Transfer of funds regulation (TFR)

Flows of illicit money through transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; and virtual assets can damage the integrity, stability and reputation of the financial sector, and threaten the internal market of the Union as well as international development. Money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849;, terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; and organised crime remain significant problems which should be addressed at Union level. The soundness, integrity and stability of the system of transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; and virtual assets, and confidence in the financial system as a whole, could be seriously jeopardised by the efforts of criminals and their associates to disguise the origin of criminal proceeds or to transfer fundsmeans funds as defined in Article 4, point (25), of Directive (EU) 2015/2366; or virtual assets for criminal activitiesmeans criminal activity as defined in Article 2, point (1), of Directive (EU) 2018/1673, as well as fraud affecting the Union’s financial interests as defined in Article 3(2) of Directive (EU) 2017/1371, passive and active corruption as defined in Article 4 (2) and misappropriation as defined in Article 4(3), second subparagraph, of that Directive; or terrorist purposes.

In order to facilitate their criminal activitiesmeans criminal activity as defined in Article 2, point (1), of Directive (EU) 2018/1673, as well as fraud affecting the Union’s financial interests as defined in Article 3(2) of Directive (EU) 2017/1371, passive and active corruption as defined in Article 4 (2) and misappropriation as defined in Article 4(3), second subparagraph, of that Directive;, money launderers and financers of terrorism are likely to take advantage of the freedom of capital movements within the Union’s integrated financial area unless certain coordinating measures are adopted at Union level. International cooperation within the framework of FATF and the global implementation of its recommendations aim to prevent money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; while transferring fundsmeans funds as defined in Article 4, point (25), of Directive (EU) 2015/2366; or virtual assets.

By reason of the scale of the action to be undertaken, the Union should ensure that the International Standards on Combating Money Launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and the Financing of Terrorism and Proliferation adopted by FATF on 16 February 2012 and then revised on 21 June 2019 (the ‘revised FATF Recommendations’), and in particular FATF Recommendation 15 on new technologies, FATF Recommendation 16 on wire transfers and the revised interpretative notes on those recommendations, are applied uniformly throughout the Union and that, in particular, there is no discrimination or discrepancy between, on the one hand, national payments or transfers of virtual assets within a Member State and, on the other, cross-border payments or transfers of virtual assets between Member States. Uncoordinated action by Member States acting alone in the field of cross-border transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; and virtual assets could have a significant impact on the smooth functioning of payment systems and virtual asset services at Union level and could therefore damage the internal market in the field of financial services.

In order to foster a coherent approach in the international context and to increase the effectiveness of the fight against money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;, further Union action should take account of developments at international level, in particular the revised FATF Recommendations.

Their global reach, the speed at which transactions can be carried out and the possible anonymity offered by their transfer make virtual assets particularly susceptible to criminal misuse, including in cross-border situations. In order to effectively address the risks posed by the misuse of virtual assets for money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; purposes, the Union should promote the application at global level of the standards implemented by this Regulation and the development of the international and cross-jurisdictional dimension of the regulatory and supervisory framework for transfers of virtual assets in relation to money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;.

Directive (EU) 2015/849 of the European Parliament and of the Council(⁷)Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73)., as a result of its amendment by Directive (EU) 2018/843 of the European Parliament and of the Council(⁸)Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (OJ L 156, 19.6.2018, p. 43)., introduced a definition of virtual currencies and recognised providers engaged in exchange services between virtual currencies and fiat currencies, as well as custodial wallet providers, among the entities subject to anti-money laundering and counter-terrorist financing requirements under Union law. Recent international developments, in particular within the framework of FATF, now imply the need to regulate additional categories of virtual asset service providers not yet covered and to broaden the current definition of virtual currency.

The definition of crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; in Regulation (EU) 2023/1114 of the European Parliament and of the Council(⁹)Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (OJ L 150, 9.6.2023, p. 40). corresponds to the definition of virtual assets set out in the revised FATF Recommendations, and the list of crypto-asset servicesmeans crypto-asset services as defined in Article 3(1), point (16), of Regulation (EU) 2023/1114, with the exception of providing advice on crypto-assets as referred to in Article 3(1), point (16)(h), of that Regulation; and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; covered in that Regulation also encompasses the virtual asset service providers identified as such by FATF and considered likely to raise money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; concerns. In order to ensure coherency of Union law in that area, this Regulation should use the same definitions of crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds;, crypto-asset servicesmeans crypto-asset services as defined in Article 3(1), point (16), of Regulation (EU) 2023/1114, with the exception of providing advice on crypto-assets as referred to in Article 3(1), point (16)(h), of that Regulation; and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; as those used in Regulation (EU) 2023/1114.

The implementation and enforcement of this Regulation represent relevant and effective means of preventing and combating money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;.

This Regulation is not intended to impose unnecessary burdens or costs on payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services;, crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; or persons who use their services. In that regard, the preventive approach should be targeted and proportionate and should be in full compliance with the free movement of capital, which is guaranteed throughout the Union.

The Union’s Revised Strategy on Terrorist Financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; of 17 July 2008 (the ‘Revised Strategy’) states that efforts must be maintained to prevent terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; and to control the use by suspected terrorists of their own financial resources. It recognises that FATF is constantly seeking to improve its recommendations and is working towards a common understanding of how they should be implemented. The Revised Strategy notes that implementation of the revised FATF Recommendations by all FATF members and members of FATF-style regional bodies is assessed on a regular basis and that a common approach to implementation by Member States is therefore important.

In addition, the Commission in its communication of 7 May 2020 on an Action Plan for a comprehensive Union policy on preventing money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; identified six priority areas for urgent action to improve the Union’s anti-money laundering and counter-terrorist financing regime, including the establishmentmeans the actual pursuit by an obliged entity of an economic activity covered by Article 3 in a Member State or third country other than the country where its head office is located for an indefinite period and through a stable infrastructure, including:a branch or subsidiary;in the case of credit institutions and financial institutions, an infrastructure qualifying as an establishment under prudential regulation; of a coherent regulatory framework for that regime in the Union to obtain more detailed and harmonised rules, in particular to address the implications of technological innovation and developments in international standards and to avoid diverging implementation of existing rules. Work at international level suggests a need to expand the scope of sectors or entities covered by that regime and to assess how it should apply to crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; not covered so far.

In order to prevent terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;, measures with the purpose of freezing the fundsmeans funds as defined in Article 4, point (25), of Directive (EU) 2015/2366; and economic resources of certain persons, groupsmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU; and entities have been taken, including Council Regulations (EC) No 2580/2001(¹⁰)Council Regulation (EC) No 2580/2001 of 27 December 2001 on specific restrictive measures directed against certain persons and entities with a view to combating terrorism (OJ L 344, 28.12.2001, p. 70)., (EC) No 881/2002(¹¹)Council Regulation (EC) No 881/2002 of 27 May 2002 imposing certain specific restrictive measures directed against certain persons and entities associated with the ISIL (Da’esh) and Al-Qaida organisations (OJ L 139, 29.5.2002, p. 9). and (EU) No 356/2010(¹²)Council Regulation (EU) No 356/2010 of 26 April 2010 imposing certain specific restrictive measures directed against certain natural or legal persons, entities or bodies, in view of the situation in Somalia (OJ L 105, 27.4.2010, p. 1).. To the same end, measures with the purpose of protecting the financial system against the channelling of fundsmeans funds as defined in Article 4, point (25), of Directive (EU) 2015/2366; and economic resources for terrorist purposes have also been taken. Directive (EU) 2015/849 contains a number of such measures. Those measures do not, however, fully prevent terrorists or other criminals from accessing payment systems for transferring their fundsmeans funds as defined in Article 4, point (25), of Directive (EU) 2015/2366;.

