Ukraine

Define virtual assets and their legal status.

Regulate the market for virtual assets.

Protect the rights of participants in the virtual asset market.

Establish anti-money laundering and counter-terrorist financing (AML/CFT) requirements for virtual asset service providers (VASPs).

**National Bank of Ukraine (NBU):** Responsible for the regulation of virtual assets secured by currency (fiat-backed stablecoins) and for payment services involving virtual assets.

**Ministry of Digital Transformation of Ukraine (MinDigital):** Responsible for the regulation of other types of virtual assets, including licensing of Virtual Asset Service Providers (VASPs).

**State Financial Monitoring Service of Ukraine (SFMS):** Responsible for financial monitoring of transactions with virtual assets and ensuring compliance with AML/CFT legislation.

**Law of Ukraine "On Virtual Assets" (Закон України "Про віртуальні активи"):** Link to Ukrainian Parliament (Verkhovna Rada) website - official legislative acts (You may need to use a translation tool for the full text).

While the VA Law is in force, its full implementation, particularly the practical licensing mechanism, depends on the adoption of *secondary legislation* (resolutions, procedures, and detailed requirements) by the NBU and MinDigital.

**As of late 2023/early 2024, this secondary legislation has not yet been fully adopted, meaning the actual process for obtaining a license is largely suspended or not fully operational.** The focus of the government has been on wartime priorities.

**Exchange services between virtual assets and fiat currencies.** (This covers traditional crypto exchanges).

**Exchange services between different virtual assets.** (Also covered by crypto exchanges).

**Transfer of virtual assets.** (This includes payment processors that handle virtual assets).

**Custody and/or administration of virtual assets or instruments enabling control over virtual assets.** (This covers custody providers).

**Participation in and provision of financial services related to the issuance/sale of virtual assets.**

**Exchanges (Trading Platforms):** Will require a VASP license covering "exchange services."

**Custody Providers:** Will require a VASP license covering "custody and/or administration services."

**Payment Processors:** If they facilitate transfers of virtual assets or exchanges between virtual assets and fiat, they will require a VASP license covering the relevant service (transfer, exchange).

**Currently, the exact, officially finalized capital requirements are pending the adoption of secondary legislation.**

However, previous drafts and discussions indicated potential capital requirements, which could be subject to change:

For exchanges (providers of exchange services between virtual assets and fiat): Potentially around **UAH 10 million** (approx. $250,000 - $300,000, subject to exchange rate fluctuations).

For other VASP activities (e.g., custody, transfer): Potentially around **UAH 5 million** (approx. $125,000 - $150,000).

These are *indicative figures from drafts* and should be verified once official regulations are published.

This is a cornerstone of the VA Law and is largely aligned with international standards (FATF recommendations).

VASPs will be subject to the **Law of Ukraine "On Preventing and Countering Legalization (Laundering) of Criminal Proceeds, Terrorist Financing and Financing the Proliferation of Weapons of Mass Destruction."**

**Key AML/KYC obligations will include:**

**Customer Due Diligence (CDD):** Identifying and verifying the identity of clients (KYC - Know Your Customer) and beneficial owners.

**Transaction Monitoring:** Monitoring transactions for suspicious activities, including large value transactions.

**Reporting:** Reporting suspicious transactions to the State Financial Monitoring Service (SFMS).

**Risk Assessment:** Implementing a risk-based approach to identify, assess, and mitigate money laundering and terrorist financing risks.

**Record-keeping:** Maintaining records of transactions and CDD information for a specified period.

**Designated AML Officer:** Appointing a qualified AML officer.

**Travel Rule:** Implementing measures to collect and transmit originator and beneficiary information for virtual asset transfers.

**Law of Ukraine "On Preventing and Countering Legalization (Laundering) of Criminal Proceeds, Terrorist Financing and Financing the Proliferation of Weapons of Mass Destruction" (Закон України "Про запобігання та протидію легалізації (відмиванню) доходів, одержаних злочинним шляхом, фінансуванню тероризму та фінансуванню розповсюдження зброї масового знищення"):** Link to Ukrainian Parliament (Verkhovna Rada) website

VASPs must be established as a **legal entity in Ukraine** (e.g., a Limited Liability Company - LLC).

