EBA ¦ AML/CFT Newsletter - Issue 12

EBA AML/CFT Newsletter Issue 12 – EBA Strengthens AML/CFT Framework with New Guidelines for Crypto-Asset Service Providers and Supervisors

New Guidance for Crypto-Asset Service Providers to Manage ML/TF Risks

In January 2024, the European Banking Authority (EBA) extended its Guidelines on money laundering and terrorist financing (ML/TF) risk factors to include crypto-asset service providers (CASPs). Recognizing that CASPs can be exploited for financial crimes due to the rapid transfer speeds and the potential anonymity features of certain crypto products, the updated guidelines assist these providers in assessing their exposure to ML/TF risks. This includes risks related to their customers, products, delivery channels, and geographical locations. Given the interconnected nature of the financial sector, the guidance also offers insights for other credit and financial institutions potentially exposed to crypto-related risks.

Risk-Based Supervision Guidelines Translated into All EU Languages

In December 2023, the EBA published enhanced Risk-Based Supervision Guidelines specifically for AML/CFT supervisors overseeing CASPs. These guidelines clarify supervisory expectations for identifying and managing ML/TF risks within the crypto sector. To ensure broad accessibility, these guidelines have been translated into all official EU languages. Competent authorities have until 13 May 2024 to notify the EBA of their intention to comply, with compliance notifications being publicly available on the EBA website.

Finalizing the ‘Travel Rule’ and Restrictive Measures Guidelines

The EBA is finalizing new ‘Travel Rule’ Guidelines aimed at preventing the misuse of crypto-asset transfers for terrorist financing and other crimes. Following a public consultation that ended in February 2024 and a hearing with over 120 industry participants, the EBA is analyzing feedback before finalizing these rules.

Additionally, guidelines addressing internal policies to ensure compliance with EU restrictive measures are nearing completion. These guidelines target payment service providers (PSPs), CASPs, and their supervisors, aiming to harmonize compliance steps across Member States. Feedback from consultations and public hearings is currently being incorporated into the final document.

Progress in Prudential Assessment and Peer Review Follow-Up

In February 2024, the EBA released a follow-up report on the 2021 peer review concerning prudential assessments of qualifying holdings acquisitions. The report finds significant improvements among competent authorities in addressing previously identified deficiencies, particularly in detecting and acting upon ML/TF suspicions.

Bastian Schwind-Wagner_Follow "The European Banking Authority continues to strengthen AML/CFT measures across traditional and emerging financial sectors by updating guidance for crypto-asset service providers, enhancing supervisory frameworks, and promoting transparency through public consultations and data reporting initiatives."

Advice to European Commission on Future AML/CFT Regime

Responding to a March 2024 request from the European Commission, the EBA is preparing advice on critical elements of the upcoming EU AML/CFT framework. This includes developing a common ML/TF risk assessment methodology for supervisors, criteria for selecting institutions under direct supervision by the new AML Authority (AMLA), and guidance on customer due diligence and pecuniary sanctions. A draft response will be consulted on in early 2025, with final submission by October 2025.

Addressing De-Risking and Safeguarding Access to Financial Services

The EBA published a factsheet on de-risking in March 2024, highlighting efforts to prevent unwarranted termination or refusal of business relationships with customers posing higher ML/TF risks. The factsheet outlines guidelines designed to protect legitimate customers’ access to financial services, including specific guidance for nonprofit organizations.

EuReCA Database Enhancements and Reporting Trends

The AML/CFT supervisory database EuReCA has begun collecting more detailed information on material weaknesses and remedial measures, including data on natural persons linked to infringements following new regulatory technical standards published in February 2024. Reports indicate an increase in submissions related to payment institutions and e-money institutions, with customer due diligence deficiencies being the most common issue addressed by supervisory measures such as compliance orders and fines.

Public Consultation on MiCAR Redemption Plans

In March 2024, the EBA initiated a public consultation on guidelines for orderly redemption plans of asset-referenced tokens (ARTs) and e-money tokens (EMTs) under MiCAR regulations. These draft guidelines specify requirements for issuers and competent authorities regarding content, review timelines, triggers for implementation, and AML/CFT checks related to redemption plans. The consultation is open until June 2024.

Upcoming Report on Virtual IBANs

The EBA is preparing a May 2024 report examining the use of virtual IBANs (vIBANs) by credit, payment, and e-money institutions across the EU. The report will assess potential risks and supervisory challenges posed by vIBANs, which differ from standard IBANs by not necessarily reflecting the jurisdiction of the underlying master account.