1.      GENERAL PROVISIONS

2.1. Opening of bank accounts by second-tier banks of the Republic of Kazakhstan

2.1.1.              Within the framework of interaction second-tier banks of the Republic of Kazakhstan:

a)                 open one or several bank accounts for Digital Asset Service Providers authorised in the AIFC in accordance with the legislation of the Republic of Kazakhstan.

b)                 ensure control over Clients deposits and withdrawals of money for the purposes of Clients transactions with Digital Assets, customer due diligence and compliance with anti-money laundering and countering the financing of terrorism (AML/CFT) requirements, including identification and suspension of suspicious transactions.

c)                 ensure effective AML/CFT monitoring in particular in case of Clients of Digital Asset Service Providers depositing their bank accounts with money.

2.1.2.     A bank shall assess the ML/TF risk of the Digital Asset Service Provider. If a Digital Asset Service Provider is assigned a high level of ML/TF risk, a bank shall apply enhanced customer due diligence measures and shall be responsible for the following when carrying out banking operations:

a)             assessing the extent to which the services (products) provided by the Digital Asset Service Provider are exposed to ML/TF risks;

b)             conducting due diligence procedures when establishing a business relationship, which include, in addition to the due diligence measures provided for Clients, obtaining and recording information about the reputation and nature of the Digital Asset Service Provider's business and measures taken against it by the Astana Financial Services Authority;

c)             termination of business relationships with the Digital Asset Service Provider in cases where a bank has detected the facts of the use by the Digital Asset Service Provider of accounts held in a Shell Bank;

d)             refusal to establish or termination of business relationships with a Digital Asset Service Provider whose founders are registered in a foreign country which is:

                   I.                  included in the list of states (territories) that do not or insufficiently implement the recommendations of the Financial Action Task Force (FATF) compiled by the authorised financial monitoring body;

                 II.                  subject to international sanctions under the United Nations Security Council resolutions;

                III.                  included in the list of offshore zones in accordance with the Decree of the Management Board of the Agency of the Republic of Kazakhstan on Regulation and Development of Financial Market dated 24 February 2020 № 8 "On the establishment of the List of offshore zones for the purposes of banking and insurance activities, activities of professional participants of the securities market and other licensed activities on the securities market, activities of joint stock investment funds and activities of organisations engaged in microfinance activities", registered in the Register of state registration of regulatory legal acts under  №20095;

               IV.                  identified by the bank as posing a high ML/TF risk based on other factors (information on the level of corruption, illegal production, trafficking and/or transit of drugs, information on support for international terrorism, and others).

e)             monitoring and examining transactions with the Digital Asset Service Provider's money, as well as preventing illegal withdrawal of funds abroad, including to offshore zones;

f)               taking measures set out by the requirements of the legislation of the Republic of Kazakhstan on counteraction to legalisation (laundering) of proceeds of crime and terrorism financing in case of detection of suspicious transactions with money and (or) other property (hereinafter – “suspicious transactions”);

g)             termination of business relationships with the Digital Asset Service Provider in cases set out by the requirements of the legislation of the Republic of Kazakhstan on counteraction to legalisation (laundering) of proceeds of crime and terrorism financing;

h)             ensuring that the Source of Funds of the Digital Asset Service Provider is verified when depositing a bank account;

i)               ensuring that records of money transactions are kept, and the information is provided to the authorised financial monitoring body;

j)               ensuring that documents, data and/or information obtained and collected as part of the due diligence of the Digital Asset Services Provider are retained for at least five years;

k)             verification of affiliation and (or) involvement of the Digital Asset Service Provider and its beneficial owner with a politically exposed person, his/her spouse and close relatives in cases established by the requirements of the legislation of the Republic of Kazakhstan on counteraction to legalisation (laundering) of proceeds of crime and terrorism financing;

l)               submission of necessary information to the authorised financial monitoring body in case of detection of suspicious transactions within the period of time set out by the requirements of the legislation of the Republic of Kazakhstan on counteraction legalisation (laundering) of proceeds of crime or financing of terrorism;

m)           a bank must conduct enhanced customer due diligence measures with respect to the bank's Clients conducting occasional banking transactions with the Digital Asset Services Provider when a transaction amount equals to or exceeds USD 1,000 (one thousand) in equivalent at the market foreign exchange rate on the date of the banking transaction, and shall be responsible for:

                   i.                  ensuring verification of the Source of Funds of the bank's Clients in case of making transfer in favour of a Digital Asset Service Provider carrying on an activity of Operating a Digital Asset Trading Facility;

                  ii.                  taking measures set out by the requirements of the legislation of the Republic of Kazakhstan on counteraction legalisation (laundering) of proceeds of crime and financing of terrorism in case of detection of suspicious transactions;

                iii.                  monitoring and examining operations with the bank's Clients' money, as well as preventing illegal withdrawal of funds abroad, including to offshore zones;

                iv.                  termination of business relationships with the bank's Clients in cases provided under the requirements of the legislation of the Republic of Kazakhstan on counteraction to legalisation (laundering) of proceeds of crime and terrorism financing.

