San Marino -- Licensing Requirements Regulatory Overview

San Marino has established a progressive regulatory framework for Distributed Ledger Technologies (DLT) and virtual assets, positioning itself as an innovation hub in this sector. The primary regulator for DLT and virtual asset activities is the Banca Centrale della Repubblica di San Marino (BCRA).

Primary Regulatory Framework

The foundational legislation is:

1. Law No. 171 of December 17, 2019, "Regulations for Distributed Ledger Technologies and Blockchain for Business" (Legge 171/2019): This law defines DLT, virtual assets, and establishes the framework for Operators in Distributed Ledger Technologies (ODLTs).
2. BCRA Circular No. 64 of 15 September 2020, "Disciplining the activities of Operators in Distributed Ledger Technologies": This circular provides detailed implementation rules for Law 171/2019, specifying the requirements for obtaining authorization (registration) as an ODLT.
3. BCRA Circular No. 67 of 11 May 2021, "Amendments and additions to Circular No. 64 of 15 September 2020": This circular introduced updates and clarifications to the initial implementing regulations.
4. Decree No. 120 of 21 August 2019, "Provisions against money laundering and terrorist financing": This AML/CFT law is applicable to ODLTs and virtual asset service providers (VASPs).

Registration vs. Licensing Regime

San Marino's regime is best described as a robust authorization (licensing) regime masquerading as "registration." While Law 171/2019 refers to the "registration" of Operators in DLT (ODLTs) with the BCRA, the process outlined in Circular 64/2020 and its amendments is highly prescriptive and involves extensive due diligence by the BCRA, akin to a full financial services licensing process. It is not a simple "register and operate" system.

ODLTs that provide services related to virtual assets that fall under the Financial Action Task Force (FATF) definition of Virtual Asset Service Providers (VASPs) are explicitly covered and subject to stringent requirements.

Required Licenses for Exchanges, Custody Providers, and Payment Processors

Under San Marino's framework, any entity intending to provide services as a Virtual Asset Service Provider (VASP) must obtain authorization (registration) as an Operator in Distributed Ledger Technologies (ODLT) from the BCRA.

The definition of ODLT under Law 171/2019, and the VASP definition implemented via Circular 64/2020, covers the following activities:

• Exchanges (Virtual Asset Exchange Providers): Entities operating a platform for the exchange of virtual assets for fiat currencies, or between one or more forms of virtual assets. This falls squarely under the ODLT/VASP authorization requirement.
• Custody Providers (Virtual Asset Custody Providers): Entities that provide services for the safekeeping or administration of virtual assets or instruments enabling control over virtual assets on behalf of natural or legal persons. This also requires ODLT/VASP authorization.
• Payment Processors:
  • If the payment processing involves the transfer, exchange, or facilitation of payments directly in virtual assets, or between virtual assets and fiat currency, the entity would be considered an ODLT/VASP and requires authorization.
  • If the entity is a traditional fiat payment processor merely providing services to a crypto business (e.g., handling fiat payments for a crypto exchange, but not touching virtual assets itself), it would fall under traditional payment services regulations, which also require BCRA authorization (e.g., as a Payment Institution). However, for crypto-specific payment processing, ODLT authorization is necessary.

Other VASP activities requiring ODLT authorization include:

• Transferring virtual assets.
• Participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset.
• Providing other services related to virtual assets.

Key Requirements

ODLTs seeking authorization must meet comprehensive requirements, including:

1. Legal Form & Establishment:

   • Must be a joint-stock company (Società per Azioni - S.p.A.) or a limited liability company (Società a responsabilità limitata - S.r.l.) established in San Marino.
   • Must have its registered office and effective management in San Marino.

2. Capital Requirements:

   • Minimum Share Capital:
     • €150,000 for ODLTs that do not provide direct services to the public, do not hold client funds/virtual assets, and whose activity carries a low risk profile as assessed by the BCRA.
     • €300,000 for ODLTs providing services directly to the public (including VASPs like exchanges and custody providers) and holding client funds or virtual assets.
     • The BCRA may require a higher capital amount based on the complexity, scale, and risk profile of the proposed activities.
   • Capital must be fully paid up.

