Slovakia

**Custodial License Requirements (Current - AML Focus):**

**Registration, not a dedicated license:** Currently, there isn't a specific "crypto custody license" in the traditional financial sense. However, entities providing services related to virtual assets, including custodian wallet providers, are considered **"obliged entities"** under Slovak AML law.

**AML Obligations:** This means they must comply with AML/CFT requirements, such as customer due diligence (CDD), transaction monitoring, suspicious activity reporting (SARs), and implementing internal risk management systems.

**National Legislation:** These obligations stem from **Act No. 297/2008 Coll. on measures against the legalization of proceeds of crime and the financing of terrorism** (Zákon č. 297/2008 Z. z. o ochrane pred legalizáciou príjmov z trestnej činnosti a o ochrane pred financovaním terorizmu). This Act has been amended multiple times to transpose the 4th, 5th, and 6th EU AML Directives.

**Competent Authorities:** For AML purposes, the Financial Intelligence Unit (FIU) within the Ministry of Interior is key, but the National Bank of Slovakia (Národná banka Slovenska - NBS) supervises financial institutions, which could include certain crypto-related activities if deemed financial services.

**Act No. 297/2008 Coll. (AML Act):** Link to Slov-Lex, the Slovak legislative database (in Slovak) (Search for the consolidated version to include amendments).

**National Bank of Slovakia (NBS) general information on Virtual Assets (in Slovak):** https://www.nbs.sk/sk/dohlad-nad-financnym-trhom/dohlad-nad-virtualnymi-aktivami (This page confirms the application of AML rules and highlights upcoming MiCA).

**Segregation of Client Assets Rules (Current):**

**None specific to crypto custody:** There are no national insurance or bonding mandates specifically for crypto custody providers under current Slovak law.

**No specific mandate:** Slovak law does not currently mandate the use of cold storage for crypto assets. Custodians are expected to implement robust security measures, but the specific technology is not prescribed.

**Not explicitly defined for crypto:** The concept of a "qualified custodian" as a specifically regulated entity for crypto assets does not exist under current Slovak law. Entities performing custody are primarily defined by their AML obligations.

**Publication:** MiCA was published in the Official Journal of the European Union on June 9, 2023.

Titles III (asset-referenced tokens) and IV (e-money tokens) will apply from **June 30, 2024**.

All other titles, including those related to CASPs and custody, will apply from **December 30, 2024**.

**MiCA Text (Official Journal of the European Union):** https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1114

**Custodial License Requirements (Future - MiCA):**

**Mandatory Authorization:** Under MiCA (Title V), any entity providing **"custody and administration of crypto-assets on behalf of clients"** (Article 68) will be considered a **Crypto-Asset Service Provider (CASP)** and will need to be authorized by the national competent authority. In Slovakia, this will most likely be the **National Bank of Slovakia (NBS)**.

**Application Process:** CASPs will need to apply for authorization, demonstrating compliance with various organizational, operational, and prudential requirements.

**Passporting:** Once authorized in Slovakia, a CASP can "passport" its services across the entire EU.

**Segregation of Client Assets Rules (Future - MiCA):**

**Strict Segregation Mandate:** MiCA explicitly requires CASPs providing custody services to:

"Enter into a client agreement to specify their duties and responsibilities, and to ensure that clients’ rights are clearly established, including those relating to the ownership of the crypto-assets." (Article 68(2)(b))

"Segregate clients’ crypto-assets from their own assets and ensure that crypto-assets held on behalf of clients are not used without the explicit consent of the client." (Article 68(2)(c))

"Keep records and accounts that enable them to immediately distinguish crypto-assets held on behalf of clients from their own assets and from the assets held on behalf of other clients." (Article 68(2)(d))

Similar rules apply to clients' fiat funds (Article 68(2)(e)).

**Insurance/Bonding Requirements (Future - MiCA):**

**Prudential Safeguards:** MiCA (Article 67) mandates that CASPs providing custody services hold **prudential safeguards** to cover potential liability risks. These safeguards must be one of the following:

The amount of these safeguards will depend on the nature and scale of the services provided, with specific calculations outlined in the regulation (e.g., 25% of the CASP's fixed overheads of the preceding year, or a minimum absolute amount).