They will likely require a **physical office** in Ukraine.

**Local management** and personnel will be necessary to ensure operational presence and compliance.

**Fit and Proper Requirements:** Directors, senior management, and beneficial owners will need to demonstrate good repute, relevant experience, and no serious criminal convictions.

**Beneficial Ownership Disclosure:** Transparency regarding ultimate beneficial owners will be required.

VASPs will need to demonstrate robust **cybersecurity measures** and IT infrastructure to protect virtual assets and customer data.

Risk management systems for operational and security risks.

Business continuity and disaster recovery plans.

Application form (to be provided by the regulator).

Corporate documents of the applicant legal entity (registration certificate, charter, etc.).

Detailed business plan outlining proposed services, target market, operational procedures, and financial projections.

Comprehensive AML/CFT policies and internal control procedures, risk assessment.

Information on management and beneficial owners (CVs, background checks, proof of reputation).

Technical and cybersecurity documentation (system architecture, security audits, data protection policies).

Proof of local presence (office lease, etc.).

**Submission:** The application package will be submitted to the relevant regulatory authority (MinDigital or NBU).

**Review and Assessment:** The regulator will review the application for completeness and compliance with all legal and regulatory requirements. This may involve requests for additional information or clarification.

**On-site Inspection (Possible):** Depending on the regulator's discretion, an on-site inspection of the applicant's premises and systems might be conducted.

**Decision:** The regulator will issue a decision to grant or deny the license.

**Ongoing Compliance:** Once licensed, VASPs must adhere to continuous reporting obligations, AML/CFT requirements, and other regulatory standards.

**Delayed Secondary Legislation:** The primary reason for the practical inability to obtain a license is the delay in adopting the necessary secondary legislative acts and detailed procedures by the NBU and MinDigital. Government resources and focus have been redirected to defense and wartime governance.

**Operational Challenges:** Even if licenses were available, operating a virtual asset business in a war-torn country presents immense logistical, security, and financial challenges.

**Investor Hesitation:** The war naturally deters significant foreign investment and new market entrants.

**Focus on Essential Services:** Regulatory bodies are prioritizing the stability of the traditional financial system and essential digital services.

**Increased AML/CFT Scrutiny:** Due to the war and sanctions, there is heightened scrutiny on financial flows, including virtual assets, to prevent their use for illicit purposes or sanctions evasion.

Comprehensive rules for the issuance and trading of various types of virtual assets.

More granular classification and regulation of different crypto-asset types (e.g., e-money tokens, asset-referenced tokens, other crypto-assets).

Harmonization with EU standards for market integrity and financial stability.

**National Bank of Ukraine (NBU):**

**Role:** Regulates virtual assets backed by fiat currency (e.g., stablecoins) and other financial virtual assets falling under its purview. It is responsible for issues related to payments and financial stability in the virtual asset sphere.

**National Securities and Stock Market Commission (NSSMC):**

**Role:** Regulates virtual assets backed by securities, derivatives, and other types of virtual assets that are not financial instruments or fall under the NBU's jurisdiction. It is responsible for issuing permits/licenses to virtual asset service providers operating with non-financial virtual assets.

**Ministry of Digital Transformation (MDT):**

**Role:** While not a direct regulator in terms of licensing, the MDT was instrumental in drafting the Virtual Assets Law and continues to play a leading role in shaping digital asset policy, promoting innovation, and coordinating efforts among various government bodies to develop the virtual asset market in Ukraine.

**Law of Ukraine "On Virtual Assets" No. 1852-IX**

**Adopted by Verkhovna Rada (Parliament):** February 17, 2022

**Signed into Law by President Zelenskyy:** March 16, 2022

Legalizes virtual assets in Ukraine.