3. AML/KYC Requirements:

   • ODLTs are considered "financial intermediaries" under San Marino's AML/CFT legislation (Decree 120/2019) and are subject to all related obligations.
   • This includes:
     • Implementing robust Customer Due Diligence (CDD) procedures for all clients (identifying and verifying identity, beneficial ownership).
     • Conducting risk assessments for business relationships and transactions.
     • Implementing comprehensive internal controls, policies, and procedures for AML/CFT.
     • Appointing an AML Officer and a Board-level AML Compliance Officer.
     • Establishing a Suspicious Transaction Reporting (STR) mechanism and reporting to the Financial Intelligence Agency (AIF).
     • Providing ongoing training to staff.
     • Adherence to international sanctions lists.

4. Local Presence:

   • As mentioned, the company must be incorporated in San Marino with its registered office and effective management within the Republic.
   • At least one member of the board of directors must be resident in San Marino.
   • Key functions (e.g., compliance, risk management, IT management) are expected to be physically based and operational in San Marino.

5. Governance and Internal Controls:

   • Robust corporate governance structure with clear lines of responsibility.
   • Sound internal control systems, risk management frameworks, and compliance functions.
   • Business continuity plan and disaster recovery plan.
   • Comprehensive cybersecurity measures and IT infrastructure to protect virtual assets and data.

6. Fit & Proper Requirements:

   • Shareholders holding significant stakes (e.g., >10%), directors, and key management personnel must meet stringent "fit and proper" criteria.
   • This includes demonstrating integrity, competence, professional qualifications, and a clean criminal record.

7. Business Plan:

   • A detailed business plan outlining the proposed activities, operational structure, target market, financial projections for at least three years, technology infrastructure, risk management strategy, and internal organization.

8. Technology and Security:

   • Proof of robust and secure DLT infrastructure.
   • Independent audit of the DLT system (technical due diligence).
   • Adequate security protocols for the storage and transfer of virtual assets.

Application Process

The application process for ODLT authorization with the BCRA typically involves several stages:

1. Pre-Application Meeting (Optional but Recommended): Applicants can engage in preliminary discussions with the BCRA to present their project and receive initial feedback.
2. Formal Application Submission: Submission of a comprehensive application package to the BCRA, including:
   • Company incorporation documents.
   • Detailed business plan.
   • Financial projections.
   • Evidence of paid-up capital.
   • AML/CFT policies and procedures.
   • IT and cybersecurity policies and an independent technical audit report.
   • Resumes and fit & proper declarations for shareholders, directors, and key personnel.
   • Information on the DLT protocol and smart contracts (if applicable).
   • Risk management framework.
3. BCRA Review and Due Diligence: The BCRA conducts an in-depth review of the application, which may involve:
   • Requests for additional information or clarification.
   • Interviews with key personnel.
   • Assessments of the proposed technical infrastructure and operational model.
   • Scrutiny of AML/CFT measures.
4. On-site Visit (Potentially): The BCRA may conduct an on-site visit to verify the physical presence and operational readiness.
5. Authorization Decision: Upon satisfactory completion of the review, the BCRA issues an authorization (registration) and the entity is added to the official register of ODLTs.
6. Post-Authorization Obligations: ODLTs are subject to ongoing reporting requirements, regular audits, and compliance with all regulatory updates.

Specific Regulatory References with URLs

• Banca Centrale della Repubblica di San Marino (BCRA) - Normativa (Regulations) Page: This is the central hub where all laws and circulars are typically published or linked.

  • https://www.bcsm.sm/site/home/normativa.html

• BCRA Circolari (Circulars) Page: Here you can find Circular 64/2020 and Circular 67/2021.

  • https://www.bcsm.sm/site/home/normativa/circolari.html
  • (You would typically need to navigate this page to find the specific PDFs for Circolare n. 64/2020 and Circolare n. 67/2021).

• Law No. 171 of December 17, 2019 (Legge 171/2019): While not always directly linked on the BCRA "Normativa" page as a standalone PDF, it's the foundational law. It can often be found on official government legislative archives or through legal databases specializing in San Marinese law. Searching "Legge 171/2019 San Marino" on official government portals (e.g., diritto.sm or archiviopubblico.sm) will usually yield the full text.

• Decree No. 120 of 21 August 2019 (AML/CFT Law): Similarly, this core AML law can be found on government legislative archives.

  • Note: Direct URLs to specific PDFs on government archive sites can be volatile. It's best to navigate from the main BCRA or government legislative portal.

It is highly recommended for any entity considering operations in San Marino to engage with local legal and compliance experts experienced in DLT and financial regulations to navigate the application process effectively.