Following the conclusion public hearing that occurred between October and November 2022, the Bank of Portugal has recently issued Notice nº 1/2023 aimed at further regulating the compliance, of AML/CFT duties by entities engaged in the performance of activities related to virtual assets. This administrative regulation will enter into force on 15 July 2023.
Entities that carry out activities involving virtual assets in Portugal were already bound to comply with Law 83/2017, of August 18 – which sets AML/CFT duties for a wide range of entities – though there were no specific legal provisions applicable to entities engaged in the pursuance of activities with virtual assets. As from the entering into force of the new Notice, obliged entities operating on such a segment of activity will have a clearer perspective on how to comply with their AML/CFT duties.
The content of this new Notice does not substantially differ from the project that was subjected to public hearing. Among the main obligations arising therefrom, the following are of particular importance:
(i) Obliged entities shall create an internal function for compliance with AML/CFT duties. This internal function shall be headed by the AML/CFT Compliance Officer and integrated by employees selected on the basis of high ethical standards and demanding technical requirements. If the entity meets some requirements, the function for the compliance with AML/CFT duties shall be segregated from the business and financial areas.
(ii) The Bank of Portugal gives special emphasis on the ML/FT risk assessment that obliged entities shall conduct on an annual basis. In this regard, the new Notice outlines a set of aspects that shall be considered when conducting the risk assessment. Each virtual asset made available to costumers shall be individually considered.
(iii) Special requirements concerning internal organization, procedures an IT tools are also set out. The new notice is particularly demanding concerning the IT tools that obliged entities shall put in place to identity clients, assess if there is any sanction against the client and to find out if there are hidden relations between different clients.
(iv) The Bank of Portugal sets out specific additional enhanced due diligence measures that shall be implemented whenever a higher risk is identified.
(v) The Bank of Portugal gives special attention to the internal communication of irregularities, so an annual intern report on this matter shall be prepared.