Serbia

**Law on Digital Assets (Zakon o digitalnoj imovini):**

**Official Name:** Закон о дигиталној имовини

**Published:** "Official Gazette of RS", No. 153/2020 (came into effect June 29, 2021)

This law defines digital assets, regulates their issuance and trading, and explicitly designates Virtual Asset Service Providers (VASPs) as obliged entities under the general AML/CFT law. It also sets out the licensing requirements for VASPs.

**Law on the Prevention of Money Laundering and Terrorist Financing (Zakon o sprečavanju pranja novca i finansiranja terorizma)**

**Official Name:** Закон о спречавању прања новца и финансирања тероризма

**Published:** "Official Gazette of RS", No. 113/2017, 91/2019, 153/2020 (last amended)

This is the overarching AML/CFT law in Serbia, applying to all obliged entities, including VASPs. It sets out the general rules for customer due diligence, suspicious transaction reporting, record-keeping, and internal controls.

Exchange between virtual assets and fiat currencies.

Exchange between one or more forms of virtual assets.

Custody and/or administration of virtual assets or instruments enabling control over virtual assets.

Participation in and provision of financial services related to the offer and/or sale of virtual assets (e.g., initial coin offerings - ICOs, initial exchange offerings - IEOs).

**Identify and Verify the Identity of the Customer:**

**For natural persons:** Obtain and verify identity based on official documents (e.g., passport, national ID card) including name, surname, address, date and place of birth, and unique identification number.

**For legal entities:** Obtain and verify identity based on official documents (e.g., excerpt from the company register) including name, registered address, registration number, legal form, details of statutory representatives, and information on the ownership and control structure.

**Identify and Verify the Identity of the Beneficial Owner (BO):**

Identify the natural person(s) who ultimately own or control the customer (typically 25% ownership threshold for legal entities) or on whose behalf a transaction is being conducted.

Verify their identity using reliable, independent sources, as per natural person requirements. Serbia also has a Central Register of Beneficial Owners that obliged entities can consult.

**Obtain Information on the Purpose and Intended Nature of the Business Relationship:** Understand why the customer wants to use the VASP's services.

**Perform Ongoing Monitoring of the Business Relationship:**

Scrutinize transactions throughout the course of the relationship to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds.

Regularly update customer information and risk assessments.

**Politically Exposed Persons (PEPs):** For customers who are PEPs, their family members, or close associates.

**High-risk jurisdictions:** Customers from countries identified by FATF or other credible sources as having weak AML/CFT regimes.

**Complex, unusually large, or unusual patterns of transactions:** Those with no apparent economic or lawful purpose.

**Non-face-to-face relationships:** Unless adequate safeguards are in place.

**Transactions involving new or developing technologies:** Where the risks are not yet fully understood.

VASPs must take additional steps, such as:

Obtaining additional information on the customer and BO.

Obtaining additional information on the intended nature of the business relationship.

Obtaining information on the source of funds or wealth.

Obtaining approval from senior management to establish or continue the business relationship.

Conducting enhanced ongoing monitoring of the business relationship.

**Reporting Obligation:** Reports must be submitted without delay, typically within 24-48 hours of forming a suspicion.

**No Tipping-Off:** VASPs and their employees are prohibited from disclosing to the customer or any third party that a suspicious transaction report has been or will be submitted.

**Internal Procedures:** VASPs must establish internal policies and procedures for identifying, assessing, and reporting suspicious activities.

**Duration:** All records must be kept for a minimum of **10 years** after the completion of a transaction or the termination of a business relationship.

**Accessibility:** Records must be maintained in a way that allows them to be retrieved and provided to the competent authorities (FIU, supervisory bodies) without delay upon request.

**Administration for the Prevention of Money Laundering (APML - Uprava za sprečavanje pranja novca):** The body responsible for supervising AML/CTF compliance.

