Article 3
Detection and prevention of money laundering and terrorist financing
For the purposes of Article 60(7), point (b)(i) and (ii), of Regulation (EU) 2023/1114, the notifying entity shall provide the competent authority with information on its internal control mechanisms, policies and procedures to ensure compliance with the provisions of national law transposing Directive (EU) 2015/849 and on the risk assessment framework to manage risks relating to money laundering and terrorist financing, including the following:
|
(a) |
the notifying entity’s assessment of the inherent and residual risks of money laundering and terrorist financing associated with its provision of crypto-asset services, including the risks relating to:
|
|
(b) |
the measures that the notifying entity has or will put in place to prevent the identified risks and comply with applicable anti-money laundering and counter-terrorist financing requirements, including the notifying entity’s risk assessment process, the policies and procedures to comply with customer due diligence requirements, and the policies and procedures to detect and report suspicious transactions or activities; |
|
(c) |
detailed information on how internal control mechanisms, policies and procedures are adequate and proportionate to the scale, nature, inherent risk of money laundering and terrorist financing, including the range of crypto-asset services provided, the complexity of the business model and how the notifying entity ensures its compliance with Directive (EU) 2015/849 and Regulation (EU) 2023/1113 of the European Parliament and of the Council (7); |
|
(d) |
the identity of the person in charge of ensuring the notifying entity’s compliance with anti-money laundering and counter-terrorist financing requirements, including evidence of that person’s skills and expertise; |
|
(e) |
arrangements, human and financial resources devoted to ensure, based on annual indications, that staff of the notifying entity is appropriately trained in anti-money laundering and counter-terrorist financing matters and on specific crypto-asset related risks; |
|
(f) |
a copy of the notifying entity’s anti-money laundering and counter-terrorism policies, procedures and systems; |
|
(g) |
a summary document outlining changes that have been made to the notifying entity’s anti-money laundering and counter-terrorism procedures and systems as a consequence of the planned crypto-asset services; |
|
(h) |
the frequency of the assessment of the adequacy and effectiveness of the internal control mechanisms, systems and procedures, including the identity of the person or function responsible for such assessment. |
(7) Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849 (OJ L 150, 9.6.2023, p. 1, ELI: http://data.europa.eu/eli/reg/2023/1113/oj).