Virtual Assets In Ukraine

On 8 July 2025, RUSI’s Centre for Finance and Security and the Center for Financial Integrity convened the latest meeting of the Taskforce on Public–Private Partnership in Fighting Financial Crime in Ukraine. Fifty representatives, including those from the public and private sectors in Ukraine, and international experts, gathered for an in-person meeting in Warsaw. The discussion focused on virtual assets (VAs) in Ukraine. It included assessments of the related regulatory framework, risks and illicit activities, and international experience.

Introduction

As part of the EU accession process, Ukraine is expected to implement 69 reforms under the Ukraine Facility Plan, the EU’s assistance programme. One of these includes aligning legislation on VAs with the EU acquis – a step that is expected to be completed by the final quarter of 2025. This forms part of broader anti-money laundering (AML) measures.

At the same time, Ukraine must ensure proper implementation of Financial Action Task Force (FATF) Recommendation 15, which requires countries to assess and mitigate the money laundering and terrorist financing (ML/TF) risks related to VAs and virtual asset service providers (VASPs). The country was rated as partially compliant in the last FATF follow-up assessment in 2020. However, many experts fear that this rating could be downgraded in the upcoming MONEYVAL evaluation. This could happen as soon as 2027.

Assessment of the Regulatory Framework of VAs in Ukraine

Attempts to regulate the VA market in Ukraine date back to 2018. The initial approach focused on developing regulations in collaboration with market participants. On 17 February 2022, the Law on Virtual Assets No. 2074-IX was adopted in Ukraine, but it has not yet come into force. The key condition for its enactment was the resolution of taxation issues and the introduction of amendments to the Tax Code.

Efforts to amend and overhaul Ukraine’s VA legislation led to the development of two draft laws between 2022 and 2023. One was prepared by the National Securities and Stock Market Commission (NSSMC), incorporating EU Markets in Crypto Assets Regulation (MiCA) standards, while the other was proposed by the Ministry of Digital Transformation, combining existing legislation with MiCA provisions. The drafts sparked debate around taxation and market strategy but remain unadopted, leaving the sector unregulated.

On 24 April 2025, the Ukrainian parliament received Draft Law No. 10225-d “On Amendments to the Tax Code of Ukraine and Certain Other Legislative Acts of Ukraine on the Regulation of the Circulation of Virtual Assets in Ukraine”. This draft law consolidates previous proposals and has been revised to introduce key changes necessary for regulating the creation of a VA market in alignment with international standards. It introduces licensing requirements for platforms – including capital, transparency and know your customer (KYC) standards – and outlines reporting procedures for VA transactions.

The draft law provides clear classifications and definitions of VA types – such as crypto assets, e-money tokens (EMTs) and asset-referenced tokens (ARTs). These fully align with MiCA standards. However, experts at the workshop expressed continued uncertainty about the proposed classifications.

Appointment of the Regulators

The designation of the responsible regulator is a key issue that remains unaddressed. Currently, there is no authority clearly tasked with overseeing the VA market in Ukraine. This creates uncertainty for both market participants and policymakers. The legislative proposals suggest using two separate regulators – in effect, a dual-regulator model. This would not be based on the type of activity, but on the type of entity that is being supervised. Under this model:

• The National Bank of Ukraine (NBU) would oversee banks involved in VA transactions. Banks would need a separate licence to work with VAs, making them active market participants. In this case, the bank would hold its core licence plus another one that allows it to operate in the trading space. The NBU would also regulate EMTs. Some experts pointed out that, in this case, crypto exchanges could also then fall under NBU supervision.

• Another regulator would oversee crypto exchanges. This regulator has not yet been specified, although Ukrainian experts anticipate that it would probably be the NSSMC. The NSSMC would supervise all other VASPs.

Several international experts at the workshop warned that traditional banking regulations cannot always be effectively applied to the rapidly evolving and distinct crypto sector. In particular, there is a risk of firms exploiting gaps or inconsistencies between the two regulators – regulatory arbitrage.

One expert cited France as a leader in EU crypto regulation, using a dual-regulator model and a phased approach requiring basic AML/counterterrorist financing registration for VASPs, with an optional MiCA-aligned licence. While over 100 VASPs registered by 2023, few pursued full licensing due to MiCA’s complexity.

The Ukrainian parliament will determine the regulator when it adopts the draft law. Ensuring coherence, clarity and functional alignment in regulatory oversight will be critical for market development.