**Role:** This is Serbia's Financial Intelligence Unit (FIU) and the central authority for AML/CFT supervision. It oversees compliance with the Law on the Prevention of Money Laundering and Terrorist Financing across all obliged entities, including VASPs. It also receives and analyzes suspicious transaction reports.

**URL:** https://www.apml.org.rs/ (Official website, primarily in Serbian)

**Securities Commission of the Republic of Serbia (Komisija za hartije od vrednosti - KHOV)**

**Role:** Under the Law on Digital Assets, the Securities Commission is responsible for licensing and supervising VASPs, ensuring their adherence to the specific provisions of the digital assets law, including organizational requirements, capital adequacy, and certain aspects of their AML policies as required for licensing.

**URL:** https://www.sec.gov.rs/ (Official website, available in English)

**Regulator Name:** National Bank of Serbia (NBS)

**Entity Targeted:** Various domestic entities and individuals operating crypto asset exchange or custody services without the required licenses. While specific names are not always publicly disclosed with detailed penalties, the NBS has consistently emphasized its licensing requirements and taken steps against non-compliant entities.

**Violation Type:** Operating a virtual asset service provider (VASP) without obtaining the necessary operating license from the NBS, as mandated by the Digital Assets Law. This includes facilitating the exchange of virtual assets for fiat currency or other virtual assets, or providing custody services.

**Penalty Amount:** Administrative fines, cessation of operations. The Digital Assets Law (Article 109, Paragraph 1, Point 1 and 2) prescribes fines ranging from RSD 100,000 to RSD 5,000,000 for legal entities and RSD 10,000 to RSD 500,000 for responsible persons within the legal entity, along with potential protective measures like a ban on conducting business.

**Date:** Ongoing, particularly since June 2021 when the Digital Assets Law came into full effect. The NBS has issued general warnings and initiated proceedings throughout 2021, 2022, and 2023.

**Outcome:** Several entities have either ceased operations, come into compliance, or faced administrative proceedings. The NBS continues to monitor the market for unlicensed activity.

**NBS announcement on licensing requirements:** https://www.nbs.rs/sr_RS/scripts/showcontent/index.html?id=16265 (Serbian)

**Overview of Digital Assets Law and NBS role:** https://www.petosevic.com/resources/news/2021/07/serbia-first-licenses-issued-under-the-digital-assets-law (General context on implementation)

**Regulator Name:** Ministry of Internal Affairs (MUP), Public Prosecutor's Office for Organized Crime

**Entity Targeted:** Individuals and organized criminal groups involved in large-scale crypto Ponzi schemes, investment fraud, and money laundering using virtual assets. Examples include actions related to the "Infinity Economics" scheme and connections to other global crypto scams like "Finiko."

**Violation Type:** Fraud, money laundering, unauthorized organization of games of chance (depending on the nature of the scheme), cybercrime. These often fall under general criminal statutes rather than specific "crypto violations."

**Penalty Amount:** Arrests, pre-trial detention, asset freezes (including virtual assets), criminal charges leading to potential prison sentences if convicted. Specific final conviction penalties (amounts/sentences) are rarely publicly detailed for each individual case by Serbian authorities, especially if investigations are ongoing or multi-jurisdictional.

**Date:** Multiple actions throughout 2021, 2022, and 2023.

**November 2021:** MUP announced arrests related to the "Infinity Economics" pyramid scheme.

**June 2022:** MUP announced arrests related to an international scheme involving crypto fraud and money laundering.

**Throughout 2022-2023:** Various arrests for cybercrime and fraud where cryptocurrencies were used for payments or laundering.

**Outcome:** Numerous arrests have been made, leading to ongoing investigations, indictments, and trials. Assets, including cryptocurrencies, have been seized. These cases are often complex and lengthy.

