Slovenia

**Act on the Prevention of Money Laundering and Terrorist Financing (ZPPML-1):**

Slovenian Legislation Portal (PIS): https://www.pisrs.si/Pis.web/pregledPredpisa?id=ZAKO5720 (Note: The official text is in Slovenian. Look for consolidated versions for the latest amendments.)

*Key relevant articles define VASPs, their obligations, and FURS's powers.*

**Financial Administration of the Republic of Slovenia (FURS):**

Specific information on AML/CTF and virtual currencies might be found in their publications or dedicated sections.

**Bank of Slovenia (Banka Slovenije):**

Relevant for Payment Institution/Electronic Money Institution licensing under ZPlaS-1 (transposing PSD2).

**AMLD5 (Directive (EU) 2018/843):** https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2018.156.01.0043.01.ENG

**AMLD6 (Directive (EU) 2018/1673):** https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32018L1673

**MiCA Regulation (Regulation (EU) 2023/1114):** https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023R1114

**VASP Registration:** Entities providing services of safeguarding private cryptographic keys on behalf of clients, or holding, storing, and transferring virtual currencies, are classified as "virtual asset service providers" (VASPs) under ZPPDFT-2.

**Obligation to Register:** VASPs must register with the **Office for Money Laundering Prevention (UPPD)**. This is a registration requirement, not a full prudential licensing regime akin to banks or investment firms, but it entails strict AML/CFT compliance obligations.

Implementation of robust internal AML/CFT policies, procedures, and controls.

Risk assessment frameworks (customer, product, geographical risks).

Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) measures.

Record-keeping of transactions and customer data.

Reporting of suspicious transactions to UPPD.

Fit and proper assessment for management and beneficial owners (though not as extensive as for licensed financial institutions).

**Zakon o preprečevanju pranja denarja in financiranja terorizma (ZPPDFT-2) – Prevention of Money Laundering and Terrorist Financing Act (2017, with subsequent amendments, consolidating 5AMLD and 6AMLD):**

Available via the Official Gazette of the Republic of Slovenia: https://www.uradni-list.si/glasilo-uradni-list-rs/vsebina/2022-01-0171/zakon-o-preprecevanju-pranja-denarja-in-financiranja-terorizma-zppdft-2

**UPPD Website:** Provides guidance and lists of registered VASPs.

**Currently (Pre-MiCA):** ZPPDFT-2 primarily focuses on AML/CFT compliance, ensuring the *identification* of asset ownership and preventing illicit finance. It does *not* explicitly mandate insolvency-remote segregation of client crypto assets from the custodian's own assets in the same way traditional financial regulations (e.g., MiFID II for investment firms, CRD for banks) do.

While best practice for reputable custodians often involves some form of segregation to manage risk, there isn't a specific statutory requirement for *pure crypto custodians* under current Slovenian AML law to ensure client assets are legally and operationally separate and protected in the event of custodian insolvency.

**Currently (Pre-MiCA):** There are no specific statutory requirements under ZPPDFT-2 for VASPs (including custodians) to hold professional indemnity insurance or maintain a minimum level of own funds for asset protection, unlike for traditional financial institutions.

**Currently (Pre-MiCA):** Slovenian law does not explicitly mandate the use of cold storage for crypto assets. However, VASPs are expected to implement robust technical and organizational security measures to protect client assets from loss, theft, or unauthorized access. Good practice dictates that a significant portion of client assets should be held in cold storage. Regulators would assess the overall security framework rather than dictating specific technological solutions.

**Currently (Pre-MiCA):** Slovenian law (ZPPDFT-2) defines the *service* of safeguarding private cryptographic keys and the *provider* as a VASP. There isn't a separate legal definition of a "qualified custodian" that implies a higher prudential standard beyond AML compliance for pure crypto firms. Any VASP registered with UPPD and adhering to AML/CFT rules is currently considered a legitimate provider.

