Uzbekistan -- AML/CFT Compliance Regulatory Overview

**Law of the Republic of Uzbekistan "On Combating the Legalization of Proceeds from Criminal Activities, the Financing of Terrorism and the Financing of the Proliferation of Weapons of Mass Destruction"** (last updated/amended, e.g., Law No. ZRU-740 of December 14, 2021).

*This general law sets out the fundamental principles, definitions, obligations for obliged entities, and the framework for combating ML/TF.*

**Key Virtual Asset Specific Legislation:**

**Presidential Decree No. PD-269 of September 2, 2022, "On Measures for the Further Development of the Regulatory Framework for the Circulation of Virtual Assets."**

*This decree designated the National Agency for Perspective Projects (NAPP) as the authorized body for regulating virtual asset circulation and established core principles for the sector.*

**Cabinet of Ministers Resolution No. 592 of October 18, 2022, "On Approval of the Regulation on the Procedure for Licensing the Activities of Virtual Assets Stores and the Regulation on the Procedure for Licensing the Activities of Cryptocurrency Exchanges."**

*This resolution details the licensing procedures for VASPs (specifically crypto exchanges and virtual asset stores) and includes requirements for AML/CFT compliance as a prerequisite for licensing.*

**Regulation on the Procedure for Carrying Out Anti-Money Laundering and Counter-Terrorism Financing Measures for Virtual Asset Market Participants (Registered by the Ministry of Justice on August 9, 2023, No. 3456).**

*This is the most specific and crucial document for VASPs, issued by NAPP. It outlines detailed AML/CFT requirements tailored to the virtual asset sector.*

**Individuals:** Obtain and verify identity through reliable, independent sources (e.g., passport, national ID card). This includes name, date of birth, place of birth, address, nationality, and ID document details.

**Legal Entities:** Obtain and verify legal name, legal form, address, registration number, articles of incorporation, names of directors and senior management, and proof of legal existence.

**Source of Funds/Wealth:** For high-risk clients or transactions exceeding a certain threshold, VASPs must identify and verify the source of funds or wealth involved.

**Beneficial Ownership:** Identify and take reasonable measures to verify the identity of the beneficial owner(s) of the client. For legal entities, this typically means identifying individuals who own or control more than a specified percentage (e.g., 25%) of the company, or who otherwise exercise control through other means.

Regularly review existing customer information to ensure it is up-to-date and relevant, especially for high-risk clients.

Scrutinize transactions undertaken by clients to ensure they are consistent with the VASP's knowledge of the client, their business, and risk profile.

Categorize clients based on their ML/TF risk (e.g., low, medium, high).

Apply simplified CDD for low-risk clients/transactions where appropriate.

Apply **Enhanced Due Diligence (EDD)** for high-risk clients, transactions, or business relationships. This includes:

Politically Exposed Persons (PEPs) and their family members/close associates.

Clients from high-risk geographic areas (as identified by FATF or NAPP).

Transactions involving new or complex technologies that may favor anonymity.

Unusual or complex transactions without an apparent economic or lawful purpose.

**Sanctions Screening:** Screen clients and transactions against national and international sanctions lists (e.g., UN Security Council resolutions, OFAC lists).

**Reporting Threshold:** There is no minimum monetary threshold for reporting suspicious transactions. Any transaction (or attempted transaction) that raises suspicion of ML/TF, regardless of amount, must be reported.

**What Constitutes Suspicion:** VASPs must have internal procedures to identify red flags and analyze transactions for patterns indicative of ML/TF (e.g., unusual transaction patterns, funds from unknown sources, attempts to avoid identification, large deposits/withdrawals that don't fit the client's profile).

**Reporting Mechanism:** VASPs must report suspicious transactions to the **Department for Combating Economic Crimes under the General Prosecutor's Office of the Republic of Uzbekistan**, which acts as the Financial Intelligence Unit (FIU). NAPP's regulations may specify a preliminary reporting channel through NAPP itself before forwarding to the FIU.

**No Tipping-Off:** VASPs and their employees are prohibited from disclosing to the client or third parties that an STR has been or will be filed, or that an ML/TF investigation is underway.

**Internal AML Officer:** VASPs must appoint a dedicated AML officer responsible for overseeing AML/CFT compliance, including receiving internal suspicion reports and filing STRs.

