Updated 05/02/2025
In force

Initial Legal Act
Amendments
There is currently no Level 2 legal act based on or specifying Article 38.
Search within this legal act
TFR 3 ToolTransfer of Funds Regulation (TFR 3)
Article 38

Article 38 - Regulation 2023/1113 (TFR 3)

Article 38

Amendments to Directive (EU) 2015/849

Directive (EU) 2015/849 is amended as follows:

(1)

in Article 2(1), point (3), points (g) and (h) are deleted;

(2)

Article 3 is amended as follows:

(a)

in point (2), the following point is added:

‘(g)

crypto-asset service providers;’;

(b)

point (8) is replaced by the following:

‘(8)

‘correspondent relationship’ means:

(a)

the provision of banking services by one bank as the correspondent to another bank as the respondent, including providing a current or other liability account and related services, such as cash management, international funds transfers, cheque clearing, payable-through accounts and foreign exchange services;

(b)

the relationships between and among credit institutions and financial institutions, including where similar services are provided by a correspondent institution to a respondent institution, and including relationships established for securities transactions or funds transfers or relationships established for transactions in crypto-assets or transfers of crypto-assets;’;

(c)

points 18 and 19 are replaced by the following:

‘(18)

“crypto-asset” means a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114 of the European Parliament and of the Council (*1), except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds;

(19)

“crypto-asset service provider” means a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation, with the exception of providing advice on crypto-assets as referred to in Article 3(1), point (16)(h), of that Regulation;

(*1)  Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (OJ L 150, 9.6.2023, p. 40).’;"

(d)

the following point is added:

‘(20)

“self-hosted address” means a self-hosted address as defined in Article 3, point (20), of Regulation (EU) 2023/1113 of the European Parliament and of the Council (*2).

(*2)  Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849 (OJ L 150, 9.6.2023, p. 1).’;"

(3)

in Article 18, the following paragraphs are added:

‘5.   By 30 December 2024, EBA shall issue guidelines on risk variables and risk factors to be taken into account by crypto-asset service providers when entering into business relationships or carrying out transactions in crypto-assets.

6.   EBA shall clarify, in particular, how the risk factors listed in Annex III shall be taken into account by crypto-asset service providers including when carrying out transactions with persons and entities which are not covered by this Directive. To that end, EBA shall pay particular attention to products, transactions and technologies that have the potential to facilitate anonymity, such as privacy wallets, mixers or tumblers.

Where situations of higher risk are identified, the guidelines referred to in paragraph 5 shall include enhanced due diligence measures that obliged entities shall consider applying to mitigate such risks, including the adoption of appropriate procedures to detect the origin or destination of crypto-assets.’

;

(4)

the following articles are inserted:

‘Article 19a

1.   Member States shall require crypto-asset service providers to identify and assess the risk of money laundering and terrorist financing associated with transfers of crypto-assets directed to or originating from a self-hosted address. To that end, crypto-asset service providers shall have in place internal policies, procedures and controls. Member States shall require crypto-asset service providers to apply mitigating measures commensurate with the risks identified. Those mitigating measures shall include one or more of the following:

(a)

taking risk-based measures to identify, and verify the identity of, the originator or beneficiary of a transfer made to or from a self-hosted address or the beneficial owner of such originator or beneficiary, including through reliance on third parties;

(b)

requiring additional information on the origin and destination of the transferred crypto-assets;

(c)

conducting enhanced ongoing monitoring of those transactions;

(d)

any other measure to mitigate and manage the risks of money laundering and terrorist financing as well as the risk of non-implementation and evasion of targeted financial sanctions and proliferation financing-related targeted financial sanctions.

2.   By 30 December 2024, EBA shall issue guidelines to specify the measures referred to in this Article, including the criteria and means for identification and verification of the identity of the originator or beneficiary of a transfer made to or from a self-hosted address, in particular through reliance on third parties, taking into account the latest technological developments.

Article 19b

1.   By way of derogation from Article 19, with respect to cross-border correspondent relationships involving the execution of crypto-asset services as defined in Article 3(1), point (16), of Regulation (EU) 2023/1114, with the exception of point (h) of that point, with a respondent entity not established in the Union and providing similar services, including transfers of crypto-assets, Member States shall, in addition to the customer due diligence measures laid down in Article 13 of this Directive, require crypto-asset service providers, when entering into a business relationship with such an entity, to:

(a)

determine if the respondent entity is licensed or registered;

(b)

gather sufficient information about the respondent entity to understand fully the nature of the respondent’s business and to determine from publicly available information the reputation of the entity and the quality of supervision;

(c)

assess the respondent entity’s AML/CFT controls;

(d)

obtain approval from senior management before establishing new correspondent relationships;

(e)

document the respective responsibilities of each party to the correspondent relationship;

(f)

with respect to payable-through crypto-asset accounts, be satisfied that the respondent entity has verified the identity of, and performed ongoing due diligence on, the customers having direct access to accounts of the correspondent entity, and that it is able to provide relevant customer due diligence data to the correspondent entity, upon request.

Where crypto-asset service providers decide to terminate correspondent relationships for reasons relating to anti-money laundering and counter-terrorist financing policy, they shall document and record their decision.

Crypto-asset service providers shall update the due diligence information for the correspondent relationship on a regular basis or when new risks emerge in relation to the respondent entity.

2.   Member States shall ensure crypto-asset service providers take into account the information referred to in paragraph 1 in order to determine, on a risk-sensitive basis, the appropriate measures to be taken to mitigate the risks associated with the respondent entity.

3.   By 30 June 2024, EBA shall issue guidelines to specify the criteria and elements that crypto-asset service providers shall take into account when conducting the assessment referred to in paragraph 1 and the risk mitigating measures referred to in paragraph 2, including the minimum action to be taken by crypto-asset service providers where the respondent entity is not registered or licensed.’

;

(5)

the following article is inserted:

‘Article 24a

By 1 January 2024, EBA shall issue guidelines specifying how the enhanced customer due diligence measures in this Section apply when obliged entities perform crypto-asset services as defined in Article 3(1), point (16), of Regulation (EU) 2023/1114, with the exception of point (h) of that point, as well as transfers of crypto-assets as defined in Article 3, point (10), of Regulation (EU) 2023/1113. In particular, EBA shall specify how and when those obliged entities shall obtain additional information on the originator and beneficiary.’

;

(6)

in Article 45, paragraph 9 is replaced by the following:

‘9.   Member States may require electronic money issuers as defined in Article 2, point (3), of Directive 2009/110/EC, payment service providers as defined in Article 4, point (11), of Directive (EU) 2015/2366 and crypto-asset service providers established on their territory in forms other than a branch, and whose head office is situated in another Member State, to appoint a central contact point in their territory. That central contact point shall ensure, on behalf of the entity operating on a cross-border basis, compliance with AML/CFT rules and shall facilitate supervision by supervisors, including by providing supervisors with documents and information on request.’

;

(7)

in Article 47, paragraph 1 is replaced by the following:

‘1.   Member States shall ensure that currency exchange and cheque-cashing offices and trust or company service providers are licensed or registered, and that providers of gambling services are regulated.’

;

(8)

in Article 67, the following paragraph is added:

‘3.   Member States shall adopt and publish, by 30 December 2024, the laws, regulations and administrative provisions necessary to comply with Article 2(1), point 3, Article 3, point (2)(g), Article 3, points (8), (18), (19) and (20), Article 19a(1), Article 19b(1) and (2), Article 45(9) and Article 47(1). They shall immediately communicate the text of those measures to the Commission.

They shall apply those measures from 30 December 2024.’.