**Authorization:** CASPs offering custody services will require **authorization** from a national competent authority (e.g., ATVP in Slovenia). This is a much more stringent licensing process than the current AML registration.

**Key Requirements (MiCA Articles 59-64, and specific for custody Articles 65-68):**

**Legal form:** CASPs must be legal persons established in the EU.

**Governance:** Robust governance arrangements, internal control mechanisms, risk management procedures.

**Management body:** Members must be of good repute and possess sufficient knowledge, skills, and experience.

**Initial capital:** Requirement for minimum initial capital or professional indemnity insurance (see below).

**Operational reliability:** Sound administrative and accounting procedures, adequate IT systems, security protocols, business continuity plans.

**Conflict of interest:** Measures to prevent and manage conflicts of interest.

**Complaints handling:** Effective and transparent procedures.

**Prudential safeguards:** Specific requirements related to safeguarding client assets.

**Mandatory Segregation:** MiCA explicitly mandates robust client asset segregation. CASPs providing custody services must:

**Article 66(2):** Make adequate arrangements to safeguard the ownership rights of clients over their crypto-assets and, where applicable, their rights over funds, especially in the event of the CASP's insolvency.

**Article 66(3):** Keep client crypto-assets separate from their own crypto-assets.

**Article 66(4):** Keep client funds separate from their own funds with credit institutions or central banks.

**Article 66(5):** Ensure client crypto-assets are held in separate addresses or accounts, clearly identifying the clients.

**Professional Indemnity or Own Funds:** MiCA **Article 60(2)** and **Article 66(5)** require CASPs providing custody services to maintain either:

**Professional indemnity insurance** covering specific risks (e.g., loss of client crypto-assets, operational errors, cyber risks).

**Own funds** equivalent to the professional indemnity insurance coverage.

The amount will be determined based on the nature, scale, and complexity of the services, and the types of crypto-assets involved.

While MiCA does not explicitly mandate "cold storage," it requires CASPs to implement "adequate organisational arrangements to minimise the risk of loss or theft of crypto-assets" (Article 66(1)). This implicitly demands robust security measures, which for digital assets often includes the use of cold storage for a substantial portion of assets, multi-signature schemes, and strong cryptographic key management.

Under MiCA, a **"qualified custodian"** will effectively be an **authorised Crypto-Asset Service Provider (CASP)** that has received a license to provide "custody and administration of crypto-assets on behalf of third parties" from a competent national authority in an EU Member State. Such a CASP will be subject to the full prudential, organizational, and conduct of business requirements of MiCA, elevating it far beyond a simple AML registration.

**Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA):** This is the cornerstone legislation.

Full text available in the Official Journal of the European Union: https://eur-lex.europa.eu/eli/reg/2023/1114/oj

Relevant articles for custody: Article 3(1)(10) (definition), Articles 59-64 (authorization), Articles 65-68 (custody-specific requirements).

**Implementation Dates:** Rules for asset-referenced tokens (ARTs) and electronic money tokens (EMTs) apply from **30 June 2024**. Rules for other crypto-assets apply from 30 December 2024.

**Slovenian National Legislation (relevant prior to MiCA's full effect and for complementary aspects):**

**Zakon o elektronskem denarju (ZEL) - Electronic Money Act:** Transposes the EU E-Money Directive (2009/110/EC). Relevant for fiat-backed stablecoins classified as e-money.

**Zakon o trgu finančnih instrumentov (ZTFI) - Financial Instruments Market Act:** Transposes MiFID II. Relevant if a crypto-asset were to be classified as a financial instrument.

**Bank of Slovenia (Banka Slovenije):** The central bank, responsible for monetary policy, financial stability, and oversight of payment systems and e-money institutions.

**Agency for Securities Market (Agencija za trg vrednostnih papirjev - ATVP):** The national securities regulator, responsible for the oversight of financial markets and instruments.

**Electronic Money Tokens (EMTs):** These are crypto-assets that purport to maintain a stable value by referencing the value of **one single fiat currency** (e.g., a EUR-pegged stablecoin).

