The scope of the Portuguese AML Law (Law no. 83/2017, as amended) has been expanded to include all entities which carry out any of the following economic activities on their behalf or on behalf of a client (the "In-Scope Activities"):

  • Exchange of crypto assets for fiat currency;
  • Exchange of crypto assets for other crypto assets;
  • Transfer of crypto assets from an address or wallet to another address or wallet; and
  • Custody or custody and management of crypto assets or any instruments which enable control, custody, storage or
  • transfer of crypto assets, including cryptographic keys.

What is a crypto asset for the purposes of the AML Law?

A crypto asset is any digital representation of value which is not necessarily linked to a legally establish currency and which does not legally qualify as fiat currency, but is accepted by natural or legal persons as means of exchange or investment and which may be electronically transferred, stored and commercialized. Electronic money qualifies as fiat currency and therefore is not deemed a crypto asset.

What does this mean for entities operating in the crypto markets?

The AML Law sets out a number of regulatory duties which entities that carry out any In-Scope Activities (the "In-Scope Entities") are required to comply with:

  • Internal control duties In-Scope Entities are required to implement effective internal control and risk management policies and procedures;
  • Identification and diligence duties Prior to establishing a business relationship or carrying out any sporadic transactions in an amount greater than 1,000, In-Scope Entities must verify the identity of the client and collect identification materials and information on the nature of the business relationship and origin and destination of the funds. In the event the client is a legal person, this includes the identity of the client's ultimate beneficial owners;
  • Communication duties In-Scope Entities are required to immediately inform the relevant Portuguese authorities whenever they suspect that certain funds or other assets might be connected with any criminal activities or being used to finance terrorist activities;
  • Abstention duties In-Scope Entities are required to abstain from carrying out any transaction which they suspect might be connected with any criminal activities or being used to finance terrorist activities;
  • Refusal duties Whenever they are unable to comply with their identification and diligence duties, In-Scope Entities are required to refuse establishing a business relationship (or terminate an established business relationship) or carrying out any sporadic transactions with the relevant client;
  • Preservation duties In-Scope Entities are required to preserve all client documentation for a period of 7 years as from the latest of the identification of the client or the termination of the business relationship;
  • Monitoring duties Whenever they detect an activity whose characteristics could potentially evidence a connection with any criminal activities or being used to finance terrorist activities, In-Scope Entities are required to monitor such activity closely and intensify its supervision;
  • Cooperation duties In-Scope Entities are required to comply with any requests from the relevant Portuguese authorities in respect of anti-money laundering and combat to terrorism finance;
  • Non-disclosure duties In-Scope Entities are forbidden from disclosing to the client and other third parties that they have informed the relevant Portuguese authorities of their suspicions that certain funds or other assets might be connected with any criminal activities or being used to finance terrorist activities and of any ongoing investigations or other proceedings being carried out in respect thereto; and
  • Training duties In-Scope Entities are required to provide adequate training in terms of anti-money laundering and combat to terrorism finance to all their employees with relevant positions.

Bank of Portugal registration, supervision and sanctions

The Bank of Portugal ("BoP") is the competent authority to supervise the activity of In-Scope Entities. In-Scope Entities must be registered with the BoP prior to carrying out any In-Scope Activities. Any modification to the information provided to the BoP in the context of the initial registration request is also subject to subsequent registration with the BoP which must be requested in the maximum period of 30 days. Failure to register with the BoP prior to carrying out any In-Scope Activities or failure to comply with the duties set out in the AML Law are punishable with fines which may go up to the highest of 1,000,000 and double the economic benefit resulting from such offense, as well as cumulated with other ancillary sanctions.