AML and CTF law and regulation in Bulgaria

• The Anti-Money Laundering Measures Act, adopted on 27 March 2018, as amended (the “AML Act”) and the Rules for the application of the AML Act, adopted on 31 December 2018, as amended (the “AML Act Rules”).
• The Combating Terrorism Financing Measures Act, adopted on 18 February 2003, as amended (the “CTF Act”).

Yes, with the adoption of the AML Act, the basic provisions of the 4^th AML Directive were implemented. Additional amendments to the AML Act were adopted in November 2019 and February 2020 implementing the provisions of the 5th AML Directive.

The State Agency “National Security” (the “SANS”) is the main AML/CTF supervisory authority. The Financial Intelligence Directorate of the SANS has the authority to collect, store, investigate, analyse and disclose the conducted financial intelligence under the terms and procedures of the AML Act and the CTF Act.

Other authorities authorised to monitor compliance with the key obligations under the AML Act in certain sectors include the Bulgarian National Bank, the Financial Supervision Commission, the National Customs Agency, and the State Commission on Gambling. 

There are almost 40 categories of reporting entities under the AML Act, including banks, financial institutions, payment services providers, insurance and reinsurance companies and intermediaries distributing life risk insurance. In Bulgaria, the scope of reporting entities under the AML Directives is extended to include wholesalers. 

The KYC requirements in Bulgaria follow the requirements of the 4^th and 5^th AML Directives. 

To facilitate the CDD obligations of the reporting entities, the AML Act provides a general obligation on all entities to disclose their UBOs to either the Commercial Register and the Register for Non-Profit Organisations (for companies and certain registered not-for-profit organisations) or to the Bulstat Register for the remaining categories. 

Yes, the legislation in various sectors, such as the banking sector, allows for the digital onboarding of customers, provided that the requirements for customer identification and customer verification under the AML Act are observed.  

The main obligations of the reporting entities under the AML Act follow the 4^th and 5^th AML Directives. These include customer due diligence (“CDD”), the collection of information and documents and their storage, an assessment of the risk of money laundering and terrorist financing, and the disclosure of information on suspicious operations, transactions and customers. There are no obligations that go beyond those required under the AML Directives.

Yes, a National Risk Assessment for Money Laundering and Terrorist Financing (“NRA”) was adopted on 9 January 2020 by the SANS. The NRA provides a strategy and useful measures for monitoring and limiting the risks of money laundering and terrorist financing in the following areas:

• organised crime;
• professional money launderers;
• tax crimes;
• real estate and construction;
• financial markets;
• food and fuel trade;
• computer fraud and social engineering;
• cash transfer services;
• non-profit legal entities (NGOs).

The main measures provided under the CTF Act include the freezing of funds, other financial assets and economic resources, and a prohibition on providing financial services, funds and other financial assets and economic resources. Any person who implements any of these measures must immediately notify the Minister of the Interior, the Minister of Finance, the Chairperson of the SANS and the Commission for Counter-Corruption and Unlawfully Acquired Assets Forfeiture. The CTF Act links counterterrorism measures with financial intelligence and compels all covered entities to report any suspicion of terrorism. 

Money laundering and terrorist financing are criminalised under the Bulgarian Criminal Code as standalone crimes. Predicate crimes that are committed either in or outside Bulgaria can support a money laundering charge brought in Bulgaria. The penalties for money laundering and financing terrorism provided in the Bulgarian Criminal Code are imprisonment from one to 15 years and a fine from BGN 3,000 (EUR 1,500) to BGN 200,000 (EUR 100,000), depending on the severity of the crime. 

Legal entities cannot bear criminal liability under Bulgarian law. However, if a legal entity has enriched itself through the proceeds of a crime committed by an employee or a director, the legal entity can be sanctioned with a fine of up to BGN 1 million (EUR 500,000) but at least the equivalent of the benefit and a penalty of up to BGN 1 million (EUR 500,000) if the benefit cannot be financially estimated.

The AML Act provides a range of sanctions for non-compliance with the key requirements, such as customer checks, record-keeping, and suspicious transaction reporting. Fines and penalties vary depending on the type of the infringement, the type of infringer (an individual or entity, or the type of entity—banks, insurers, etc.), whether its initial, repeated or systematic, and can reach as high as BGN 10 million (EUR 5 million), or up to 10% of the annual turnover, including gross income, according to the consolidated accounts of the parent undertaking for the previous year, for grave or systematic infringements and where the perpetrator is among the categories obliged entities within the financial system. Further, the Registry Agency as administrator of the Central UBO Register may also impose fines for non-compliance.

The number of prosecutions, convictions and administrative sanctions has increased in recent years.