Defines the legal status, classification (e.g., secure virtual assets, financial virtual assets), and ownership rights for virtual assets.

Establishes the regulatory framework and allocates oversight responsibilities to the NBU and NSSMC.

Outlines requirements for Virtual Asset Service Providers (VASPs), including crypto exchanges, and aims to introduce a licensing/permit regime.

**Legalization:** Under the Law "On Virtual Assets," crypto trading and the operation of virtual asset service providers (VASPs), including crypto exchanges, are **legal** in Ukraine. The law aims to bring them into the legal framework, ensuring transparency and consumer protection.

**Regulatory Status for Exchanges:** The law mandates that virtual asset service providers (VASPs), which include crypto exchanges, are required to register and obtain permits/licenses from the relevant regulators (NSSMC or NBU, depending on the type of assets handled) to operate legally.

**Implementation Status:** While the *legal framework* for licensing and supervision is established by the law, the full implementation of the *operational specifics* for exchanges (i.e., the detailed licensing procedures, requirements, and supervision rules) is still awaiting the finalization of secondary legislation and by-laws from the NBU and NSSMC.

**Wartime Operations:** Despite the pending full implementation, many crypto exchanges continue to operate in Ukraine, and virtual assets have played a crucial role in wartime fundraising for the Ukrainian government and various humanitarian efforts. The government has facilitated crypto donations, demonstrating its practical acceptance even while the regulatory environment is still maturing.

**Law of Ukraine No. 361-IX "On Preventing and Counteracting Legalization (Laundering) of Criminal Proceeds, Terrorist Financing and Financing the Proliferation of Weapons of Mass Destruction"** (dated December 6, 2019, with subsequent amendments).

This is the foundational AML/CFT law in Ukraine, bringing the country's framework closer to FATF recommendations and the EU's 4th and 5th AML Directives. It designates "virtual asset service providers" as "reporting entities" (subjects of primary financial monitoring).

**Law of Ukraine No. 2074-IX "On Virtual Assets"** (dated February 17, 2022).

This law defines virtual assets and virtual asset service providers (VASPs) in Ukraine. While its full implementation regarding licensing and specific regulatory oversight was initially delayed due to martial law, its principles establish the legal framework for virtual assets and clarify the roles of regulatory bodies. It reinforces that VASPs are subject to AML/CFT requirements under Law No. 361-IX.

Exchange between virtual assets and fiat currencies.

Exchange between one or more forms of virtual assets.

Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets.

Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

**For Individuals:** Obtain and verify the customer's identity, including full name, date of birth, place of birth, address, identification number (where applicable), and details of the identity document (series, number, date of issue, issuing authority). Verification must be based on reliable, independent source documents, data, or information.

**For Legal Entities:** Obtain and verify the legal entity's name, registration number, legal form, legal address, contact details, and identify the management structure.

**Beneficial Owner (UBO) Identification:** Identify and take reasonable measures to verify the identity of the beneficial owner(s) of the customer. This is crucial for both individuals (e.g., if acting on behalf of another) and legal entities.

Understand the purpose and intended nature of the business relationship or transaction.

Conduct ongoing monitoring of the business relationship and transactions undertaken throughout the course of that relationship to ensure consistency with the VASP's knowledge of the customer, their business, and risk profile. This includes monitoring the source of funds and the destination of virtual assets.

Applied in situations presenting higher risks of money laundering or terrorist financing. This includes, but is not limited to:

Customers who are Politically Exposed Persons (PEPs), their family members, or closely associated persons.

Complex, unusually large, or unusual patterns of transactions that have no apparent economic or lawful purpose.

Non-face-to-face business relationships without adequate safeguards.

Transactions above specific thresholds (e.g., equivalent of UAH 400,000 for certain types of operations, though suspicion requires reporting even below this).

May be applied in situations identified as lower risk, but VASPs must still be able to demonstrate that the risk is genuinely lower and maintain sufficient information to identify the customer and beneficial owner. Given the inherent risks associated with virtual assets, SDD is often limited in this sector.

