1. The issuer infringes Article 22(1) by not reporting, for each significant asset-referenced token with an issue value that is higher than EUR 100 000 000 , on a quarterly basis to EBA the information referred to in the first subparagraph, points (a) to (d), of that paragraph.

2. The issuer infringes Article 23(1) by not stopping issuing a significant asset-referenced token upon reaching the thresholds provided for in that paragraph or by not submitting a plan to EBA within 40 working days of reaching those thresholds to ensure that the estimated quarterly average number and average aggregate value of the transactions per day are kept below those thresholds.

3. The issuer infringes Article 23(4) by not complying with the modifications of the plan referred to in paragraph 1, point (b), of that Article as required by EBA.

4. The issuer infringes Article 25 by not notifying EBA of any intended change of its business model likely to have a significant influence on the purchase decision of any holders or prospective holders of significant asset-referenced tokens, or by not describing such a change in a crypto-asset white paper.

5. The issuer infringes Article 25 by not complying with a measure requested by EBA in accordance with Article 25(4).

6. The issuer infringes Article 27(1) by not acting honestly, fairly and professionally.

7. The issuer infringes Article 27(1) by not communicating with holders and prospective holders of the significant asset-referenced token in a fair, clear and not misleading manner.

8. The issuer infringes Article 27(2) by not acting in the best interests of the holders of the significant asset-referenced token, or by giving preferential treatment to specific holders which is not disclosed in the issuer’s crypto-asset white paper or, where applicable, the marketing communications.

9. The issuer infringes Article 28 by not publishing on its website the approved crypto-asset white paper as referred to in Article 21(1) and, where applicable, the modified crypto-asset white paper as referred to in Article 25.

10. The issuer infringes Article 28 by not making the crypto-asset white paper publicly accessible by the starting date of the offer to the public of the significant asset-referenced token or the admission to trading of that token.

11. The issuer infringes Article 28 by not ensuring that the crypto-asset white paper, and, where applicable, the modified crypto-asset white paper, remains available on its website for as long as the significant asset-referenced token is held by the public.

12. The issuer infringes Article 29(1) and (2) by publishing marketing communications relating to an offer to the public of a significant asset-referenced token, or to the admission to trading of such significant asset-referenced token, which do not comply with the requirements set out in paragraph 1, points (a) to (d), and paragraph 2 of that Article.

13. The issuer infringes Article 29(3) by not publishing marketing communications and any modifications thereto on its website.

14. The issuer infringes Article 29(5) by not notifying marketing communications to EBA upon request.

15. The issuer infringes Article 29(6) by disseminating marketing communications prior to the publication of the crypto-asset white paper.

16. The issuer infringes Article 30(1) by not disclosing in a clear, accurate and transparent manner in a publicly and easily accessible place on its website the amount of the significant asset-referenced token in circulation and the value and composition of the reserve of assets referred to in Article 36, or by not updating the required information at least monthly.

17. The issuer infringes Article 30(2) by not publishing as soon as possible in a publicly and easily accessible place on its website a brief, clear, accurate and transparent summary of the audit report, as well as the full and unredacted audit report, in relation to the reserve of assets referred to in Article 36.

18. The issuer infringes Article 30(3) by not disclosing in a publicly and easily accessible place on its website in a clear, accurate and transparent manner as soon as possible any event that has or is likely to have a significant effect on the value of the significant asset-referenced token or on the reserve of assets referred to in Article 36.

19. The issuer infringes Article 31(1) by not establishing and maintaining effective and transparent procedures for the prompt, fair and consistent handling of complaints received from holders of the significant asset-referenced token and other interested parties, including consumer associations that represent holders of the significant asset-referenced token, and by not publishing descriptions of those procedures, or, where the significant asset-referenced token is distributed, totally or partially, by third-party entities, by not establishing procedures to also facilitate the handling of complaints between holders and third-party entities as referred to in Article 34(5), first subparagraph, point (h).

20. The issuer infringes Article 31(2) by not enabling the holders of the significant asset-referenced token to file complaints free of charge.

21. The issuer infringes Article 31(3) by not developing and making available to the holders of the significant asset-referenced token a template for filing complaints and by not keeping a record of all complaints received and any measures taken in response to those complaints.

22. The issuer infringes Article 31(4), by not investigating all complaints in a timely and fair manner or by not communicating the outcome of such investigations to the holders of its significant asset-referenced token within a reasonable period.

