AML/CFT training for VASPs by the GIIF

During the training session held on 11 August 2025, the Ministry of Finance, together with the General Inspector of Financial Information (GIIF), presented the latest guidelines and practical recommendations concerning the obligations of institutions operating in the virtual currency market.

Particular attention was devoted to quarterly reporting to the GIIF, the application of financial security measures, the proper assessment of risks relating to obliged institutions and their clients. A special focus, however, was placed on the implementation of AML/CFT obligations by virtual asset service providers (VASPs).

Implementation of AML/CFT Obligations by VASPs

GIIF reminds obliged institutions of the necessity to apply a uniform methodology when preparing money laundering and terrorist financing (ML/TF) risk assessments, in line with the KNF’s position.

Particular attention must be given to the obligation to update the risk assessment in situations such as:

• the emergence of new virtual currencies- especially those that are significantly different from those already supported by VASPs or present higher risk.
• the introduction of new channels for conducting transactions or establishing business relationships.
• the expansion of operations to new groups of clients.

New currency in VASP’s offering? Only with AML/CFT risk analysis

The Ministry of Finance highlights that the introduction of new financial products – such as virtual currencies– must be preceded by a thorough ML/TF risk assessment.

The process begins with a business decision, followed by verification of whether adequate tools and solutions are in place to effectively analyse client transactions involving the new product.

The next steps include updating the obliged institution’s risk assessment and disseminating it among employees, ensuring that all are aware of potential threats and operational rules. At the same time, internal procedures must be adjusted to the specifics of the new solution and appropriate transaction monitoring mechanisms implemented.

Only once these measures have been completed may the product be made available to clients. It is crucial to maintain the proper sequence- ensuring compliance first, and only then launching the product.

This approach minimizes the risk of abuse and enhances the security of the financial market.

Analysis of Quarterly Reporting by the GIIF

The Ministry of Finance, referring to the GIIF’s analysis of quarterly reports, notes irregularities in the way VASPs assess client risk. According to the GIIF’s findings, such entities too frequently classify their clients as low risk.

The Ministry reminds that in the case of VASP clients, such classification should be exceptional and, in practice, should not occur at all, due to the specific characteristics of the products used by VASP customers.

What are the recommendations of the Ministry of Finance when verifying the address of a VASP customer?

The Ministry of Finance indicates that VASPs should apply enhanced measures to verify a client’s residential address, especially in cases of remote onboarding and foreign clients.

Recommended methods include, inter alia:

• confirmation of address through utility bills,
• verification of address consistency with IP login data,
• analysis of the language of website use in relation to the declared place of residence,
• verification of the actual existence of the address using OSINT tools.

The Ministry stresses that proper identification and verification of VASP clients constitutes a key element of effective anti-money laundering and counter-terrorist financing measures.

New AML/CFT regulations require specific actions– don’t risk sanctions or loss of reputation. If your company needs support in adapting its AML/CFT processes to the new regulations, please contact our Law Firm.