Current Challenges to VA Regulation

As Ukraine moves to establish a clear legal framework for VAs, several challenges remain.

Experts raised the question of tax amnesty. Many politicians now argue that VA legislation cannot be adopted without first implementing a tax amnesty, allowing individuals to declare previously unreported assets. While there were proposals for a simplified amnesty procedure in Ukraine, that push was ultimately halted. Ukraine’s National Risk Assessment (NRA) identified crypto as a high ML/TF risk, triggering FATF Recommendation 10 on customer due diligence (CDD). In this context, a simplified tax amnesty is not feasible.

Meanwhile, courts are increasingly handling VA-related cases, but legal uncertainty remains due to inconsistent rulings and unclear procedures. A private sector representative stressed the need to raise awareness and build capacity among judges and enforcement officers. The draft law would not create a separate crypto court – and Ukraine does not need one – but judges and enforcement officers need targeted education and training to ensure consistent, informed decision-making in cases involving VAs.

Despite some momentum, therefore, political will remains fragmented. Experts emphasised that sustained political support and clear interagency coordination will be crucial to moving forward.

Compliance with MiCA

The MiCA regulation entered into force across the EU in June 2023, introducing unified rules for the crypto-asset market. While it offers legal clarity, experts caution that its complexity could stifle innovation and burden smaller firms. Since Ukraine is not yet an EU member, it has the opportunity to adopt a more gradual, tailored approach.

To develop a robust VA market, participants suggested that Ukraine should grant legal status to activities such as lending, borrowing and derivatives trading – all of which fall outside MiCA’s current scope. Supporting these activities could help Ukraine to develop more efficient systems for transactions of cash-like assets – its liquidity infrastructure – and generate new revenue streams. Such streams are vital given the country’s current economic challenges. For example, the regulation of stablecoins – digital tokens pegged to a stable value – could be simplified by merging EMTs and ARTs into a single category. Issuance could be limited to regulated financial institutions, with the NBU serving as the custodian of reserves. Moreover, stablecoin payouts could be permitted to support usability and liquidity.

Ukraine’s current economic needs often contradict the logic of EU legal acts. For now, the country must prioritise stability – even if it means a temporary deviation from MiCA.

What Should the Legislation Look Like?

Countries with the most developed VA markets often offer market flexibility. Since VAs continually change, the legislators cannot practically keep up. Therefore one expert suggested a reasonable policy: adopting a very high-level framework law that is sufficiently flexible to encompass future developments. The UAE offers a successful example, with a dedicated regulator and regulatory sandboxes that support innovation while maintaining oversight.

While flexible regulation models such as the UAE’s support innovation, some countries have chosen more restrictive approaches. Moldova, for instance, banned VASPs following a FATF downgrade, while still permitting VA use. Enforcement proved difficult, and concerns about election interference and illicit financing persisted. By 2024, Moldova began shifting toward regulation

To avoid enabling corruption or organised crime, Ukraine’s VA legislation must balance effective control with practical implementation. Experts agreed that this includes creating a transparent licensing process and clear enforcement guidelines for law enforcement agencies (LEAs). To demonstrate the effectiveness of VA market regulation to MONEYVAL (the FATF regional body to which Ukraine belongs), Ukraine should register its first VASP. This would send a strong signal of regulatory readiness and help to reverse a growing trend of Ukrainian VASPs relocating abroad to seek clearer legal environments.

In sum, many participants remain hopeful that the long-overdue VA law in Ukraine will be passed by the end of 2025. This legislation could align the country with international standards, provide opportunities for VASPs to legally operate in Ukraine and help to attract investment for recovery. With all this in mind, the desire to combat illicit finance and support global security should be the core driver for the introduction of the law.

Risks and Illicit Activities

VAs offer potential for financial innovation but pose regulatory challenges due to their rapid growth, global reach and pseudonymity. In Ukraine – amid war, recovery and EU alignment – a risk-based regulatory approach is essential. Such risks fall into two categories: universal risks experienced by all states; and risks specific to Ukraine.

General Risks

VAs present global risks related to their acceptance, storage and transfer due to limited traceability, inconsistent oversight, and weak consumer protections. A key concern is the difficulty of verifying the source of funds, particularly when transactions involve multiple platforms. Transfers are often irreversible, and interactions with unregulated services increase exposure to illicit finance. Poor wallet management practices can trigger regulatory scrutiny, while the lack of safeguards for storage increases the risk of asset loss and theft.