**Reporting Thresholds:** VASPs must report transactions that meet specific monetary thresholds (e.g., UAH 400,000 or more, approximately EUR 10,000 equivalent) if they have certain characteristics (e.g., complex or unusual transaction, linked to high-risk entities/jurisdictions, involving transfers to/from certain accounts).

**Suspicion Regardless of Threshold:** Even if a transaction does not meet a monetary threshold, if the VASP *suspects* or has reasonable grounds to suspect that funds are proceeds of criminal activity or are linked to terrorist financing, it *must* be reported.

**Reporting Authority:** All suspicious transaction reports are submitted to the **State Financial Monitoring Service of Ukraine (SFMS)**.

**No Tipping Off:** VASPs are prohibited from disclosing to the customer or any third party that a suspicious transaction report has been or will be made.

**Customer Identification Data:** All documents and data obtained during the CDD process (identification documents, verification records, UBO information).

**Transaction Records:** Records of all transactions, including virtual asset addresses, transaction hashes, amounts, dates, and parties involved.

**Business Correspondence:** Relevant correspondence concerning the customer relationship.

**STRs:** Copies of all suspicious transaction reports submitted.

**Retention Period:** All these records must be retained for at least **five years** after the termination of the business relationship or the date of an occasional transaction.

**State Financial Monitoring Service of Ukraine (SFMS):**

**Role:** The central executive body responsible for developing and implementing state policy in the field of preventing and counteracting money laundering and terrorist financing. All suspicious transaction reports are submitted to the SFMS.

**National Bank of Ukraine (NBU):**

**Role:** Designated by Law No. 2074-IX as a key regulator for certain types of VASPs, particularly those that engage in activities similar to traditional financial services or payment systems. It will set requirements for financial monitoring, supervision, and licensing for VASPs under its purview.

**National Securities and Stock Market Commission (NSSMC):**

**Role:** Designated as a regulator for virtual assets that qualify as "financial instruments" or "securities" under Ukrainian law. It will oversee VASPs dealing with such assets.

**Ministry of Digital Transformation (MDT):**

**Role:** Played a leading role in drafting the "On Virtual Assets" law and is generally responsible for developing state policy in the digital assets sector. It may also have oversight regarding technical standards and licensing processes for VASPs.

**Primary Legislation:** Law of Ukraine "On Prevention and Counteraction to Legalization (Laundering) of Criminal Proceeds, Financing of Terrorism and Financing the Proliferation of Weapons of Mass Destruction" (Закон України "Про запобігання та протидію легалізації (відмиванню) доходів, одержаних злочинним шляхом, фінансуванню тероризму та фінансуванню розповсюдження зброї масового знищення") **No. 361-IX**.

This law, significantly updated in 2019, specifically incorporated virtual assets and VASPs into the scope of financial monitoring.

**URL:** https://zakon.rada.gov.ua/laws/show/361-20#Text (Official Ukrainian text on Verkhovna Rada website)

**Supporting Legislation (Virtual Assets Law):** Law of Ukraine "On Virtual Assets" (Закон України "Про віртуальні активи") **No. 2074-IX**.

This law was passed on September 8, 2021, and signed by the President on March 15, 2022. While it defines the legal status of virtual assets and aims to create a regulatory framework for the market, its full implementation (especially regarding licensing and market regulation) has been delayed, partly due to the martial law. However, it reaffirms that VASPs are subject to AML/CFT legislation.

**URL:** https://zakon.rada.gov.ua/laws/show/2074-20#Text (Official Ukrainian text on Verkhovna Rada website)

Exchange between virtual assets and funds (fiat currencies);

**Required Information:** VASPs are required to collect and transmit:

**Originator Information:** Name, unique identifier (e.g., account number or wallet address), physical address, national identity number (if applicable), date and place of birth, and customer ID.

**Beneficiary Information:** Name, unique identifier (e.g., account number or wallet address), physical address, national identity number (if applicable), date and place of birth, and customer ID.