**Cold Storage Mandates (Future - MiCA):**

**Security & Operational Resilience:** While MiCA doesn't explicitly *mandate* cold storage, it imposes stringent requirements on CASPs for operational resilience, security, and IT systems (Article 65).

Custodians must "implement robust IT systems, security arrangements and protocols in accordance with international standards" (Article 68(2)(f)) and "have a policy on the recovery of crypto-assets, and communicate that policy to clients" (Article 68(2)(g)). These provisions effectively necessitate sophisticated and secure storage solutions, which for many institutions will include significant use of cold storage for the bulk of client assets.

**Qualified Custodian Definitions (Future - MiCA):**

MiCA directly defines the requirements for a "provider of custody and administration of crypto-assets on behalf of clients" (Article 3(1)(10) and Article 68). An authorized CASP meeting these criteria will effectively serve as a "qualified custodian" within the EU framework.

**No separate national custody legislation:** Slovakia is not expected to introduce its own separate, comprehensive custody legislation for crypto assets outside of MiCA. As an EU regulation, MiCA is directly applicable and sets the harmonized standard.

**National Implementation Actions:** Slovakia's main tasks will involve:

**Designating the Competent Authority:** Officially designating the National Bank of Slovakia (NBS) as the authority responsible for authorizing and supervising CASPs under MiCA.

**Adjusting National Law:** Making necessary amendments to existing financial market legislation (e.g., to integrate references to MiCA, establish national penalties for non-compliance, and clarify supervisory powers).

**Issuing Guidance:** The NBS will likely issue specific guidance or secondary legislation to help CASPs understand and comply with MiCA requirements in the Slovak context.

**Act No. 297/2008 Coll. on Protection Against Legalisation of Proceeds of Crime and Against Financing of Terrorism (AML Act):** This is the primary legislation in Slovakia governing AML/CFT. It has been amended multiple times, most notably by Act No. 397/2019 Coll., which transposed the 5AMLD and extended its scope to virtual assets and VASPs.

**Directive (EU) 2018/843** (5th Anti-Money Laundering Directive - 5AMLD): This directive extended AML/CFT obligations to VASPs for the first time.

**Directive (EU) 2015/849** (4th Anti-Money Laundering Directive - 4AMLD): The foundational directive.

**Directive (EU) 2018/1673** (6th Anti-Money Laundering Directive - 6AMLD): Further harmonized criminal offenses and penalties for money laundering.

**Virtual currency exchange services:** Providers exchanging virtual currencies for fiat currencies, or vice versa, or between one or more forms of virtual assets.

**Custodian wallet providers:** Entities that provide services to safeguard private cryptographic keys on behalf of their customers, to hold, store, and transfer virtual assets.

**Providers of other services related to virtual assets:** This can be broadly interpreted to include other services like issuance, transfer, or administration of virtual assets.

**Identification of the Customer and Verification of Identity:**

**Natural Persons:** Full name, date of birth, place of birth, permanent address, nationality, type and number of identity document, and the issuing authority. Identity must be verified using reliable, independent sources (e.g., government-issued ID).

**Legal Entities:** Company name, registered address, registration number, identification of directors/management, and verification of their authority.

**Identification of the Ultimate Beneficial Owner (UBO):**

Identify the natural person(s) who ultimately own or control the customer, or on whose behalf a transaction is being conducted. This usually means individuals holding 25% or more of the shares/voting rights, or otherwise exercising control.

Verification of the UBO's identity.

**Understanding the Purpose and Nature of the Business Relationship/Transaction:**

Gather information about the reason for the customer seeking services from the VASP and the expected nature of their activity.

Continuously scrutinize transactions throughout the course of the business relationship to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile.

**Politically Exposed Persons (PEPs):** Customers who are or have been entrusted with prominent public functions, their family members, or close associates.

**High-risk jurisdictions:** Customers or transactions involving countries identified as having strategic AML/CFT deficiencies by FATF or the European Commission.

