In December, the Luxembourg Ministry of Justice published this risk assessment, which says that the high adoption of virtual assets by criminals poses significant challenges to virtual asset service providers (VASP), financial institutions, supervisors and law enforcement agencies, and multiple factors have contributed to the need for a VASP vertical risk assessment.  The 2018 and 2020 Luxembourg National Risk Assessment (NRA) specifically mentioned virtual assets as an emerging and evolving risk.  This risk assessment describes the mitigating factors that VASP are obliged to implement to reduce risks as per the 2004 AML/CFT Law, and the different measures implemented by the regulators and prosecution authorities.  It provides a list of legal obligations for the VASP private sector and presents a list of more than 40 red flag indicators.  Additionally, FATF has published red flag indicators on 14 September which entities should take into account.  It says that the list of red flag indicators should support private entities in setting up appropriate transaction-monitoring processes and improving their reporting to the FIU.  The risk assessment is intended to be updated in the near future when a more complete view of the market becomes attainable.




If you would like to make a (polite) gesture and make a (very) modest contribution to my ongoing costs of relocation, removal and computer costs, I have a page at

Author: raytodd2017

Chartered Legal Executive and former senior manager with Isle of Man Customs and Excise, where I was (amongst other things) Sanctions Officer (for UN/EU sanctions), Export Licensing Officer and Manager of the Legal-Library & Collectorate Support Section

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: