepal): Operating under the NRB, the FIU is the central national agency for receiving, analyzing, and disseminating suspicious transaction reports to competent authorities for investigation and prosecution.
  • Website (within NRB): https://www.nrb.org.np/aml-cft/financial-information-unit-nepal-fiu-nepal/
• Department of Money Laundering Investigation (DMLI): This specialized body is responsible for investigating suspected cases of money laundering and terrorist financing.
  • Website: While DMLI exists, its public website might be less prominent than NRB/FIU. It typically operates under the Office of the Prime Minister and Council of Ministers.

In summary: While Nepal currently prohibits cryptocurrencies, any future legalization would undoubtedly bring VASPs under a stringent AML/CFT and KYC regime mirroring global standards and integrating with the existing national framework led by the NRB and FIU-Nepal.