December 2024
Anti-Money Laundering Registration Regulations for Virtual Asset Service Providers Announced by Taiwan FSC
December 2024
Teresa Huang and Lilian Hsu
In line with the amendments to the Money Laundering Control Act in July 2024, which introduced a registration requirement for virtual asset service providers (“VASP”)[1], the Financial Supervisory Commission (“FSC”) of Taiwan announced the“Anti-Money Laundering Registration Regulations for Virtual Asset Service Providers”(“Registration Regulations”) on November 26, 2024, with enforcement beginning on November 30, 2024. The key points of the Registration Regulations are summarized as follows:
1. VASP shall complete AML registration
VASPs are required to complete AML registration before engaging in regulated virtual asset-related businesses (Article 3 of the Registration Regulations). Individuals violating this requirement will face imprisonment for up to two years, detention, and/or fines of up to NT$5 million; legal entities will face fines of up to NT$50 million (Article 6(1), (4), (5) of the Money Laundering Control Act).
VASPs that have already completed an AML declaration must still apply for AML registration with the FSC by March 31, 2025, and complete the registration prior to September 30, 2025. Failure to register within the specified time frame will result in the inability to continue operating regulated virtual asset businesses (Article 30 of the Registration Regulations).
2. Things to note for AML registration requirements
Currently, only domestic registered companies, limited partnerships, responsible persons of businesses, or branches of foreign companies registered in Taiwan (collectively referred to as “Business Entities”) are eligible to apply for AML registration with the FSC (Article 5, Paragraphs 2 and 3 of the Registration Regulations).
When applying for registration, Business Entities must submit an application form along with supporting documents, such as their registration certificate, articles of association (or partnership agreement), a list of shareholders (or partners), and a list of beneficial owners (Article 5, Paragraph 1 of the Registration Regulations). The FSC may reject applications if any of the following issues are present (Article 7 of the Registration Regulations):
(1) Incomplete application documents (and failure to rectify them within the deadline) or submission of incorrect content.
(2) Deficiencies in the Business Entity’s operations or internal controls:
(3) Issues concerning the qualifications of the responsible person or beneficial owners of the Business Entity, including:
(4) Other situations where registration denial is deemed necessary to protect the public interest.
3. VASPs shall be subject to different regulatory requirements depending on their classification
The Registration Regulations categorize VASPs into five types. In addition to formulating regulations that all VASPs should comply with, they also impose differentiated legal compliance obligations based on the different businesses operated by VASPs. The key points are as follows:
(1) General Compliance Requirements for All VASPs (Articles 10-15 of the Registration Regulations):
All VASPs must conduct their business in accordance with laws, articles of association, internal control systems, and self-regulatory standards set by trade associations. They must ensure that the virtual assets for which they provide services comply with the law, establish adequate cybersecurity management systems and customer complaint handling procedures, and fulfill information disclosure and record-keeping obligations.
Additionally, if their business involves receiving fiat currency, VASPs are required to place customers’ fiat funds in trust or obtain a full performance guarantee from a bank and comply with other asset protection regulations (Article 11 of the Registration Regulations).
(2) Specific Compliance Obligations Based on VASP Type:
VASPs are classified into five categories based on their services: Virtual Asset Exchangers, Virtual Asset Trading Platforms, Virtual Asset Transferers, Virtual Asset Custodians, and Virtual Asset Underwriters.
For instance, Virtual Asset Custodians must adhere to the following requirements (Articles 23-27 of the Registration Regulations):
Taiwan’s AML regulations for VASPs are continuously evolving. Businesses must closely monitor regulatory updates and adjust their internal controls and business operations accordingly to ensure successful completion of VASP AML registration, thereby continuing their virtual asset-related activities in compliance with the law.
[1]For details, please refer to“Taiwan Passes Virtual Asset Service Provider Registration Regime ─ FSC Strengthens VASP Supervision Through Anti-Money Laundering Measures” https://www.leetsai.com/fintech/taiwan-passes-virtual-asset-service-provider-registration-regime%ef%bc%8dfsc-strengthens-vasp-supervision-through-anti-money-laundering-measures
The contents of all materials (Content) available on the website belong to and remain with Lee, Tsai & Partners. All rights are reserved by Lee, Tsai & Partners, and the Content may not be reproduced, downloaded, disseminated, published, or transferred in any form or by any means, except with the prior permission of Lee, Tsai & Partners.
The Content is for informational purposes only and is not offered as legal or professional advice on any particular issue or case. The Content may not reflect the most current legal and regulatory developments. Lee, Tsai & Partners and the editors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The contributing authors' opinions do not represent the position of Lee, Tsai & Partners. If the reader has any suggestions or questions, please do not hesitate to contact Lee, Tsai & Partners.
