Ukraine -- Licensing Requirements Regulatory Overview

Ukraine has made significant strides in establishing a legal framework for virtual assets, with the adoption of a key law. However, the full implementation of the licensing regime has been significantly impacted by the ongoing war.

Here's a breakdown of the requirements as per the current framework and its practical status:

Ukraine's Virtual Asset Licensing Requirements

1. Regulatory Framework and Key Legislation

The foundational legislation is the Law of Ukraine No. 1852-IX "On Virtual Assets" (the VA Law), adopted on February 17, 2022, and which entered into force on March 17, 2022.

This law aims to:

• Define virtual assets and their legal status.
• Regulate the market for virtual assets.
• Protect the rights of participants in the virtual asset market.
• Establish anti-money laundering and counter-terrorist financing (AML/CFT) requirements for virtual asset service providers (VASPs).

Key Regulatory Bodies:

The VA Law designates the following state bodies to regulate the virtual asset market:

• National Bank of Ukraine (NBU): Responsible for the regulation of virtual assets secured by currency (fiat-backed stablecoins) and for payment services involving virtual assets.
• Ministry of Digital Transformation of Ukraine (MinDigital): Responsible for the regulation of other types of virtual assets, including licensing of Virtual Asset Service Providers (VASPs).
• State Financial Monitoring Service of Ukraine (SFMS): Responsible for financial monitoring of transactions with virtual assets and ensuring compliance with AML/CFT legislation.

Regulatory Reference:

• Law of Ukraine "On Virtual Assets" (Закон України "Про віртуальні активи"): Link to Ukrainian Parliament (Verkhovna Rada) website - official legislative acts (You may need to use a translation tool for the full text).

2. Registration vs. Licensing Regime

The VA Law establishes a licensing regime, not merely a registration regime, for Virtual Asset Service Providers (VASPs). Entities intending to provide virtual asset services must obtain a license from the relevant authority (MinDigital or NBU, depending on the type of virtual asset).

However, it's crucial to note:

• While the VA Law is in force, its full implementation, particularly the practical licensing mechanism, depends on the adoption of secondary legislation (resolutions, procedures, and detailed requirements) by the NBU and MinDigital.
• As of late 2023/early 2024, this secondary legislation has not yet been fully adopted, meaning the actual process for obtaining a license is largely suspended or not fully operational. The focus of the government has been on wartime priorities.

3. Required Licenses for Specific Entities

The VA Law defines a "Virtual Asset Service Provider" (VASP) as a legal entity that provides one or more of the following services related to virtual assets:

• Exchange services between virtual assets and fiat currencies. (This covers traditional crypto exchanges).
• Exchange services between different virtual assets. (Also covered by crypto exchanges).
• Transfer of virtual assets. (This includes payment processors that handle virtual assets).
• Custody and/or administration of virtual assets or instruments enabling control over virtual assets. (This covers custody providers).
• Participation in and provision of financial services related to the issuance/sale of virtual assets.

Therefore, based on the VA Law:

• Exchanges (Trading Platforms): Will require a VASP license covering "exchange services."
• Custody Providers: Will require a VASP license covering "custody and/or administration services."
• Payment Processors: If they facilitate transfers of virtual assets or exchanges between virtual assets and fiat, they will require a VASP license covering the relevant service (transfer, exchange).

The VA Law envisages a single VASP license that can cover one or more of these activities, not separate licenses for each. The specific licensing authority (MinDigital or NBU) depends on the type of virtual asset being serviced (e.g., NBU for fiat-backed stablecoins, MinDigital for other cryptocurrencies).

4. Key Requirements for VASPs (Based on VA Law and Drafts)

While the final detailed requirements await secondary legislation, the VA Law and publicly discussed drafts indicate the following key areas:

a) Capital Requirements:

• Currently, the exact, officially finalized capital requirements are pending the adoption of secondary legislation.
• However, previous drafts and discussions indicated potential capital requirements, which could be subject to change:
  • For exchanges (providers of exchange services between virtual assets and fiat): Potentially around UAH 10 million (approx. $250,000 - $300,000, subject to exchange rate fluctuations).
  • For other VASP activities (e.g., custody, transfer): Potentially around UAH 5 million (approx. $125,000 - $150,000).
• These are indicative figures from drafts and should be verified once official regulations are published.

b) AML/KYC Requirements:

• This is a cornerstone of the VA Law and is largely aligned with international standards (FATF recommendations).
• VASPs will be subject to the Law of Ukraine "On Preventing and Countering Legalization (Laundering) of Criminal Proceeds, Terrorist Financing and Financing the Proliferation of Weapons of Mass Destruction."
• Key AML/KYC obligations will include:
  • Customer Due Diligence (CDD): Identifying and verifying the identity of clients (KYC - Know Your Customer) and beneficial owners.
  • Transaction Monitoring: Monitoring transactions for suspicious activities, including large value transactions.
  • Reporting: Reporting suspicious transactions to the State Financial Monitoring Service (SFMS).
  • Risk Assessment: Implementing a risk-based approach to identify, assess, and mitigate money laundering and terrorist financing risks.
  • Record-keeping: Maintaining records of transactions and CDD information for a specified period.
  • Designated AML Officer: Appointing a qualified AML officer.
  • Travel Rule: Implementing measures to collect and transmit originator and beneficiary information for virtual asset transfers.

