Slovakia -- AML/CFT Compliance Regulatory Overview

**Act No. 297/2008 Coll. on Protection Against Legalisation of Proceeds of Crime and Against Financing of Terrorism (AML Act):** This is the primary legislation in Slovakia governing AML/CFT. It has been amended multiple times, most notably by Act No. 397/2019 Coll., which transposed the 5AMLD and extended its scope to virtual assets and VASPs.

**Directive (EU) 2018/843** (5th Anti-Money Laundering Directive - 5AMLD): This directive extended AML/CFT obligations to VASPs for the first time.

**Directive (EU) 2015/849** (4th Anti-Money Laundering Directive - 4AMLD): The foundational directive.

**Directive (EU) 2018/1673** (6th Anti-Money Laundering Directive - 6AMLD): Further harmonized criminal offenses and penalties for money laundering.

**Virtual currency exchange services:** Providers exchanging virtual currencies for fiat currencies, or vice versa, or between one or more forms of virtual assets.

**Custodian wallet providers:** Entities that provide services to safeguard private cryptographic keys on behalf of their customers, to hold, store, and transfer virtual assets.

**Providers of other services related to virtual assets:** This can be broadly interpreted to include other services like issuance, transfer, or administration of virtual assets.

**Identification of the Customer and Verification of Identity:**

**Natural Persons:** Full name, date of birth, place of birth, permanent address, nationality, type and number of identity document, and the issuing authority. Identity must be verified using reliable, independent sources (e.g., government-issued ID).

**Legal Entities:** Company name, registered address, registration number, identification of directors/management, and verification of their authority.

**Identification of the Ultimate Beneficial Owner (UBO):**

Identify the natural person(s) who ultimately own or control the customer, or on whose behalf a transaction is being conducted. This usually means individuals holding 25% or more of the shares/voting rights, or otherwise exercising control.

Verification of the UBO's identity.

**Understanding the Purpose and Nature of the Business Relationship/Transaction:**

Gather information about the reason for the customer seeking services from the VASP and the expected nature of their activity.

Continuously scrutinize transactions throughout the course of the business relationship to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile.

**Politically Exposed Persons (PEPs):** Customers who are or have been entrusted with prominent public functions, their family members, or close associates.

**High-risk jurisdictions:** Customers or transactions involving countries identified as having strategic AML/CFT deficiencies by FATF or the European Commission.

**Complex or unusually large transactions:** Or transactions with an unusual pattern, without an apparent economic or lawful purpose.

**New or developing technologies:** Including virtual assets, where the risks may not be fully understood.

**Non-face-to-face business relationships:** Where there is no physical meeting with the customer.

**Source of Funds (SoF) and Source of Wealth (SoW):** VASPs must take reasonable measures to establish the source of funds and wealth involved in high-risk relationships or transactions.

**Obligation to Report:** Any transaction, attempted transaction, or activity where the VASP suspects or has reasonable grounds to suspect that funds are proceeds of criminal activity or are linked to terrorist financing.

**Timing:** Reports must be submitted promptly, usually immediately, once a suspicion arises.

**No Tipping-Off:** VASPs and their employees are prohibited from disclosing to the customer or third parties that a suspicious activity report has been, or will be, filed.

Copies of documents obtained for CDD (identification, verification, UBO).

Evidence of the measures taken to establish the purpose and nature of the business relationship.

Records of transactions, including amounts, currencies, dates, sender and recipient information (including virtual asset addresses where applicable), and any other relevant details.

Records of internal and external reports (e.g., suspicious transaction reports).

**Retention Period:** Generally, these records must be kept for **five years** from the date of the last transaction or the end of the business relationship, whichever is later. This period can be extended upon request by competent authorities.

**National Bank of Slovakia (NBS) / Národná banka Slovenska (NBS):**

The NBS is the main financial supervisory authority in Slovakia. It supervises financial institutions and other obliged entities, including those operating in the virtual asset space, particularly if they fall under broader financial services licensing. The scope of their supervision for VASPs can depend on the specific type of service offered and whether it falls under traditional financial licensing requirements or specific VASP registration.

**Financial Intelligence Unit (FIU) / Finančná spravodajská jednotka (FSJ):**

The FIU in Slovakia is part of the **Presidium of the Police Force of the Slovak Republic** (Prezídium Policajného zboru Slovenskej republiky), under the Ministry of Interior.

The FIU is responsible for receiving, analyzing, and disseminating suspicious transaction reports and plays a crucial role in combating money laundering and terrorist financing. While not a direct supervisory body for compliance in the same way as NBS, it is the central point for STRs and works closely with supervisory authorities and law enforcement.