**Transmission:** This information must be securely transmitted to the beneficiary VASP (or collected when receiving funds from another VASP).

**Regulatory Guidance:** The National Bank of Ukraine (NBU) and the State Financial Monitoring Service of Ukraine (SFMS) are the key regulators for AML/CFT. While specific technical standards for Travel Rule protocols haven't been mandated by law, they may issue sub-regulatory guidance, recommendations, or best practices over time to ensure compliance. VASPs are generally expected to use robust, secure, and interoperable solutions.

**Fines:** Significant monetary penalties for both the legal entity and responsible officers.

For failure to provide information on financial transactions subject to monitoring (including Travel Rule data), fines can range up to **UAH 340,000** (approx. USD 9,000, as of late 2023/early 2024, subject to exchange rate fluctuations).

For systemic or repeated violations, especially regarding customer due diligence, reporting, or internal controls, the maximum fine for financial institutions (including VASPs) can be up to **UAH 135 million** (approx. USD 3.6 million).

**Suspension or Revocation of Licenses:** In case of serious or repeated violations, the regulatory body (e.g., NBU) can suspend or revoke the VASP's operating license or registration.

**Disqualification of Management:** Responsible individuals within the VASP's management may face disqualification.

**Criminal Liability:** In cases involving significant money laundering or terrorist financing activities, individuals may face criminal charges.

**Law of Ukraine "On Virtual Assets" (Закон України "Про віртуальні активи")**: This is the primary law, adopted in September 2021 and signed into law by the President in March 2022. It establishes the legal framework for virtual assets in Ukraine, defines types of virtual assets, and outlines the activities of Virtual Asset Service Providers (VASPs).

**Reference:** Law of Ukraine "On Virtual Assets" (in Ukrainian)

**Law of Ukraine "On Preventing and Counteracting Legalization (Laundering) of Criminal Proceeds, Financing of Terrorism and Financing of Proliferation of Weapons of Mass Destruction" (AML/CFT Law)**: This law was amended to include VASPs as subjects of primary financial monitoring, bringing them under the strict AML/CFT regime.

**Reference:** Law of Ukraine "On Preventing and Counteracting Legalization..." (in Ukrainian)

**National Securities and Stock Market Commission (NSSMC - НКЦПФР)**: The primary regulator for virtual assets, especially those secured by currency, valuables, or property rights, and for most VASP activities.

**National Bank of Ukraine (NBU - НБУ)**: Regulates virtual assets secured by monetary values.

**State Financial Monitoring Service of Ukraine (SFMS - Держфінмоніторинг)**: Responsible for AML/CFT oversight and financial intelligence.

**Ministry of Digital Transformation (MinDigital)**: Responsible for developing state policy in the field of virtual assets.

**Mandate**: The Law "On Virtual Assets" mandates that any entity providing virtual asset services, including custody services, must obtain a **permit (дозвіл)**. This permit functions similarly to a license.

**Definition of VASP**: Article 1 of the Law defines a "Virtual Asset Service Provider" (VASP) as a legal entity that, as part of its business activities, performs one or more of the following services for or on behalf of another natural or legal person:

Exchange between virtual assets and assets that ensure value.

Exchange between one or more forms of virtual assets.

**Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets.** (This directly covers custody).

Participation in and provision of financial services related to the offer and/or sale of virtual assets by an issuer.

**Issuing Authority**: The NSSMC is generally responsible for issuing these permits. For virtual assets secured by monetary values, the NBU would be the responsible authority.

**Specific Conditions**: While the Law mandates permits, the **specific conditions and procedures for obtaining these permits** (e.g., capital requirements, personnel qualifications, technical requirements) are to be established by normative legal acts of the NSSMC and NBU. These specific acts are still largely in development or pending full implementation.

**AML/CFT Compliance**: Obtaining a permit is intrinsically linked to strict adherence to the AML/CFT Law, including KYC procedures, transaction monitoring, and reporting suspicious activities.

The Law "On Virtual Assets" (Article 16, Part 2, Point 2) requires VASPs to **ensure the reliable and safe storage of virtual assets** and/or instruments enabling control over them. While the law doesn't explicitly use the term "segregation" in the same way traditional finance does for client funds (e.g., separate bank accounts), the underlying principle of protecting client assets is implied through:

**Separate Accounting**: Article 12, Part 2, Point 2 requires VASPs to maintain separate accounting records for their own virtual assets and those of their clients. This is a foundational step towards ensuring client assets are not commingled with the VASP's proprietary assets.

**Operational Requirements**: The detailed operational requirements, which would likely include specific rules for asset segregation (e.g., distinct wallet addresses, clear identification of beneficial ownership), are expected to be elaborated in the secondary legislation and regulatory acts to be adopted by the NSSMC.

The Law "On Virtual Assets" does not explicitly detail insurance or bonding requirements for VASPs.

However, it is a common regulatory practice in other jurisdictions for financial service providers, especially custodians, to have sufficient capital, insurance, or bonding to cover potential losses due to cyber-attacks, operational failures, or fraud.

It is highly probable that **such requirements will be included in the specific licensing conditions and regulatory acts** that the NSSMC and NBU are tasked with developing for VASPs. These would aim to ensure the financial stability of custodians and protect client interests.

The Law "On Virtual Assets" does not explicitly mandate "cold storage" for virtual assets.

Instead, it generally requires VASPs to **ensure the reliable and safe storage of virtual assets** and/or instruments enabling control over them (Article 16, Part 2, Point 2).

Specific technical requirements related to storage (e.g., hot vs. cold storage percentages, multi-signature protocols, physical security of hardware) are typically not found in primary legislation. They are usually part of **technical standards, cybersecurity requirements, and operational guidelines** developed by the regulator (NSSMC) in secondary normative acts.

Given the industry's best practices, it is highly expected that any detailed security guidelines from the NSSMC will strongly recommend or even mandate the use of cold storage for a significant portion of client assets.

Ukraine's legislation defines a **Virtual Asset Service Provider (VASP)** that provides "safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets" as a custodian.

A "qualified custodian" in the Ukrainian context would be a VASP that:

Is a **legal entity registered in Ukraine**.

Has obtained the necessary **permit (license)** from the NSSMC (or NBU, as applicable) to provide custody services.

**Complies with all provisions of the Law "On Virtual Assets"**, the AML/CFT Law, and all relevant normative legal acts and regulations issued by the NSSMC, NBU, and SFMS.

Meets any specific **capital requirements, technical standards, security protocols, and operational guidelines** that are or will be established by the regulators.

Essentially, any VASP legally authorized and compliant with the full regulatory framework to offer custody services would be considered a "qualified custodian."

The Law "On Virtual Assets" was designed as a framework law. Its **full implementation is contingent upon several key actions**:

**Amendments to the Tax Code**: To establish taxation rules for virtual assets. This is critical for the practical operation of the market.

**Adoption of Secondary Legislation (Normative Legal Acts)**: The NSSMC and NBU are tasked with developing and adopting detailed regulations, including:

Specific **licensing/permit conditions and procedures** for VASPs, including custodians.

**Operational requirements** for VASPs, which will likely detail asset segregation, security standards (potentially including cold storage specifics), risk management, and internal control systems.

**Supervisory procedures** for regulatory bodies.

**Current Status**: While the framework law is in force, the process of adopting these detailed secondary normative acts has been significantly impacted and slowed by the full-scale Russian invasion of Ukraine. Regulators are operating under wartime conditions, prioritizing essential functions. Therefore, many of the granular operational details for custody services are **still pending or under development** and are expected to be elaborated as the situation allows and the regulatory bodies proceed with their legislative mandates.

**Key Impact on Crypto:** OFAC has explicitly targeted cryptocurrency transactions and entities facilitating sanctions evasion, particularly those linked to Russia. It has sanctioned crypto mixers (e.g., Tornado Cash), crypto exchanges (e.g., Garantex, SUEX), and specific individuals involved in facilitating illicit finance.

