Source: OJ L 150, 9.6.2023, pp. 1–39

Current language: EN

Article 16 Detection of missing information on the originator or the beneficiary


Summary What does Article 16 of the Transfer of funds regulation (TFR) say?

Article 16 is the receiving-side counterpart to Article 14, which sets out the information obligations on the originator's crypto-asset service provider.

Here, the obligations fall on the crypto-asset service provider of the beneficiary.

The article requires that provider to have procedures in place to detect whether the required originator and beneficiary information has actually accompanied the transfer.

It also introduces specific additional duties when a transfer arrives from a self-hosted address, including obtaining and holding the relevant information and, for transfers exceeding EUR 1 000, taking measures to assess whether that self-hosted address is owned or controlled by the beneficiary.

Before releasing assets, the provider must also verify the accuracy of the beneficiary information against reliable and independent sources, with verification deemed satisfied if standard customer due diligence under the AML Directive has already been carried out.

Important points:

  • Implement effective procedures to detect whether the required originator and beneficiary information accompanies incoming transfers of crypto-assets, including batch file transfers.
  • For transfers from a self-hosted address exceeding EUR 1 000, take adequate measures to assess whether that address is owned or controlled by the beneficiary.
  • Verify the accuracy of beneficiary information before making crypto-assets available, unless verification has already been satisfied through AML Directive customer due diligence processes.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. The crypto-asset service provider of the beneficiary shall implement effective procedures, including, where appropriate, monitoring after or during the transfers, in order to detect whether the information referred to in Article 14(1) and (2) on the originator and the beneficiary is included in, or follows, the transfer or batch file transfer of crypto-assets.

    1. In the case of a transfer of crypto-assets made from a self-hosted address, the crypto-asset service provider of the beneficiary shall obtain and hold the information referred to in Article 14(1) and (2) and shall ensure that the transfer of crypto-assets can be individually identified.

    2. Without prejudice to specific risk mitigating measures taken in accordance with Article 19b of Directive (EU) 2015/849, in the case of a transfer of an amount exceeding EUR 1 000 from a self-hosted address, the crypto-asset service provider of the beneficiary shall take adequate measures to assess whether that address is owned or controlled by the beneficiary.

    1. Before making the crypto-assets available to the beneficiary, the crypto-asset service provider of the beneficiary shall verify the accuracy of the information on the beneficiary referred to in Article 14(2) on the basis of documents, data or information obtained from a reliable and independent source.

    1. Verification as referred to in paragraphs 2 and 3 of this Article shall be deemed to have taken place where one of the following applies:

      1. the identity of the beneficiary has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been retained in accordance with Article 40 of that Directive;

      2. Article 14(5) of Directive (EU) 2015/849 applies to the beneficiary.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod