What are cryptocurrencies, and what are the regulations governing their use in Slovakia? What obligations apply to virtual currency service providers? You can find all the important information about cryptocurrencies in our new article.
According to the European Central Bank’s definition, a cryptocurrency can generally be described as a digital store of value that is not issued by a central bank, a credit institution, or an electronic money institution, and which, in certain situations, can be used as an alternative to money. Such a cryptocurrency is issued, sold, and stored using distributed ledger technology, and its value is not tied to the value of any other asset or legal tender. The rise of cryptocurrencies is evidenced not only by the growing number of investors who do not hesitate to invest their spare funds in this type of asset, but also by an increasing number of new business entities that focus their activities, for example, on providing consulting services in the area of cryptocurrency investment, or on providing virtual currency wallet services, or virtual currency exchange services.
Today, the cryptocurrency sector in the Slovak Republic can still be described as unregulated; however, over time, information regarding the preparation of legislation intended to regulate cryptocurrencies has been appearing with increasing frequency, particularly in the media, and especially from the European Union. The content of the individual regulations is not yet known, but it can be assumed that these regulations will extend into various other areas of law, such as contract law, tax law, anti-money laundering, and similar fields.
Currently, the greatest obligations apply to providers of virtual currency wallet services and providers of virtual currency exchange services. This reflects the implementation of the Fifth AML Directive into the Slovak legal system, resulting in the amendment of Act No. 297/2008 Coll. on the Prevention of Money Laundering and the Financing of Terrorism and on Amendments to Certain Acts (hereinafter the “AML Act”) . This amendment included the aforementioned virtual currency wallet service provider and virtual currency exchange service provider among the obligated entities subject to the AML Act. These trades were also classified as regulated trades.
There were several reasons for this amendment, but the most significant one is likely the fact that, given the lack of regulation and the anonymity prevailing in the virtual space, cryptocurrencies posed a potential risk of abuse by various organized or terrorist groups, for example, specifically for the purpose of legalizing proceeds from criminal activity, i.e., money laundering. However, the aforementioned amendment was intended to prevent this by classifying providers of these services as obligated entities under the AML Act. This fact is crucial because obligated entities are subject to several fundamental obligations, such as the obligation to verify client identification before concluding a transaction, the obligation to report unusual transactions to the financial intelligence unit, determining whether a client is a politically exposed person, the obligation to maintain proper records, and the obligation to develop internal guidelines, known as the internal compliance program, which takes risk factors into account and determines the scope of due diligence performed by the obligated entity. The internal program includes, for example, forms of unusual business transactions, employee training, methods for assessing and managing AML risks, procedures for identifying unusual business transactions, reporting of unusual business transactions, a sample client declaration under the AML Act, and others. The thorough and precise development of the internal program is a fundamental and essential prerequisite for carrying out the aforementioned activities. Failure to comply with these obligations would expose these entities to the risk of severe penalties, as violations of obligations under the AML Act may result in fines amounting to hundreds of thousands of euros. We therefore strongly recommend entrusting the preparation of the internal compliance program to experts, thereby preventing potential complications in the future.
Another general obligation that businesses providing cryptocurrency-related services cannot avoid is compliance with data protection obligations. The legal basis for this issue is primarily Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”) and Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts (hereinafter referred to as the “GDPR Act”).
Since the entrepreneur processes personal data in the course of performing the aforementioned activities, this entrepreneur holds the status of a so-called controller. The person whose personal data is being processed is referred to as the data subject. Several rights and obligations arise for both parties from this legal relationship. The controller’s fundamental obligations include compliance with the principles of personal data processing, which include, for example, the principles of lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, or the principle of accountability. Other obligations under the GDPR include, for example, the obligation to retain personal data for a certain period of time or the obligation to ensure the protection of collected personal data. The field of personal data protection can be quite problematic and confusing for someone unfamiliar with it; therefore, we recommend seeking assistance from experts in this area, who can prepare, among other things, basic GDPR documents such as personal data protection policies or consent forms for data subjects.
In conclusion, we note that ignoring GDPR obligations can have severe consequences, as violations of these obligations carry the risk of significant penalties. The fine can reach up to 20 million euros or 4% of the company’s annual turnover, whichever is higher.
Our strong recommendation for entities conducting business activities related to cryptocurrencies is to draft the company’s general terms and conditions (hereinafter “GTC”) with sufficient precision. While the existence and use of the GTC are not a legal requirement, in practice, the use of the GTC is a tool that can significantly facilitate the conduct of business activities. If a company has drafted GTC, it is sufficient for it to refer to their application when concluding individual contracts—that is, to stipulate within the contract that matters not expressly addressed by the contract are governed by the GTC. A well-drafted set of GTC will subsequently save a significant amount of time and money. In practice, however, we often encounter situations where entrepreneurs—not just in the cryptocurrency sector—significantly underestimate this area and rely on “template” GTCs from the internet, which are often not only outdated but, more importantly, fail to reflect the uniqueness of the services provided in any way; in extreme cases, they do not even distinguish between services and goods. By acting in this manner, these entities expose themselves to the risk that, due to the outdated and incorrect nature of their T&Cs, they will not prevail even in a potential legal dispute.
The upcoming regulation of cryptocurrencies, whether at the European or national level, will undoubtedly bring additional obligations that these entities will have to comply with. The law firm Hronček & Partners, s. r. o. will continue to monitor this issue, and we will keep you informed of any developments in the world of cryptocurrency regulation.
