EBA ¦ Issuers of EMTs and Scope of Application AML Requirements

EMT issuers and AML: Why the Commission’s answer confirms the obvious

The European Commission has clarified a question that has practical relevance for the market in e-money tokens, or EMTs, under MiCAR. The issue was whether electronic money institutions (EMIs) and credit institutions issuing EMTs must comply with the customer due diligence (CDD) obligations in the EU anti-money laundering framework, and whether holders of EMTs should be treated as customers of the issuer for AML purposes.

The answer is largely straightforward. EMT issuers in the European Union are either credit institutions or electronic money institutions. Both categories are obliged entities under AMLD5 and are therefore subject to the usual AML and counter-terrorist financing requirements, including customer due diligence, ongoing monitoring, and related controls. But that does not mean every holder of an EMT is automatically a customer of the issuer.

What the Commission actually confirms

The key point is the distinction between being an obliged entity and having a customer relationship. The Commission’s answer confirms that issuers of EMTs remain inside the scope of the AML framework because of their legal status as regulated financial institutions. That part is not controversial. What matters more is the relationship between the issuer and the person holding the EMT.

If a holder acquires EMTs directly from the issuer, or redeems them directly with the issuer, then the usual customer relationship exists. In that case, the holder is a client of the issuer and the AML rules that apply to customers clearly come into play. Customer due diligence, identity verification, and related ongoing obligations apply in the normal way.

Bastian Schwind-Wagner _Follow

"The Commission’s clarification on EMT issuers and AML is straightforward: issuers are obliged entities, so AMLD5 applies to them. But that does not mean every EMT holder is automatically a customer of the issuer.

Where EMTs are obtained or redeemed directly with the issuer, a customer relationship exists and normal KYC rules apply. Where EMTs are only acquired on the secondary market, the holder is not necessarily the issuer’s customer, so the AML analysis should stay tied to the actual relationship."

When an EMT holder is not a customer

The position is different where the EMT holder acquired the token elsewhere, for example on a secondary market, and has no direct relationship with the issuer. In that case, the holder is not automatically a customer of the issuer simply by virtue of holding the token. Without direct issuance or direct redemption, there is no contractual or customer relationship between the holder and the issuer.

That distinction is important because AML rules are built around customer relationships. They do not automatically extend to every person who happens to hold a regulated instrument. In the EMT context, that means the existence of the token alone is not enough to create a KYC obligation toward every holder. The issuer’s AML duties are real, but they are not limitless.

Why the distinction matters for market structure

This clarification matters because EMTs are designed to circulate. If every holder were treated as a customer of the issuer at all times, the operational consequences would be significant. Secondary market use would become much harder to reconcile with standard AML processes, and issuers would effectively need ongoing visibility over all token holders, even where no direct relationship exists.

The Commission’s answer avoids that outcome. It keeps the analysis grounded in the basic legal structure of AML law. Where there is a direct relationship with the issuer, AML obligations apply in the normal way. Where there is no such relationship, it would be a step too far to treat the holder as a customer merely because the holder possesses the token.

Following the logic of the rules

Sometimes compliance questions look more difficult than they really are. In this case, the answer comes from reading the legal framework carefully and applying ordinary legal reasoning. EMT issuers are regulated financial institutions, so they are obliged entities. But AML law still depends on the existence of a customer relationship, not on a broad assumption that every token holder is within the issuer’s client base.

That is why the Commission’s clarification is best understood as confirming the obvious. It does not create a new category of customer for AML purposes. It simply reinforces the basic point that direct dealings with the issuer matter, while secondary market holding alone does not automatically bring someone into the issuer’s customer perimeter.

Practical takeaway for EMT issuers

AML controls must be in place for direct customers, meaning those who subscribe to or redeem EMTs directly with the issuer. But compliance frameworks should not overstate the scope of the customer relationship and should not assume that every downstream token holder is subject to issuer-level KYC.

That distinction affects product design, distribution structures, transfer models, and the way issuers map their AML obligations. A careful reading of the rules shows that the scope of AML duties is real, but still anchored in the traditional customer relationship. That is often the cleanest way to understand the position – and in this case, the simplest one is also the right one.

Dive deeper

• EBA ¦ 2024_7078 Issuers of EMTs and scope of application AML requirements ¦ Link