Teresa Huang and Lilian Hsu
In line with the amendments to the Money Laundering Control Act in July 2024, which introduced a registration requirement for virtual asset service providers (“VASP”)[1], the Financial Supervisory Commission (“FSC”) of Taiwan announced the“Anti-Money Laundering Registration Regulations for Virtual Asset Service Providers”(“Registration Regulations”) on November 26, 2024, with enforcement beginning on November 30, 2024. The key points of the Registration Regulations are summarized as follows:
1. VASP shall complete AML registration
VASPs are required to complete AML registration before engaging in regulated virtual asset-related businesses (Article 3 of the Registration Regulations). Individuals violating this requirement will face imprisonment for up to two years, detention, and/or fines of up to NT$5 million; legal entities will face fines of up to NT$50 million (Article 6(1), (4), (5) of the Money Laundering Control Act).
VASPs that have already completed an AML declaration must still apply for AML registration with the FSC by March 31, 2025, and complete the registration prior to September 30, 2025. Failure to register within the specified time frame will result in the inability to continue operating regulated virtual asset businesses (Article 30 of the Registration Regulations).
2. Things to note for AML registration requirements
Currently, only domestic registered companies, limited partnerships, responsible persons of businesses, or branches of foreign companies registered in Taiwan (collectively referred to as “Business Entities”) are eligible to apply for AML registration with the FSC (Article 5, Paragraphs 2 and 3 of the Registration Regulations).
When applying for registration, Business Entities must submit an application form along with supporting documents, such as their registration certificate, articles of association (or partnership agreement), a list of shareholders (or partners), and a list of beneficial owners (Article 5, Paragraph 1 of the Registration Regulations). The FSC may reject applications if any of the following issues are present (Article 7 of the Registration Regulations):
(1) Incomplete application documents (and failure to rectify them within the deadline) or submission of incorrect content.
(2) Deficiencies in the Business Entity’s operations or internal controls:
- Vague or ineffective internal control systems.
- Business activities violating legal regulations.
- Risk of the VASP being used for money laundering or terrorist financing.
(3) Issues concerning the qualifications of the responsible person or beneficial owners of the Business Entity, including:
- Records of specific criminal offenses or bankruptcy declarations regarding the responsible person or beneficial owners of the Business Entity within a certain period.
- Concerns regarding the responsible person’s ability to manage the VASP in a sound and effective manner.
(4) Other situations where registration denial is deemed necessary to protect the public interest.
3. VASPs shall be subject to different regulatory requirements depending on their classification
The Registration Regulations categorize VASPs into five types. In addition to formulating regulations that all VASPs should comply with, they also impose differentiated legal compliance obligations based on the different businesses operated by VASPs. The key points are as follows:
(1) General Compliance Requirements for All VASPs (Articles 10-15 of the Registration Regulations):
All VASPs must conduct their business in accordance with laws, articles of association, internal control systems, and self-regulatory standards set by trade associations. They must ensure that the virtual assets for which they provide services comply with the law, establish adequate cybersecurity management systems and customer complaint handling procedures, and fulfill information disclosure and record-keeping obligations.
Additionally, if their business involves receiving fiat currency, VASPs are required to place customers’ fiat funds in trust or obtain a full performance guarantee from a bank and comply with other asset protection regulations (Article 11 of the Registration Regulations).
(2) Specific Compliance Obligations Based on VASP Type:
VASPs are classified into five categories based on their services: Virtual Asset Exchangers, Virtual Asset Trading Platforms, Virtual Asset Transferers, Virtual Asset Custodians, and Virtual Asset Underwriters.
For instance, Virtual Asset Custodians must adhere to the following requirements (Articles 23-27 of the Registration Regulations):
- Segregated Custody: Client assets must be held separately from the custodian’s own assets and must not be misappropriated.
- Internal Policies: Clear custody policies and procedures must be established and publicly disclosed.
- Record Keeping: Detailed records of each client’s name, wallet address, amount and quantity of assets, and transactions (inbound and outbound) must be maintained.
- Periodic Reconciliation: Regular reconciliation of client assets is required, with an annual report by an accountant to be publicly disclosed.
Taiwan’s AML regulations for VASPs are continuously evolving. Businesses must closely monitor regulatory updates and adjust their internal controls and business operations accordingly to ensure successful completion of VASP AML registration, thereby continuing their virtual asset-related activities in compliance with the law.
[1]For details, please refer to“Taiwan Passes Virtual Asset Service Provider Registration Regime ─ FSC Strengthens VASP Supervision Through Anti-Money Laundering Measures” https://www.leetsai.com/fintech/taiwan-passes-virtual-asset-service-provider-registration-regime%ef%bc%8dfsc-strengthens-vasp-supervision-through-anti-money-laundering-measures
The contents of all materials (Content) available on the website belong to and remain with Lee, Tsai & Partners. All rights are reserved by Lee, Tsai & Partners, and the Content may not be reproduced, downloaded, disseminated, published, or transferred in any form or by any means, except with the prior permission of Lee, Tsai & Partners.
The Content is for informational purposes only and is not offered as legal or professional advice on any particular issue or case. The Content may not reflect the most current legal and regulatory developments. Lee, Tsai & Partners and the editors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The contributing authors' opinions do not represent the position of Lee, Tsai & Partners. If the reader has any suggestions or questions, please do not hesitate to contact Lee, Tsai & Partners.