**Regulatory Approach:** EMTs are largely treated as "electronic money" under the existing E-Money Directive, with MiCA adapting and extending these rules specifically for crypto-assets.

**Asset-Referenced Tokens (ARTs):** These are crypto-assets that purport to maintain a stable value by referencing **any other value or right, or a combination thereof, including one or several fiat currencies, one or several commodities, or one or several crypto-assets.**

**Regulatory Approach:** ARTs have a bespoke set of rules under MiCA, similar in stringency to those for e-money institutions or banks.

**Pre-MiCA Situation:** Before MiCA, the classification was ambiguous. A fiat-backed stablecoin *could* have been considered e-money if it met the criteria of the Slovenian ZEL. Other stablecoins would likely have been treated as "virtual assets" under AML laws, or potentially as securities under ZTFI if they met the characteristics of a transferable security or other financial instrument (e.g., offering rights to profits). MiCA aims to resolve this ambiguity for ARTs and EMTs.

**Full Backing:** Issuers must maintain reserves that are at all times at least equal to the nominal value of the outstanding stablecoins.

**High Liquidity:** Reserves must be held in assets with high liquidity and minimal market risk.

**Segregation:** Reserve assets must be segregated from the issuer's own assets and held in separate accounts or custody by credit institutions or other authorized entities.

**Custody:** For ARTs, at least 30% of the reserve assets must be deposited with credit institutions. For EMTs, funds received in exchange for e-money are to be held in a segregated account with a credit institution or invested in secure, low-risk assets.

**Investment Policy:** Issuers must have a clear investment policy for reserve assets, ensuring they are invested safely and prudently.

**Mandatory Authorization:** Issuers of ARTs and EMTs must be authorized by a competent national authority (in Slovenia, this would likely be the Bank of Slovenia for EMTs/e-money-like institutions, and potentially the ATVP for ARTs, depending on the specifics and national implementation of MiCA).

**Credit Institutions:** Credit institutions (banks) are exempt from requiring separate MiCA authorization if they issue stablecoins, but they must notify the competent authority.

**Authorization Process:** Involves submitting a comprehensive white paper, a robust business plan, governance arrangements, operational resilience measures, and demonstrating sufficient capital.

**Capital Requirements:** Specific minimum capital requirements apply, generally €350,000 or a percentage of the average amount of ARTs/EMTs outstanding.

**Clear Redemption Right:** Issuers of ARTs and EMTs must grant holders a clear and unambiguous right to redeem their stablecoins at par value (for EMTs) or at the market value of the referenced assets (for ARTs) from the issuer at any time.

**Timely Redemption:** Redemption must be processed promptly and without undue delay.

**No Fees (for EMTs):** Issuers of EMTs are generally prohibited from charging fees for redemption.

**MiCA's Focus on Backed Stablecoins:** MiCA's framework primarily addresses stablecoins that are *backed* by reserves (EMTs and ARTs).

**Exclusion of Pure Algorithmic Stablecoins:** Stablecoins that aim to maintain stability solely through algorithms, without substantial backing in fiat, commodities, or other liquid assets, are **not** explicitly covered as ARTs or EMTs under MiCA.

**Implied Disapproval/Lack of Framework:** This means such algorithmic stablecoins do not benefit from the specific stability-focused regulations of MiCA. They would likely fall under the general "other crypto-assets" category within MiCA, subject to white paper requirements and general market conduct rules, but not the stringent prudential and reserve rules. This effectively means MiCA does not provide a regulatory path for pure algorithmic stablecoins to operate within its defined stablecoin categories.

**No National CBDC:** Slovenia, as part of the Eurozone, does not have plans for a national Central Bank Digital Currency (CBDC) separate from a potential digital Euro.

**Digital Euro Exploration:** The European Central Bank (ECB) is actively exploring the development of a **digital Euro**. If and when a digital Euro is introduced, it would serve as a public, central bank-issued complement to private stablecoins and traditional cash, aiming to ensure monetary sovereignty and financial stability.