**Ministry of Interior (which oversees the Police Force):** `https://www.minv.sk/?policia` (direct FIU unit page might not be publicly prominent on the main police site).

**Current (Partial - AML/CTF Focused):** The immediate focus is on Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) obligations, requiring virtual asset service providers (VASPs) to register and comply with reporting duties. Consumer protection largely comes in the form of warnings issued by the central bank.

**Future (Comprehensive - MiCA):** With the full implementation of the EU's Markets in Crypto-Assets (MiCA) Regulation, Slovakia will adopt a comprehensive framework covering market integrity, consumer protection, licensing requirements for crypto-asset service providers (CASPs), issuance rules for various crypto-assets, and market abuse prevention.

**National Bank of Slovakia (Národná banka Slovenska - NBS):** The NBS is the primary supervisory authority for many financial institutions in Slovakia, including some VASPs. They issue guidance and oversee compliance.

**Role:** The central bank and financial market supervisor. Currently, it issues warnings to the public about the risks associated with cryptocurrencies and provides guidance on financial market regulations. Under MiCA, the NBS is expected to be a primary competent authority for supervising CASPs and issuers of crypto-assets, especially those not deemed "significant" by the European Securities and Markets Authority (ESMA).

**Financial Intelligence Unit (FIU) under the Ministry of Interior (Finančná spravodajská jednotka Ministerstva vnútra SR):**

**Role:** Responsible for supervising compliance with AML/CTF legislation. This includes the registration of VASPs and the receipt of suspicious transaction reports.

**Website:** https://www.minv.sk/?financna-spravodajska-jednotka (Section within the Ministry of Interior website)

**Date:** Originally enacted in 2008, it has been significantly amended over time, particularly to transpose EU Anti-Money Laundering Directives (e.g., AMLD5 and AMLD6).

**Relevance:** This is the primary national legislation that currently regulates virtual asset service providers (VASPs) in Slovakia. It defines VASPs (e.g., exchanges, custodians) as obliged entities and subjects them to AML/CTF requirements, including client due diligence, suspicious transaction reporting to the FIU, and mandatory registration with the FIU.

**Reference:** Available in Slovak legislative databases, e.g., Slov-Lex (https://www.slov-lex.sk/) – search for "zákon č. 297/2008 Z. z."

**Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA):**

**Date:** Published in the Official Journal of the EU on June 9, 2023.

Rules for asset-referenced tokens (ARTs) and e-money tokens (EMTs) apply from **30 June 2024**.

Rules for other crypto-assets and CASPs apply from **30 December 2024**.

**Relevance:** MiCA is an EU Regulation, meaning it is directly applicable in all EU member states, including Slovakia, without the need for national transposition. It will fundamentally reshape the regulatory landscape for crypto-assets and services. It introduces:

Licensing requirements for Crypto-Asset Service Providers (CASPs).

Rules for the issuance and admission to trading of various crypto-assets.

Operating conditions for CASPs regarding governance, consumer protection, and operational resilience.

Measures to prevent market manipulation and insider trading.

**Legality:** Crypto trading and the operation of crypto exchanges are **legal** in Slovakia. There is no ban on holding or trading cryptocurrencies.

**AML/CTF Registration:** Currently, entities offering virtual asset services (such as operating crypto exchanges, providing fiat-to-crypto exchange services, or offering crypto custody) are classified as **Virtual Asset Service Providers (VASPs)**. They are subject to the **AML Act (Act No. 297/2008 Coll.)** and must:

Register with the **Financial Intelligence Unit (FIU)** of the Ministry of Interior.

Implement robust AML/CTF policies and procedures.

Conduct customer due diligence (KYC).

Report suspicious transactions to the FIU.

**No specific operating license (pre-MiCA):** Before MiCA's full implementation, there is no specific licensing regime in Slovakia for crypto exchanges beyond the AML registration requirements. This means they are not currently supervised by the NBS for prudential or conduct-of-business rules in the same way traditional financial institutions are.

**Consumer Trading:** Individuals can legally buy, sell, and hold cryptocurrencies. However, they do so at their own risk, and the NBS frequently issues warnings highlighting the volatility, lack of regulatory protection, and potential for fraud.

**Taxation:** Profits from cryptocurrency trading are generally subject to income tax in Slovakia, similar to capital gains. There are specific rules regarding the holding period and types of income.

**Future under MiCA:** From **December 2024**, crypto exchanges (which will be categorized as Crypto-Asset Service Providers - CASPs) will need to obtain a **license** from the National Bank of Slovakia (or another competent authority in the EU) to operate within Slovakia. This license will come with stringent requirements regarding capital, governance, operational resilience, and consumer protection, significantly increasing regulatory oversight beyond current AML obligations.