**Complex or unusually large transactions:** Or transactions with an unusual pattern, without an apparent economic or lawful purpose.

**New or developing technologies:** Including virtual assets, where the risks may not be fully understood.

**Non-face-to-face business relationships:** Where there is no physical meeting with the customer.

**Source of Funds (SoF) and Source of Wealth (SoW):** VASPs must take reasonable measures to establish the source of funds and wealth involved in high-risk relationships or transactions.

**Obligation to Report:** Any transaction, attempted transaction, or activity where the VASP suspects or has reasonable grounds to suspect that funds are proceeds of criminal activity or are linked to terrorist financing.

**Timing:** Reports must be submitted promptly, usually immediately, once a suspicion arises.

**No Tipping-Off:** VASPs and their employees are prohibited from disclosing to the customer or third parties that a suspicious activity report has been, or will be, filed.

Copies of documents obtained for CDD (identification, verification, UBO).

Evidence of the measures taken to establish the purpose and nature of the business relationship.

Records of transactions, including amounts, currencies, dates, sender and recipient information (including virtual asset addresses where applicable), and any other relevant details.

Records of internal and external reports (e.g., suspicious transaction reports).

**Retention Period:** Generally, these records must be kept for **five years** from the date of the last transaction or the end of the business relationship, whichever is later. This period can be extended upon request by competent authorities.

**National Bank of Slovakia (NBS) / Národná banka Slovenska (NBS):**

The NBS is the main financial supervisory authority in Slovakia. It supervises financial institutions and other obliged entities, including those operating in the virtual asset space, particularly if they fall under broader financial services licensing. The scope of their supervision for VASPs can depend on the specific type of service offered and whether it falls under traditional financial licensing requirements or specific VASP registration.

**Financial Intelligence Unit (FIU) / Finančná spravodajská jednotka (FSJ):**

The FIU in Slovakia is part of the **Presidium of the Police Force of the Slovak Republic** (Prezídium Policajného zboru Slovenskej republiky), under the Ministry of Interior.

The FIU is responsible for receiving, analyzing, and disseminating suspicious transaction reports and plays a crucial role in combating money laundering and terrorist financing. While not a direct supervisory body for compliance in the same way as NBS, it is the central point for STRs and works closely with supervisory authorities and law enforcement.

**Ministry of Interior (which oversees the Police Force):** `https://www.minv.sk/?policia` (direct FIU unit page might not be publicly prominent on the main police site).

**Current (Partial - AML/CTF Focused):** The immediate focus is on Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) obligations, requiring virtual asset service providers (VASPs) to register and comply with reporting duties. Consumer protection largely comes in the form of warnings issued by the central bank.

**Future (Comprehensive - MiCA):** With the full implementation of the EU's Markets in Crypto-Assets (MiCA) Regulation, Slovakia will adopt a comprehensive framework covering market integrity, consumer protection, licensing requirements for crypto-asset service providers (CASPs), issuance rules for various crypto-assets, and market abuse prevention.

**National Bank of Slovakia (Národná banka Slovenska - NBS):** The NBS is the primary supervisory authority for many financial institutions in Slovakia, including some VASPs. They issue guidance and oversee compliance.

**Role:** The central bank and financial market supervisor. Currently, it issues warnings to the public about the risks associated with cryptocurrencies and provides guidance on financial market regulations. Under MiCA, the NBS is expected to be a primary competent authority for supervising CASPs and issuers of crypto-assets, especially those not deemed "significant" by the European Securities and Markets Authority (ESMA).

**Financial Intelligence Unit (FIU) under the Ministry of Interior (Finančná spravodajská jednotka Ministerstva vnútra SR):**

**Role:** Responsible for supervising compliance with AML/CTF legislation. This includes the registration of VASPs and the receipt of suspicious transaction reports.

**Website:** https://www.minv.sk/?financna-spravodajska-jednotka (Section within the Ministry of Interior website)

**Date:** Originally enacted in 2008, it has been significantly amended over time, particularly to transpose EU Anti-Money Laundering Directives (e.g., AMLD5 and AMLD6).