**Impact on Stablecoins:** A digital Euro would likely act as a strong alternative to private stablecoins, particularly EMTs, potentially reducing their appeal by offering a risk-free, central bank-backed digital currency for payments. Slovenia would adopt the digital Euro as part of its participation in the Eurozone.

**Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF):** This is the most established area of regulation, requiring virtual asset service providers (VASPs) to comply with stringent obligations.

**Taxation:** Virtual assets are subject to existing income and corporate tax laws, although a specific crypto tax framework is under discussion.

**Consumer Protection and Financial Stability:** Regulatory bodies issue warnings about the risks associated with virtual assets.

**Future Harmonization with EU Law:** The upcoming MiCA regulation will significantly expand the scope of regulation, moving Slovenia towards a **comprehensive** framework for crypto-assets.

**Urad Republike Slovenije za preprečevanje pranja denarja (UPPD) – Office for Money Laundering Prevention:**

**Role:** The primary authority for enforcing AML/CTF regulations regarding virtual assets. VASPs must register with UPPD and comply with their obligations.

**Agencija za trg vrednostnih papirjev (ATVP) – Securities Market Agency:**

**Role:** Regulates the capital markets. Its involvement depends on the classification of a specific crypto-asset. If a crypto-asset (e.g., certain tokens from an ICO) qualifies as a security or financial instrument under Slovenian law, ATVP's regulations apply (e.g., prospectus requirements, investment services rules).

**Banka Slovenije (BS) – Bank of Slovenia (Central Bank):**

**Role:** Responsible for financial stability, payment systems, and consumer protection. While not a direct regulator of crypto-assets *per se*, it issues warnings to the public about the risks of virtual assets and monitors their potential impact on the financial system. It also advises the government on related policies.

**Finančna uprava Republike Slovenije (FURS) – Financial Administration of the Republic of Slovenia:**

**Role:** Responsible for taxation. Oversees the reporting and payment of taxes related to crypto activities.

**Date:** The current consolidated version (ZPPDFT-2) was adopted in 2017 and has been amended multiple times to transpose subsequent EU AML directives, including 5AMLD (Directive (EU) 2018/843) and 6AMLD (Directive (EU) 2018/1673). The key provisions concerning virtual assets and VASPs came into effect with the transposition of 5AMLD.

**Key Aspects:** This act designates virtual asset service providers (VASPs) as obliged entities. It mandates VASPs to:

Implement customer due diligence (KYC) procedures.

Monitor transactions for suspicious activities.

Report suspicious transactions to the UPPD.

**URL (Official Gazette, Slovenian):** https://www.pisrs.si/Pis.web/pregledPredpisa?id=ZAKO5803

**Tax Legislation (No specific crypto act, but existing laws apply):**

**Zakon o dohodnini (ZDoh-2) – Income Tax Act (Latest consolidated version, e.g., 2023):** Governs personal income tax.

**Zakon o davku na dohodke pravnih oseb (ZDDPO-2) – Corporate Income Tax Act (Latest consolidated version, e.g., 2023):** Governs corporate income tax.

**Individuals:** Profits from crypto trading (when converted to fiat) are generally taxed as "other income" or "capital gains" if considered speculative. However, a specific framework is lacking, leading to case-by-case interpretations. There is an ongoing proposal for a specific 10% tax on crypto gains (or 25% for companies involved in crypto mining) when converted to fiat, with an exemption for gains under EUR 10,000 annually. This proposal is currently *not yet law*.

**Companies:** Income derived from crypto activities (e.g., mining, trading, services) is subject to corporate income tax.

**VAT:** Transactions involving traditional cryptocurrencies (like Bitcoin) are generally exempt from VAT, following EU case law.