The traceability of transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; and crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; can be a particularly important and valuable tool in the prevention, detection and investigation of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;, as well as in the implementation of restrictive measures, in particular those imposed by Regulations (EC) No 2580/2001, (EC) No 881/2002 and (EU) No 356/2010. It is therefore appropriate, in order to ensure the transmission of information throughout the payment chain or the transfer of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; chain, to provide for a system imposing the obligation on payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; to accompany transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; with information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and the payeemeans a person that is the intended recipient of the transfer of funds; and the obligation on crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; to accompany transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; with information on the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets;.

Certain transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; entail specific high-risk factors for money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849;, terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; and other criminal activitiesmeans criminal activity as defined in Article 2, point (1), of Directive (EU) 2018/1673, as well as fraud affecting the Union’s financial interests as defined in Article 3(2) of Directive (EU) 2017/1371, passive and active corruption as defined in Article 4 (2) and misappropriation as defined in Article 4(3), second subparagraph, of that Directive;, in particular transfers related to products, transactions or technologies designed to enhance anonymity, including privacy wallets, mixers or tumblers. To ensure the traceability of such transfers, the European Supervisory Authoritymeans a supervisor who is a public body, or the public authority overseeing self-regulatory bodies in their performance of supervisory functions pursuant to Article 37 of Directive (EU) 2024/1640, or AMLA when acting as a supervisor; (European Banking Authority), established by Regulation (EU) No 1093/2010 of the European Parliament and of the Council(¹³)Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC (OJ L 331, 15.12.2010, p. 12). (EBA), should clarify, in particular, how the risk factors listed in Annex III to Directive (EU) 2015/849 are to be taken into account by crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation;, including when carrying out transactions with non-Union entities that are not regulated, registered or licensed in any third countrymeans any jurisdiction, independent state or autonomous territory that is not part of the Union and that has its own AML/CFT legislation or enforcement regime;, or with self-hosted addresses. Where situations of higher risk are identified, EBA should issue guidelines specifying the enhanced due diligence measures that obliged entities should consider applying to mitigate such risks, including the adoption of appropriate procedures such as the use of distributed ledger technologyor ‘DLT’ means distributed ledger technology as defined in Article 3(1), point (1), of Regulation (EU) 2023/1114. (DLT) analytic tools, to detect the origin or destination of crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds;.

This Regulation should apply without prejudice to the national restrictive measures and Union restrictive measures imposed by regulations based on Article 215 of the Treaty on the Functioning of the European Union, such as Regulations (EC) No 2580/2001, (EC) No 881/2002 and (EU) No 356/2010 and Council Regulations (EU) No 267/2012(¹⁴)Council Regulation (EU) No 267/2012 of 23 March 2012 concerning restrictive measures against Iran and repealing Regulation (EU) No 961/2010 (OJ L 88, 24.3.2012, p. 1)., (EU) 2016/1686(¹⁵)Council Regulation (EU) 2016/1686 of 20 September 2016 imposing additional restrictive measures directed against ISIL (Da’esh) and Al-Qaeda and natural and legal persons, entities or bodies associated with them (OJ L 255, 21.9.2016, p. 1). and (EU) 2017/1509(¹⁶)Council Regulation (EU) 2017/1509 of 30 August 2017 concerning restrictive measures against the Democratic People’s Republic of Korea and repealing Regulation (EC) No 329/2007 (OJ L 224, 31.8.2017, p. 1)., which may require that payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; of payersmeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and of payeesmeans a person that is the intended recipient of the transfer of funds;, crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; of originatorsmeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and of beneficiariesmeans a person that is the intended recipient of the transfer of crypto-assets;, intermediary payment service providersmeans a payment service provider that is not the payment service provider of the payer or of the payee and that receives and transmits a transfer of funds on behalf of the payment service provider of the payer or of the payee or of another intermediary payment service provider;, as well as intermediary crypto-asset service providersmeans a crypto-asset service provider that is not the crypto-asset service provider of the originator or of the beneficiary and that receives and transmits a transfer of crypto-assets on behalf of the crypto-asset service provider of the originator or of the beneficiary, or of another intermediary crypto-asset service provider;, take appropriate action to freeze certain fundsmeans funds as defined in Article 4, point (25), of Directive (EU) 2015/2366; and crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; or that they comply with specific restrictions concerning certain transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; or of crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds;. Payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; should have in place internal policies, procedures and controls to ensure implementation of those restrictive measures, including screening measures against Union and national lists of designated persons. EBA should issue guidelines specifying those internal policies, procedures and controls. It is intended that the requirements of this Regulation on internal policies, procedures and controls related to restrictive measures will be repealed in the near future by a Regulation of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;.

The processing of personal data under this Regulation should take place in full compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council(¹⁷)Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).. Further processing of personal data for commercial purposes should be strictly prohibited. The fight against money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; is recognised as an important public interest ground by all Member States. In applying this Regulation, the transfer of personal data to a third countrymeans any jurisdiction, independent state or autonomous territory that is not part of the Union and that has its own AML/CFT legislation or enforcement regime; is required to be carried out in accordance with Chapter V of Regulation (EU) 2016/679. It is important that payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; operating in multiple jurisdictions with branches or subsidiaries located outside the Union should not be prevented from transferring data about suspicious transactions within the same organisation, provided that they apply adequate safeguards. In addition, the crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; of the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and of the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets;, the payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; of the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and of the payeemeans a person that is the intended recipient of the transfer of funds; and the intermediary payment service providersmeans a payment service provider that is not the payment service provider of the payer or of the payee and that receives and transmits a transfer of funds on behalf of the payment service provider of the payer or of the payee or of another intermediary payment service provider; and intermediary crypto-asset service providersmeans a crypto-asset service provider that is not the crypto-asset service provider of the originator or of the beneficiary and that receives and transmits a transfer of crypto-assets on behalf of the crypto-asset service provider of the originator or of the beneficiary, or of another intermediary crypto-asset service provider; should have in place appropriate technical and organisational measures to protect personal data against accidental loss, alteration, or unauthorised disclosure or access.

Persons that merely convert paper documents into electronic data and are acting under a contract with a payment service providermeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services;, and persons that provide payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; solely with messaging or other support systems for transmitting fundsmeans funds as defined in Article 4, point (25), of Directive (EU) 2015/2366; or with clearing and settlement systems should not fall within the scope of this Regulation.

Persons that provide only ancillary infrastructure, such as internet network and infrastructure service providers, cloud service providers or software developers, that enables another entity to provide transfer services for crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds;, should not fall within the scope of this Regulation unless they perform transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;.

This Regulation should not apply to person-to-person transfers of crypto-assetsmeans a transfer of crypto-assets without the involvement of any crypto-asset service provider; conducted without the involvement of a crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation;, or to cases where both the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; are providers of transfer services for crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; acting on their own behalf.

Transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; corresponding to services referred to in Article 3, points (a) to (m) and point (o), of Directive (EU) 2015/2366 of the European Parliament and of the Council(¹⁸)Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, p. 35). do not fall within the scope of this Regulation. It is also appropriate to exclude from the scope of this Regulation transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; and of electronic moneymeans electronic money as defined in Article 2, point (2), of Directive 2009/110/EC of the European Parliament and of the Council(38) Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7)., but excluding monetary value as referred to in Article 1(4) and (5) of that Directive;Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7). tokens, as defined in Article 3(1), point (7), of Regulation (EU) 2023/1114, that represent a low risk of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;. Such exclusions should cover payment cards, electronic moneymeans electronic money as defined in Article 2, point (2), of Directive 2009/110/EC of the European Parliament and of the Council(38) Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7)., but excluding monetary value as referred to in Article 1(4) and (5) of that Directive;Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7). instruments, mobile phones or other digital or information technology (IT) prepaid or postpaid devices with similar characteristics, where they are used exclusively for the purchase of goods or services and the number of the card, instrument or device accompanies all transfers. However, the use of a payment card, an electronic moneymeans electronic money as defined in Article 2, point (2), of Directive 2009/110/EC of the European Parliament and of the Council(38) Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7)., but excluding monetary value as referred to in Article 1(4) and (5) of that Directive;Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7). instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics in order to effect a transfer of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; or of electronic moneymeans electronic money as defined in Article 2, point (2), of Directive 2009/110/EC of the European Parliament and of the Council(38) Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7)., but excluding monetary value as referred to in Article 1(4) and (5) of that Directive;Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7). tokens between natural persons acting as consumers for purposes other than trade, business or professional activity, falls within the scope of this Regulation. In addition, automated teller machine withdrawals, payments of taxes, fines or other levies, transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; carried out through cheque images exchanges, including truncated cheques, or bills of exchange, and transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; where both the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and the payeemeans a person that is the intended recipient of the transfer of funds; are payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; acting on their own behalf should be excluded from the scope of this Regulation.

Crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; that are unique and not fungible are not subject to the requirements of this Regulation unless they are classified as crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; or fundsmeans funds as defined in Article 4, point (25), of Directive (EU) 2015/2366; under Regulation (EU) 2023/1114.

Crypto-asset automated teller machinesor ‘crypto-ATMs’ means physical or on-line electronic terminals that enable a crypto-asset service provider to perform, in particular, the activity of transfer services for crypto-assets, as referred to in Article 3(1), point (16)(j), of Regulation (EU) 2023/1114; (the ‘crypto-ATMs’) can enable users to perform transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; to a crypto-assetmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; address by depositing cashmeans cash as defined in Article 2(1), point (a), of Regulation (EU) 2018/1672 of the European Parliament and of the Council(39) Regulation (EU) 2018/1672 of the European Parliament and of the Council of 23 October 2018 on controls on cash entering or leaving the Union and repealing Regulation (EC) No 1889/2005 (OJ L 284, 12.11.2018, p. 6).;Regulation (EU) 2018/1672 of the European Parliament and of the Council of 23 October 2018 on controls on cash entering or leaving the Union and repealing Regulation (EC) No 1889/2005 (OJ L 284, 12.11.2018, p. 6)., often without any form of customer identification and verification. Crypto-ATMs are particularly exposed to money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; risks because the anonymity they provide, and the possibility of operating with cashmeans cash as defined in Article 2(1), point (a), of Regulation (EU) 2018/1672 of the European Parliament and of the Council(39) Regulation (EU) 2018/1672 of the European Parliament and of the Council of 23 October 2018 on controls on cash entering or leaving the Union and repealing Regulation (EC) No 1889/2005 (OJ L 284, 12.11.2018, p. 6).;Regulation (EU) 2018/1672 of the European Parliament and of the Council of 23 October 2018 on controls on cash entering or leaving the Union and repealing Regulation (EC) No 1889/2005 (OJ L 284, 12.11.2018, p. 6). of unknown origin, make them an ideal vehicle for illicit activities. Given the role of crypto-ATMs in providing or actively facilitating transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;, transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; linked to crypto-ATMs should fall under the scope of this Regulation.

In order to reflect the special characteristics of national payment systems, and provided that it is always possible to trace the transfer of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; back to the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order;, Member States should be able to exempt from the scope of this Regulation certain domestic low-value transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics;, including electronic giro payments, used for the purchase of goods or services.

Due to the inherent borderless nature and global reach of transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; and of the provision of crypto-asset servicesmeans crypto-asset services as defined in Article 3(1), point (16), of Regulation (EU) 2023/1114, with the exception of providing advice on crypto-assets as referred to in Article 3(1), point (16)(h), of that Regulation;, there are no objective reasons to distinguish the treatment of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; risks of national transfers from that of cross-border transfers. In order to reflect those specific features, no exemption from the scope of this Regulation should be granted to domestic low-value transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;, in line with the FATF requirement to treat all transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; as cross-border.

Payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; should ensure that the information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and the payeemeans a person that is the intended recipient of the transfer of funds; or on the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; is not missing or incomplete.

In order not to impair the efficiency of payment systems and in order to balance the risk of driving transactions underground as a result of overly strict identification requirements against the potential terrorist threat posed by small transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics;, the obligation to check whether information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; or the payeemeans a person that is the intended recipient of the transfer of funds; is accurate should, in the case of transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; where verification has not yet taken place, be imposed only in respect of individual transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; that exceed EUR 1 000, unless the transfer appears to be linked to other transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; which together would exceed EUR 1 000, the fundsmeans funds as defined in Article 4, point (25), of Directive (EU) 2015/2366; have been received or paid out in cashmeans cash as defined in Article 2(1), point (a), of Regulation (EU) 2018/1672 of the European Parliament and of the Council(39) Regulation (EU) 2018/1672 of the European Parliament and of the Council of 23 October 2018 on controls on cash entering or leaving the Union and repealing Regulation (EC) No 1889/2005 (OJ L 284, 12.11.2018, p. 6).;Regulation (EU) 2018/1672 of the European Parliament and of the Council of 23 October 2018 on controls on cash entering or leaving the Union and repealing Regulation (EC) No 1889/2005 (OJ L 284, 12.11.2018, p. 6). or in anonymous electronic moneymeans electronic money as defined in Article 2, point (2), of Directive 2009/110/EC of the European Parliament and of the Council(38) Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7)., but excluding monetary value as referred to in Article 1(4) and (5) of that Directive;Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7)., or where there are reasonable grounds for suspecting money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;.

Compared to transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics;, transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; can be carried out across multiple jurisdictions at a larger scale and higher speed due to their global reach and technological characteristics. In addition to the pseudo-anonymity of crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds;, those features of transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; offer criminals the opportunity to carry out at high speed large illicit transfers while circumventing traceability obligations and avoiding detection, by means of structuring a large transaction into smaller amounts, using multiple seemingly unrelated DLT addresses, including one-time use DLT addresses, and using automated processes. Most crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; are also highly volatile and their value can fluctuate significantly within a very short timeframe which makes the calculation of linked transactionsmeans two or more transactions with either identical or similar origin, destination and purpose, or other relevant characteristics, over a specific period; more uncertain. In order to reflect those specific features, transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; should be subject to the same requirements regardless of their amount and of whether they are domestic or cross-border transfers.

For transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; or for transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; where verification is deemed to have taken place, payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; should not be required to verify the accuracy of the information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; or the payeemeans a person that is the intended recipient of the transfer of funds; accompanying each transfer of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics;, or on the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; accompanying each transfer of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;, provided that the obligations laid down in Directive (EU) 2015/849 are met.

In view of the Union legislative acts in respect of payment services, namely Regulation (EU) No 260/2012 of the European Parliament and of the Council(¹⁹)Regulation (EU) No 260/2012 of the European Parliament and of the Council of 14 March 2012 establishing technical and business requirements for credit transfers and direct debits in euro and amending Regulation (EC) No 924/2009 (OJ L 94, 30.3.2012, p. 22)., Directive (EU) 2015/2366 and Regulation (EU) 2021/1230 of the European Parliament and of the Council(²⁰)Regulation (EU) 2021/1230 of the European Parliament and of the Council of 14 July 2021 on cross-border payments in the Union (OJ L 274, 30.7.2021, p. 20)., it should be sufficient to provide that only simplified information accompany transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; within the Union, such as the payment accountmeans a payment account as defined in Article 4, point (12), of Directive (EU) 2015/2366; number or a unique transaction identifiermeans a combination of letters, numbers or symbols determined by the payment service provider, in accordance with the protocols of the payment and settlement systems or messaging systems used for the transfer of funds, or determined by a crypto-asset service provider, which permits the traceability of the transaction back to the payer and the payee or the traceability of the transfer of crypto-assets back to the originator and the beneficiary;.