Ukraine-Specific Risks

The experts noted that Ukraine-specific risks are primarily connected with the over-the-counter (OTC) activities in the country, its role as a threat hub and the role of crypto in funding procurement of sanctioned components for the Russian military, money mules and others.

OTC Activities and Russia’s Influence

The FATF does not explicitly define OTC services, but they would fall under the definition of VASPs when facilitating VA transfers or exchanges as a business. Although exact figures are unavailable, OTC desks are reportedly active in nearly every major Ukrainian city and abroad.

Participants discussed how the growth of OTC activity has introduced serious national security and financial crime risks. These services are increasingly used to circumvent international sanctions, including the procurement of dual-use components for the Russian armed forces. Russian actors are actively exploiting OTC platforms as part of hybrid warfare efforts. Experts have noted that Russian actors are using social media platforms – particularly Telegram – to promote and facilitate the sale of synthetic drugs, with payments made via crypto wallets. This tactic is reportedly aimed at fostering drug addiction among Ukrainian military personnel, thereby weakening operational readiness and morale.

A targeted enforcement strategy – supported by PPPs and private sector tools – should include dedicated investigative personnel and local oversight. The potential benefits are substantial: one expert estimated that with improved oversight, Ukraine could recover up to $10 billion – a significant contribution to the national budget. Failure to regulate OTC desks may weaken Ukraine’s standing with international partners.

The Role of Ukraine as a Threat Hub

By exploiting weak donor verification and outdated electoral finance laws to launder funds into politics, VAs are enabling foreign actors to influence Western democracies. Ukraine, while not the origin, is seen as an emerging hub for laundering crypto funds due to its strategic location, wartime vulnerabilities and evolving regulations.

According to expert assessments by those attending the workshop, Russian intelligence services are leveraging Ukraine as a platform for political ML operations, exploiting its institutional gaps and conflict-related distractions. These networks may rely on corrupt facilitators within Ukraine, while simultaneously positioning Ukraine as the centre for the illicit flows – undermining its international credibility and democratic alliances.

It is therefore essential to strengthen Ukraine’s capacity to monitor and regulate the activity of VAs. This supports domestic financial security and preserves the integrity of international political systems. Ukraine must prioritise the development of investigative and compliance capacities to prevent the country from becoming a permissive environment for illicit crypto-financial flows.

Crypto and Money Mules

Following Russia’s full-scale invasion, the NBU imposed a temporary restriction on international wire transfers. This was aimed at preventing large-scale capital flight and to stabilise the national economy. As VA use surged in response, new opportunities emerged for illicit financial activities – most notably through money mules, сommonly known in Ukraine as “drops” schemes.

For a fee, the drops transfer the details and data of their card accounts for use by third parties. One expert noted that crypto drops schemes are increasingly organised and decentralised, using social media and encrypted apps. Expert estimates suggest that the Ukrainian state budget may be losing approximately UAH 1 billion (about $24 million) per month due to crypto-related drops operations.

Several working groups within the Ukrainian parliament are currently reviewing legislative options to address these schemes, including enhanced due diligence requirements, the creation of a drops register, and public awareness campaigns. To effectively counter this growing threat, Ukraine should invest in blockchain investigations, improve coordination between financial institutions and LEAs and engage international partners to trace cross-border flows.

Risk Mitigation and Blockchain Analytics Tools

Representatives from VASPs emphasised that collaborative regulation can yield positive outcomes, but global companies must navigate multiple regulatory frameworks. To manage ML/TF risks, VASPs use blockchain analytics and commercial tools for CDD and ongoing monitoring – although the quality and interoperability of these tools vary. Experts at the workshop noted that these tools often lack compatibility and are not yet fully reliable as court-admissible evidence, prompting efforts to develop standards for minimum requirements.

Participants noted that VASPs often mirror traditional financial institutions in their transaction monitoring but frequently need to build in-house tools for integrated oversight of fiat and crypto transactions. These systems support CDD and can detect risks through pattern analysis, even when external providers do not. However, data protection laws restrict private–private information sharing, limiting timely reporting – particularly in cases involving OTC brokers and peer-to-peer merchants.

