Serbia -- Custody Regulations Regulatory Overview

Serbia has established a regulatory framework for digital assets through its Law on Digital Assets (Zakon o digitalnoj imovini), which came into effect on June 29, 2021. This law is the primary legislation governing virtual asset service providers (VASPs), including those offering custody services.

Here's a breakdown of the custody regulations in Serbia:

1. Custodial License Requirements

• Licensing Authority: The Law on Digital Assets designates two main regulators, depending on the nature of the digital asset:

  • The National Bank of Serbia (NBS) supervises virtual assets that function as means of payment (e.g., certain cryptocurrencies used for transactions).
  • The Securities Commission (SC) supervises digital assets that qualify as financial instruments (e.g., security tokens, certain stablecoins).
  • A legal entity providing services related to digital assets must obtain a license from the relevant authority. If a VASP intends to provide services for both types of digital assets, it might require licenses from both regulators or a combined license if stipulated.

• Eligible Entities: Only legal entities registered in Serbia can apply for a VASP license. Foreign entities cannot directly provide services without establishing a Serbian legal entity.

• Licensable Activities (including custody): The law defines "virtual asset services" that require a license, including:

  1. Receipt, transfer, and execution of orders related to digital assets.
  2. Exchange of digital assets for fiat currency.
  3. Exchange of digital assets for other digital assets.
  4. Transfer of digital assets.
  5. Safekeeping and administration of digital assets on behalf of clients (custody).
  6. Issuance of digital assets.
  7. Advisory services related to digital assets.

• Key Licensing Requirements: Applicants must meet stringent conditions, including:

  • Minimum Capital: Specified in regulations issued by the NBS or SC (e.g., minimum share capital requirements).
  • Management & Ownership: Fit and proper test for management and significant shareholders, demonstrating professional competence, reputation, and absence of criminal records.
  • Internal Controls: Robust internal procedures, risk management systems, IT security, and business continuity plans.
  • AML/CFT Compliance: Strict adherence to anti-money laundering and counter-terrorist financing (AML/CFT) regulations, including client due diligence (KYC), transaction monitoring, and suspicious activity reporting.
  • Operational Requirements: Technical and organizational capabilities to securely provide the services.

2. Segregation of Client Assets Rules

• The Law on Digital Assets mandates the segregation of client assets.
• Article 28(2) of the Law on Digital Assets states that a virtual asset service provider must "take all necessary measures for the safekeeping of digital assets of its clients, including the segregation of clients' digital assets from its own digital assets."
• This means that client digital assets must be held in separate accounts or wallets distinct from the VASP's proprietary assets to protect clients in case of the VASP's insolvency or bankruptcy.

3. Insurance/Bonding Requirements

• The Law on Digital Assets generally requires VASPs to have adequate capital and organizational structures to ensure the secure provision of services.
• While the primary law doesn't explicitly mandate professional indemnity insurance or specific bonding requirements in detail, it empowers the NBS and SC to prescribe more specific conditions through secondary legislation.
• Article 16 of the Law gives the regulators the power to prescribe "detailed conditions and method of obtaining and revoking licenses" which can include financial guarantees, insurance, or higher capital requirements depending on the nature and scale of the services.
• It's generally expected that a VASP will have sufficient financial resources to cover potential liabilities, which may implicitly require a form of financial security.

4. Cold Storage Mandates

• The Law on Digital Assets emphasizes the importance of secure storage but does not explicitly mandate "cold storage" as a specific technical requirement in the primary law.
• Article 28(2) requires VASPs providing custody services to "take all necessary measures for the safekeeping of digital assets," ensure "secure IT systems," and have a "business continuity plan."
• This implies that robust security measures, including best practices like multi-signature wallets, hardware security modules (HSMs), and offline (cold) storage for a significant portion of assets, would be considered essential for meeting the "secure IT systems" and "safekeeping" requirements. The regulators (NBS/SC) would likely expect custodians to implement industry-standard security practices, which heavily favor cold storage for large reserves.
• Detailed technical specifications are typically elaborated in subsidiary legislation or guidelines issued by the NBS or SC.

5. Qualified Custodian Definitions

• In Serbia, a "qualified custodian" is essentially a legal entity that has obtained the necessary VASP license from the National Bank of Serbia or the Securities Commission to provide safekeeping and administration of digital assets on behalf of clients.
• The definition is tied to the licensing process and the entity meeting all the stringent requirements (capital, management, internal controls, AML/CFT, etc.) outlined in the Law on Digital Assets and subsequent regulations.
• There are no specific additional "qualified" custodian categories like traditional banks or trust companies unless those institutions also separately obtain the VASP license for digital asset custody.

6. Pending Custody Legislation

• As an EU candidate country, Serbia is committed to harmonizing its legislation with EU law.
• The most significant upcoming development in this regard is the EU's Markets in Crypto-Assets (MiCA) Regulation. MiCA will introduce a comprehensive, harmonized regulatory framework for crypto-asset service providers (CASPs), including custodians, across the European Union.
• While Serbia's Law on Digital Assets already incorporates many principles similar to MiCA (e.g., licensing, AML/CFT, consumer protection, segregation of assets), a full adoption of MiCA or an equivalent national law would lead to:
  • More detailed and prescriptive rules regarding operational requirements, governance, client safeguarding, and potentially specific technical standards for custody.
  • Passporting Rights: Once Serbia fully adopts MiCA (likely upon or before EU accession), Serbian licensed CASPs could potentially offer services across the EU, and vice versa.
  • Refinement of Definitions: Alignment with MiCA's definitions of crypto-assets and services.
• The timeline for Serbia's full alignment with MiCA will depend on its EU accession progress and its legislative agenda. It is highly probable that Serbia will amend or replace its current Law on Digital Assets to fully align with MiCA in the coming years.

Specific Regulatory References with URLs:

1. Law on Digital Assets (Zakon o digitalnoj imovini)

   • Official Gazette (Serbian): Službeni glasnik RS, br. 86/2020. You can usually find this via the "Paragraf Lex" legal database or the official gazette website (though direct permanent links to specific laws can be tricky to maintain). A reliable reference for its publication is Službeni glasnik RS, br. 86/2020 od 19.11.2020.
   • English Summary/Analysis (Reputable Law Firm):
     • Schoenherr: https://www.schoenherr.eu/legal-news/serbian-law-on-digital-assets-finally-in-force-a-step-closer-to-the-eu-digital-market/
     • BDK Advokati: https://bdkadvokati.com/serbian-digital-assets-law-gets-final-approval/

2. National Bank of Serbia (NBS)

   • Official website, typically under sections related to payment systems, financial services, or specific regulations. You may need to navigate their site for specific decisions or regulations related to VASPs: https://www.nbs.rs/

3. Securities Commission (Komisija za hartije od vrednosti)

   • Official website, with sections for digital assets and licensing: https://www.sec.gov.rs/

Disclaimer: This information is for general informational purposes only and does not constitute legal advice. For specific legal advice regarding cryptocurrency and digital asset custody regulations in Serbia, it is essential to consult with a qualified legal professional specializing in Serbian law.