In order to allow the authorities responsible for combating money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; in third countriesmeans any jurisdiction, independent state or autonomous territory that is not part of the Union and that has its own AML/CFT legislation or enforcement regime; to trace the source of fundsmeans funds as defined in Article 4, point (25), of Directive (EU) 2015/2366; or crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; used for those purposes, transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; or transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; from the Union to outside the Union should carry complete information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and the payeemeans a person that is the intended recipient of the transfer of funds;, in respect of transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics;, and on the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets;, in respect of transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;. Complete information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and the payeemeans a person that is the intended recipient of the transfer of funds; should include the legal entity identifieror ‘LEI’ means a unique alphanumeric reference code based on the ISO 17442 standard assigned to a legal entity; (LEI), or any equivalent official identifier, where that identifier is provided by the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; to its payment service providermeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services;, since that would allow for better identification of the parties involved in a transfer of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; and could easily be included in existing payment message formats, such as that developed by the International Organisation for Standardisation for electronic data interchange between financial institutionsmeans:an undertaking other than a credit institution or an investment firm, which carries out one or more of the activities listed in points (2) to (12), (14) and (15) of Annex I to Directive 2013/36/EU of the European Parliament and of the Council(32) Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338)., including the activities of currency exchange offices (bureaux de change), but excluding the activities referred to in point (8) of Annex I to Directive (EU) 2015/2366, or an undertaking the principal activity of which is to acquire holdings, including a financial holding company, a mixed financial holding company and a financial mixed activity holding company;Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338).an insurance undertaking as defined in Article 13, point (1), of Directive 2009/138/EC of the European Parliament and of the Council(33) Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1)., insofar as it carries out life or other investment-related assurance activities covered by that Directive, including insurance holding companies and mixed-activity insurance holding companies as defined, respectively, in Article 212(1), points (f) and (g), of Directive 2009/138/EC;Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1).an insurance intermediary as defined in Article 2(1), point (3), of Directive (EU) 2016/97 where it acts with respect to life insurance and other investment-related insurance services, with the exception of an insurance intermediary that does not collect premiums or amounts intended for the customer and which acts under the responsibility of one or more insurance undertakings or intermediaries for the products which concern them respectively;an investment firm as defined in Article 4(1), point (1), of Directive 2014/65/EU of the European Parliament and of the Council(34) Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).;Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).a collective investment undertaking, in particular:an undertaking for collective investment in transferable securities (UCITS) as defined in Article 1(2) of Directive 2009/65/EC and its management company as defined in Article 2(1), point (b), of that Directive or an investment company authorised in accordance with that Directive and which has not designated a management company, that makes available for purchase units of UCITS in the Union;an alternative investment fund as defined in Article 4(1), point (a), of Directive 2011/61/EU and its alternative investment fund manager as defined in Article 4(1), point (b), of that Directive that fall within the scope set out in Article 2 of that Directive;a central securities depository as defined in Article 2(1), point (1), of Regulation (EU) No 909/2014 of the European Parliament and of the Council(35) Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (OJ L 257, 28.8.2014, p. 1).;Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (OJ L 257, 28.8.2014, p. 1).a creditor as defined in Article 4, point (2), of Directive 2014/17/EU of the European Parliament and of the Council(36) Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No 1093/2010 (OJ L 60, 28.2.2014, p. 34). and in Article 3, point (b), of Directive 2008/48/EC of the European Parliament and of the Council(37) Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and repealing Council Directive 87/102/EEC (OJ L 133, 22.5.2008, p. 66).;Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No 1093/2010 (OJ L 60, 28.2.2014, p. 34).Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and repealing Council Directive 87/102/EEC (OJ L 133, 22.5.2008, p. 66).a credit intermediary as defined in Article 4, point (5), of Directive 2014/17/EU and in Article 3, point (f), of Directive 2008/48/EC, when holding the funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 in connection with the credit agreement, with the exception of the credit intermediary carrying out activities under the responsibility of one or more creditors or credit intermediaries;a crypto-asset service provider;a branch of a financial institution referred to in points (a) to (i), when located in the Union, whether its head office is located in a Member State or in a third country;. The authorities responsible for combating money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; in third countriesmeans any jurisdiction, independent state or autonomous territory that is not part of the Union and that has its own AML/CFT legislation or enforcement regime; should be granted access to complete information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and the payeemeans a person that is the intended recipient of the transfer of funds; or on the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets;, as applicable, only for the purposes of preventing, detecting and investigating money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;.

Crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; exist in a borderless virtual reality and can be transferred to any crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation;, whether or not that provider is registered in a jurisdiction. Many non-Union jurisdictions have in place rules relating to data protection and its enforcement that differ from those in the Union. When transferring crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; on behalf of a client to a crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; that is not registered in the Union, the crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; of the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; should assess the ability of the crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; of the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; to receive and retain the information required under this Regulation in compliance with Regulation (EU) 2016/679, using, where appropriate, the options available in Chapter V of Regulation (EU) 2016/679. The European Data Protection Board should, after consulting EBA, issue guidelines on the practical implementation of data protection requirements for transfers of personal data to third countriesmeans any jurisdiction, independent state or autonomous territory that is not part of the Union and that has its own AML/CFT legislation or enforcement regime; in the context of transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;. Situations might occur where personal data cannot be sent because the requirements of Regulation (EU) 2016/679 cannot be fulfilled. EBA should issue guidelines on suitable procedures for determining whether the transfer of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; should be executed, rejected or suspended in such cases.

The Member State authorities responsible for combating money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;, and relevant judicial and law enforcement authorities in the Member States and at Union level, should intensify cooperation with each other and with relevant third countrymeans any jurisdiction, independent state or autonomous territory that is not part of the Union and that has its own AML/CFT legislation or enforcement regime; authorities, including those in developing countries, in order to strengthen further transparency and the sharing of information and best practices.

The crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; of the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; should ensure that transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; are accompanied by the name of the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets;, the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets;’s distributed ledger addressmeans an alphanumeric code that identifies an address on a network using distributed ledger technology (DLT) or similar technology where crypto-assets can be sent or received;, in cases where a transfer of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; is registered on a network using DLT or similar technology, the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets;’s crypto-asset accountmeans an account held by a crypto-asset service provider in the name of one or more natural or legal persons and that can be used for the execution of transfers of crypto-assets; number, in cases where such an account exists and is used to process the transaction, the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets;’s address including the name of the country, official personal document number and customer identification number, or, alternatively, the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets;’s date and place of birth, and, subject to the existence of the necessary field in the relevant message format and where provided by the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; to its crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation;, the current LEI or, in its absence, any other available equivalent official identifier of the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets;. The information should be submitted in a secure manner and in advance of, or simultaneously or concurrently with, the transfer of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;.

The crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; of the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; should also ensure that transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; are accompanied by the name of the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets;, the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets;’s distributed ledger addressmeans an alphanumeric code that identifies an address on a network using distributed ledger technology (DLT) or similar technology where crypto-assets can be sent or received;, in cases where a transfer of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; is registered on a network using DLT or similar technology, the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets;’s account number, in cases where such an account exists and is used to process the transaction and, subject to the existence of the necessary field in the relevant message format and where provided by the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; to its crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation;, the current LEI or, in its absence, any other available equivalent official identifier of the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets;. The information should be submitted in a secure manner and in advance of, or simultaneously or concurrently with, the transfer of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;.

Regarding transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;, the requirements of this Regulation should apply to all transfers including transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; to or from a self-hosted addressmeans a distributed ledger address not linked to either of the following:a crypto-asset service provider;an entity not established in the Union and providing services similar to those of a crypto-asset service provider;, as long as there is a crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; involved.