**EU Markets in Crypto-Assets Regulation (MiCA Regulation (EU) 2023/1114):**

**Date:** Entered into force on June 29, 2023. Rules relating to asset-referenced tokens (ARTs) and e-money tokens (EMTs) will apply from **30 June 2024**. Rules relating to other crypto-assets and crypto-asset service providers (CASPs) will apply from **30 December 2024**.

**Key Aspects:** As an EU Member State, MiCA will be directly applicable in Slovenia. It introduces a comprehensive regulatory framework for:

Issuers of crypto-assets (requiring whitepapers, disclosure obligations).

Crypto-asset service providers (CASPs), including exchanges, custodians, and brokers, which will require authorization/licensing to operate across the EU.

**Legality:** Crypto trading and the operation of crypto exchanges are **legal** in Slovenia.

**AML/CTF:** Currently, the primary regulatory requirement for crypto exchanges and other VASPs (e.g., custodians, wallet providers, providers of fiat-to-crypto/crypto-to-fiat exchange services) is compliance with the ZPPDFT-2. This means they must register with the UPPD and implement robust AML/KYC procedures.

**Licensing (Pre-MiCA):** There is **no specific separate licensing regime** for operating a crypto exchange in Slovenia beyond the AML registration with UPPD, *unless* the activities fall under existing financial services laws (e.g., if a crypto-asset is classified as a security, requiring an ATVP license, or if it involves traditional payment services requiring a Banka Slovenije license).

**MiCA Impact:** From December 2024, MiCA will introduce a **harmonized licensing regime** for crypto-asset service providers (CASPs) across the EU, including Slovenia. Exchanges will need to obtain authorization from their national competent authority (likely ATVP in Slovenia, in coordination with Banka Slovenije) to offer services within the EU. This will significantly professionalize and standardize the industry.

**Consumer Protection:** Banka Slovenije and ATVP frequently issue warnings to the public about the high risks associated with investing in crypto-assets, emphasizing volatility, lack of regulatory oversight (pre-MiCA), and potential for fraud.

**National Legislation:** Slovenia's primary AML/CTF law is the **Zakon o preprečevanju pranja denarja in financiranja terorizma (ZPPDFT-2)** (Prevention of Money Laundering and Terrorist Financing Act). This act defines virtual currencies and service providers and imposes general AML/CTF obligations.

**URL:** ZPPDFT-2 (Official Gazette of the Republic of Slovenia - Uradni list RS) (Note: You may need to navigate the Slovenian official gazette for the most up-to-date consolidated text, as laws are frequently amended.)

**EU Regulation (Directly Applicable):** The crucial piece of legislation that specifically codifies the Travel Rule for crypto assets across the EU (including Slovenia) is:

**Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets and amending Regulation (EU) 2015/847.** This regulation directly applies in Slovenia without the need for national transposition for its core provisions.

**URL:** Regulation (EU) 2023/1113 on EUR-Lex

Initial obligations for VASPs under ZPPDFT-2 (transposing 5AMLD) have been in effect since around **late 2019 / early 2020**.

However, the specific and comprehensive implementation of the FATF Travel Rule for crypto assets, as defined by **Regulation (EU) 2023/1113**, becomes applicable much later: **30 December 2024**. This is the key date for the full Travel Rule requirements for crypto assets.

**Between Crypto-Asset Service Providers (CASPs):** There is **no de minimis threshold** for transfers between CASPs. This means all transfers, regardless of amount, must be accompanied by the required information.

**To or From a Self-Hosted Wallet (Unhosted Wallet):**

For transfers to or from a self-hosted wallet **below €1,000**, CASPs are required to collect and verify the identity of their customer (the originator or beneficiary) and assess whether the transfer is intended for criminal activities, but are not required to verify the owner of the self-hosted wallet unless they suspect illicit activity.

For transfers to or from a self-hosted wallet **equal to or above €1,000**, the CASP facilitating the transfer for its customer must collect and verify the identity of the customer and, *where technically feasible*, also verify that the self-hosted wallet is owned or controlled by that customer.

