Russia -- AML/CFT Compliance Regulatory Overview

Russia's AML/CFT requirements for cryptocurrency service providers are governed primarily by Federal Law No. 115-FZ (On Countering Money Laundering and Terrorism Financing), with oversight from multiple regulatory bodies[1][2].

Primary Regulatory Framework

Federal Law No. 115-FZ establishes the core AML/CFT compliance obligations. This law mandates that financial institutions and virtual asset service providers (VASPs) implement robust anti-money laundering measures and report suspicious activities[1][2]. The framework also references Federal Law No. 134-FZ, which outlines enhanced due diligence requirements[2].

Regulatory Bodies and Oversight

Three primary authorities oversee AML/CFT compliance in Russia[1][2]:

• Bank of Russia (Central Bank of the Russian Federation): Establishes AML regulations for financial institutions, supervises compliance, issues and revokes licenses based on AML adherence, and provides guidance on AML best practices[2]. The Bank also proposes crypto-specific rules and maintains registration of digital financial asset operators[1].

• Rosfinmonitoring (Federal Financial Monitoring Service): Russia's lead agency for combating money laundering and terrorist financing. It analyzes financial transactions, ensures institutional compliance with AML/CFT standards and Federal Law No. 115-FZ, and enforces Enhanced Due Diligence requirements[2].

• Federal Tax Service of Russia: Handles tax-related compliance, requiring individuals and organizations to report cryptocurrency holdings and transactions exceeding certain thresholds (notably 600,000 rubles)[1].

Customer Due Diligence Requirements

VASPs must implement measures to identify clients, representatives, beneficiaries, and beneficial owners[2]. Enhanced due diligence is required as outlined in Federal Law No. 134-FZ[2]. Additionally, the Travel Rule compliance framework requires VASPs to collect and verify customer and counterparty information, perform VASP due diligence, conduct sanction screening of transaction counterparties, and share accurate personally identifiable information[5].

Suspicious Transaction Reporting

Entities are obligated to report controlled or suspicious transactions immediately but no later than the working day following the day of the transaction[2]. Transactions become subject to mandatory control when they exhibit inconsistencies in transactional behavior, unusual complexity, or seemingly irrational economic purpose[2]. The Bank of Russia has issued methodological recommendations advising credit institutions to identify and report suspicious activities, particularly focusing on peer-to-peer (P2P) transactions used to buy or sell cryptocurrencies[1].

Authorities may suspend a transaction for up to two working days if there is suspicion related to money laundering or financing terrorism, pending further investigation[2].

Transactions Subject to Mandatory Control

Federal Law No. 115-FZ specifies that certain transaction types are subject to mandatory control, including transactions exceeding defined monetary thresholds and transactions involving precious metals and stones[2].

Record-Keeping and Additional Obligations

While the search results do not provide explicit details on record-keeping retention periods, they confirm that financial institutions must maintain transaction records for regulatory reporting purposes. Russian authorities can introduce special preventive measures based on international risks, including restrictions or prohibitions on transactions and mandatory financial reporting[2]. Given recent sanctions concerns, obliged entities must also assess AML risks associated with transfers to self-hosted addresses and the risks of sanctions circumvention[6].

Note: The search results do not provide direct URLs for the Bank of Russia or Rosfinmonitoring websites, and specific articles of the legislation are not detailed in the available sources.