In the case of a transfer to or from a self-hosted addressmeans a distributed ledger address not linked to either of the following:a crypto-asset service provider;an entity not established in the Union and providing services similar to those of a crypto-asset service provider;, the crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; should collect the information on both the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets;, usually from its client. A crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; should in principle not be required to verify the information on the user of the self-hosted addressmeans a distributed ledger address not linked to either of the following:a crypto-asset service provider;an entity not established in the Union and providing services similar to those of a crypto-asset service provider;. Nonetheless, in the case of a transfer of an amount exceeding EUR 1 000 that is sent or received on behalf of a client of a crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; to or from a self-hosted addressmeans a distributed ledger address not linked to either of the following:a crypto-asset service provider;an entity not established in the Union and providing services similar to those of a crypto-asset service provider;, that crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; should verify whether that self-hosted addressmeans a distributed ledger address not linked to either of the following:a crypto-asset service provider;an entity not established in the Union and providing services similar to those of a crypto-asset service provider; is effectively owned or controlled by that client.

As regards transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; from a single payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; to several payeesmeans a person that is the intended recipient of the transfer of funds; that are to be sent in a batch file transfermeans a bundle of several individual transfers of funds or transfers of crypto-assets put together for transmission; containing individual transfers from the Union to outside the Union, provision should be made for such individual transfers to carry only the payment accountmeans a payment account as defined in Article 4, point (12), of Directive (EU) 2015/2366; number of the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; or the unique transaction identifiermeans a combination of letters, numbers or symbols determined by the payment service provider, in accordance with the protocols of the payment and settlement systems or messaging systems used for the transfer of funds, or determined by a crypto-asset service provider, which permits the traceability of the transaction back to the payer and the payee or the traceability of the transfer of crypto-assets back to the originator and the beneficiary;, as well as complete information on the payeemeans a person that is the intended recipient of the transfer of funds;, provided that the batch file contains complete information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; that is verified for accuracy and complete information on the payeemeans a person that is the intended recipient of the transfer of funds; that is fully traceable.

As regards batch file transfersmeans a bundle of several individual transfers of funds or transfers of crypto-assets put together for transmission; of crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds;, the submission of information on the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; in batches should be accepted, as long as that submission occurs immediately and securely. It should not be permitted to submit the required information after the transfer, as submission must occur before or at the moment the transaction is completed, and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; or other obliged entities should submit the required information simultaneously with the batch file transfermeans a bundle of several individual transfers of funds or transfers of crypto-assets put together for transmission; of crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds;.

In order to check whether the required information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and the payeemeans a person that is the intended recipient of the transfer of funds; accompanies transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics;, and to help identify suspicious transactions, the payment service providermeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; of the payeemeans a person that is the intended recipient of the transfer of funds; and the intermediary payment service providermeans a payment service provider that is not the payment service provider of the payer or of the payee and that receives and transmits a transfer of funds on behalf of the payment service provider of the payer or of the payee or of another intermediary payment service provider; should have effective procedures in place to detect whether information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and the payeemeans a person that is the intended recipient of the transfer of funds; is missing or incomplete. Those procedures should include monitoring after or during the transfers where appropriate. Competent authoritiesmeans:a Financial Intelligence Unit (FIU);a supervisory authority;a public authority that has the function of investigating or prosecuting money laundering, its predicate offences or terrorist financing, or that has the function of tracing, seizing or freezing and confiscating criminal assets;a public authority with designated responsibilities for combating money laundering or terrorist financing; should ensure that payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; include the required transaction information with the wire transfer or related message throughout the payment chain.

As regards transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;, the crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; of the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; should implement effective procedures to detect whether the information on the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; or beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; is missing or incomplete. Those procedures should include, where appropriate, monitoring after or during the transfers. It should not be required that the information is attached directly to the transfer of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; itself, as long as it is submitted in advance of, or simultaneously or concurrently with, the transfer of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;, and is available upon request to appropriate authorities.

Given the potential threat of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; presented by anonymous transfers, it is appropriate to require payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; to request information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and the payeemeans a person that is the intended recipient of the transfer of funds; and to require crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; to request information on the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets;. In line with the risk-based approach developed by FATF, it is appropriate to identify areas of higher and lower risk, with a view to better targeting the risk of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;. Accordingly, the crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; of the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets;, the payment service providermeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; of the payeemeans a person that is the intended recipient of the transfer of funds;, the intermediary payment service providermeans a payment service provider that is not the payment service provider of the payer or of the payee and that receives and transmits a transfer of funds on behalf of the payment service provider of the payer or of the payee or of another intermediary payment service provider; and the intermediary crypto-asset service providermeans a crypto-asset service provider that is not the crypto-asset service provider of the originator or of the beneficiary and that receives and transmits a transfer of crypto-assets on behalf of the crypto-asset service provider of the originator or of the beneficiary, or of another intermediary crypto-asset service provider; should have effective risk-based procedures that apply where a transfer of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; lacks the required information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; or the payeemeans a person that is the intended recipient of the transfer of funds;, or where a transfer of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; lacks the required information on the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; or the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets;, in order to allow that service provider to decide whether to execute, reject or suspend that transfer and to determine the appropriate follow-up action to take.

Crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation;, like all obliged entities, should assess and monitor the risk related to their clients, products and delivery channels. Crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; should also assess the risk related to their transactions, including where performing transfers to or from self-hosted addresses. In the event that the crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; is or becomes aware that the information on the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; or beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; using the self-hosted addressmeans a distributed ledger address not linked to either of the following:a crypto-asset service provider;an entity not established in the Union and providing services similar to those of a crypto-asset service provider; is inaccurate, or where the crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; encounters unusual or suspicious patterns of transactions or situations of higher risks of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; associated with transfers involving self-hosted addresses, that crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; should implement, where appropriate, enhanced due diligence measures to manage and mitigate the risks appropriately. The crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; should take those circumstances into account when assessing whether a transfer of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;, or any related transaction, is unusual and whether it is to be reported to the Financial Intelligence Unit (FIU) in accordance with Directive (EU) 2015/849.

This Regulation should be reviewed in the context of the adoption of a Regulation of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;, a Directive of the European Parliament and of the Council on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; and repealing Directive (EU) 2015/849 and a Regulation of the European Parliament and of the Council establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010, in order to ensure consistency with the relevant provisions.

When assessing the risks, the payment service providermeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; of the payeemeans a person that is the intended recipient of the transfer of funds;, the intermediary payment service providermeans a payment service provider that is not the payment service provider of the payer or of the payee and that receives and transmits a transfer of funds on behalf of the payment service provider of the payer or of the payee or of another intermediary payment service provider;, the crypto-asset service providermeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; of the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; or the intermediary crypto-asset service providermeans a crypto-asset service provider that is not the crypto-asset service provider of the originator or of the beneficiary and that receives and transmits a transfer of crypto-assets on behalf of the crypto-asset service provider of the originator or of the beneficiary, or of another intermediary crypto-asset service provider; should exercise special vigilance where it becomes aware that information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; or the payeemeans a person that is the intended recipient of the transfer of funds; or on the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; or the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets;, as applicable, is missing or incomplete, or where a transfer of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; is required to be considered suspicious based on the origin or destination of the crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; concerned, and should report suspicious transactions to the competent authoritiesmeans:a Financial Intelligence Unit (FIU);a supervisory authority;a public authority that has the function of investigating or prosecuting money laundering, its predicate offences or terrorist financing, or that has the function of tracing, seizing or freezing and confiscating criminal assets;a public authority with designated responsibilities for combating money laundering or terrorist financing; in accordance with the reporting obligations set out in Directive (EU) 2015/849.

Similar to transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; between payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services;, transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; involving intermediary crypto-asset service providersmeans a crypto-asset service provider that is not the crypto-asset service provider of the originator or of the beneficiary and that receives and transmits a transfer of crypto-assets on behalf of the crypto-asset service provider of the originator or of the beneficiary, or of another intermediary crypto-asset service provider; might facilitate transfers as an intermediate element in a chain of transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;. In line with international standards, such intermediary providers should also be subject to the requirements set out in this Regulation, in the same way as existing obligations on intermediary payment service providersmeans a payment service provider that is not the payment service provider of the payer or of the payee and that receives and transmits a transfer of funds on behalf of the payment service provider of the payer or of the payee or of another intermediary payment service provider;.