Providers of transfer services for crypto-assets

Other entities performing services for or on behalf of another natural or legal person that involves crypto-assets.

**Originator Information:** CASPs must obtain and hold the following information on the originator of a crypto-asset transfer:

Originator's distributed ledger address (or equivalent)

Originator's crypto-asset account number (if applicable)

Originator's physical address, national identity number, or customer identification number (where issued), or date and place of birth.

**Beneficiary Information:** CASPs must obtain and hold the following information on the beneficiary of a crypto-asset transfer:

Beneficiary's distributed ledger address (or equivalent)

Beneficiary's crypto-asset account number (if applicable)

**Concurrent Transfer:** This information must be transmitted by the originating CASP to the beneficiary CASP *concurrently* with the crypto-asset transfer, and in a secure manner.

**Data Handling:** CASPs must have policies and procedures in place for the collection, retention, and secure transfer of this data. This generally requires integration with Travel Rule solution providers (e.g., TRISA, TRAVEL, Sygna, VerifyVASP) or direct secure API connections between CASPs.

**Administrative fines:** Substantial monetary penalties can be imposed on legal entities and responsible persons within them for various violations, including failure to comply with data collection, verification, record-keeping, and reporting requirements.

**Revocation of licenses/registrations:** Repeated or severe non-compliance can lead to the revocation of a VASP's operating license or removal from the registry, effectively preventing them from operating in Slovenia.

**Other supervisory measures:** The supervisory authority (primarily the **Financial Administration of the Republic of Slovenia (FURS)** and potentially the **Bank of Slovenia** for certain financial entities) can impose other corrective measures and orders.

**Scope:** EU restrictive measures (sanctions) include:

**Asset freezes:** Prohibiting the making available of funds or economic resources, directly or indirectly, to designated persons, entities, or bodies. This explicitly includes virtual assets.

**Travel bans:** For designated individuals.

**Sectoral restrictions:** E.g., on specific industries, financial services, dual-use goods, or technology transfers.

**Sanctioned Entity Screening:** VASPs must conduct robust and ongoing screening of their customers (including beneficial owners), counterparties, and transactions against the EU Consolidated Sanctions List. This screening must occur at onboarding, during ongoing monitoring, and prior to processing transactions.

**Prohibition on Making Funds Available:** VASPs are prohibited from facilitating any transactions that would directly or indirectly make funds (including virtual assets) or economic resources available to sanctioned individuals or entities.

**Reporting Obligations:** In case of a hit or suspicion of a sanctions violation, VASPs are generally required to freeze the relevant assets and report the incident immediately to the Slovenian Office for Money Laundering Prevention (UPPD) and potentially other relevant authorities.

**Internal Controls:** VASPs must establish and maintain appropriate internal policies, controls, and procedures for sanctions compliance, integrated with their broader Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT) framework.

**Definition of Funds/Economic Resources:** The relevant EU regulations define "funds" and "economic resources" broadly, encompassing all forms of assets. With the implementation of the 5th and 6th Anti-Money Laundering Directives (AMLD5/6), virtual assets are unequivocally covered by AML/CFT obligations, and by extension, financial sanctions.

**EU Consolidated Sanctions List:** The most up-to-date list of all individuals, groups, and entities subject to EU financial sanctions.

EUR-Lex: Consolidated list of persons, groups and entities subject to EU financial sanctions (This link points to the latest consolidated version, which is updated frequently).

**Council Regulation (EU) No 269/2014:** Concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine. This regulation explicitly covers "funds" and "economic resources."

EUR-Lex: Council Regulation (EU) No 269/2014

**Council Regulation (EC) No 2580/2001:** On specific restrictive measures directed against certain persons and entities with a view to combating terrorism. This is another foundational regulation for asset freezes.

EUR-Lex: Council Regulation (EC) No 2580/2001

**VASP Compliance:** The same obligations as for EU sanctions apply. VASPs must screen against the UN Sanctions List (which is integrated into the EU Consolidated Sanctions List) and report any matches or suspicions.