A bank shall ensure that the Сlients comply with the limits established by the Rules of formation of risk management and internal control system for second-tier banks, branches of non-resident banks of the Republic of Kazakhstan, approved by the Decree of the Management Board of the National Bank of the Republic of Kazakhstan dated 12 November 2019 № 188 in respect of various categories of Clients on operations with Digital Assets.

n)             When opening a bank account to service Clients transactions, a Digital Asset Services Provider shall submit the following documents:

                   i.                  a Digital Asset Services Provider’s licence issued by the Astana Financial Services Authority;

                  ii.                  an extract from the register confirming the registration of a Digital Asset Service Provider as a Centre Participant;

                iii.                  a Digital Asset Services Provider’s business plan and business model;

                iv.                  a Digital Asset Service Provider's policy on combating ML/TF;

                 v.                  order on the appointment of the Chief Executive Officer of a Digital Asset Service Provider;

                vi.                  information on the executive body of a Digital Asset Service Provider and its Chief Executive Officer (identity document, proof of residence, letters of recommendation, information on the absence of an outstanding or unexpunged criminal conviction).

o)             Effective internal control is ensured by forming appropriate management controls and a control culture (control environment).

p)             Management control and control culture (control environment) characterise the general attitude, awareness and practical actions of the bank's board of directors and management board aimed at the establishment and effective functioning of the internal control system.

2.2. Requirements to bank accounts of a Digital Asset Service Provider

2.2.1      Following is used to open bank accounts to service the Clients’ transactions of a Digital Asset Service Provider:

     a)         documents required by the Rules of formation of risk management and internal control system of second-tier banks, branches of non-resident banks of the Republic of Kazakhstan, approved by Decree of the Management Board of the National Bank of the Republic of Kazakhstan No. 188 dated 12 November 2019;

     b)         documents required by the Rules of internal control for the purposes on counteraction to legalisation (laundering) of proceeds of crime and terrorism financing and financing the proliferation of weapons of mass destruction for second-tier banks, branches of non-resident banks of the Republic of Kazakhstan and National postal operator, approved by the Decree of the Management Board of the Agency of the Republic of Kazakhstan on Regulation and Development of Financial Market No.18 dated 22 March 2020;

     c)         documents required by the Rules of opening, maintenance and closing of clients' bank accounts approved by the Decree of the Management Board of the National Bank of the Republic of Kazakhstan No.207 dated 31 August 2016 and bylaws of second-tier banks of the Republic of Kazakhstan.

2.2.2      A Digital Asset Service Provider opens bank accounts in one or several second-tier banks of the Republic of Kazakhstan to hold Сlients money in national, or foreign currency. 

2.2.3      Digital Asset Service Providers shall hold Сlients money and its own money in separate accounts.

2.2.4      When depositing bank accounts in accordance with the requirements of legal acts indicated in rule 2.2.1 above, to service Client transactions of a Digital Asset Service Provider, second-tier banks of the Republic of Kazakhstan shall develop effective mechanisms of carrying out verification of Client funds.

2.2.5      Clients of a Digital Asset Services Provider are prohibited to carry out following transactions:

                    a)                  Third-party deposits and withdrawals (deposits and withdrawals can only be made from the Сlients’ own bank account or Virtual account with confirmation from the servicing bank that the bank account and Virtual account belong to this person); and,

                    b)                  withdrawal of fiat (money) from the Virtual account to the bank account of third persons.

2.2.6      A Digital Asset Service Provider shall ensure compliance with the requirements of rule 2.2.5 in cooperation with the second-tier bank of the Republic of Kazakhstan, with which a Digital Asset Service Provider has opened a bank account.

2.2.7      A Digital Asset Service Provider shall transfer funds from its Client bank account(s) opened with a second-tier bank of the Republic of Kazakhstan to its Client's bank account (when withdrawing by him/her money from a Digital Asset Service Provider) only after the second-tier bank of the Republic of Kazakhstan confirms that this bank account belongs to the Client.