**Sanctioned Entity Screening:** Strict obligation to screen all customers (KYC), beneficial owners, and transaction counterparties against the **Specially Designated Nationals and Blocked Persons (SDN) List** and other OFAC sanctions lists (e.g., Non-SDN Menu-Based Sanctions List - NS-MBS).

**Asset Freezes:** Any virtual assets owned or controlled by sanctioned persons must be blocked and reported to OFAC.

**Prohibited Transactions:** Prohibition on engaging in any transactions, directly or indirectly, with sanctioned individuals, entities, or in relation to sanctioned jurisdictions/territories (e.g., Crimea, occupied territories of Ukraine).

**Geographic Restrictions:** Prohibitions on engaging in certain economic activities within Crimea, Sevastopol, and the occupied territories of Donetsk, Luhansk, Kherson, and Zaporizhzhia regions of Ukraine.

**Reporting Obligations:** Mandatory reporting of blocked assets and rejected transactions to OFAC.

**OFAC Guidance on Virtual Currency:** https://home.treasury.gov/policy-issues/financial-sanctions/faqs/virtual-currency (See FAQs specific to virtual currency and sanctions compliance)

**Key Impact on Crypto:** The EU has specifically included virtual assets in its sanctions packages, treating them as transferable securities or financial assets for the purpose of asset freezes and other restrictions. This includes bans on providing crypto-asset wallet, account, or custody services to Russian persons and residents (with some exceptions).

**Sanctioned Entity Screening:** Obligation to screen against the **EU Consolidated Financial Sanctions List**.

**Asset Freezes:** Freezing of all funds (including virtual assets) belonging to, or owned or controlled by, listed individuals and entities.

**Prohibited Transactions:** Broad prohibitions on making funds or economic resources available, directly or indirectly, to listed persons.

**Restrictions on Crypto Services:** Specific prohibitions on providing crypto-asset wallet, account, or custody services to Russian nationals, natural persons residing in Russia, or legal persons/entities established in Russia (with certain thresholds and exceptions for humanitarian purposes or personal use).

**Geographic Restrictions:** Restrictions on economic activities related to Crimea, Sevastopol, and the non-government controlled areas of Donetsk, Luhansk, Kherson, and Zaporizhzhia.

**EU Sanctions Map (Consolidated information):** https://www.sanctionsmap.eu/

**Council Regulation (EU) No 269/2014:** Concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine (as amended): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0269-20240315

**Council Regulation (EU) No 833/2014:** Concerning restrictive measures in view of Russia's actions destabilising the situation in Ukraine (as amended, including crypto-specific measures): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0833-20240315

**Key Impact on Crypto:** While the UN has not specifically sanctioned crypto, its broader resolutions on combating the financing of terrorism and proliferation (e.g., related to North Korea or Iran) implicitly require member states to ensure that virtual assets are not used to circumvent these sanctions.

**Compliance Requirements for VASPs:** VASPs must be aware that UN sanctions lists (e.g., ISIL (Da'esh) & Al-Qaida Sanctions List, 1988 Taliban Sanctions List) are incorporated into national sanctions regimes (like OFAC's SDN List and EU lists).

**Key Impact on Crypto:** While specific crypto assets may not always be explicitly mentioned, "assets" generally include all forms of property. Ukrainian VASPs and entities must comply with these national sanctions.

**Sanctioned Entity Screening:** VASPs operating in Ukraine or interacting with Ukrainian entities must screen their customers and transactions against the NSDC Sanctions List.

**Decrees of the President of Ukraine on NSDC decisions (official source, mostly in Ukrainian):** https://www.president.gov.ua/documents/decrees/search?search=sanctions (Use search function for "sanctions" or specific decree numbers).