VASP representatives also pointed out that, due to the lack of comprehensive legislation, there are challenges in providing cross-border assistance to the public sector and, especially, LEAs. Therefore, broader cooperation initiatives that facilitate this cooperation and assistance are needed.

Role of the Traditional Financial Sector in Mitigating Risks Associated with VAs

During the discussion, it was pointed out that some financial institutions have adopted blockchain analytics and crypto-related KYC practices, although standardisation remains under discussion. Nonetheless, knowledge and capabilities vary widely, with many lacking the tools and expertise to effectively manage associated risks.

Despite efforts by some organisations to better understand sources of funds and indirect exposure, traditional institutions often avoid engaging with the crypto sector – potentially exposing themselves to unknown risks. One solution proposed by participants is to develop best-practice tools, such as KYC and CDD questionnaires, based on models such as the Wolfsberg Group’s Correspondent Banking KYC Questionnaire. The Wolfsberg Group Digital Assets Working Group is said to be developing such a questionnaire for crypto-related activity for use in the near future.

As pointed out by one participant, standard CDD questionnaire practices seem lacking – clients of a traditional financial institution may characterise their business as software development or programming services, when, in fact, they may be operating as active VASPs unknown to their financial service provider.

PPPs and VA Risk Assessment

The joint development of risk assessments is one promising area for enhancing the effectiveness of PPPs in Ukraine. A well-designed risk assessment provides an overview of current vulnerabilities and also serves as a strategic planning tool. For Ukraine, this means going beyond compliance checklists and building a forward-looking, evidence-based approach that is tailored to local realities.

Ukraine’s 2022 National Risk Assessment included VA-related risks, but experts note it lacked depth and did not reflect sector-specific threats. A major gap is the absence of a clearly designated regulator for VAs. Moreover, LEAs and other key stakeholders were not fully involved in the process, reducing its effectiveness.

Access to high-quality data remains a major barrier. While Ukrainian authorities receive summary reports from blockchain analytics providers, these are insufficient. Regulators need direct access to raw data and a wider range of sources, including open-source intelligence and exchange platform data. Tools that provide insights into liquidity, asset types and market behaviour could greatly enhance the state’s analytical capacity.

To be meaningful, the process must be tailored to local realities, involve the right stakeholders, promote cross-sector awareness and apply innovative approaches to data collection and analysis.

International Experience and Recommendations

Leveraging PPPs to Address Emerging Threats in the VAs Space

PPPs enable rapid, collaborative responses to financial crime by aligning public and private sector resources. One example is the Europol Financial Intelligence Public Private Partnership (EFIPPP), which was set up in 2017 as a cooperative mechanism between private sector stakeholders, financial intelligence units (FIUs) and investigative authorities to develop and share structured threat information (for example, financial crime typologies) among members. Some FIUs have added greatly to these efforts.

One of the EFIPPP’s initiatives is specifically focused on cryptoassets and involves over 100 participants. This initiative facilitates regular, confidential sharing of financial intelligence between public and private sector representatives, raising awareness of emerging risks, promoting mutual understanding, and serving as a key platform for ongoing knowledge exchange.

It also provides a platform for discussing pressing matters that need solutions or require clarification. For example, the Travel Rule (TR) requirements under FATF Recommendation 16 are implemented unevenly across jurisdictions. This complicates efforts to establish a universally accepted, one-size-fits-all standard, even though blockchain technology is known to be borderless. Located in various jurisdictions, many VASPs still need to comply with the TR requirements. PPPs, such as EFIPPP, can bridge these gaps by facing challenges from the perspectives of FATF, regulators and VASPs.

Building a network of trusted experts is another way to leverage PPPs for finding solutions. While financial institutions, VASPs and regulators encounter similar challenges – particularly when it comes to a risk-based approach for monitoring and screening solutions – the key question is how to approach this issue, maintain flexibility and attain clarity on regulatory expectations.

PPPs and Challenges: Tackling Illicit Activity While Building Trust

Notably, national PPPs can complement these efforts through their own active international presence. For example, since its inception in 2021, the Lithuanian PPP, the Center of Excellence in Anti-Money Laundering (AML Center), has been an active member of EFIPPP and other international initiatives. To further ensure effective cooperation, it started a gradual expansion process in March 2024. Participants noted that the AML Center is now accepting vetted fintech members licensed by the Bank of Lithuania.