**Relevance:** This is the primary national legislation that currently regulates virtual asset service providers (VASPs) in Slovakia. It defines VASPs (e.g., exchanges, custodians) as obliged entities and subjects them to AML/CTF requirements, including client due diligence, suspicious transaction reporting to the FIU, and mandatory registration with the FIU.

**Reference:** Available in Slovak legislative databases, e.g., Slov-Lex (https://www.slov-lex.sk/) – search for "zákon č. 297/2008 Z. z."

**Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA):**

**Date:** Published in the Official Journal of the EU on June 9, 2023.

Rules for asset-referenced tokens (ARTs) and e-money tokens (EMTs) apply from **30 June 2024**.

Rules for other crypto-assets and CASPs apply from **30 December 2024**.

**Relevance:** MiCA is an EU Regulation, meaning it is directly applicable in all EU member states, including Slovakia, without the need for national transposition. It will fundamentally reshape the regulatory landscape for crypto-assets and services. It introduces:

Licensing requirements for Crypto-Asset Service Providers (CASPs).

Rules for the issuance and admission to trading of various crypto-assets.

Operating conditions for CASPs regarding governance, consumer protection, and operational resilience.

Measures to prevent market manipulation and insider trading.

**Legality:** Crypto trading and the operation of crypto exchanges are **legal** in Slovakia. There is no ban on holding or trading cryptocurrencies.

**AML/CTF Registration:** Currently, entities offering virtual asset services (such as operating crypto exchanges, providing fiat-to-crypto exchange services, or offering crypto custody) are classified as **Virtual Asset Service Providers (VASPs)**. They are subject to the **AML Act (Act No. 297/2008 Coll.)** and must:

Register with the **Financial Intelligence Unit (FIU)** of the Ministry of Interior.

Implement robust AML/CTF policies and procedures.

Conduct customer due diligence (KYC).

Report suspicious transactions to the FIU.

**No specific operating license (pre-MiCA):** Before MiCA's full implementation, there is no specific licensing regime in Slovakia for crypto exchanges beyond the AML registration requirements. This means they are not currently supervised by the NBS for prudential or conduct-of-business rules in the same way traditional financial institutions are.

**Consumer Trading:** Individuals can legally buy, sell, and hold cryptocurrencies. However, they do so at their own risk, and the NBS frequently issues warnings highlighting the volatility, lack of regulatory protection, and potential for fraud.

**Taxation:** Profits from cryptocurrency trading are generally subject to income tax in Slovakia, similar to capital gains. There are specific rules regarding the holding period and types of income.

**Future under MiCA:** From **December 2024**, crypto exchanges (which will be categorized as Crypto-Asset Service Providers - CASPs) will need to obtain a **license** from the National Bank of Slovakia (or another competent authority in the EU) to operate within Slovakia. This license will come with stringent requirements regarding capital, governance, operational resilience, and consumer protection, significantly increasing regulatory oversight beyond current AML obligations.

**Adopted:** Yes, Slovakia has adopted the FATF Travel Rule principles into its national law. This was primarily achieved through amendments to its AML/CFT legislation, transposing the 5th EU AML Directive (Directive (EU) 2018/843), which extended AML obligations to virtual asset service providers (VASPs).

**EU Context:** The upcoming Markets in Crypto-Assets (MiCA) Regulation, expected to apply fully in the EU by late 2024/early 2025, will further standardize and strengthen the Travel Rule implementation across all EU member states, including Slovakia. MiCA incorporates the FATF Travel Rule requirements directly within its framework for crypto-asset transfers.

The key amendments to Slovak AML law that brought virtual asset service providers under the AML/CFT regime, including Travel Rule-like obligations, came into effect on **1 March 2020**. This was through Act No. 397/2019 Coll., which amended the primary AML Act.

Slovakia's AML law, consistent with the 5AMLD and FATF guidance, generally requires the collection and transmission of originator and beneficiary information for all virtual asset transfers executed by a VASP, regardless of the amount.

However, specific thresholds can apply in certain contexts:

For transactions involving a VASP and an **unhosted (self-hosted) wallet**, the VASP is typically required to collect information about the customer (and potentially the unhosted wallet owner if the amount exceeds a certain threshold) when the transaction value is **€1,000 or more**.

For **VASP-to-VASP transfers**, the Travel Rule applies to **all transfers**, with no de minimis threshold for collecting and transmitting the required information.

Entities that exchange virtual currencies for fiat currencies (and vice versa).

Entities that exchange one or more virtual currencies for one or more other virtual currencies.

Custodial wallet providers (entities that provide services to safeguard private cryptographic keys on behalf of their customers, to hold, store, and transfer virtual currencies).

Entities providing transfer services for virtual assets.

Other services that facilitate the issuance, sale, or transfer of virtual assets.

**Information Collection:** VASPs must collect and verify specific information about both the originator and beneficiary of a virtual asset transfer:

**Originator:** Name, account number (or virtual asset wallet address), physical address, national identity number (or customer identification number), date and place of birth.

**Beneficiary:** Name, account number (or virtual asset wallet address).

**Information Transmission:** The originating VASP must transmit the collected originator and beneficiary information to the beneficiary VASP immediately and securely with the virtual asset transfer.

**Information Retention:** VASPs must retain the collected information for a period of **5 years** after the business relationship ends or after an occasional transaction.

**Due Diligence:** Perform customer due diligence (CDD) on their clients, which includes identifying and verifying their identity and understanding the nature of their business.

**Monitoring and Reporting:** Monitor transactions for suspicious activity and report any suspicious transactions to the Financial Intelligence Unit (FIU) of the Presidium of the Police Force (Finančná spravodajská jednotka Prezídia Policajného zboru).

**Fines:** Significant administrative fines can be imposed on both legal entities (VASPs) and responsible individuals. Fines for legal entities can range from thousands to **millions of Euros**, depending on the severity and recurrence of the breach.

**Withdrawal of License/Registration:** The National Bank of Slovakia or other competent authorities may revoke or suspend the operating license or registration of a VASP.

**Criminal Charges:** In cases of serious or intentional breaches, particularly those linked to actual money laundering or terrorist financing, criminal charges may be brought against individuals involved.

**Reputational Damage:** Non-compliance can lead to significant reputational damage, loss of customer trust, and exclusion from the financial system.

**Slovak-Lex (official legislative portal):** https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2008/297/ (Slovak language, consolidated text)

**NBS Information on Virtual Currencies (Slovak):** https://www.nbs.sk/sk/spotrebitel/financne-trhy/virtualne-meny (Mentions regulatory oversight and AML obligations for virtual asset service providers.)

**FATF Recommendations:** The international standard for AML/CFT. Recommendation 15 (New Technologies) and 16 (Wire Transfers, now extended to Virtual Assets) are particularly relevant.

**FATF Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (June 2019, updated March 2021):** Provides detailed guidance on applying the Travel Rule. https://www.fatf-gafi.org/publications/fatfrecommendations/guidance-rba-virtual-assets.html

**EU 5th AML Directive (Directive (EU) 2018/843):** The directive that mandated EU member states to bring VASPs under their AML/CFT regimes.

**Official Journal of the European Union:** https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32018L0843

**EU Markets in Crypto-Assets (MiCA) Regulation (Regulation (EU) 2023/1114):** While not fully effective yet, MiCA will be the overarching EU regulation for crypto-assets, including robust Travel Rule provisions.

**Regulator Name:** National Criminal Agency (NAKA) – specifically the National Unit for Combating Financial Crime.

**Entity Targeted:** An organized criminal group involving multiple individuals suspected of operating a sophisticated investment fraud scheme and subsequent money laundering using cryptocurrencies.

**Violation Type:** Investment fraud, money laundering, unauthorized business activities, establishment, masterminding, and support of a criminal group. The scheme involved luring victims into fake crypto investment platforms.

Criminal charges filed against multiple individuals.

**Seizure of assets:** During the operation, authorities seized financial assets, movable property, and real estate worth approximately **€15 million**. This includes accounts, cryptocurrencies, and other assets believed to be proceeds of crime.

**Date:** Raids and arrests occurred in **late 2023 (e.g., December 2023)**, with investigations ongoing since prior to that.

**Outcome:** Multiple individuals arrested and charged. Assets seized. Criminal proceedings are ongoing. This represents one of the largest financial crime operations in Slovakia involving cryptocurrencies.

Polícia SR (Official Police Statement): https://www.facebook.com/policiaslovakia/posts/pfbid0251iGk2rK4y9W8Wz2o76qF8RCHWpYwQdD71k8GvV1wL5GjQz1P4wK4yJgW2p8l/ (Link to Facebook post by Polícia SR, official channel, dated 18.12.2023)

TASR (News Agency): https://www.teraz.sk/slovensko/naka-zasahovala-pri-rozsiahlej-tres/761168-clanok.html (News article from 18.12.2023)

**Entity Targeted:** Individuals involved in an international scheme impersonating banks and investment companies to defraud victims, often directing them to fake crypto investment platforms or phishing for personal data to access their crypto wallets.

**Violation Type:** Internet fraud, unauthorized access to computer systems, data theft, and potential money laundering.

Arrests and charges against suspects.

**Seizures:** Specific amounts are difficult to quantify publicly as investigations are often international and involve multiple victims. However, reports indicate damages in the hundreds of thousands to millions of euros across various victims.

**Date:** Ongoing investigations and arrests have been reported throughout **2022 and 2023**. For instance, an arrest in Slovakia linked to a larger international phishing operation was reported in **March 2023**.

**Outcome:** Suspects identified and apprehended. International cooperation between law enforcement agencies (e.g., Europol, Eurojust) is common in these cases. Criminal proceedings are underway.

Polícia SR (Official Police Statement, example of cybercrime fight): https://www.facebook.com/policiaslovakia/posts/pfbid0bQc1D2sX4L4eW7GjH1K8xP7pM9qK8jK4wX2wG1C1s3Q8L0K4L3P4wL3P1k8J/ (Link to a police warning/announcement about increased cybercrime, 21.03.2023, reflecting the ongoing threat and police response)

Europol (General cooperation for cybercrime, relevant to Slovak context): While not a specific Slovak action, Europol often assists NAKA in such international cases. https://www.europol.europa.eu/media-press/newsroom/news/romanian-criminal-gang-dismantled-involved-in-cryptocurrency-fraud-worth-eur-2-million (Example of a related Europol case in Romania from October 2023, illustrating the type of regional cooperation NAKA engages in).

**Regulator Name:** National Bank of Slovakia (Národná banka Slovenska - NBS).

**Entity Targeted:** General public, but implicitly targets any **unlicensed entities** or **scammers** operating without proper authorization or misrepresenting their services.

**Violation Type:** Operating without required licenses (e.g., for investment services or financial advisory), offering fraudulent investment opportunities, misrepresentation of crypto products, or not adhering to AML/CFT obligations (though the latter is harder for the NBS to enforce directly against unlicensed foreign entities).

**Penalty Amount:** No direct monetary penalty specified for the warning itself. The "penalty" is more in the form of reputational damage for entities named (if any) and increased public awareness leading to fewer victims.

**Date:** NBS has issued numerous warnings throughout the last 3 years, for example:

**September 2023:** Warning about financial services without NBS authorization.

**May 2022:** General warning regarding cryptocurrency risks.

**March 2021:** Warning against specific entities offering unlicensed services.

**Outcome:** Increased public awareness, reduced risk for consumers (if warnings are heeded), and a clear signal from the regulator regarding unauthorized activities. These warnings often precede or accompany police investigations.

NBS Official Website (Example of an investor warning from 2023): https://www.nbs.sk/sk/informacie-pre-media/tlacove-spravy/2023/investicne-sluzby-bez-povolenia-nbs (Dated 22.09.2023, focuses on unlicensed investment services, often linked to crypto)

NBS Official Website (General warning about virtual currencies from 2022): https://www.nbs.sk/sk/informacie-pre-media/tlacove-spravy/2022/virtulne-meny-vynimocne-rizikove (Dated 09.05.2022, highlights risks)