Article 18

In the cases referred to in Articles 18a to 24, as well as in other cases of higher risk that are identified by Member States or obliged entities, Member States shall require obliged entities to apply enhanced customer due diligence measures to manage and mitigate those risks appropriately.

Enhanced customer due diligence measures need not be invoked automatically with respect to branches or majority-owned subsidiaries of obliged entities established in the Union which are located in high-risk third countries, where those branches or majority-owned subsidiaries fully comply with the group-wide policies and procedures in accordance with Article 45. Member States shall ensure that those cases are handled by obliged entities by using a risk-based approach.

Member States shall require obliged entities to examine, as far as reasonably possible, the background and purpose of all transactions that fulfil at least one of the following conditions:

(i)

they are complex transactions;

(ii)

they are unusually large transactions;

(iii)

they are conducted in an unusual pattern;

(iv)

they do not have an apparent economic or lawful purpose.

In particular, obliged entities shall increase the degree and nature of monitoring of the business relationship, in order to determine whether those transactions or activities appear suspicious.

When assessing the risks of money laundering and terrorist financing, Member States and obliged entities shall take into account at least the factors of potentially higher-risk situations set out in Annex III.

By 26 June 2017, the ESAs shall issue guidelines, addressed to competent authorities and the credit institutions and financial institutions, in accordance with Article 16 of Regulation (EU) No 1093/2010 on the risk factors to be taken into consideration and the measures to be taken in situations where enhanced customer due diligence measures are appropriate. From 1 January 2020, EBA shall, where appropriate, issue such guidelines. Specific account shall be taken of the nature and size of the business, and, where appropriate and proportionate, specific measures shall be laid down.

By 30 December 2024, EBA shall issue guidelines on risk variables and risk factors to be taken into account by crypto-asset service providers when entering into business relationships or carrying out transactions in crypto-assets.

EBA shall clarify, in particular, how the risk factors listed in Annex III shall be taken into account by crypto-asset service providers including when carrying out transactions with persons and entities which are not covered by this Directive. To that end, EBA shall pay particular attention to products, transactions and technologies that have the potential to facilitate anonymity, such as privacy wallets, mixers or tumblers.

Where situations of higher risk are identified, the guidelines referred to in paragraph 5 shall include enhanced due diligence measures that obliged entities shall consider applying to mitigate such risks, including the adoption of appropriate procedures to detect the origin or destination of crypto-assets.

Recitals

CHAPTER I - GENERAL PROVISIONS (Article 1-9)

CHAPTER II - CUSTOMER DUE DILIGENCE (Article 10-29)

SECTION 1 - General provisions (Article 10-14)

SECTION 2 - Simplified customer due diligence (Article 15-17)

SECTION 3 - Enhanced customer due diligence (Article 18-24a)Article 18 Q&AGL Article 18a GL Article 19 GL Article 19a GL Article 19b Article 20 Article 20a L2 Article 21 Article 22 Article 23 Article 24 Article 24a

SECTION 4 - Performance by third parties (Article 25-29)

CHAPTER III - BENEFICIAL OWNERSHIP INFORMATION (Article 30-31a)

CHAPTER IV - REPORTING OBLIGATIONS (Article 32-39)

CHAPTER V - DATA PROTECTION, RECORD-RETENTION AND STATISTICAL DATA (Article 40-44)

CHAPTER VI - POLICIES, PROCEDURES AND SUPERVISION (Article 45-62)

CHAPTER VII - FINAL PROVISIONS (Article 63-69)

ANNEX I ANNEX II ANNEX III ANNEX IV

Metadata

Level 2 legal acts

Related documents

Table of contents