2.2.8      The exchange of information between a Digital Asset Service Provider and a second-tier bank of the Republic of Kazakhstan shall be conducted on the basis of an agreement(s).

2.2.9      A Digital Asset Service Provider shall keep records of the Clients Money of the Digital Asset Service Provider through individual Virtual accounts. Such accounts shall be used to record fiat funds (money) transactions of the Digital Asset Service Provider’s Clients. If technically possible, the Digital Asset Service Provider may operate without keeping records of Clients Money through Virtual Accounts.

3.1. Limits for investing

3.1.1.    Digital Asset Service Provider is required to ensure effective monitoring systems and control measures (monitoring) to prevent individual Retail Clients - residents of the Republic of Kazakhstan from depositing more than 1,000 (one thousand) USD within one calendar month. If individual Retail Clients - residents of the Republic of Kazakhstan pass the relevant testing conducted by the Digital Asset Service Provider, confirming the knowledge, experience, and qualifications in the field of high-risk investment, the depositing above of the aforementioned limit is allowed.

3.1.2.    A Digital Asset Service Provider shall have policies and procedures for supervising compliance with the requirements of rule 3.1.1 above.

3.1.3.    A Digital Asset Service Provider ensures compliance with the limits on investments in Digital Assets by individual Retail Clients - residents of the Republic of Kazakhstan in good faith, with due diligence and duty of care, as provided under rule 3.1.1 above, through efficient and comprehensive exchange of information between Digital Asset Service Providers. When exchanging information (data) about limits with another Digital Asset Service Provider, the Digital Asset Service Provider ensures the accuracy, reliability, completeness, and timeliness of such information.

Guidance: Calculation of the limit

Only purchase transactions of Digital Assets in the jurisdiction of the Centre are taken into account when calculating the limit. 

3.1.4.    Staking services are provided by an Operator of Digital Asset Trading Facility and a Digital Asset Service Provider to individual Retail Clients - residents of the Republic of Kazakhstan, taking into account the requirements of rule 3.1.1 of these Rules and provisions of rule 2.13.3 of the AIFC Rules On Digital Asset Activities dated September 10, 2023 (AIFC Rules No. FR00062 of 2023). 

3.1.5.    Digital asset staking services are provided to legal entities — residents of the Republic of Kazakhstan if they are classified as Professional Clients in accordance with the requirements of rule 2.3. of the AIFC Conduct of Business Rules dated December 10, 2017 (AIFC Rules No. FR0005 0f 2017).

3.1.6.    A Digital Asset Trading Facility Operator is allowed to provide margin trading services with Digital Assets to individual Retail Clients - residents of the Republic of Kazakhstan, in compliance with the requirements of rule 3.1.1. of these Rules, as well as in accordance with the rules 4.2.1., 8.2.6., 8.2.21., 8.2.22., 8.3.11., Schedule №2 of the AIFC Conduct of Business Rules dated December 10, 2017 (AIFC Rules No. FR0005 0f 2017) and rules 2.7.4., 2.7.2. of the AIFC Rules On Digital Asset Activities dated September 10, 2023 (AIFC Rules No. FR00062 of 2023).

A Digital Asset Trading Facility Operator within margin trading provides to Retail and Professional Clients the right to trade on margin within the limits set for these Client categories, while the Client's loss cannot exceed the pre-funded amount.

3.1.7.     A Digital Asset Trading Facility Operator and a Digital Asset Service Provider are allowed to provide services to Clients with derivative instruments (Digital Asset Derivatives) on Digital Assets, subject to compliance with the requirements of rules 2.8.8., 3.6.3. and 3.9.2. of the AIFC Rules On Digital Asset Activities dated September 10, 2023 (AIFC Rules No. FR00062 of 2023).

3.1.8.     A Digital Asset Trading Facility Operator and Digital Asset Service Provider must not offer or provide any facility or service that allows their Clients its facility to lend a Digital Asset to another Person unless it is reasonably satisfied that the Client is a Professional Client. 

3.1.9.     A Digital Asset Service Provide and Digital Asset Trading Facility Operator are prohibited to provide services to an individual and a legal entity – a resident of the Republic of Kazakhstan by conducting Crypto - lending operations by attracting fiat through providing Digital Assets as a Collateral.