**UN Sanctions Committees:** Provides consolidated lists for various regimes (e.g., ISIL (Da'esh) and Al-Qaida, Taliban, DPRK, Iran).

United Nations Security Council Sanctions Committees

The specific EU regulations implementing UN sanctions vary by regime (e.g., DPRK, Iran, terrorism lists).

**US Nexus:** If a Slovenian VASP uses US-based blockchain analytics tools, USD stablecoins, interacts with US financial institutions, or has US customers/employees, it can fall under OFAC's jurisdiction.

**Secondary Sanctions:** Certain OFAC programs impose "secondary sanctions" on non-US persons for engaging in specific transactions with sanctioned entities, even without a direct US nexus. This is particularly relevant for entities dealing with countries like Iran or North Korea.

**Global Best Practice:** Given the global nature of cryptocurrencies, many international VASPs choose to comply with OFAC sanctions as a best practice to avoid potential penalties, reputational damage, or loss of access to global financial infrastructure.

**VASP Compliance:** Global VASPs typically screen against OFAC's Specially Designated Nationals (SDN) and Blocked Persons List, as well as other relevant OFAC lists (e.g., sectoral sanctions identifications list).

**OFAC Website:** Provides comprehensive information on sanctions programs and lists.

U.S. Department of the Treasury: Office of Foreign Assets Control (OFAC)

**SDN List:** The primary list for designated individuals and entities.

**OFAC Guidance on Virtual Currency:** Provides insights into OFAC's expectations for virtual currency businesses.

OFAC Guidance for the Virtual Currency Industry

**Key National Law:** The primary legislation is the **Zakon o preprečevanju pranja denarja in financiranja terorizma (ZPPDFT-1)** – Act on the Prevention of Money Laundering and Terrorist Financing. This act incorporates the requirements of EU AML Directives and establishes the framework for implementing financial sanctions.

**Obligations for VASPs:** Article 4 of ZPPDFT-1 explicitly lists "providers of services for the exchange between virtual currencies and fiat currencies" and "providers of custodial wallet services" as obliged entities, subject to full AML/CFT requirements, including customer due diligence (CDD), beneficial ownership identification, ongoing monitoring, transaction monitoring, and, crucially, **sanctions screening**.

**Reporting Authority:** The main supervisory and reporting authority in Slovenia for AML/CFT and financial sanctions is the **Urad RS za preprečevanje pranja denarja (UPPD)** – Office for Money Laundering Prevention.

Urad RS za preprečevanje pranja denarja (UPPD)

**Country-Specific Sanctions Lists:** Slovenia does **not** maintain a separate national sanctions list for financial sanctions distinct from the EU/UN lists. Its obligations are to directly enforce the EU Regulations which incorporate UN and autonomous EU measures. Therefore, VASPs in Slovenia primarily need to screen against the **EU Consolidated Sanctions List**.

**Geographic Restrictions:** These are directly derived from the targets of UN and EU sanctions regimes. VASPs must restrict transactions involving sanctioned countries, territories (e.g., Crimea), or regions, as well as any individuals or entities located within or operating from these areas, if they are subject to sanctions. Examples include prohibitions related to Russia, Belarus, North Korea, Iran, Syria, etc.

**Zakon o preprečevanju pranja denarja in financiranja terorizma (ZPPDFT-1)**: (Act on the Prevention of Money Laundering and Terrorist Financing - consolidated official text). You would typically find this on the official Slovenian legislative portal (e.g., Uradni list RS).

Pravno-informacijski sistem Republike Slovenije (Legal Information System of the Republic of Slovenia) (This links to an interpretation, but the official law can be found via a search on pisrs.si for "ZPPDFT-1").