23. The issuer infringes Article 32(1) by not implementing and maintaining effective policies and procedures to identify, prevent, manage and disclose conflicts of interest between the issuer itself and its shareholders or members, itself and any shareholder or member, whether direct or indirect, that has a qualifying holding in it, itself and the members of its management body, itself and its employees, itself and the holders of the significant asset-referenced token or itself and any third party providing one of the functions as referred in Article 34(5), first subparagraph, point (h).

24. The issuer infringes Article 32(2) by not taking all appropriate steps to identify, prevent, manage and disclose conflicts of interest arising from the management and investment of the reserve of assets referred to in Article 36.

25. The issuer infringes Article 32(3) and (4), by not disclosing, in a prominent place on its website, to the holders of the significant asset-referenced token the general nature and sources of conflicts of interest and the steps taken to mitigate those risks, or by not being sufficiently precise in the disclosure to enable the prospective holders of the significant asset-referenced token to take an informed purchasing decision about such token.

26. The issuer infringes Article 33 by not immediately notifying EBA of any changes to its management body or by not providing EBA with all necessary information to assess compliance with Article 34(2).

27. The issuer infringes Article 34(1) by not having robust governance arrangements, including a clear organisational structure with well-defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks to which it is or might be exposed, and adequate internal control mechanisms, including sound administrative and accounting procedures.

28. The issuer infringes Article 34(2) by having members of its management body who are not of sufficiently good repute or do not possess the appropriate knowledge, skills and experience, both individually and collectively, to perform their duties or do not demonstrate that they are capable of committing sufficient time to effectively perform their duties.

29. The issuer infringes Article 34(3) by not having its management body assess or periodically review the effectiveness of the policy arrangements and procedures put in place to comply with Chapters 2, 3, 5 and 6 of Title III or by not taking appropriate measures to address any deficiencies in that respect.

30. The issuer infringes Article 34(4) by having shareholders or members, whether direct or indirect, with qualifying holdings who are not of sufficiently good repute.

31. The issuer infringes Article 34(5) by not adopting policies and procedures that are sufficiently effective to ensure compliance with this Regulation, in particular by not establishing, maintaining and implementing any of the policies and procedures referred to in the first subparagraph, points (a) to (k), of that paragraph.

32. The issuer infringes Article 34(5) by not entering into contractual arrangements with third-party entities as referred to in the first subparagraph, point (h), of that paragraph that set out the roles, responsibilities, rights and obligations both of the issuer and of the third-party entity concerned, or by not providing for an unambiguous choice of applicable law.

33. The issuer infringes Article 34(6), unless it has initiated a plan as referred to in Article 47, by not employing appropriate and proportionate systems, resources or procedures to ensure the continued and regular performance of its services and activities, and by not maintaining all of its systems and security access protocols in conformity with the appropriate Union standards.

34. The issuer infringes Article 34(7) by not submitting a plan for discontinuation of providing services and activities to EBA, for approval of such discontinuation.

35. The issuer infringes Article 34(8) by not identifying sources of operational risks and by not minimising those risks through the development of appropriate systems, controls and procedures.

36. The issuer infringes Article 34(9) by not establishing a business continuity policy and plans to ensure, in the case of an interruption of its ICT systems and procedures, the preservation of essential data and functions and the maintenance of its activities, or, where that is not possible, the timely recovery of such data and functions and the timely resumption of its activities.

37. The issuer infringes Article 34(10) by not having in place internal control mechanisms and effective procedures for risk management, including effective control and safeguard arrangements for managing ICT systems as required by Regulation (EU) 2022/2554.

38. The issuer infringes Article 34(11) by not having in place systems and procedures that are adequate to safeguard the availability, authenticity, integrity and confidentiality of data as required by Regulation (EU) 2022/2554 and in line with Regulation (EU) 2016/679.

39. The issuer infringes Article 34(12) by not ensuring that the issuer is regularly audited by independent auditors.

40. The issuer infringes Article 35(1) by not having, at all times, own funds equal to amounts of at least the highest of that set in point (a) or (c) of that paragraph or in Article 45(5).

41. The issuer infringes Article 35(2) of this Regulation where its own funds do not consist of the Common Equity Tier 1 items and instruments referred to in Articles 26 to 30 of Regulation (EU) No 575/2013 after the deductions in full, pursuant to Article 36 of that Regulation, without the application of threshold exemptions referred to in Article 46(4) and Article 48 of that Regulation.

42. The issuer infringes Article 35(3) by not complying with the requirement of EBA to hold a higher amount of own funds, following the assessment made in accordance with points (a) to (g) of that paragraph.