Regulatory Reference (AML Law):

• Law of Ukraine "On Preventing and Countering Legalization (Laundering) of Criminal Proceeds, Terrorist Financing and Financing the Proliferation of Weapons of Mass Destruction" (Закон України "Про запобігання та протидію легалізації (відмиванню) доходів, одержаних злочинним шляхом, фінансуванню тероризму та фінансуванню розповсюдження зброї масового знищення"): Link to Ukrainian Parliament (Verkhovna Rada) website

c) Local Presence:

• VASPs must be established as a legal entity in Ukraine (e.g., a Limited Liability Company - LLC).
• They will likely require a physical office in Ukraine.
• Local management and personnel will be necessary to ensure operational presence and compliance.

d) Management and Ownership Requirements:

• Fit and Proper Requirements: Directors, senior management, and beneficial owners will need to demonstrate good repute, relevant experience, and no serious criminal convictions.
• Beneficial Ownership Disclosure: Transparency regarding ultimate beneficial owners will be required.

e) Technological and Security Requirements:

• VASPs will need to demonstrate robust cybersecurity measures and IT infrastructure to protect virtual assets and customer data.
• Risk management systems for operational and security risks.
• Business continuity and disaster recovery plans.

5. Application Process (General Outline, Awaiting Detailed Procedures)

Once the secondary legislation is fully in place, the application process for a VASP license is expected to involve:

1. Preparation of Application Package:
   • Application form (to be provided by the regulator).
   • Corporate documents of the applicant legal entity (registration certificate, charter, etc.).
   • Proof of sufficient capital.
   • Detailed business plan outlining proposed services, target market, operational procedures, and financial projections.
   • Comprehensive AML/CFT policies and internal control procedures, risk assessment.
   • Information on management and beneficial owners (CVs, background checks, proof of reputation).
   • Technical and cybersecurity documentation (system architecture, security audits, data protection policies).
   • Proof of local presence (office lease, etc.).
   • Payment of application fees.
2. Submission: The application package will be submitted to the relevant regulatory authority (MinDigital or NBU).
3. Review and Assessment: The regulator will review the application for completeness and compliance with all legal and regulatory requirements. This may involve requests for additional information or clarification.
4. On-site Inspection (Possible): Depending on the regulator's discretion, an on-site inspection of the applicant's premises and systems might be conducted.
5. Decision: The regulator will issue a decision to grant or deny the license.
6. Ongoing Compliance: Once licensed, VASPs must adhere to continuous reporting obligations, AML/CFT requirements, and other regulatory standards.

Expected Timeline: The VA Law specifies that the regulator must make a decision on the license application within 30 business days of receiving the complete package. However, this timeline is theoretical until the full operational framework is established.

6. Impact of the War and Delays

The ongoing full-scale invasion by Russia has significantly impacted the implementation of the virtual asset licensing regime in Ukraine:

• Delayed Secondary Legislation: The primary reason for the practical inability to obtain a license is the delay in adopting the necessary secondary legislative acts and detailed procedures by the NBU and MinDigital. Government resources and focus have been redirected to defense and wartime governance.
• Operational Challenges: Even if licenses were available, operating a virtual asset business in a war-torn country presents immense logistical, security, and financial challenges.
• Investor Hesitation: The war naturally deters significant foreign investment and new market entrants.
• Focus on Essential Services: Regulatory bodies are prioritizing the stability of the traditional financial system and essential digital services.
• Increased AML/CFT Scrutiny: Due to the war and sanctions, there is heightened scrutiny on financial flows, including virtual assets, to prevent their use for illicit purposes or sanctions evasion.

7. Future Outlook and MiCA Alignment

Despite the delays, Ukraine remains committed to developing its digital economy. As a candidate for EU membership, Ukraine is likely to align its future virtual asset regulations with the European Union's Markets in Crypto-Assets (MiCA) Regulation. This will involve:

• Comprehensive rules for the issuance and trading of various types of virtual assets.
• Enhanced consumer protection.
• More granular classification and regulation of different crypto-asset types (e.g., e-money tokens, asset-referenced tokens, other crypto-assets).
• Harmonization with EU standards for market integrity and financial stability.

The VA Law itself was designed with significant input from international experts and aligns broadly with FATF standards, which is a good foundation for future MiCA convergence once conditions allow for full implementation.

Disclaimer: This information is provided for general informational purposes only and does not constitute legal, financial, or regulatory advice. The regulatory landscape for virtual assets in Ukraine is dynamic and currently heavily influenced by the wartime situation. Anyone considering engaging in virtual asset activities in Ukraine should seek independent professional advice from qualified legal and regulatory experts based on the most current official information.