**Retention Period:** All records must be retained for a minimum of **five (5) years** from the date of the last transaction or the end of the business relationship.

All client identification and verification documents (CDD records).

Transaction data, including sender and recipient information, amounts, dates, types of virtual assets, and transaction identifiers.

Records of internal and external suspicious transaction reports.

Records of risk assessments, internal policies, procedures, and training materials.

Records of any analysis performed to determine whether a transaction is suspicious.

**Accessibility:** Records must be easily accessible and provided to the overseeing authority upon request.

**National Agency for Perspective Projects (NAPP) under the President of the Republic of Uzbekistan**

**Role:** NAPP is responsible for developing and implementing state policy in the field of virtual asset circulation, licensing VASP activities, and ensuring their compliance with AML/CFT regulations. It issues specific regulations, conducts inspections, and can impose sanctions for non-compliance.

**URL:** https://napp.uz/en/ (English version of the official website)

The **Department for Combating Economic Crimes under the General Prosecutor's Office of the Republic of Uzbekistan** acts as the country's FIU and is the ultimate recipient of Suspicious Transaction Reports (STRs).

**URL (General Prosecutor's Office):** https://prokuratura.uz/en/

**Decree of the President of the Republic of Uzbekistan No. DP-4952 of September 2, 2018 "On Measures for the Development of the Digital Economy in the Republic of Uzbekistan"**: This decree initially established the legal framework for blockchain technology and created the NAPP (then the National Agency for Project Management under the President).

Link to Decree DP-196 (Russian, often official sources are in Uzbek or Russian): Lex.uz (You may need to search the Lex.uz database if the direct link changes)

**Regulations on the Procedure for Licensing of Activities of Virtual Asset Service Providers (NAPP, Registered by the Ministry of Justice No. 3416 on 12.01.2023)**: These regulations outline the requirements for obtaining a license, including significant capital requirements and strict compliance obligations for VASPs.

Link to NAPP website, often contains regulatory documents: NAPP Official Website (Look for sections on "Regulation of Virtual Assets" or "Legislation")

**Regulations on the Procedure for Implementing Measures to Combat Legalization of Proceeds from Criminal Activities, Financing of Terrorism and Financing of Proliferation of Weapons of Mass Destruction for Virtual Asset Service Providers (NAPP, Registered by the Ministry of Justice No. 3415 on 12.01.2023)**: This is the most crucial document regarding AML/CTF and sanctions compliance for VASPs.

As a member state of the United Nations, Uzbekistan is legally bound to implement UN Security Council resolutions, including those imposing targeted financial sanctions against individuals and entities involved in terrorism, proliferation of weapons of mass destruction, and other illicit activities.

Uzbekistan's **Law "On Combating Legalization of Proceeds from Criminal Activities, Financing of Terrorism and Financing of Proliferation of Weapons of Mass Destruction" (No. ZRU-656 of December 21, 2020)** serves as the overarching national legal framework for AML/CTF, directly incorporating the obligation to implement UN sanctions.

Link to Law ZRU-656 (Russian): Lex.uz

The NAPP Regulations for VASPs explicitly mandate that VASPs establish internal control rules and procedures to comply with this law, which includes screening against UN sanctions lists (e.g., the ISIL (Da'esh) & Al-Qaida Sanctions List, the Taliban Sanctions List, and other UN sanctions lists).

**OFAC/EU Sanctions (Indirect but Crucial):**

While Uzbek law does not *directly* enforce OFAC (U.S. Department of the Treasury's Office of Foreign Assets Control) or EU sanctions, any VASP operating in Uzbekistan that:

Has a **U.S. nexus** (e.g., U.S. customers, U.S. dollar transactions, servers in the U.S., employees in the U.S., U.S. investors).

Has an **EU nexus** (e.g., EU customers, Euro transactions, operations in the EU).

Engages with **international partners** (banks, other VASPs) that are subject to OFAC or EU jurisdiction.

Uses **U.S. dollar-denominated financial services**.

...is effectively **obligated to comply with OFAC and EU sanctions** to avoid severe penalties from those jurisdictions.

Therefore, a prudent VASP in Uzbekistan, especially one with international aspirations or clientele, *must* implement robust screening against OFAC's SDN List and other sanctions lists, as well as the EU Consolidated List of persons, groups, and entities subject to financial sanctions.