43. The issuer infringes Article 35(5) by not conducting, on a regular basis, stress testing that takes into account severe but plausible financial stress scenarios, such as interest rate shocks and non-financial stress scenarios such as operational risk.

44. The issuer infringes Article 35(5) by not complying with the requirement of EBA to hold a higher amount of own funds based on the outcome of the stress testing.

45. The issuer infringes Article 36(1) by not constituting and, at all times, maintaining a reserve of assets.

46. The issuer infringes Article 36(1) by not ensuring that the reserve of assets is composed and managed in such a way that the risks associated to the assets referenced by the significant asset-referenced token are covered.

47. The issuer infringes Article 36(1) by not ensuring that the reserve of assets is composed and managed in such a way that the liquidity risks associated to the permanent rights of redemption of the holders are addressed.

48. The issuer infringes Article 36(3) by not ensuring that the reserve of assets is operationally segregated from the issuer’s estate, and from the reserve of assets of other asset-referenced tokens.

49. The issuer infringes Article 36(6) where its management body does not ensure effective and prudent management of the reserve of assets.

50. The issuer infringes Article 36(6) by not ensuring that the issuance and redemption of the significant asset-referenced token is always matched by a corresponding increase or decrease in the reserve of assets.

51. The issuer infringes Article 36(7) by not determining the aggregate value of the reserve of assets using market prices, and by not having its aggregate value always at least equal to the aggregate value of the claims against the issuer from holders of the significant asset-referenced token in circulation.

52. The issuer infringes Article 36(8), by not having a clear and detailed policy describing the stabilisation mechanism of the significant asset-referenced token that meets the conditions set out in points (a) to (g) of that paragraph.

53. The issuer infringes Article 36(9) by not mandating an independent audit of the reserve of assets every six months, as of the date of its authorisation or as of the date of approval of the crypto-asset white paper pursuant to Article 17.

54. The issuer infringes Article 36(10) by not notifying to EBA the result of the audit in accordance with that paragraph or by not publishing the result of the audit within two weeks of the date of notification to EBA.

55. The issuer infringes Article 37(1) by not establishing, maintaining or implementing custody policies, procedures and contractual arrangements that ensure at all times that the conditions listed in the first subparagraph, points (a) to (e), of that paragraph are met.

56. The issuer infringes Article 37(2) by not having, when issuing two or more significant asset-referenced tokens, a custody policy in place for each pool of reserve of assets.

57. The issuer infringes Article 37(3) by not ensuring that the reserve assets are held in custody by a crypto-asset service provider providing custody and administration of crypto-assets on behalf of clients, a credit institution or an investment firm by no later than five working days after the date of issuance of the significant asset-referenced token.

58. The issuer infringes Article 37(4) by not exercising all due skill, care and diligence in the selection, appointment and review of crypto-asset service providers, credit institutions and investment firms appointed as custodians of the reserve assets, or by not ensuring that the custodian is a legal person different from the issuer.

59. The issuer infringes Article 37(4) by not ensuring that the crypto-asset service providers, credit institutions and investment firms appointed as custodians of the reserve assets have the necessary expertise and market reputation to act as custodians of such reserve assets.

60. The issuer infringes Article 37(4) by not ensuring in the contractual arrangements with the custodians that the reserve assets held in custody are protected against claims of the custodians’ creditors.

61. The issuer infringes Article 37(5) by not setting out in the custody policies and procedures the selection criteria for the appointment of crypto-asset service providers, credit institutions or investment firms as custodians of the reserve assets or by not setting out the procedure for reviewing such appointment.

62. The issuer infringes Article 37(5) by not reviewing the appointment of crypto-asset service providers, credit institutions or investment firms as custodians of the reserve assets on a regular basis, by not evaluating its exposures to such custodians or by not monitoring the financial conditions of such custodians on an ongoing basis.

63. The issuer infringes Article 37(6) by not ensuring that custody of the reserve assets is carried out in accordance with the first subparagraph, points (a) to (d), of that paragraph.

64. The issuer infringes Article 37(7) by not having the appointment of a crypto-asset service provider, credit institution or investment firm as custodian of the reserve assets evidenced by a contractual arrangement, or by not regulating, by means of such a contractual arrangement, the flow of information necessary to enable the issuer of the significant asset-referenced token, the crypto-asset service provider, the credit institution and the investment firm to perform their functions as custodians.

65. The issuer infringes Article 38(1) by investing the reserve of assets in any products that are not highly liquid financial instruments with minimal market risk, credit risk and concentration risks or where such investments cannot be liquidated rapidly with minimal adverse price effect.