3.1.10.  Legal entities - residents of the Republic of Kazakhstan can be Clients of Digital Asset Service Providers only if they are miners/mining pools or if they are classified as Professional Clients in accordance with the requirements of rule 2.3. of the AIFC Conduct of Business Rules dated December 10, 2017 (AIFC Rules No. FR0005 0f 2017).

3.2. Requirements for AML/CFT/FPWMD systems of Digital Asset Service Providers and other provisions in the field of AML/CFT/FPWMD

3.2.1   Digital Asset Service Providers authorised by the Centre are subject to the Acting law of the Centre and the legislation of the Republic of Kazakhstan in the field of counteraction of money laundering, terrorist financing and financing the proliferation of weapons of mass destruction.

3.2.2. Assessment of the risks of legalization (laundering) of proceeds and financing of terrorism and proliferation of weapons of mass destruction (hereinafter — LP/FT/FPWMD) is conducted in order to identify vulnerabilities, threats and opportunities for the legalization (laundering) of proceeds and financing of terrorism through the inter-jurisdictional cryptofiat system, identify shortcomings in the implementation of measures to counteract the legalization (laundering) of proceeds and financing of terrorism in the inter-jurisdictional cryptofiat system, and such an assessment is conducted as part of the national assessment risks of ML/FT/FPWMD, taking into account the provisions set out by Article 11-1 of the Law of the Republic of Kazakhstan № 191-lV "On counteraction to legalisation (laundering) of proceeds of crime and terrorism financing"  dated August 28, 2009.

3.3 Capital Requirements for Digital Asset Service Providers

3.3.1.  Digital Asset Service Providers are required to provide a minimum amount of capital in accordance with rules 2.2. and 3.2 of the of the AIFC Rules On Digital Asset Activities dated September 10, 2023 (AIFC Rules No. FR00062 of 2023).

3.3.2. The amounts of minimum capital of Digital Asset Service Providers are specified in Schedule 2 to these Rules.

3.4. Settlement and clearing mechanisms

3.4.1. A Digital Asset Trading Facility Operator must ensure that satisfactory arrangements are made for securing the timely discharge (whether by performance, compromise or otherwise), clearing and settlement of the rights and liabilities of the parties to transactions effected on its facility (being rights and liabilities in relation to those transactions).

3.4.2. A Digital Asset Trading Facility Operator must ensure clearing and settlement of transactions on its facility exclusively with Fiat Currencies or Digital Assets admitted to trading.

3.4.3. A Digital Asset Trading Facility Operator must take all reasonable steps to ensure that finality of settlement is achieved within 24 hours. A Digital Asset Trading Facility Operator and a Digital Asset Service Provider perform Client transactions in accordance with the "delivery versus payment" principle and pre-funding requirement. A Digital Asset Trading Facility Operator and a Digital Asset Service Provider execute the Client's instruction to purchase Digital Assets if the Client has fiat funds, execute the Client's instruction to sell Digital Assets if a Client has Digital Assets in a Digital Wallet according to rule 2.13.6. of the AIFC Rules On Digital Asset Activities dated September 10, 2023 (AIFC Rules No. FR00062 of 2023).

3.4.4. Execution and processing gratuitous (free of charge) transfers of Digital Assets between Clients are prohibited.

3.5. Communication with Clients and Financial Promotion

3.5.1. Digital Asset Service Providers communicate with Clients, as well as conduct Financial Promotions in accordance with Chapter 3 of the AIFC Conduct of Business Rules.

3.6. Privacy Tokens

3.6.1. A Digital Asset Trading Facility Operator and a Digital Asset Services Provider must comply with the requirements of rule 2.15 of the AIFC Rules On Digital Asset Activities dated September 10, 2023 (AIFC Rules No. FR00062 of 2023) regarding the prohibition on the use of Privacy Tokens and Devices in the provision of their services.

3.7. A Digital Asset Trading Facility Operator’s and Digital Asset Service Provider’s services involving transactions with their own tokens

3.7.1. Digital Asset Service Providers and Digital Asset Trading Facility Operators provide services involving transactions with their own tokens (Digital Assets), according to provisions and requirements provided under rules 2.8.2, 2.12 and 2.13 of the AIFC Rules On Digital Asset Activities dated September 10, 2023 (AIFC Rules No. FR00062 of 2023), as well as in accordance with the requirements set out in rules 4.2.4 and 5 of the AIFC Market Rules dated October 17, 2017 (AlFC Market Rules No.FR0003 0f 2017).