**Adopted:** Yes, Slovakia has adopted the FATF Travel Rule principles into its national law. This was primarily achieved through amendments to its AML/CFT legislation, transposing the 5th EU AML Directive (Directive (EU) 2018/843), which extended AML obligations to virtual asset service providers (VASPs).

**EU Context:** The upcoming Markets in Crypto-Assets (MiCA) Regulation, expected to apply fully in the EU by late 2024/early 2025, will further standardize and strengthen the Travel Rule implementation across all EU member states, including Slovakia. MiCA incorporates the FATF Travel Rule requirements directly within its framework for crypto-asset transfers.

The key amendments to Slovak AML law that brought virtual asset service providers under the AML/CFT regime, including Travel Rule-like obligations, came into effect on **1 March 2020**. This was through Act No. 397/2019 Coll., which amended the primary AML Act.

Slovakia's AML law, consistent with the 5AMLD and FATF guidance, generally requires the collection and transmission of originator and beneficiary information for all virtual asset transfers executed by a VASP, regardless of the amount.

However, specific thresholds can apply in certain contexts:

For transactions involving a VASP and an **unhosted (self-hosted) wallet**, the VASP is typically required to collect information about the customer (and potentially the unhosted wallet owner if the amount exceeds a certain threshold) when the transaction value is **€1,000 or more**.

For **VASP-to-VASP transfers**, the Travel Rule applies to **all transfers**, with no de minimis threshold for collecting and transmitting the required information.

Entities that exchange virtual currencies for fiat currencies (and vice versa).

Entities that exchange one or more virtual currencies for one or more other virtual currencies.

Custodial wallet providers (entities that provide services to safeguard private cryptographic keys on behalf of their customers, to hold, store, and transfer virtual currencies).

Entities providing transfer services for virtual assets.

Other services that facilitate the issuance, sale, or transfer of virtual assets.

**Information Collection:** VASPs must collect and verify specific information about both the originator and beneficiary of a virtual asset transfer:

**Originator:** Name, account number (or virtual asset wallet address), physical address, national identity number (or customer identification number), date and place of birth.

**Beneficiary:** Name, account number (or virtual asset wallet address).

**Information Transmission:** The originating VASP must transmit the collected originator and beneficiary information to the beneficiary VASP immediately and securely with the virtual asset transfer.

**Information Retention:** VASPs must retain the collected information for a period of **5 years** after the business relationship ends or after an occasional transaction.

**Due Diligence:** Perform customer due diligence (CDD) on their clients, which includes identifying and verifying their identity and understanding the nature of their business.

**Monitoring and Reporting:** Monitor transactions for suspicious activity and report any suspicious transactions to the Financial Intelligence Unit (FIU) of the Presidium of the Police Force (Finančná spravodajská jednotka Prezídia Policajného zboru).

**Fines:** Significant administrative fines can be imposed on both legal entities (VASPs) and responsible individuals. Fines for legal entities can range from thousands to **millions of Euros**, depending on the severity and recurrence of the breach.

**Withdrawal of License/Registration:** The National Bank of Slovakia or other competent authorities may revoke or suspend the operating license or registration of a VASP.

**Criminal Charges:** In cases of serious or intentional breaches, particularly those linked to actual money laundering or terrorist financing, criminal charges may be brought against individuals involved.

**Reputational Damage:** Non-compliance can lead to significant reputational damage, loss of customer trust, and exclusion from the financial system.

**Slovak-Lex (official legislative portal):** https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2008/297/ (Slovak language, consolidated text)

**NBS Information on Virtual Currencies (Slovak):** https://www.nbs.sk/sk/spotrebitel/financne-trhy/virtualne-meny (Mentions regulatory oversight and AML obligations for virtual asset service providers.)

**FATF Recommendations:** The international standard for AML/CFT. Recommendation 15 (New Technologies) and 16 (Wire Transfers, now extended to Virtual Assets) are particularly relevant.

**FATF Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (June 2019, updated March 2021):** Provides detailed guidance on applying the Travel Rule. https://www.fatf-gafi.org/publications/fatfrecommendations/guidance-rba-virtual-assets.html

**EU 5th AML Directive (Directive (EU) 2018/843):** The directive that mandated EU member states to bring VASPs under their AML/CFT regimes.

**Official Journal of the European Union:** https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32018L0843

**EU Markets in Crypto-Assets (MiCA) Regulation (Regulation (EU) 2023/1114):** While not fully effective yet, MiCA will be the overarching EU regulation for crypto-assets, including robust Travel Rule provisions.