66. The issuer infringes Article 38(3) by not holding in custody in accordance with Article 37 the financial instruments in which the reserve of assets is invested.

67. The issuer infringes Article 38(4) by not bearing all profits and losses and any counterparty or operational risks that result from the investment of the reserve of assets.

68. The issuer infringes Article 39(1), by not establishing, maintaining and implementing clear and detailed policies and procedures in respect of permanent rights of redemption of holders of the significant asset-referenced token.

69. The issuer infringes Article 39(1) and (2) by not ensuring that holders of the significant asset-referenced token have permanent rights of redemption in accordance with those paragraphs, and by not establishing a policy on such permanent rights of redemption that meets the conditions listed in Article 39(2), first subparagraph, points (a) to (e).

70. The issuer infringes Article 39(3) by applying fees in the event of the redemption of the significant asset-referenced token.

71. The issuer infringes Article 40 by granting interest in relation to the significant asset-referenced token.

72. The issuer infringes Article 45(1) by not adopting, implementing and maintaining a remuneration policy that promotes the sound and effective risk management of issuers of significant asset-referenced tokens and that does not create incentives to relax risk standards.

73. The issuer infringes Article 45(2) by not ensuring that its significant asset-referenced token can be held in custody by different crypto-asset service providers authorised for providing custody and administration of crypto-assets on behalf of clients, on a fair, reasonable and non-discriminatory basis.

74. The issuer infringes Article 45(3) by not assessing or monitoring the liquidity needs to meet requests for redemption of the significant asset-referenced token by its holders.

75. The issuer infringes Article 45(3) by not establishing, maintaining or implementing a liquidity management policy and procedures or by not ensuring, with those policy and procedures, that the reserve assets have a resilient liquidity profile that enables the issuer of the significant asset-referenced token to continue operating normally, including under scenarios of liquidity stress.

76. The issuer infringes Article 45(4) by not conducting, on a regular basis, liquidity stress testing or by not strengthening the liquidity requirements where requested by EBA based on the outcome of such tests.

77. The issuer infringes Article 46(1) by not drawing up and maintaining a recovery plan providing for measures to be taken by the issuer of the significant asset-referenced token to restore compliance with the requirements applicable to the reserve of assets in cases where the issuer fails to comply with those requirements, including the preservation of its services related to the significant asset-referenced token, the timely recovery of operations and the fulfilment of the issuer’s obligations in the case of events that pose a significant risk of disrupting operations.

78. The issuer infringes Article 46(1) by not drawing up and maintaining a recovery plan that includes appropriate conditions and procedures to ensure the timely implementation of recovery actions as well as a wide range of recovery options, as listed in the third subparagraph of that paragraph.

79. The issuer infringes Article 46(2) by not notifying the recovery plan to EBA and, where applicable, to its resolution and prudential supervisory authorities, within six months of the date of authorisation pursuant to Article 21 or of the date of approval of the crypto-asset white paper pursuant to Article 17.

80. The issuer infringes Article 46(2) by not regularly reviewing or updating the recovery plan.

81. The issuer infringes Article 47(1) by not drawing up and maintaining an operational plan to support the orderly redemption of each significant asset-referenced token.

82. The issuer infringes Article 47(2) by not having a redemption plan that demonstrates the ability of the issuer of the significant asset-referenced token to carry out the redemption of the outstanding significant asset-referenced token issued without causing undue economic harm to its holders or to the stability of the markets of the reserve assets.

83. The issuer infringes Article 47(2) by not having a redemption plan that includes contractual arrangements, procedures or systems, including the designation of a temporary administrator, to ensure the equitable treatment of all holders of the significant asset-referenced token and to ensure that holders of the significant asset-referenced token are paid in a timely manner with the proceeds from the sale of the remaining reserve assets.

84. The issuer infringes Article 47(2) by not having a redemption plan that ensures the continuity of any critical activities that are necessary for the orderly redemption and that are performed by the issuer or by any third-party entity.

85. The issuer infringes Article 47(3) by not notifying the redemption plan to EBA within six months of the date of authorisation pursuant to Article 21 or of the date of approval of the crypto-asset white paper pursuant to Article 17.

86. The issuer infringes Article 47(3) by not regularly reviewing or updating the redemption plan.

87. The issuer infringes Article 88(1), except where the conditions of Article 88(2) are met, by not informing the public as soon as possible of inside information as referred to in Article 87, that directly concerns that issuer, in a manner that enables fast access and complete, correct and timely assessment of the information by the public.