Three years ago, the field of digital assets was recognized in the legislation of the Republic of Serbia. This was news that many eagerly awaited, considering the rapidly growing crypto market and the new opportunities it brings, such as various business opportunities, investments, and alternative financing methods. The regulation of digital assets provides a higher level of legal protection for investors and users, and the Law on Digital Assets (Official Gazette of RS No. 153/2020) regulates the issuance, trading, and provision of services related to digital assets. 

We have previously written about crypto-related topics in articles titled “From Code to  Compliance: What is the Legal Status of a Decentralized Autonomous Organization (DAO)?” and “Explained: White Paper Content according to the Serbian Law on Digital Assets and the European MiCA Regulation“.

Ace the basics  

To better understand this field, let’s start by defining a few basic terms that we will mention multiple times in this text. 

The Serbian Law on Digital Assets defines digital assets (virtual assets) as a record of value that can be digitally bought, sold, exchanged, or transferred and used as a means of exchange or for investment purposes. Digital assets do not include digital records of currencies that are legal tender or other financial assets regulated by other laws. 

Essentially, digital assets are divided into virtual currencies or digital tokens. The law defines virtual currencies as a type of digital asset not issued by, nor guaranteed by, a central bank or other public authority and which is not necessarily tied to legal tender. It does not have the legal status of money or currency, but physical and legal entities accept it as a means of exchange, and it can be bought, sold, exchanged, transferred, and stored electronically. 

Furthermore, the law defines a digital token as a type of digital asset and refers to any intangible property right that, in digital form, represents one or more other property rights, which may include the right of the digital token holder to be provided with certain services. 

The definitions provided by our Law on Digital Assets are broadly framed but are in line with the provisions of the EU 2023/1114 Regulation on Markets in Crypto Assets (MiCAR). The preamble of the regulation states that any legislative act adopted in the field of crypto assets should be precise and resilient to future changes in technological innovations. Terms such as crypto-assets and distributed ledger technology should be defined broadly to encompass all aspects of digital assets that may fall outside the scope of EU financial services legislation. 

Our law further states that a provider of services related to digital assets is a legal entity that offers one or more services related to digital assets, which are detailed in Article 3 of the Law. An issuer is defined as a domestic or foreign natural person, entrepreneur, or legal entity that has issued digital assets. 

How to distinguish between virtual currency and digital tokens in practice? 

At first glance, it may be difficult to distinguish between these two definitions, especially when they are extensive. Digital assets that provide certain rights (e.g., participation in transaction validation or governance of a crypto project) often have the characteristics of both virtual currencies and digital tokens. 

However, if the digital asset only serves as a means of exchange (e.g., Bitcoin), it is considered a virtual currency. If a digital asset serves as a means of exchange but also grants the holder additional rights, it falls under a hybrid model. Furthermore, if a digital asset grants its holder certain rights but does not serve as a means of exchange, it is considered a digital token. For hybrid models or borderline cases, the categorization must be analyzed for each case. 

When is the National Bank of Serbia or the Securities Commission responsible for the application of the Law on Digital Assets? 

According to our Law, the supervisory authority is either the National Bank of Serbia or the Securities Commission. 

The answer is simple: the National Bank of Serbia is responsible when it comes to virtual currencies, while the Commission is responsible for digital tokens. In the case of a hybrid model, both authorities are responsible. 

If there is any uncertainty in practice regarding where to submit a request, know that submissions are made through the e-government system and are automatically forwarded to the supervisory authorities. The supervisory authorities review them and determine jurisdiction. 

This is also stated in Article 10 of the Law on Digital Assets, which outlines the jurisdiction of both supervisory bodies and mandates cooperation in exercising their authority. 

Granting permits for providing services related to virtual currencies 

This procedure is described in the Decision on Implementing the Provisions of the Law on Digital Assets Relating to Granting Permits for Providing Services Related to Virtual Currencies and the Approval of the National Bank of Serbia (Official Gazette RS No. 49/2021). 

The decision prescribes specific conditions that members of the management of the service provider related to virtual currencies must fulfill, as well as those directly managing these services. It also details conditions regarding personnel, organizational readiness, and technical and informational equipment. Additionally, it outlines the suitability criteria for individuals with qualified participation in the service provider. 

Who can submit a permit request and how? 

A company wishing to provide services related to virtual currencies must submit a permit request to the National Bank of Serbia using the prescribed form. The request must list the services (per Article 3 of the Law on Digital Assets) and provide certain documents, such as the registration certificate, company bylaws, an activity plan, a business plan projecting income and expenses for the first three years, a description of planned measures for protecting users’ funds, internal control measures and employee training, and measures for managing the security of information and communication systems. 