**Legal Persons (VASPs/Companies):** ZPPDFT-1 (Articles 140-143) prescribes substantial administrative fines for legal persons that fail to comply with their obligations, including sanctions screening and reporting. These can range from **€10,000 to €200,000**, with higher amounts for repeat offenses or particularly serious breaches.

**Responsible Persons (Management/Directors):** Individuals responsible for the violations within the VASP can also face fines ranging from **€1,000 to €40,000**.

**Reputational Damage:** Beyond financial penalties, violations can lead to severe reputational damage, loss of trust, and potential revocation of licenses or operating permits.

**Criminal Penalties:** In cases of severe and intentional breaches, especially those related to terrorist financing or proliferation, criminal charges could be pursued under Slovenian criminal law, which carries penalties including imprisonment.

**Robust Screening:** Continuously screening all customers, beneficial owners, and transactions against the **EU Consolidated Sanctions List** (which integrates UN lists).

**Prohibition:** Preventing any funds (including virtual assets) or economic resources from being made available to sanctioned individuals or entities.

**Reporting:** Immediately reporting any sanctions hits or suspicious activities to the Slovenian UPPD.

**Internal Controls:** Implementing comprehensive internal sanctions compliance policies, procedures, and training as part of their broader AML/CFT framework.

**OFAC Consideration:** For global VASPs, or those with any US nexus, adherence to OFAC sanctions remains a critical best practice to mitigate broader international risks.

**Issuing warnings and guidance:** Educating the public about risks and informing businesses about compliance requirements, especially in anticipation of EU-wide regulations like MiCA (Markets in Crypto-Assets).

**Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) supervision:** The Office for Money Laundering Prevention (UPPD - Urad RS za preprečevanje pranja denarja) is the primary authority here. While they conduct supervision and impose measures, details of individual enforcement actions against specific companies (with fine amounts and outcomes) are not usually made public in the same way as in some other jurisdictions.

**Criminal investigations:** Police and the State Prosecutor's Office handle cases of fraud, scams, or money laundering involving cryptocurrencies, but these often target individuals or criminal groups, and details about convictions and penalties might emerge later in the legal process.

**Regulator:** **Bank of Slovenia (Banka Slovenije)**, **Securities Market Agency (Agencija za trg vrednostnih papirjev - ATVP)**, **Office for Money Laundering Prevention (Urad RS za preprečevanje pranja denarja - UPPD)**.

**Entity Targeted:** The general public and virtual asset service providers (VASPs).

**Violation Type:** Warnings against unregulated crypto assets, scam projects, risks of investing in virtual assets, and emphasis on AML/CFT compliance. While not "enforcement actions" in the sense of fines, these communications serve to guide behavior and deter non-compliant activities.

**Penalty Amount:** N/A (warnings, not fines).

**Outcome:** Increased public awareness and regulatory guidance.

**Source:** Bank of Slovenia often publishes warnings on its official website:

Bank of Slovenia - Warnings (English section may be less comprehensive than Slovene)

Example warning from 2021 about virtual currencies (relevant to the period): Bank of Slovenia - Virtual currencies and investor protection (Slovenian)

**Source:** ATVP issues warnings regarding unregistered entities or potentially fraudulent schemes.

**Regulator:** **Office for Money Laundering Prevention (UPPD)**

**Entity Targeted:** Virtual Asset Service Providers (VASPs) operating in Slovenia.

**Violation Type:** Non-compliance with AML/CFT obligations (e.g., inadequate customer due diligence, suspicious transaction reporting failures, internal control deficiencies).

**Penalty Amount:** Details are not typically made public for individual administrative measures, but can range from warnings to fines.

**Outcome:** Improved compliance within the sector. The UPPD regularly publishes annual reports detailing their activities, including the number of suspicious transaction reports related to virtual currencies and general supervision efforts, but without identifying specific companies subject to enforcement.

**Source:** UPPD Annual Reports (available in Slovenian, with English summaries sometimes):

UPPD Publications - Annual Reports (You would need to review these reports for general trends, as specific enforcement details against named companies are not typically included.)