**MUP announcement on "Infinity Economics" arrests (November 2021):** https://mup.gov.rs/wps/portal/sr/zaMedije/saopstenja/!ut/p/z1/jZDLDoIwEEW_xR-Q1Kk2NmxmExsQERvY3sTGUYqJk6gSfu8sYQ0ddu9w921gRQQG3tE4eT4N3004jL2U-gR7mD-jG8Yg6I-X_A50mQYI0lQyGz37F5eY_Xn6P-Vz1-5Hl-5m_o0pAov6YtX335uGz4C2v1k9Xw2R3c5-L51R8A3M_Yw!!/dz/d5/L2dBISEvZ0FBIS9nQSEh/?id_vesti=306163 (Serbian)

**MUP announcement on cybercrime and money laundering arrests (June 2022):** https://mup.gov.rs/wps/portal/sr/zaMedije/saopstenja/!ut/p/z1/jZBBD4IwFIV_iX-B5Mv5M2ZlxsSABN42NhMziZNo0CTp35v4HjF02L253HvXgBQQG3lE4-T5dHRfUeXj0EvsYP6MbjEHxX25fG2hZJwk0yGz0bfvHl8A9efov5XPa_nNfRtzh5Rov6YjX1n3_3t7Dk8g6X42R3c5-H51BwA_w_iVfw!!/dz/d5/L2dBISEvZ0FBIS9nQSEh/?id_vesti=313498 (Serbian)

**General article on crypto crime in Serbia (mentioning Finiko):** https://www.rts.rs/vesti/ekonomija/5081829/kripto-valute-prevare-investicije-srbija.html (Serbian, RTS - Serbian National Broadcaster)

**Regulator Name:** Tax Administration of the Republic of Serbia

**Entity Targeted:** Individuals and legal entities earning income from digital assets (e.g., capital gains from crypto trading, income from mining, staking, or providing crypto services).

**Violation Type:** Tax evasion related to income or capital gains derived from digital assets.

**Penalty Amount:** Varies significantly based on the amount of unpaid tax, plus interest and potential fines as per tax laws.

**Date:** Ongoing, particularly since the Digital Assets Law clarified the tax treatment of crypto assets in 2021.

**Outcome:** Increased tax compliance, with individuals and entities reporting and paying taxes on their crypto gains. Audits and enforcement actions against non-compliant taxpayers are conducted, though details are private unless criminal charges are filed.

**Tax Administration guidelines on taxing digital assets:** https://www.poreskauprava.gov.rs/aktuelnosti/vest%C4%8Di/1103/kako-se-oporezuje-imovinska-dobit-od-prenosa-digitalne-imovine.html (Serbian)

**Securities Commission (KHOV - Komisija za hartije od vrednosti):**

Published in the Official Gazette of the Republic of Serbia No. 115/2020.

**Serbian Official Gazette (Sluzbeni glasnik Republike Srbije):** https://www.pravno-informacioni-sistem.rs/SIGRID/prikazDokumenta?id=2333 (This link points to the Serbian text on the official legal information system).

**National Bank of Serbia (NBS):**

The NBS website contains information related to its regulatory role, including decisions and regulations concerning virtual currencies.

Look for sections related to "digital assets," "virtual currencies," or "financial services."

The KHOV website provides information related to digital tokens that fall under its purview.

Relevant sections often cover "digital assets," "issuance of digital tokens," or "investment services."

**Law on Prevention of Money Laundering and Terrorist Financing (Zakon o sprečavanju pranja novca i finansiranja terorizma):**

This law, and its subsequent amendments, apply to VASPs as obliged entities.

**National Bank of Serbia (Narodna banka Srbije - NBS):**

**Role:** Primarily responsible for virtual assets that qualify as "virtual currency" (i.e., **payment tokens** used as a medium of exchange). The NBS oversees the issuance of virtual currency and related payment services.

**Website:** Narodna banka Srbije (NBS)

**Securities Commission (Komisija za hartije od vrednosti - KHOV):**

**Role:** Primarily responsible for "digital tokens" (i.e., **investment tokens** or other assets representing rights) and the licensing and supervision of Virtual Asset Service Providers (VASPs). This includes crypto exchanges, brokerage firms, and custodians dealing with digital tokens. They also oversee initial offerings of digital tokens (IDOs).