What is the activity plan and business plan of the applicant?

The activity plan defines the method and conditions for providing the services requested and outlines the performance of other tasks directly related to offering virtual currency services, including operational outsourcing. 

The business plan provides an overview of planned activities for the first three years, including income and expense projections. It should demonstrate that the applicant can meet other requirements for stable business operations, and the decision specifies what must be included in the business plan. 

What does the description of planned measures for protecting users’ funds involve?

The applicant must describe the planned measures for protecting users’ funds and provide details about the bank where a special account will be opened for depositing funds received from virtual currency users or their payment service provider, concerning executing virtual currency transactions. 

The applicant must also describe measures to mitigate the risk of loss or reduction of users’ funds, virtual currencies, and other assets due to digital asset abuse, poor record-keeping, or mismanagement. 

What else should be described in the request?

 The decision requires a description of the organizational structure, management systems, internal controls, and internal control measures established to fulfill legal obligations related to anti-money laundering and counter-terrorism financing, as well as information and communication system security management. This includes a brief description of the systems and measures, along with details of the member of the service provider’s management responsible for risk management procedures. 

Additionally, the applicant must describe planned employee training measures related to virtual currency transactions, ensuring staff expertise appropriate to the complexity and scope of virtual currency transactions, including training on anti-money laundering and counter-terrorism financing regulations. 

What other information must be included?

The decision mandates providing details on the members of the management and directors of the service provider, their qualifications, and information on individuals with qualified participation in the service provider (including a detailed ownership structure). Information on individuals closely connected to the applicant and the nature of that connection must also be provided. 

If the applicant is required to have financial statements audited, information about the external auditor conducting the audit and the contract with the auditor must be included. 

The applicant must provide evidence that they have the prescribed minimum capital, have not been convicted of a criminal offense or economic violation, are not under criminal investigation, and have paid the required fees following the NBS tariff. 

When is prior approval from the National Bank of Serbia necessary? 

A service provider, or a person seeking to acquire qualified participation in a service provider, must obtain prior approval from the National Bank of Serbia (NBS) to acquire 20% to 30%, more than 30% to 50%, or more than 50% of the voting rights or capital of the service provider, or to become its parent company.

For acquiring more than 30%, the business activity plan must include a clearly defined business strategy for the next two years. 

Approval is also required for general acts and amendments to these acts, and the service provider must obtain NBS approval for its general acts. These general acts include the statute (if the applicant is a joint-stock company) or the founding document (decision or contract), which must contain all legally required elements. 

Granting permits for providing services related to digital tokens 

This procedure is regulated by the Rulebook on Implementing the Provisions of the Law on Digital Assets Relating to Granting Permits for Providing Services Related to Digital Tokens and the Approval of the Securities Commission (Official Gazette RS No. 69/2021). 

The rulebook describes specific conditions that the management of the digital token service provider must meet, conditions regarding personnel, organizational readiness, and technical and informational equipment, as well as the evidence required for submission to the Securities Commission.

What does the Securities Commission pay special attention to when evaluating a request? 

The rulebook states that when evaluating the request for obtaining a permit to provide services related to digital tokens, the Securities Commission pays special attention to whether there are indications that the permit is being obtained or participation in the service provider is being acquired for money laundering or terrorist financing. 

The rulebook lists four circumstances that may indicate this, such as if the individual acquiring qualified participation resides or operates in a foreign country with strategic deficiencies in the anti-money laundering and counter-terrorism financing systems, or if they are an offshore entity, a transaction is conducted through a quasi-bank, or if the legal framework of the person’s country of residence requires maintaining internal records and controls. 

Who can request a permit and what must be submitted? 

A company intending to provide services related to digital tokens submits a request to the Securities Commission using the prescribed form. As with virtual currencies, the rulebook specifies the additional documents that must be submitted, such as the company’s registration certificate, bylaws, activity plan, business plan with income and expense projections for the first three years, and measures for protecting user funds. 

What Is the decision period for the National Bank and the Securities Commission? 

Both the National Bank of Serbia and the Securities Commission decide on the permit request within 60 days of receiving a complete application. If the application is incomplete, the applicant is informed within 20 days of receiving the request about how to amend it, and the 60-day period starts once a complete request is submitted. 

If the supervisory body rejects the request, the applicant cannot submit a new request for a permit for one year from the date of the NBS or Commission decision. 

  

Note: This text does not constitute legal advice but represents the personal opinion of the author.