With the rapid growth of the virtual asset industry, Virtual Asset Service Providers (VASPs) face increasing regulatory scrutiny worldwide. Georgia is no exception. Since September 2022, VASPs have been classified as accountable persons under the Law of Georgia on Facilitating the Prevention of Money Laundering and the Financing of Terrorism, thereby becoming subject to mandatory anti-money laundering (AML) compliance obligations. Furthermore, under the supervision of the National Bank of Georgia (NBG), Georgia has introduced a comprehensive regulatory framework for VASPs, aligning its legislation with international standards. It includes the recommendations of the Financial Action Task Force (FATF).
As a result, VASPs operating in the Georgian market must implement robust risk assessment and compliance strategies. This helps them avoid legal and operational risks.
This article provides an overview of the registration and risk management obligations for VASPs in Georgia.
Definition of VASPs
VASP is a person who provides virtual asset services for the benefit of another person. The following activities are considered to be virtual asset services:
- Exchange (including via kiosks) between convertible virtual assets and fiat currencies (national or foreign), between one or more forms of virtual assets, between convertible virtual assets and financial instruments;
- Transfer of convertible virtual asset;
- Safekeeping and/or administration of a convertible virtual asset or the instrument enabling control over a virtual asset;
- Portfolio management of convertible virtual assets (excluding collective portfolio management);
- Administration of the trading platform of convertible virtual assets. A virtual asset is a digital representation of value that is interchangeable and non-unique, can be digitally traded or transferred, and can be used for investments and/or payment purposes. A virtual asset does not include a digital representation of fiat currencies, securities, or other financial instruments;
- Lending of convertible virtual assets; and
- Initial Coin Offering of convertible virtual asset and/or service related to the initial coin offering. A convertible virtual asset is a virtual asset that has an equivalent value on the market, in national or foreign currency, in another virtual asset, and/or a financial instrument in which it can be exchanged.
Registration Requirements for VASPs at the National Bank of Georgia
One of the first steps for VASPs to ensure compliance is to register with NBG. The registration process involves several key steps:
- Application Submission: VASPs must submit an application to NBG, providing detailed information about their business operations, ownership structure, UBOs, and the types of virtual asset services they intend to offer. The application must be accompanied by various documents, including a business plan, risk management policies, anti-money laundering (AML) and counter-terrorist financing (CTF) procedures, and details of the internal control systems.
- Review and Approval: The NBG will review the application and the accompanying documents to ensure that the VASP meets all regulatory requirements. This process may involve additional inquiries and requests for further information. NBG shall make the relevant decision on the registration or refusal of registration within 60 (sixty) days following the submission of the respective application. NBG may, at its sole discretion, extend this review period twice, each time for an additional 60 (sixty) days;
- Registration Certificate: Upon successful review, the NBG will issue a registration certificate (an administrative act), allowing the VASP to legally operate in Georgia.
It should be underlined that the registration is not equivalent to licensing – it is an authorization that primarily subjects VASPs to ongoing supervision, especially for AML compliance. Only registered entities are legally allowed to operate.
For expert guidance on financial regulation and licensing support, click here.
Risk Assessment Strategies
To ensure compliance with the regulatory framework, VASPs shall implement a comprehensive Risk-Based Approach (RBA) to AML/CFT. This must align with Georgian regulations and FATF guidance. This approach ensures that the company identifies and assesses its money laundering and terrorist financing risks. It also requires implementing mitigation measures commensurate with those risks.
Key elements of the RBA include:
- Risk Identification & Assessment: The VASP shall conduct an annual AML/CFT risk assessment, considering factors like customer profiles, geographies, products, transaction types, and delivery channels. This assessment shall incorporate national risk assessments and guidance from Georgian authorities.
- Risk Mitigation: Based on the identified risks, the VASPs shall implement targeted controls. Higher-risk areas, such as certain accounts or transactions, shall receive enhanced scrutiny, while lower-risk activities may be subject to streamlined controls.
- Customer Risk Rating: Customers shall be categorized by risk level (Low, Medium, High) at onboarding and reviewed periodically. High-risk customers shall undergo Enhanced Due Diligence (EDD) and more frequent reviews, while low-risk customers may undergo simplified due diligence, in line with Georgian law. Risk ratings are adjusted based on changes in customer profiles or behavior.
- Risk-Based Transaction Monitoring: VASPs shall tailor transaction monitoring based on customer risk levels, with alerts triggered by large or complex transactions or patterns like structuring. High-risk customers and transactions are more closely monitored, while low-risk ones are monitored to minimize false positives and maintain operational efficiency.
- Reporting and Record-Keeping: VASPs must maintain detailed records of their risk assessment activities and report any suspicious activities to the relevant authorities.
Compliance with AML and CTF Regulations
Compliance with AML and CTF regulations is a critical aspect of risk assessment for VASPs. The NBG requires VASPs to implement robust KYC and CDD procedures. To identify every customer and understand the nature of their relationship with the VASP in the beginning, as well as during the course of the relationship. This process involves:
- Identification and Verification of Customers: VASPs must collect and verify the identity of their customers, whether individuals or legal entities, using reliable, independent source documents or data. This includes government-issued identification documents (e.g., passports, national ID cards) for individuals, and incorporation documents (e.g., certificates of incorporation, ownership structures) for legal entities;
- Ongoing Due Diligence: VASPs must also engage in ongoing monitoring of their customers’ transactions. This is to ensure that they align with the customer’s known profile and the expected nature of the business relationship. Any discrepancies or unusual activities must be flagged for further investigation.
- Suspicious Activity Reporting (SAR): VASPs are legally obligated to report suspicious activities to the Financial Monitoring Service of Georgia (FMS). Suspicious activities may include unusual transactions that appear inconsistent with the customer’s typical behavior. They may also involve large and rapid transactions, particularly if they involve high-risk jurisdictions or anonymous transactions. Transactions involving individuals who are subject to international sanctions or that raise red flags in terms of criminal activity.
In the evolving legal landscape for virtual assets in Georgia, VASPs must adopt proactive risk assessment and compliance strategies. They must also ensure long-term viability and regulatory alignment.
Given the serious consequences of non-compliance, including significant fines, operational disruption, or reputational damage. VASPs should seek expert legal support when designing their compliance programs, drafting policies, or interacting with NBG.
Introducing Microbanks – New Financial Institution in Georgia
The concept of microbanks was introduced in Georgia through the Law of Georgia on Microbanks…
A Guide to Processing Personal Data for Direct Marketing
What Businesses Need to Know Businesses handle large amounts of personal data daily, especially from…
Procedures for Registration as a Payment Service Provider in Georgia
In the realm of financial services, particularly in Georgia, the operation of payment services is…
Georgian Framework for Validating European Patents
Under the current legal framework, European patents can be validated in Georgia based on the…
Payment Options for Foreign Players on Georgian Systemic-Electronic Gambling Platforms
As Georgia continues to develop a well-regulated environment for systemic electronic gambling, licensed operators are…
General Overview of Georgia’s Tax System
Georgia offers a business-friendly and investor-oriented tax regime, consistently recognized by the World Bank and…