**Website:** Komisija za hartije od vrednosti (KHOV)

**Effective Date:** June 29, 2021

Defines "virtual currency" (e.g., Bitcoin, Ethereum when used for payments) and "digital tokens" (e.g., security tokens, utility tokens representing rights).

Establishes requirements for issuing digital assets (initial offerings).

Mandates licensing for Virtual Asset Service Providers (VASPs), including platforms for trading, exchange, and custody of virtual assets.

Sets forth investor protection measures and rules for advertising virtual assets.

Integrates virtual asset services into the existing AML/CFT framework.

**Official Gazette Reference:** *Službeni glasnik RS*, No. 153/2020.

**URL (for reference, often hosted by legal information portals):** While an official direct government URL might be harder to find for the specific law text in English, the full text is widely available on Serbian legal portals. For example, a common reference: Zakon o digitalnoj imovini (Paragraf.rs) (Note: This link is in Serbian, as it's the official local legal database).

**Legal and Regulated:** Crypto trading is **legal** in Serbia. However, activities related to virtual assets, especially those involving offering services to third parties, are **highly regulated**.

**Licensing Required for VASPs:** Any entity wishing to operate as a Virtual Asset Service Provider (VASP) – which includes crypto exchanges, broker-dealers, custodians, and platforms for initial offerings – must obtain a **license from the Securities Commission (KHOV)**.

**Operational Requirements:** Licensed VASPs are subject to stringent operational, capital, organizational, and technological requirements, as well as robust AML/CFT compliance obligations.

**Investor Protection:** The regulatory framework includes provisions aimed at protecting investors, such as transparency requirements for virtual asset offerings and rules regarding information disclosure.

**Trading Platforms:** Several domestic exchanges have already received licenses or are in the process of obtaining them, allowing Serbian citizens to legally buy, sell, and exchange virtual assets through regulated entities. For example, ECD.rs and Bitpal are known licensed platforms operating in Serbia.

**Licensing Authority:** The Law on Digital Assets designates two main regulators, depending on the nature of the digital asset:

The National Bank of Serbia (NBS) supervises banks and financial institutions, but the regulation of virtual assets as means of payment is governed by the Law on Digital Assets, which establishes a separate regulatory framework from the NBS’s traditional supervision of payment systems.

The **Securities Commission (SC)** supervises digital assets that qualify as financial instruments (e.g., security tokens, certain stablecoins).

A legal entity providing services related to digital assets must obtain a license from the relevant authority. If a VASP intends to provide services for both types of digital assets, it might require licenses from both regulators or a combined license if stipulated.

**Eligible Entities:** Only legal entities registered in Serbia can apply for a VASP license. Foreign entities cannot directly provide services without establishing a Serbian legal entity.

**Licensable Activities (including custody):** The law defines "virtual asset services" that require a license, including:

Receipt, transfer, and execution of orders related to digital assets.

Exchange of digital assets for fiat currency.

Exchange of digital assets for other digital assets.

**Safekeeping and administration of digital assets on behalf of clients (custody).**

Advisory services related to digital assets.

**Key Licensing Requirements:** Applicants must meet stringent conditions, including:

**Minimum Capital:** Specified in regulations issued by the NBS or SC (e.g., minimum share capital requirements).

**Management & Ownership:** Fit and proper test for management and significant shareholders, demonstrating professional competence, reputation, and absence of criminal records.

**Internal Controls:** Robust internal procedures, risk management systems, IT security, and business continuity plans.

Serbia has made strides in risk assessment and prosecution under its AML/CFT framework, but further steps are needed in supervision and effective use of financial intelligence, indicating partial rather than strict adherence to all AML/CFT regulations.