**OFAC Guidance for the Virtual Currency Industry:** OFAC Guidance

**EU Consolidated List:** EU Sanctions Map (Includes links to consolidated lists)

**EU Financial Sanctions Factsheet:** EU Factsheet

**NAPP Regulations for VASPs (No. 3415):** These regulations mandate that VASPs:

Identify and verify the identity of their clients (and beneficial owners).

Conduct ongoing monitoring of business relationships.

**Screen clients and beneficial owners against national and international sanctions lists (including UN lists)**.

Report suspicious transactions to the **Department on Combating Economic Crimes under the Prosecutor General's Office of the Republic of Uzbekistan** (Uzbekistan's Financial Intelligence Unit or FIU).

Freeze assets of individuals and entities on designated sanctions lists without delay.

**Identification of Parties:** VASPs must identify all parties involved in a virtual asset transaction (originator and beneficiary).

**Risk-Based Approach:** VASPs must apply a risk-based approach to CDD, with EDD required for high-risk customers, politically exposed persons (PEPs), and transactions involving high-risk jurisdictions or activities.

**Beneficial Ownership:** Identification and verification of beneficial owners are critical.

**Ongoing Monitoring:** Continuous monitoring of transactions and customer profiles for any changes or red flags, including updates to sanctions lists.

**UN Sanctions-related Restrictions:** Prohibiting transactions with individuals, entities, and sometimes regions subject to UN asset freezes or other prohibitions.

**OFAC/EU Sanctions-related Restrictions:** For VASPs with an international nexus, this means avoiding transactions or services to jurisdictions under comprehensive sanctions (e.g., Crimea, certain regions of Ukraine, Cuba, Iran, North Korea, Syria, Venezuela) and entities/individuals located in or linked to those jurisdictions, as specified by OFAC and EU regulations.

**Internal Risk Management:** VASPs often implement their own geographic restrictions based on their risk appetite, internal policies, and the regulatory demands of all jurisdictions they operate in or serve.

**Administrative Responsibility:** The **Code of Administrative Responsibility** (e.g., Article 170-2 "Violation of the procedure for conducting operations with virtual assets" or general AML/CTF violations) can impose significant fines on legal entities and officials.

**Criminal Responsibility:** The **Criminal Code of the Republic of Uzbekistan** (e.g., Article 243 "Legalization of proceeds from criminal activities," Article 252-1 "Illegal circulation of virtual assets" - though the latter primarily pertains to unlicensed operations) can impose substantial fines, imprisonment, or asset forfeiture for serious breaches, especially those related to money laundering or terrorist financing.

**NAPP Sanctions:** NAPP, as the licensing body, has the power to:

Impose fines specific to licensing violations.

**Suspend or revoke a VASP's license** for non-compliance with licensing conditions or AML/CTF obligations.

**Under OFAC/EU Sanctions (for internationally exposed VASPs):**

**OFAC:** Can impose civil monetary penalties of millions of dollars per violation, and in severe cases, criminal charges leading to imprisonment for individuals and larger fines for entities. Assets can also be blocked indefinitely.

**EU:** Member states implement EU sanctions, and penalties vary but can include significant fines, imprisonment, and asset freezes.

Uzbekistan does **not** maintain a publicly available "crypto-specific" sanctions list.

However, in addition to implementing UN sanctions lists, Uzbekistan maintains **national lists of individuals and entities involved in terrorism and extremism**, often managed by its security services and the FIU. These national lists are critical for VASPs' AML/CTF screening processes within Uzbekistan.

Information on specific national terrorist lists might not be publicly accessible in its entirety due to security considerations, but VASPs are expected to have access or receive guidance from regulatory bodies (NAPP, FIU) on how to screen against these.

**Screening against UN sanctions lists** as mandated by Uzbek law.

**Screening against Uzbekistan's national lists** of individuals/entities involved in terrorism/extremism.

For any VASP with an international footprint, **mandatory screening against OFAC (SDN List) and EU (Consolidated List) sanctions lists** to mitigate extraterritorial risks.

Implementing a **risk-based approach** to customer due diligence, transaction monitoring, and geographic restrictions.

Having clear procedures for **reporting suspicious transactions** and **freezing assets** as required by law.