Law Articles
2025-01-23
ICO
New Regulations for Virtual Asset Services: Shaping the Future of Legal Compliance
【Charlotte Wu, Partner, Zhong Yin Law Firm】
charlotte.wu@zhongyinlawyer.com.tw
charlotte.wu@zhongyinlawyer.com.tw
Virtual assets have become an integral part of the global financial market today. Major virtual assets like Bitcoin and Ethereum are not only trading mediums but have also become the core of innovative investments and financial technology applications. However, the anonymity and decentralization characteristics of virtual assets have also made them a breeding ground for potential illegal activities, such as money laundering, terrorism financing, and fraud. To address these challenges, countries around the world have been enacting relevant laws and regulations to promote the transparency and legalization of the virtual asset market.
The Financial Supervisory Commission of Taiwan (FSC) established the "Anti-Money Laundering Registration Regulations for Virtual Asset Service Providers " (hereinafter referred to as the "Registration Regulations") and amended the "Anti-Money Laundering and Counter-Terrorism Financing Regulations for Virtual Asset Service Providers" (hereinafter referred to as the "AML/CTF Regulations") on November 26, 2024. These regulations not only clarify the definition and scope of virtual assets and related services but also require operators to complete the registration, implement sound internal control systems and enforce customer identity verification and transaction monitoring.
This article aims to demonstrate the relevant regulations and assist virtual asset service providers in understanding how to comply with the laws to ensure legal operations. Whether you are a new entrant to the market or a business seeking to enhance your compliance capabilities, we hope this article will serve as a practical guide to help you navigate the regulations.
Ⅰ. Regulatory Entities
The entities regulated under the Registration Regulations and AML/CTF Regulations are "businesses or individuals that engage in the following activities within Taiwan's borders: (1) exchanging virtual assets with New Taiwan dollars, foreign currencies, and currencies issued by Mainland China, Hong Kong, or Macau; (2) exchanging between virtual assets; (3) transferring virtual assets; (4) custodial and management services for virtual assets or providing related management tools; (5) participating in and providing financial services related to the issuance or sale of virtual assets." These entities are referred to as virtual asset service providers (VASPs).
As for the definition of "virtual assets," it refers to "value that can be stored, exchanged, or transferred digitally using cryptographic, distributed ledger technology, or other similar technologies, and is intended for payment or investment purposes. However, it does not include digital forms of New Taiwan dollars, foreign currencies, or currencies issued by Mainland China, Hong Kong, or Macau, securities, or other financial assets issued in accordance with laws or regulations."
Depending on the type of service provided, the Registration Regulations classify different categories of service providers, as summarized in the table below:
Ⅱ. Compliance Obligations
1. Registration Obligations
Before the implementation of the Registration Regulations, businesses or individuals engaged in virtual asset-related services were required to complete an anti-money laundering (AML) compliance declaration in accordance with Article 17 of the AML/CTF Regulations, issued on June 30, 2021. A notification will be issued ordering those who have failed to complete the AML compliance declaration to so complete prior to a specified deadline, enabling the business to make improvements according to Article 6, Paragraph 4 of the previous Anti-Money Laundering Act. Continued failure to make the necessary improvements by the deadline may be subject to fines ranging from NT$500,000 to NT$10 million. However, following the enactment of the Registration Regulations, the original AML compliance declaration system has been replaced by a new registration obligation under the Anti-Money Laundering Regulations. The Registration Regulations provide clear guidelines for the establishment, operation, management, risk control, and market trading activities of VASPs, further promoting the healthy and transparent development of the virtual asset market.
According to the Registration Regulations, VASPs are required to register based on their specific business activities. Failure to complete the registration will prevent them from engaging in related operations (refer to Article 3 of the Registration Regulations). This requirement aims to strengthen the regulatory oversight of VASPs, ensuring that all operators are functioning within the legal framework. Additionally, the Registration Regulations impose strict disqualification conditions for the responsible persons or beneficial owners of VASPs. Individuals involved in certain crimes, who have been declared bankrupt and not yet reinstated, or who have exhibited other dishonest behavior, are prohibited from participating in the management or control of a VASP (refer to Article 4 of the Registration Regulations).
Regarding the registration process, the Registration Regulations stipulate that VASPs must submit several documents when applying for registration, including the company’s articles of association, a list of shareholders and beneficial owners, business rules, and internal control systems (refer to Article 5 of the Registration Regulations). These document requirements emphasize the importance of operational transparency and internal governance for VASPs. Additionally, once the registration is completed, the operator must commence business operations within six months and must join the Taiwan Virtual Currency Business Association to promote self-regulation within the industry (refer to Article 6 of the Registration Regulations).
It is important to note that the Registration Regulations specifically emphasize the significance of information security and risk management. VASPs are required to establish information systems that are suitable for the scale of their business operations and implement internal control systems to prevent risks arising from technical vulnerabilities or improper operations (refer to Article 12 of the Registration Regulations). Furthermore, operators are also required to set up a fair and efficient customer complaint handling mechanism to ensure that consumers' legal rights are protected in case of disputes (refer to Article 13 of the Registration Regulations).
