> Personal Data Protection

Amendment ZPPDFT-1B

The deadline for member states to implement Directive (EU) 2018/843 i.e. AMLD 5 was 1 January 2020. Slovenia implemented AMLD 5 by adopting the Act Amending the Prevention of Money Laundering and Terrorist Financing Act (ZPPDFT-1B), which was published in the Official Gazette on 26 June 2020 and has applied since 11 July 2020. The amended ZPPDFT-1B has introduced a few changes to the prevention of money laundering. This article presents some of the key changes that were implemented into the Slovenian law with the amended ZPPDFT-1.


Amendment ZPPDFT-1B supplements the definition of a business relationship with the provision that the established relationship is projected to last. This modification is especially important in relation to Article 17.1. of the ZPPDFT-1, which regulates when obliged entities must perform KYC. The listed examples include concluding a business relationship with a client. The amended definition of a business relationship to contain a temporal component means that obliged entities are not required to perform the KYC in a one-time transaction (assuming that other circumstances have not been met from Article 17 of the ZPPFDT-1 that do require KYC being performed). As a result, the amended ZPPDFT-1B has deleted the exemptions from Article 17.7 of the ZPPDFT-1, which had not considered payment transactions and currency exchanges under EUR 1,000 to constitute a business relationship. With the new definition of a business relationship, the deleted exemptions are no longer necessary, as the business relationship has been newly defined as a permanent relationship, which excludes all one-time transactions.

Amendment ZPPDFT-1B also introduces some new definitions, namely the fiat currency and the custodian wallet provider. The new definition of a fiat currency means are monetary funds that serve as the means of exchange. The definition of a fiat currency is used for the amended definition of a obliged entity – “crypto exchange”. A custodian wallet provider is a natural or legal person that provides services to safeguard private cryptographic keys on behalf of its customers, to hold, store, and transfer virtual currencies. It should be emphasized here that these persons will include anyone who possesses cryptographic keys, regardless of whether they will be handling said key themselves i.e. independently (e.g. multi-sig wallet providers).

The definition of a virtual wallet has also been altered, to be defined as a digital representation of a value that is not issued or guaranteed by a central bank or a public authority, does not possess a legal status or currency or money, but is accepted as a means of exchange, and which can be transferred, stored, and traded electronically. The purpose of the new definition is to encompass all of the different uses of virtual currencies. These, however, do not include so-called complementary currencies that are used in limited networks, such as cities, regions, and that have a very small number of users.


In terms of obliged entities, the greatest change has been the definition of “crypto obliged entities”, in that the legal and natural persons that are conducting activities in relation to currency exchange between fiat currencies and other transactions perform the measures of preventing money laundering and terrorist financing and are included in said transactions or offer custodian wallets. Only those subjects are regarded as these obliged entities that actively collaborate in carrying out these services, but not also subjects that are indirectly involved in said services (program developers who enable the exchange).

A limit of EUR 10,000 has been introduced for obliged entities trading with real estate and works of art, which means that subjects conducting transactions under this amount do not have to carry out the measures of preventing money laundering and terrorism financing.


Amendment ZPPDFT-1B is introducing a new register of crypto obliged entities to ensure oversight over all of these obliged entities. This is to ensure transparent business transactions rather than the regulation of the activities. Being entered into the register is a precondition to providing currency exchange services and custodian wallets. The register is of a public nature and is maintained and managed by the Office for Money Laundering Prevention. In order to be entered into the register, the necessary information and documents must be submitted. An entry can only de denied if one of the representatives of the crypto obliged entity has been finally convicted of a criminal act, as foreseen under Article 4.a of the ZPPDFT-1. However, the crypto obliged entities must inform the Office for Money Laundering Prevention in writing about all of their providers that are involved in their currency exchange services and custodian wallets.


We were expecting more changes to be introduced regarding determining and verifying clients’ identities, however, only one was included in the amended ZPPDFT-1B, i.e. client identification based on the means of electronic identification. The definition of electronic identification was changed so that it directly refers to legislation in the area of electronic identification and trust services (eIDAS Regulation, which has not been implemented here yet and is used directly). Here, a high level of reliability was set as the necessary level of reliability for electronic means of identification. During the preparatory phase of the amended ZPPDFT-1B, there was much public discussion about changes to the limiting provisions for executing video electronic identification, which unfortunately was not included into the final version of the act. Consequently, video electronic identification remains quite heavily regulated and difficult to execute in practice. This means Slovenia continues to be a country in which the obliged entities for preventing money laundering and terrorist financing continue to face significant difficulties in identifying their clients remotely.


Amendment ZPPDFT-1B abolishes the provision of exceptions to be entered into the register of beneficial owners. In accordance with the new regulation, sole proprietors, subjects without business shares, and single-person limited liability companies in which the sole shareholder is a natural person, are automatically entered into the register with data about the beneficial owners, as well as any further changes. Regardless of the automatic entry into the register, these subjects are still liable for all the data being correct and must make sure to correct any incorrect data.

Another new feature is the obliged entities’ obligation to act upon any inconsistencies between the data on the beneficial owners in the register and the directly determined data on the beneficial owners and to inform the Office for Money Laundering Prevention in writing no later than within 30 days.

The beneficial owners have an obligation to guarantee business entities all the necessary data so that they can fulfil all of their obligations in identifying the beneficial owners.


Amendment ZPPDFT-1B decreased the value threshold on electronic funds that is the precondition to waive KYC from EUR 250 EUR and EUR 500 to EUR 150 and from EUR 100 to EUR 50.

KYC through a third person is now possible even without their presence if the third person can identify the party using a means of electronic identification.

New obligations have been added regarding performing the KYC from high-risk third countries, where it more accurate information must be acquired about the source of the means and to ensure a more frequent and longer monitoring of the clients’ business transactions. The obliged entities are offered the possibility to carry out additional elements of in-depth KYC, strengthen the mechanism of informing the Office for Money Laundering Prevention, and limit the implementation of the business relationship or transactions with the client.


Amendment ZPPDFT-1B introduces new sanctions for beneficial owners who do not provide all the necessary data to business entities so that they are able to fulfil their obligations on determining the beneficial owners.

Sanctions for “crypto” obliged entities who fail to meet their obligations regarding entering into the register and other obligations have also been overhauled.