The provisions on transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; and transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; in relation to which information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; or the payeemeans a person that is the intended recipient of the transfer of funds; or the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; or the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; is missing or incomplete, and in relation to which transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; are required to be considered suspicious based on the origin or destination of the crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; concerned, apply without prejudice to any obligations on payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services;, intermediary payment service providersmeans a payment service provider that is not the payment service provider of the payer or of the payee and that receives and transmits a transfer of funds on behalf of the payment service provider of the payer or of the payee or of another intermediary payment service provider;, crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; and intermediary crypto-asset service providersmeans a crypto-asset service provider that is not the crypto-asset service provider of the originator or of the beneficiary and that receives and transmits a transfer of crypto-assets on behalf of the crypto-asset service provider of the originator or of the beneficiary, or of another intermediary crypto-asset service provider; to reject or suspend transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; and transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; which breach a provision of civil, administrative or criminal law.

In order to ensure technology neutrality, this Regulation should not mandate the use of a particular technology for the transfer of transaction information by crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation;. To ensure the efficient implementation of requirements applicable to crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; under this Regulation, standard-setting initiatives involving or led by the crypto-assetmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; industry will be critical. The resulting solutions should be interoperable through the use of international or Union-wide standards in order to allow for a swift exchange of information.

With the aim of assisting payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; to put effective procedures in place to detect cases in which they receive transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; or transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; with missing or incomplete information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order;, payeemeans a person that is the intended recipient of the transfer of funds;, originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; or beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; and to take effective follow-up action, EBA should issue guidelines.

To enable prompt action to be taken in the fight against money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;, payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; should respond promptly to requests for information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and the payeemeans a person that is the intended recipient of the transfer of funds; or on the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; from the authorities responsible for combating money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; in the Member State where those payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; are established or where those crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; have their registered office.

The number of working days elapsing in the Member State of the payment service providermeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; of the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; determines the number of days to respond to requests for information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order;.

As it may not be possible in criminal investigations to identify the data required or the individuals involved in a transaction until many months, or even years, after the original transfer of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; or transfer of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;, and in order to be able to have access to essential evidence in the context of investigations, it is appropriate to require payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; or crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; to keep records of information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and the payeemeans a person that is the intended recipient of the transfer of funds; or the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; for a period of time for the purposes of preventing, detecting and investigating money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;. That period should be limited to five years, after which all personal data should be deleted unless national law provides otherwise. If necessary for the purposes of preventing, detecting or investigating money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;, and after carrying out an assessment of the necessity and proportionality of the measure, Member States should be able to allow or require retention of records for a further period of no more than five years, without prejudice to national criminal law on evidence applicable to ongoing criminal investigations and legal proceedings and in full compliance with Directive (EU) 2016/680 of the European Parliament and of the Council(²¹)Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).. Those measures could be reviewed in light of the adoption of a Regulation of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;.

In order to improve compliance with this Regulation, and in accordance with the Commission Communication of 9 December 2010 entitled ‘Reinforcing sanctioning regimes in the financial services sector’, the power to adopt supervisory measures and the sanctioning powers of competent authoritiesmeans:a Financial Intelligence Unit (FIU);a supervisory authority;a public authority that has the function of investigating or prosecuting money laundering, its predicate offences or terrorist financing, or that has the function of tracing, seizing or freezing and confiscating criminal assets;a public authority with designated responsibilities for combating money laundering or terrorist financing; should be enhanced. Administrative sanctions and measures should be provided for and, given the importance of the fight against money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;, Member States should lay down sanctions and measures that are effective, proportionate and dissuasive. Member States should notify the Commission and the permanent internal committee on anti-money-laundering and countering terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; referred to in Article 9a(7) of Regulation (EU) No 1093/2010 thereof.

In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council(²²)Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13)..

A number of countries and territories which do not form part of the territory of the Union share a monetary union with a Member State, form part of the currency area of a Member State or have signed a monetary convention with the Union represented by a Member State, and have payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; that participate directly or indirectly in the payment and settlement systems of that Member State. In order to avoid the application of this Regulation to transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; between the Member States concerned and those countries or territories having a significant negative effect on the economies of those countries or territories, it is appropriate to provide for the possibility for such transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; to be treated as transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; within the Member States concerned.

Given the potential high risks associated with, and the technological and regulatory complexity posed by, self-hosted addresses, including in relation to the verification of ownership information, by 1 July 2026, the Commission should assess the need for additional specific measures to mitigate the risks posed by transfers to or from self-hosted addresses or to or from entities not established in the Union, including the introduction of possible restrictions, and should assess the effectiveness and proportionality of the mechanisms used to verify the accuracy of information concerning the ownership of self-hosted addresses.

At present, Directive (EU) 2015/849 only applies to two categories of crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation;, namely, custodial wallet providers and providers engaged in exchange services between virtual currencies and fiat currencies. In order to close existing loopholes in the anti-money laundering and counter-terrorist financing framework and to align Union law with international recommendations, Directive (EU) 2015/849 should be amended to include all categories of crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; as defined in Regulation (EU) 2023/1114, which covers a broader range of crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation;. In particular, with a view to ensuring that crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; are subject to the same requirements and level of supervision as credit and financial institutionsmeans:an undertaking other than a credit institution or an investment firm, which carries out one or more of the activities listed in points (2) to (12), (14) and (15) of Annex I to Directive 2013/36/EU of the European Parliament and of the Council(32) Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338)., including the activities of currency exchange offices (bureaux de change), but excluding the activities referred to in point (8) of Annex I to Directive (EU) 2015/2366, or an undertaking the principal activity of which is to acquire holdings, including a financial holding company, a mixed financial holding company and a financial mixed activity holding company;Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338).an insurance undertaking as defined in Article 13, point (1), of Directive 2009/138/EC of the European Parliament and of the Council(33) Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1)., insofar as it carries out life or other investment-related assurance activities covered by that Directive, including insurance holding companies and mixed-activity insurance holding companies as defined, respectively, in Article 212(1), points (f) and (g), of Directive 2009/138/EC;Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1).an insurance intermediary as defined in Article 2(1), point (3), of Directive (EU) 2016/97 where it acts with respect to life insurance and other investment-related insurance services, with the exception of an insurance intermediary that does not collect premiums or amounts intended for the customer and which acts under the responsibility of one or more insurance undertakings or intermediaries for the products which concern them respectively;an investment firm as defined in Article 4(1), point (1), of Directive 2014/65/EU of the European Parliament and of the Council(34) Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).;Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).a collective investment undertaking, in particular:an undertaking for collective investment in transferable securities (UCITS) as defined in Article 1(2) of Directive 2009/65/EC and its management company as defined in Article 2(1), point (b), of that Directive or an investment company authorised in accordance with that Directive and which has not designated a management company, that makes available for purchase units of UCITS in the Union;an alternative investment fund as defined in Article 4(1), point (a), of Directive 2011/61/EU and its alternative investment fund manager as defined in Article 4(1), point (b), of that Directive that fall within the scope set out in Article 2 of that Directive;a central securities depository as defined in Article 2(1), point (1), of Regulation (EU) No 909/2014 of the European Parliament and of the Council(35) Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (OJ L 257, 28.8.2014, p. 1).;Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (OJ L 257, 28.8.2014, p. 1).a creditor as defined in Article 4, point (2), of Directive 2014/17/EU of the European Parliament and of the Council(36) Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No 1093/2010 (OJ L 60, 28.2.2014, p. 34). and in Article 3, point (b), of Directive 2008/48/EC of the European Parliament and of the Council(37) Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and repealing Council Directive 87/102/EEC (OJ L 133, 22.5.2008, p. 66).;Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No 1093/2010 (OJ L 60, 28.2.2014, p. 34).Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and repealing Council Directive 87/102/EEC (OJ L 133, 22.5.2008, p. 66).a credit intermediary as defined in Article 4, point (5), of Directive 2014/17/EU and in Article 3, point (f), of Directive 2008/48/EC, when holding the funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 in connection with the credit agreement, with the exception of the credit intermediary carrying out activities under the responsibility of one or more creditors or credit intermediaries;a crypto-asset service provider;a branch of a financial institution referred to in points (a) to (i), when located in the Union, whether its head office is located in a Member State or in a third country;, it is appropriate to update the list of obliged entities by including crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; within the category of financial institutionsmeans:an undertaking other than a credit institution or an investment firm, which carries out one or more of the activities listed in points (2) to (12), (14) and (15) of Annex I to Directive 2013/36/EU of the European Parliament and of the Council(32) Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338)., including the activities of currency exchange offices (bureaux de change), but excluding the activities referred to in point (8) of Annex I to Directive (EU) 2015/2366, or an undertaking the principal activity of which is to acquire holdings, including a financial holding company, a mixed financial holding company and a financial mixed activity holding company;Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338).an insurance undertaking as defined in Article 13, point (1), of Directive 2009/138/EC of the European Parliament and of the Council(33) Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1)., insofar as it carries out life or other investment-related assurance activities covered by that Directive, including insurance holding companies and mixed-activity insurance holding companies as defined, respectively, in Article 212(1), points (f) and (g), of Directive 2009/138/EC;Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1).an insurance intermediary as defined in Article 2(1), point (3), of Directive (EU) 2016/97 where it acts with respect to life insurance and other investment-related insurance services, with the exception of an insurance intermediary that does not collect premiums or amounts intended for the customer and which acts under the responsibility of one or more insurance undertakings or intermediaries for the products which concern them respectively;an investment firm as defined in Article 4(1), point (1), of Directive 2014/65/EU of the European Parliament and of the Council(34) Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).;Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).a collective investment undertaking, in particular:an undertaking for collective investment in transferable securities (UCITS) as defined in Article 1(2) of Directive 2009/65/EC and its management company as defined in Article 2(1), point (b), of that Directive or an investment company authorised in accordance with that Directive and which has not designated a management company, that makes available for purchase units of UCITS in the Union;an alternative investment fund as defined in Article 4(1), point (a), of Directive 2011/61/EU and its alternative investment fund manager as defined in Article 4(1), point (b), of that Directive that fall within the scope set out in Article 2 of that Directive;a central securities depository as defined in Article 2(1), point (1), of Regulation (EU) No 909/2014 of the European Parliament and of the Council(35) Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (OJ L 257, 28.8.2014, p. 1).;Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (OJ L 257, 28.8.2014, p. 1).a creditor as defined in Article 4, point (2), of Directive 2014/17/EU of the European Parliament and of the Council(36) Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No 1093/2010 (OJ L 60, 28.2.2014, p. 34). and in Article 3, point (b), of Directive 2008/48/EC of the European Parliament and of the Council(37) Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and repealing Council Directive 87/102/EEC (OJ L 133, 22.5.2008, p. 66).;Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No 1093/2010 (OJ L 60, 28.2.2014, p. 34).Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and repealing Council Directive 87/102/EEC (OJ L 133, 22.5.2008, p. 66).a credit intermediary as defined in Article 4, point (5), of Directive 2014/17/EU and in Article 3, point (f), of Directive 2008/48/EC, when holding the funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 in connection with the credit agreement, with the exception of the credit intermediary carrying out activities under the responsibility of one or more creditors or credit intermediaries;a crypto-asset service provider;a branch of a financial institution referred to in points (a) to (i), when located in the Union, whether its head office is located in a Member State or in a third country; for the purpose of Directive (EU) 2015/849. In addition, taking into account that traditional financial institutionsmeans:an undertaking other than a credit institution or an investment firm, which carries out one or more of the activities listed in points (2) to (12), (14) and (15) of Annex I to Directive 2013/36/EU of the European Parliament and of the Council(32) Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338)., including the activities of currency exchange offices (bureaux de change), but excluding the activities referred to in point (8) of Annex I to Directive (EU) 2015/2366, or an undertaking the principal activity of which is to acquire holdings, including a financial holding company, a mixed financial holding company and a financial mixed activity holding company;Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338).an insurance undertaking as defined in Article 13, point (1), of Directive 2009/138/EC of the European Parliament and of the Council(33) Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1)., insofar as it carries out life or other investment-related assurance activities covered by that Directive, including insurance holding companies and mixed-activity insurance holding companies as defined, respectively, in Article 212(1), points (f) and (g), of Directive 2009/138/EC;Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1).an insurance intermediary as defined in Article 2(1), point (3), of Directive (EU) 2016/97 where it acts with respect to life insurance and other investment-related insurance services, with the exception of an insurance intermediary that does not collect premiums or amounts intended for the customer and which acts under the responsibility of one or more insurance undertakings or intermediaries for the products which concern them respectively;an investment firm as defined in Article 4(1), point (1), of Directive 2014/65/EU of the European Parliament and of the Council(34) Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).;Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).a collective investment undertaking, in particular:an undertaking for collective investment in transferable securities (UCITS) as defined in Article 1(2) of Directive 2009/65/EC and its management company as defined in Article 2(1), point (b), of that Directive or an investment company authorised in accordance with that Directive and which has not designated a management company, that makes available for purchase units of UCITS in the Union;an alternative investment fund as defined in Article 4(1), point (a), of Directive 2011/61/EU and its alternative investment fund manager as defined in Article 4(1), point (b), of that Directive that fall within the scope set out in Article 2 of that Directive;a central securities depository as defined in Article 2(1), point (1), of Regulation (EU) No 909/2014 of the European Parliament and of the Council(35) Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (OJ L 257, 28.8.2014, p. 1).;Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (OJ L 257, 28.8.2014, p. 1).a creditor as defined in Article 4, point (2), of Directive 2014/17/EU of the European Parliament and of the Council(36) Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No 1093/2010 (OJ L 60, 28.2.2014, p. 34). and in Article 3, point (b), of Directive 2008/48/EC of the European Parliament and of the Council(37) Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and repealing Council Directive 87/102/EEC (OJ L 133, 22.5.2008, p. 66).;Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No 1093/2010 (OJ L 60, 28.2.2014, p. 34).Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and repealing Council Directive 87/102/EEC (OJ L 133, 22.5.2008, p. 66).a credit intermediary as defined in Article 4, point (5), of Directive 2014/17/EU and in Article 3, point (f), of Directive 2008/48/EC, when holding the funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 in connection with the credit agreement, with the exception of the credit intermediary carrying out activities under the responsibility of one or more creditors or credit intermediaries;a crypto-asset service provider;a branch of a financial institution referred to in points (a) to (i), when located in the Union, whether its head office is located in a Member State or in a third country; also fall within the definition of crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; when offering such services, the identification of crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; as financial institutionsmeans:an undertaking other than a credit institution or an investment firm, which carries out one or more of the activities listed in points (2) to (12), (14) and (15) of Annex I to Directive 2013/36/EU of the European Parliament and of the Council(32) Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338)., including the activities of currency exchange offices (bureaux de change), but excluding the activities referred to in point (8) of Annex I to Directive (EU) 2015/2366, or an undertaking the principal activity of which is to acquire holdings, including a financial holding company, a mixed financial holding company and a financial mixed activity holding company;Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338).an insurance undertaking as defined in Article 13, point (1), of Directive 2009/138/EC of the European Parliament and of the Council(33) Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1)., insofar as it carries out life or other investment-related assurance activities covered by that Directive, including insurance holding companies and mixed-activity insurance holding companies as defined, respectively, in Article 212(1), points (f) and (g), of Directive 2009/138/EC;Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1).an insurance intermediary as defined in Article 2(1), point (3), of Directive (EU) 2016/97 where it acts with respect to life insurance and other investment-related insurance services, with the exception of an insurance intermediary that does not collect premiums or amounts intended for the customer and which acts under the responsibility of one or more insurance undertakings or intermediaries for the products which concern them respectively;an investment firm as defined in Article 4(1), point (1), of Directive 2014/65/EU of the European Parliament and of the Council(34) Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).;Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).a collective investment undertaking, in particular:an undertaking for collective investment in transferable securities (UCITS) as defined in Article 1(2) of Directive 2009/65/EC and its management company as defined in Article 2(1), point (b), of that Directive or an investment company authorised in accordance with that Directive and which has not designated a management company, that makes available for purchase units of UCITS in the Union;an alternative investment fund as defined in Article 4(1), point (a), of Directive 2011/61/EU and its alternative investment fund manager as defined in Article 4(1), point (b), of that Directive that fall within the scope set out in Article 2 of that Directive;a central securities depository as defined in Article 2(1), point (1), of Regulation (EU) No 909/2014 of the European Parliament and of the Council(35) Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (OJ L 257, 28.8.2014, p. 1).;Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (OJ L 257, 28.8.2014, p. 1).a creditor as defined in Article 4, point (2), of Directive 2014/17/EU of the European Parliament and of the Council(36) Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No 1093/2010 (OJ L 60, 28.2.2014, p. 34). and in Article 3, point (b), of Directive 2008/48/EC of the European Parliament and of the Council(37) Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and repealing Council Directive 87/102/EEC (OJ L 133, 22.5.2008, p. 66).;Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No 1093/2010 (OJ L 60, 28.2.2014, p. 34).Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and repealing Council Directive 87/102/EEC (OJ L 133, 22.5.2008, p. 66).a credit intermediary as defined in Article 4, point (5), of Directive 2014/17/EU and in Article 3, point (f), of Directive 2008/48/EC, when holding the funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 in connection with the credit agreement, with the exception of the credit intermediary carrying out activities under the responsibility of one or more creditors or credit intermediaries;a crypto-asset service provider;a branch of a financial institution referred to in points (a) to (i), when located in the Union, whether its head office is located in a Member State or in a third country; allows for a single consistent set of rules that applies to entities providing both traditional financial services and crypto-asset servicesmeans crypto-asset services as defined in Article 3(1), point (16), of Regulation (EU) 2023/1114, with the exception of providing advice on crypto-assets as referred to in Article 3(1), point (16)(h), of that Regulation;. Directive (EU) 2015/849 should also be amended in order to ensure that crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; are able to appropriately mitigate the money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; risks to which they are exposed.

