Slovenia -- Licensing Requirements Regulatory Overview

Slovenia, as a member of the European Union, regulates virtual asset service providers (VASPs) primarily through its anti-money laundering and counter-terrorist financing (AML/CTF) framework. Currently, Slovenia operates under a registration regime for VASPs, rather than a full licensing regime, in line with the EU's 5th and 6th Anti-Money Laundering Directives (AMLD5 and AMLD6). However, the upcoming Markets in Crypto-Assets (MiCA) Regulation will introduce a harmonized licensing framework across the EU, including Slovenia.

Slovenian Regulatory Framework for Virtual Assets

The primary legislation governing virtual asset service providers in Slovenia is the:

1. Act on the Prevention of Money Laundering and Terrorist Financing (Zakon o preprečevanju pranja denarja in financiranja terorizma – ZPPML-1): This act transposes AMLD5 and AMLD6 into Slovenian law.
   • Competent Authority: The Financial Administration of the Republic of Slovenia (FURS) (Finančna uprava Republike Slovenije) is the primary supervisory authority for AML/CTF compliance, including the registration and supervision of VASPs.

Registration vs. Licensing Regime

• Current Regime (ZPPML-1): Registration. Slovenia currently requires VASPs to register with FURS before they can operate. This is a registration for AML/CTF purposes, focusing on preventing illicit financial activities, rather than a full operational license that would typically cover aspects like prudential requirements, consumer protection, or market integrity comprehensively.
• Future Regime (MiCA): Licensing. The EU's Markets in Crypto-Assets (MiCA) Regulation (Regulation (EU) 2023/1114) will introduce a comprehensive, harmonized licensing framework for crypto-asset service providers (CASPs) across all EU member states. MiCA will come into full effect for most crypto-assets by December 30, 2024 (stablecoin rules apply from June 30, 2024). Once MiCA is fully implemented, it will largely supersede the national AML-driven registration requirements for the activities it covers, introducing a full licensing regime with passporting rights across the EU.

Required Licenses/Registrations for Specific Services

Under ZPPML-1, virtual asset service providers are defined broadly and require registration with FURS. The definition of a VASP includes:

1. Providers of services for the exchange between virtual currencies and fiat currencies.
2. Providers of services for the exchange between one or more virtual currencies.
3. Custodian wallet providers.
4. Providers of services for the transfer of virtual currencies.
5. Providers of initial coin offerings (ICOs) if they perform services from points 1-4.
6. Providers of services for placing virtual currencies.

1. Exchanges (Virtual Currency to Fiat, Virtual Currency to Virtual Currency)

• Requirement: Registration with FURS under ZPPML-1.
• Activities Covered: Providing platforms or services where users can buy/sell virtual currencies with fiat currencies (e.g., EUR, USD) or exchange one virtual currency for another (e.g., BTC for ETH).
• Future under MiCA: Will require a CASP license from a competent authority (which Slovenia will designate, likely Bank of Slovenia or ATVP) for operating an exchange platform.

2. Custody Providers (Custodian Wallet Providers)

• Requirement: Registration with FURS under ZPPML-1.
• Activities Covered: Services that hold or administer virtual currencies on behalf of third parties, or provide safekeeping services for private cryptographic keys on behalf of clients to hold, store, and transfer virtual currencies.
• Future under MiCA: Will require a CASP license for providing custody and administration of crypto-assets on behalf of third parties. MiCA introduces more stringent requirements for safeguarding client assets.

3. Payment Processors

This category requires a nuanced approach:

• If processing fiat payments for crypto transactions (e.g., enabling users to deposit/withdraw EUR to/from an exchange account):
  • Depending on the exact business model (e.g., holding client funds, initiating payments), such entities might fall under the scope of the Payment Services Act (Zakon o plačilnih storitvah in sistemih – ZPlaS-1), which transposes PSD2.
  • This could require a Payment Institution (PI) license or Electronic Money Institution (EMI) license from the Bank of Slovenia (Banka Slovenije). This is separate from VASP registration and is generally a more robust licensing process.
• If processing virtual currency payments (e.g., enabling merchants to accept crypto payments, converting them to fiat, or simply facilitating crypto-to-crypto transfers):
  • This generally falls under the VASP definition of "providers of services for the transfer of virtual currencies" and would require registration with FURS under ZPPML-1.
  • Future under MiCA: Activities like "execution of orders for crypto-assets" or "transfer services for crypto-assets" would require a CASP license.