**The National Sanctions Register of Ukraine (maintained by the National Agency on Corruption Prevention - NACP, includes NSDC data):** https://sanctions.nazk.gov.ua/en/

**Key Compliance Requirements for VASPs (under Ukrainian law):**

**AML/CTF Obligations:** The law mandates VASPs to implement robust anti-money laundering and counter-terrorist financing (AML/CTF) procedures, including KYC/CDD, transaction monitoring, and reporting suspicious activities to the State Financial Monitoring Service of Ukraine. These obligations are aligned with FATF Recommendations.

**Sanctions Compliance:** While not explicitly a "sanctions law," the "On Virtual Assets" law, in conjunction with other Ukrainian legislation, requires VASPs to comply with national and international sanctions, ensuring that their services are not used for sanctioned activities or by sanctioned individuals/entities.

**Licensing/Registration:** The law provides for future licensing/registration requirements for VASPs, which will include compliance with sanctions as a prerequisite. The National Commission on Securities and Stock Market (NSSMC) is designated as the regulator.

**Law of Ukraine "On Virtual Assets" (in Ukrainian):** https://zakon.rada.gov.ua/laws/show/2074-IX#Text (Official Verkhovna Rada website)

**Real-time & Batch Screening:** All new customers and existing customer databases must be screened against relevant sanctions lists (OFAC SDN, EU Consolidated, UN, NSDC). This includes individuals, entities, and wallet addresses where possible.

**Ongoing Monitoring:** Continuous monitoring of transactions for red flags associated with sanctions evasion (e.g., transactions involving known sanctioned entities, unusual transaction patterns, transactions to/from high-risk jurisdictions or mixers).

**Ultimate Beneficial Ownership (UBO) Screening:** Identifying and screening the UBOs behind legal entities to ensure they are not sanctioned.

**Geographic IP Blocking:** Implementing measures to restrict access to services from sanctioned geographies.

**OFAC & EU:** Prohibit certain economic activities and financial services in:

**Crimea and Sevastopol** (occupied by Russia since 2014)

**Occupied territories of Donetsk, Luhansk, Kherson, and Zaporizhzhia regions** (occupied by Russia since 2022)

**General Sanctions on Russia/Belarus:** Many sanctions programs prohibit various types of financial services, exports, and imports to/from Russia and Belarus, impacting any VASP interactions with entities or individuals residing or established in these countries.

**Ukraine's Perspective:** Ukraine considers all temporarily occupied territories as integral parts of its sovereign territory but imposes its own restrictions on economic activity within these areas to counter the occupation.

**Civil Penalties:** Can range from hundreds of thousands to millions of dollars per violation, depending on the specific program and severity.

**Criminal Penalties:** For willful violations, individuals can face substantial fines (up to millions of dollars) and lengthy imprisonment (up to 20-30 years), while corporations can face much larger fines.

**Reputational Damage:** Significant harm to a VASP's reputation and ability to operate.

**Legal Basis:** Primarily the International Emergency Economic Powers Act (IEEPA).

**Member State Discretion:** Penalties for violating EU sanctions are determined by individual member states, but EU directives require them to be "effective, proportionate, and dissuasive."

**Common Penalties:** Include substantial fines, imprisonment for individuals, and confiscation of assets.

**Reputational Damage:** Similar to U.S. penalties, significant reputational harm is a major consequence.

**Administrative Responsibility:** For violations of AML/CTF laws or non-compliance with sanctions, individuals and legal entities can face significant fines.

**Article 209 of the Criminal Code of Ukraine (Legalization (Laundering) of Property Obtained by Criminal Means):** Imprisonment up to 12 years with confiscation of property.

**Article 258-5 (Financing of Terrorism):** Imprisonment up to 12 years with confiscation of property.

**Other Articles:** Criminal liability for actions aimed at undermining Ukraine's territorial integrity, assisting the aggressor state, or violating sanctions can lead to severe penalties, including imprisonment and asset seizure.

**Loss of Licenses/Registration:** VASPs could have their licenses revoked or applications denied.

**Legal Basis:** Criminal Code of Ukraine (Кримінальний кодекс України), Code of Administrative Offenses of Ukraine (Кодекс України про адміністративні правопорушення).