AML Regulations in Latvia (Must Read for Fintechs)

Latvia now hosts over 100 fintechs including Mintos, Creamfinance, Twino, Bitfury, and Crasula. Fintechs choose Latvia as a jurisdiction thanks to its business-friendly infrastructure, such as the Innovation Hub and regulatory sandbox. 

At the same time, Latvia has been strengthening its AML (Anti-Money Laundering) regulations in line with FATF Recommendations and EU AML Directives. Sumsub prepared this article to help businesses operating in Latvia (or seeking to enter the Latvian market) navigate the AML compliance process.

Who is affected? 

The businesses that fall under Latvian AML regulations include:

• Credit institutions;
• Financial institutions:
  • Insurance service providers;
  • Investment firms; 
  • Payment institutions;
  • E-money institutions, and others.
• Virtual Assets Service Providers (VASPs);

The full list of regulated entities is provided in Section 3 of the Anti-Money Laundering and Terrorism and Proliferation Financing Act (“the AML law”).

Branches of financial and credit institutions from other member states of the EEA or third countries are also subject to AML obligations if they operate in Latvia.

Who is the regulator?

Two main authorities regulating the AML sector in Latvia are:

• The Financial and Capital Market Commission (FCMC), which supervises the financial market and issues regulations;
• The Financial Intelligence Unit (FIU), which collects and analyses financial data and reports of suspicious transactions, cooperating with Latvian law enforcement authorities to investigate cases of ML.

AML obligations for businesses in Latvia 

Under Latvian AML law, businesses must:

1. Implement AML policies and procedures;
2. Conduct Customer Due Diligence (CDD), including Enhanced Due Diligence (EDD), where necessary; 
3. Comply with requirements for customer identification and verification as part of CDD;
4. Conduct ongoing monitoring of customers and transactions as part of CDD;
5. Appoint a Money Laundering Reporting Officer (MLRO), conduct audits, implement internal controls, and conduct staff trainings;
6. Report to the Financial Intelligence Unit (FIU);
7. Retain data about customers and transactions.

The FCMC provides Latvian businesses with guidelines on the implementation of AML policies and measures in its Recommendations No. 169.

How to get compliant 

Customer Due Diligence 

Customer Due Diligence (CDD) is the process of collecting and verifying information about customers during onboarding and throughout the business relationship. CDD also includes obtaining information on the purpose and intended nature of the business relationship or transaction.

Under AML Law, businesses in Latvia are required to conduct standard CDD when:

• They start business relationships with a customer;  
• Occasional transactions (or several seemingly linked transactions) occur exceeding €15 000 in value;  
• Transfers of funds (credit/debit transfer, payment card/e-money transfer, mobile telephone transfer, etc.) exceed €1000;
• Virtual currency is used;
• There is suspicion of money laundering; 
• There is suspicion that previously obtained CDD information is not true.

The full list of cases when businesses must perform CDD is provided in Section 11 (1) of the AML law. 

Enhanced Due Diligence

Businesses in Latvia must apply Enhanced Due Diligence (EDD) in situations with a high risk of money laundering. Such cases include correspondent relationships with credit/financial institutions, as well as business relationships and transactions with:

• Customers who are Politically Exposed Persons (PEP) or are family members of a PEP;
• Customers whose beneficial owner is a PEP;
• Customers from high-risk third countries.

Also, Latvian AML Law prescribes EDD measures for remote customer identification if it doesn’t comply with Cabinet Regulation No. 392. 

KYC requirements in Latvia 

As part of their Know Your Customer (KYC) obligations, businesses must identify and verify the identity of their customers, as well as their beneficial owners. 

Identification of natural persons

To identify Latvian residents, businesses must obtain the following information: 

• Name and surname; 
• Personal identity number. 

To identify non-residents, businesses must obtain the following information: 

• Name and surname; 
• Date of birth;
• Photograph;
• Number and date of issue of the identification document;
• Country and authority which issued the document.

Identification of legal persons

The legal entity must present documents attesting:

• Name;
• Legal form and incorporation or legal registration of the legal person; 
• Registered and actual address. 

Businesses must also: 

1. Request the incorporation document of the legal person (memorandum of incorporation, articles of association);
2. Verify the identity of the persons authorized to represent the legal person and obtain a document (or a copy) confirming their right to do so.

Identification of beneficial owners 

A beneficial owner is a person who directly or indirectly owns more than 25% of a company’s capital/voting rights or otherwise exercises ultimate control over it.

To identify the beneficial owners of legal entities, businesses must obtain their identity information:

Businesses must obtain information about beneficial owners from the Enterprise Register. On the basis of risk assessment, beneficial owners can be determined by additional means:

• By a customer self-declaration;
• By using other information systems such as the EU Beneficial ownership registers interconnection system (BORIS);

In cases when a beneficial owner cannot be determined, businesses may admit someone from the client’s senior management as the beneficial owner.

Ongoing monitoring 

Businesses in Latvia must implement ongoing verification of the accuracy of obtained KYC data. This is crucial to ensure that the client’s established risk profiles are correct and that the monitoring process is efficient.

Sanctions 

If businesses fail to comply with the obligations prescribed by the AML Law, they may be subject to fines of up to €5,000,000 or 10 percent of total annual turnover.

Key takeaway 

Latvia’s AML regulations have broad implications for fiat and crypto businesses both within and outside the country. We’ll continue to track AML changes in Latvia and will update this article on an ongoing basis. Save it to your reading list so you don’t miss any important news.

Let Sumsub help your company stay compliant with KYC/AML requirements in Latvia. Get in touch with us today.