**Operational Requirements:** Technical and organizational capabilities to securely provide the services.

The Law on Digital Assets mandates the segregation of client assets.

**Article 28(2)** of the Law on Digital Assets states that a virtual asset service provider must "take all necessary measures for the safekeeping of digital assets of its clients, including the segregation of clients' digital assets from its own digital assets."

This means that client digital assets must be held in separate accounts or wallets distinct from the VASP's proprietary assets to protect clients in case of the VASP's insolvency or bankruptcy.

The Law on Digital Assets generally requires VASPs to have adequate capital and organizational structures to ensure the secure provision of services.

While the primary law doesn't explicitly mandate professional indemnity insurance or specific bonding requirements in detail, it empowers the NBS and SC to prescribe more specific conditions through secondary legislation.

**Article 16** of the Law gives the regulators the power to prescribe "detailed conditions and method of obtaining and revoking licenses" which can include financial guarantees, insurance, or higher capital requirements depending on the nature and scale of the services.

It's generally expected that a VASP will have sufficient financial resources to cover potential liabilities, which may implicitly require a form of financial security.

The Law on Digital Assets emphasizes the importance of secure storage but does not explicitly mandate "cold storage" as a specific technical requirement in the primary law.

**Article 28(2)** requires VASPs providing custody services to "take all necessary measures for the safekeeping of digital assets," ensure "secure IT systems," and have a "business continuity plan."

This implies that robust security measures, including best practices like multi-signature wallets, hardware security modules (HSMs), and offline (cold) storage for a significant portion of assets, would be considered essential for meeting the "secure IT systems" and "safekeeping" requirements. The regulators (NBS/SC) would likely expect custodians to implement industry-standard security practices, which heavily favor cold storage for large reserves.

Detailed technical specifications are typically elaborated in subsidiary legislation or guidelines issued by the NBS or SC.

In Serbia, a "qualified custodian" is essentially a **legal entity that has obtained the necessary VASP license from the National Bank of Serbia or the Securities Commission** to provide safekeeping and administration of digital assets on behalf of clients.

The definition is tied to the licensing process and the entity meeting all the stringent requirements (capital, management, internal controls, AML/CFT, etc.) outlined in the Law on Digital Assets and subsequent regulations.

There are no specific additional "qualified" custodian categories like traditional banks or trust companies unless those institutions also separately obtain the VASP license for digital asset custody.

As an EU candidate country, Serbia is committed to harmonizing its legislation with EU law.

The most significant upcoming development in this regard is the **EU's Markets in Crypto-Assets (MiCA) Regulation**. MiCA will introduce a comprehensive, harmonized regulatory framework for crypto-asset service providers (CASPs), including custodians, across the European Union.

While Serbia's Law on Digital Assets already incorporates many principles similar to MiCA (e.g., licensing, AML/CFT, consumer protection, segregation of assets), a full adoption of MiCA or an equivalent national law would lead to:

**More detailed and prescriptive rules** regarding operational requirements, governance, client safeguarding, and potentially specific technical standards for custody.

**Passporting Rights:** Once Serbia fully adopts MiCA (likely upon or before EU accession), Serbian licensed CASPs could potentially offer services across the EU, and vice versa.

**Refinement of Definitions:** Alignment with MiCA's definitions of crypto-assets and services.

The timeline for Serbia's full alignment with MiCA will depend on its EU accession progress and its legislative agenda. It is highly probable that Serbia will amend or replace its current Law on Digital Assets to fully align with MiCA in the coming years.

**Law on Digital Assets (Zakon o digitalnoj imovini)**

**English Summary/Analysis (Reputable Law Firm):**

**National Bank of Serbia (NBS)**

Official website, typically under sections related to payment systems, financial services, or specific regulations. You may need to navigate their site for specific decisions or regulations related to VASPs: https://www.nbs.rs/

**Securities Commission (Komisija za hartije od vrednosti)**

Official website, with sections for digital assets and licensing: https://www.sec.gov.rs/