Relationships established between crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; and entities established in third countriesmeans any jurisdiction, independent state or autonomous territory that is not part of the Union and that has its own AML/CFT legislation or enforcement regime; for the purpose of executing transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; or the provision of similar crypto-asset servicesmeans crypto-asset services as defined in Article 3(1), point (16), of Regulation (EU) 2023/1114, with the exception of providing advice on crypto-assets as referred to in Article 3(1), point (16)(h), of that Regulation; present similarities to correspondent banking relationships established with a third countrymeans any jurisdiction, independent state or autonomous territory that is not part of the Union and that has its own AML/CFT legislation or enforcement regime;’s respondent institution. As those relationships are characterised by an ongoing and repetitive nature, they should be considered a type of correspondent relationshipmeans:the provision of banking services by one credit institution as the correspondent to another credit institution as the respondent, including providing a current or other liability account and related services, such as cash management, international transfers of funds as defined in Article 4, point (25), of Directive (EU) 2015/2366, cheque clearing, payable-through accounts and foreign exchange services;the relationships between and among credit institutions and financial institutions including where similar services are provided by a correspondent institution to a respondent institution, and including relationships established for securities transactions or transfers of funds as defined in Article 4, point (25), of Directive (EU) 2015/2366, transactions in crypto-assets or transfers of crypto-assets; and be subject to specific enhanced due diligence measures similar in principle to those applied in the context of banking and financial services. In particular, crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; should, when establishing a new correspondent relationshipmeans:the provision of banking services by one credit institution as the correspondent to another credit institution as the respondent, including providing a current or other liability account and related services, such as cash management, international transfers of funds as defined in Article 4, point (25), of Directive (EU) 2015/2366, cheque clearing, payable-through accounts and foreign exchange services;the relationships between and among credit institutions and financial institutions including where similar services are provided by a correspondent institution to a respondent institution, and including relationships established for securities transactions or transfers of funds as defined in Article 4, point (25), of Directive (EU) 2015/2366, transactions in crypto-assets or transfers of crypto-assets; with a respondent entity, apply specific enhanced due diligence measures in order to identify and assess the risk exposure of that respondent, based on its reputation, the quality of supervision and its anti-money laundering and counter-terrorist financing (AML/CFT) controls. Based on the information gathered, the correspondent crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; should implement appropriate risk mitigating measures, which should take into account in particular the potential higher risk of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; posed by unregistered and unlicensed entities. That is especially relevant as long as the implementation of the FATF standards relating to crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; at global level remains uneven, which poses additional risks and challenges. EBA should provide guidance on how crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; should conduct the enhanced due diligence and should specify the appropriate risk mitigating measures, including the minimum action to be taken, when interacting with unregistered or unlicensed entities which provide crypto-asset servicesmeans crypto-asset services as defined in Article 3(1), point (16), of Regulation (EU) 2023/1114, with the exception of providing advice on crypto-assets as referred to in Article 3(1), point (16)(h), of that Regulation;.

Regulation (EU) 2023/1114 has established a comprehensive regulatory framework for crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; which harmonises the rules pertaining to the authorisation and operation of crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; across the Union. In order to avoid duplication of requirements, Directive (EU) 2015/849 should be amended to remove registration requirements in relation to those categories of crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; which will become subject to a single licensing regime under Regulation (EU) 2023/1114.

Since the objectives of this Regulation, namely to fight money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and the financing of terrorism, including by implementing international standards and by ensuring the availability of basic informationmeans:in relation to a legal entity:legal form and name of the legal entity;instrument of constitution, and the statutes if they are contained in a separate instrument;address of the registered or official office and, if different, the principal place of business, and the country of creation;a list of legal representatives;where applicable, a list of shareholders or members, including information on the number of shares held by each shareholder and the categories of those shares and the nature of the associated voting rights;where available, the registration number, the European Unique identifier, the tax identification number and the Legal Entity Identifier;in the case of foundations, the assets held by the foundation to pursue its purposes;in relation to a legal arrangement:the name or unique identifier of the legal arrangement;the trust deed or equivalent;the purposes of the legal arrangement, if any;the assets held in the legal arrangement or managed through it;the place of residence of the trustees of the express trust or persons holding equivalent positions in the similar legal arrangement, and, if different, the place from where the express trust or similar legal arrangement is administered; on payersmeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and payeesmeans a person that is the intended recipient of the transfer of funds; of transfer of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics;, and on originatorsmeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and beneficiariesmeans a person that is the intended recipient of the transfer of crypto-assets; of transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;, cannot be sufficiently achieved by the Member States but can rather, by reason of the scale or effects of the action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.

This Regulation is subject to Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 of the European Parliament and of the Council(²³)Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).. It respects the fundamental rights and observes the principles recognised by the Charter of Fundamental Rights of the European Union, in particular the right to respect for private and family life (Article 7), the right to the protection of personal data (Article 8), the right to an effective remedy and to a fair trial (Article 47) and the principle of ne bis in idem.

In order to ensure consistency with Regulation (EU) 2023/1114, this Regulation should apply from the date of application of that Regulation. By that date, Member States should also transpose the amendments to Directive (EU) 2015/849.

The European Data Protection Supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 and delivered an opinion on 22 September 2021(²⁴)OJ C 524, 29.12.2021, p. 10.,