Key Requirements for VASP Registration (Under ZPPML-1)

1. AML/KYC (Anti-Money Laundering / Know Your Customer)

This is the cornerstone of VASP registration in Slovenia:

• Customer Due Diligence (CDD): Implement robust procedures for identifying and verifying the identity of customers, including beneficial owners. This involves collecting specific data, verifying it using reliable sources, and understanding the purpose and nature of the business relationship.
• Ongoing Monitoring: Continuously monitor business relationships and transactions to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile.
• Risk-Based Approach: Implement a risk-based approach to AML/CTF, tailoring CDD measures and monitoring activities according to the assessed risk level of customers and transactions.
• Reporting Suspicious Transactions: Report all suspicious transactions and activities to FURS's Office for the Prevention of Money Laundering (OPML).
• AML Officer: Appoint a designated AML Officer and their deputy, responsible for overseeing AML/CTF compliance, implementing internal policies, and acting as the primary contact with FURS. The AML Officer must be "fit and proper" and ideally have relevant experience.
• Internal AML/CTF Policies and Procedures: Develop and implement comprehensive internal rules, policies, and procedures for AML/CTF, including risk assessment, CDD, reporting, record-keeping, and employee training.
• Record-Keeping: Maintain records of all customer due diligence data, transaction data, and communications for at least five years.
• Employee Training: Ensure all relevant employees receive regular training on AML/CTF laws, internal policies, and how to detect and report suspicious activities.

2. Capital Requirements

• Currently (Under ZPPML-1): ZPPML-1 does not specify a statutory minimum share capital requirement specifically for VASP registration. However, applicants are generally expected to demonstrate financial stability and sufficient resources to operate and comply with their AML obligations. FURS assesses the overall financial soundness as part of the application.
• Future (Under MiCA): MiCA will introduce specific, higher prudential requirements, including minimum capital requirements for CASPs, varying based on the type of services provided (e.g., €50,000 to €150,000 minimum initial capital).

3. Local Presence

• Legal Entity: The VASP must be established as a legal entity (e.g., limited liability company - d.o.o.) in Slovenia.
• Management: While not explicitly requiring all management to be Slovenian residents, key personnel, especially the AML Officer, are typically expected to have a strong connection to Slovenia or the EU, often implying local residency or significant operational presence. The management must also pass "fit and proper" assessments.
• Registered Office: A registered office in Slovenia is required.

4. Other Operational Requirements

• Business Plan: A detailed business plan outlining the VASP's activities, target markets, operational model, and financial projections.
• IT Security: Robust IT security measures, data protection protocols (in line with GDPR), and cybersecurity policies to protect client data and assets.
• Risk Management: A comprehensive risk management framework, including operational risk, financial risk, and technological risk.
• Fit and Proper Assessment: Management and significant shareholders typically undergo "fit and proper" assessments by FURS.

Application Process for VASP Registration (General Steps)

The process for VASP registration with FURS generally involves the following steps:

1. Establish a Slovenian Legal Entity: Incorporate a company (e.g., d.o.o.) in Slovenia.
2. Prepare Documentation:
   • Comprehensive business plan.
   • Detailed internal AML/CTF manual, policies, and procedures (including CDD, risk assessment, reporting).
   • IT security policies and cybersecurity measures.
   • Information about management, shareholders, and beneficial owners (CVs, police clearance, proof of no prior convictions related to financial crimes).
   • Proof of financial resources.
   • Description of the virtual asset services to be offered.
3. Appoint AML Officer: Designate a qualified AML Officer and deputy who meets FURS's requirements.
4. Submit Application to FURS: Formally submit the complete application package to FURS. This may involve specific forms and supporting documentation.
5. FURS Review: FURS will review the application, potentially request additional information or clarifications, and conduct interviews with key personnel.
6. Registration: Upon successful review and satisfaction of all requirements, FURS will register the entity as a VASP and include it in its official register.
7. Ongoing Compliance: The VASP must then continuously adhere to all AML/CTF obligations and report to FURS as required.

Regulatory References

1. Act on the Prevention of Money Laundering and Terrorist Financing (ZPPML-1):

   • Slovenian Legislation Portal (PIS): https://www.pisrs.si/Pis.web/pregledPredpisa?id=ZAKO5720 (Note: The official text is in Slovenian. Look for consolidated versions for the latest amendments.)
   • Key relevant articles define VASPs, their obligations, and FURS's powers.

2. Financial Administration of the Republic of Slovenia (FURS):

   • Official Website: https://www.gov.si/drzavni-organi/organi-v-sestavi/financna-uprava-republike-slovenije/
   • Specific information on AML/CTF and virtual currencies might be found in their publications or dedicated sections.

3. Bank of Slovenia (Banka Slovenije):

   • Official Website: https://www.bsi.si/
   • Relevant for Payment Institution/Electronic Money Institution licensing under ZPlaS-1 (transposing PSD2).

4. European Union Legislation:

   • AMLD5 (Directive (EU) 2018/843): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2018.156.01.0043.01.ENG
   • AMLD6 (Directive (EU) 2018/1673): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32018L1673
   • MiCA Regulation (Regulation (EU) 2023/1114): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023R1114

Disclaimer: This information is for general informational purposes only and does not constitute legal, financial, or regulatory advice. The regulatory landscape for virtual assets is complex and evolving, especially with the upcoming implementation of MiCA. It is highly recommended to consult with a qualified legal professional specializing in Slovenian and EU financial regulations before undertaking any virtual asset-related activities in Slovenia.