A representative of the AML Center noted that, of Lithuania’s 370 registered VASPs, only 120 appear active; just 30 had sought licences by mid-2025. This indicates that the rest may potentially move their activities to other jurisdictions. These statistics illustrate that the crypto sector cannot be ignored, and therefore should be included in PPP activities even before full membership.

Lithuania’s proactive integration of VASPs offers a model for Ukraine, where unregistered activity persists and clarity is lacking. Participants agreed that legal certainty is needed across jurisdictions. However, extensive regulation may overwhelm limited institutional capacity. Instead, Ukraine and similar countries should adopt a focused compliance strategy – starting with essential requirements and gradually expanding – while engaging international partners to better understand and manage emerging risks.

Expert Recommendations

The meeting participants articulated a series of recommendations to enhance coordination and information sharing related to VAs in Ukraine. In addition, they identified legislative and regulatory measures that could reinforce public–private collaboration within the VA sector. Recommendations included the following:

Regulatory

• Narrow the focus: Concentrating on the specific assets that the country seeks to attract, such as stablecoins, may serve as an effective starting point. It also showcases the link between the regulatory framework and ensuring market attractiveness.

• Recognise cybersecurity as interconnected: There is substantial evidence that illicit activities, cyber threats and VAs are interconnected.

• Establish clear rules and guidance: There should be a clear understanding of the regulatory expectations of the minimum standard requirements to ensure satisfactory monitoring and risk mitigation measures, and related tools/solutions.

Supervision and Enforcement

• Use existing solutions: While building a regulatory framework takes time, illicit activity continues. LEAs should leverage established tools and expertise without delays.

• Inspect a broader range of operations: VA operations are not limited to online or fiat exchanges. Conducting both remote and onsite supervision of unregulated crypto exchanges and licensed currency exchanges is crucial to understanding the full landscape.

• Adequately equip institutions: VAs are currently the primary method for cross-border value transfers, yet many institutions lack the tools to trace them effectively. Commercial solutions remain the most effective way to strengthen their capabilities.

Knowledge and Capacity-Building

• Double-check the data: Blockchain analytics tools aid VA tracing and risk mitigation, but are costly and lack interoperability. It is essential to verify their outputs rather than rely on them blindly.

• Facilitate knowledge sharing: Public–private knowledge exchange is evolving and often uneven. Sharing information fosters collaboration and reveals who is proactive versus those waiting for legal mandates.

• Emphasise quality over quantity: Available information is vast but often low quality. To detect illicit activity effectively, high-quality data must be structured and integrated with risk rules, blockchain analytics, behavioural patterns, and open source intelligence.

Effective Collaboration and Cooperation

• Build a stakeholder map: PPPs rely on trust and collaboration, making it essential to identify key stakeholders and understand their needs to support effective information sharing.

• Foster synergy: Frequently, business cases are interconnected: VASPs may lack full KYC data, while traditional finance often struggles with crypto risks. Bridging these gaps is key to stronger risk mitigation.

Outcomes

The Taskforce meeting concluded with two key outcomes that encapsulated the overall needs of the VA sector.

First, legislation is not a prerequisite for action. Instead, focused, practical efforts – especially through public–private collaboration – are essential to identifying and mitigating illicit activity. Such partnerships help ensure both sectors understand their roles and are equipped to respond effectively.

Second, Ukraine needs targeted and well-designed legislation. While certain measures – such as improving cybersecurity and disrupting illicit financial flows – can begin without delay, a precise legal framework, tailored to Ukraine’s context, is needed.

Participants agreed Ukraine must avoid regulatory stagnation. Many countries have advanced with fewer resources by adopting simple, flexible approaches, which Ukraine must now prioritise to ensure timely progress.

Oksana Ihnatenko is the Managing Director of the Center for Financial Integrity in Ukraine. She is also a Researcher for the Supervising and Monitoring Ukraine’s Reconstruction Funds project in RUSI’s Centre for Finance and Security. Her research examines the resilience and integrity of Ukraine’s financial system. Oksana is a Certified Anti-Money Laundering Specialist.

Greta Barkauskienė is a member of the Certified Financial Crime Specialists Association. She is an expert in financial crimes, specialising in AML/CFT topics, with a strong focus on crypto assets. With previous experience working at law enforcement agencies and the Financial Intelligence Unit Lithuania, she currently serves as an expert at the Center of Excellence in Anti-Money Laundering and is a member of the Digital Assets Task Force within the Global Coalition to Fight Financial Crime.