The Registration Regulations impose different requirements for various virtual asset operators. Virtual asset exchange providers must disclose the virtual assets they offer for exchange, including exchange prices, quantities, and exchange rules (refer to Articles 16 and 17 of the Registration Regulations). Virtual asset trading platforms, in addition to the requirements for exchange providers, must establish review standards and procedures for listing and delisting virtual assets, which must be included in their internal control systems. Trading platforms must also establish and publicly disclose trading rules, implement mechanisms to prevent market manipulation, and set up systems to detect abnormal price and volume changes, which must also be incorporated into their internal control systems (refer to Articles 18 to 20 of the Registration Regulations). Virtual asset transfer providers must establish and publicly disclose transfer rules for virtual assets, which must be incorporated into their internal control systems (refer to Article 21 of the Registration Regulations). Virtual asset custodians are required to manage their own assets and clients' assets separately. They are prohibited from transferring ownership of virtual assets to the custodians. Their custody policies and procedures must be publicly disclosed and incorporated into their internal control systems. Additionally, they must maintain detailed records on customer asset details, such as customer information, wallet addresses, and asset amounts (refer to Articles 23 to 27 of the Registration Regulations). Virtual asset underwriters must publicly disclose links to the white papers of the assets they underwrite and establish review standards and procedures for underwriting virtual assets, which should be incorporated into their internal control systems (refer to Articles 28 to 29 of the Registration Regulations).
The Registration Regulations specifically address transitional arrangements, requiring VASPs that have completed the compliance declaration under previous laws to complete AML registration by the stipulated deadline (September 30, 2025). Failure to do so will result in the prohibition of continued operations (refer to Article 30 of the Registration Regulations). This provision aims to ensure the smooth implementation of the new system while avoiding operational disruptions caused by regulatory changes, providing operators with sufficient time and space to adapt. According to the Registration Regulations and anti-money laundering laws, VASPs that continue operations without completing the AML registration will face strict legal responsibilities and penalties. Failure to register as required will result in the prohibition of providing virtual asset-related services. Those in violation will be subject to penalties under Article 6, Paragraph 4 of the Money Laundering Control Act, including imprisonment for up to two years, detention, or a fine of up to NT$5 million. This regulation raises the responsibility from an administrative fine to criminal liability, reflecting a trend towards stricter regulatory management.
2. Anti-Money Laundering and Counter-Terrorism Financing System Establishment Obligations
The AML/CTF Regulations aim to establish a compliance framework for VASPs to prevent money laundering and combat terrorism financing, in response to the continuous expansion of the virtual asset market and the associated risks. These regulations not only govern the business operations of VASPs but also require their internal governance and compliance measures to meet international standards.
To strengthen the effectiveness of anti-money laundering and counter-terrorism financing measures for virtual asset service providers, the AML/CTF Regulations impose several specific requirements on VASPs. These include confirming the identity of customers, refusing to establish business relationships or specific types of transactions, and conducting continuous reviews of customer identities, ensuring that their operations align with the relevant regulations on money laundering prevention and counter-terrorism financing (refer to Articles 3 to 5 of the AML/CTF Regulations).
In terms of transaction monitoring, the AML/CTF Regulations require VASPs to establish a risk-based transaction monitoring system. Enhanced measures must be taken for high-risk transactions, such as identifying the source of funds and conducting ongoing monitoring. Furthermore, for cases that exhibit characteristics of suspected money laundering or terrorism financing, VASPs must promptly report them to the Ministry of Justice Investigation Bureau to ensure that illegal activities are promptly disclosed (refer to Articles 6 and 12 of the AML/CTF Regulations).
Regarding transaction amounts, the AML/CTF Regulations require VASPs to verify customer identities for temporary transactions of New Taiwan dollars 30,000 or more, or for multiple related temporary transactions that total New Taiwan dollars 30,000 or more (refer to Article 3 of the AML/CTF Regulations). For cash transactions amounting to New Taiwan dollars 500,000 (including equivalent foreign currencies and currencies issued by Mainland China, Hong Kong, or Macau) or more, VASPs must report the transaction to the Ministry of Justice Investigation Bureau within five business days after the transaction, in the format and manner prescribed by the Bureau (refer to Article 11 of the AML/CTF Regulations).
Additionally, the AML/CTF Regulations emphasize that operators must establish a risk assessment mechanism, prepare an annual risk assessment report, and submit it to the competent authority to ensure that their internal governance continues to adapt to changes in the external risk environment. They also require VASPs to establish an internal control and audit system that can be continuously improved, maintaining and enhancing the effectiveness of anti-money laundering measures (refer to Articles 14 and 15 of the AML/CTF Regulations).
If a VASP fails to establish the required systems or violates the provisions regarding the implementation, procedures, or measures outlined in the AML/CTF Regulations, the competent authority will issue a deadline for the VASP to make improvements, in accordance with Article 7, Paragraph 4 of the Money Laundering Control Act. If the VASP fails to make improvements by the deadline, the competent authority may impose a fine ranging from New Taiwan dollars 500,000 to 10 million for financial institutions, or from New Taiwan dollars 50,000 to 5 million for designated non-financial businesses or individuals, with the possibility of imposing penalties on a per-instance basis.
3. Conclusion
The implementation of the new regulations for virtual asset services brings both new compliance challenges and opportunities for operators. Whether it is completing anti-money laundering registration, establishing internal control systems, or addressing transaction monitoring and risk assessment requirements, a strong understanding of the regulations and practical experience is essential.
We are committed to providing tailored legal compliance services for virtual asset service providers, including registration process guidance, system design, and support with suspicious transaction reporting. Our team has extensive experience in fintech regulations and can help you navigate the new regulatory requirements smoothly while ensuring steady progress in the market.
If you wish to seize the opportunity in the face of regulatory changes, feel free to contact us. We are dedicated to offering customized services to meet your needs.
如您對上述的內容有任何意見或有興趣進一步瞭解,歡迎您聯繫我們。
Charlotte J.H. Wu 吳婕華律師
charlotte.wu@zhongyinlawyer.com.tw
TEL +886 2 2377 1858 EXT 8888