Source: OJ L 150, 9.6.2023, pp. 1–39Current language: EN
- Anti-money laundering
Basic legislative acts
- Transfer of funds regulation (TFR)
Article 16 Detection of missing information on the originator or the beneficiary
Summary What does Article 16 of the Transfer of funds regulation (TFR) say?
Article 16 is the receiving-side counterpart to Article 14, which sets out the information obligations on the originator's crypto-asset service provider.
Here, the obligations fall on the crypto-asset service provider of the beneficiary.
The article requires that provider to have procedures in place to detect whether the required originator and beneficiary information has actually accompanied the transfer.
It also introduces specific additional duties when a transfer arrives from a self-hosted address, including obtaining and holding the relevant information and, for transfers exceeding EUR 1 000, taking measures to assess whether that self-hosted address is owned or controlled by the beneficiary.
Before releasing assets, the provider must also verify the accuracy of the beneficiary information against reliable and independent sources, with verification deemed satisfied if standard customer due diligence under the AML Directive has already been carried out.
Important points:
- Implement effective procedures to detect whether the required originator and beneficiary information accompanies incoming transfers of crypto-assets, including batch file transfers.
- For transfers from a self-hosted address exceeding EUR 1 000, take adequate measures to assess whether that address is owned or controlled by the beneficiary.
- Verify the accuracy of beneficiary information before making crypto-assets available, unless verification has already been satisfied through AML Directive customer due diligence processes.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
The crypto-asset service provider of the beneficiary shall implement effective procedures, including, where appropriate, monitoring after or during the transfers, in order to detect whether the information referred to in Article 14(1) and (2) on the originator and the beneficiary is included in, or follows, the transfer or batch file transfer of crypto-assets.
In the case of a transfer of crypto-assets made from a self-hosted address, the crypto-asset service provider of the beneficiary shall obtain and hold the information referred to in Article 14(1) and (2) and shall ensure that the transfer of crypto-assets can be individually identified.
Without prejudice to specific risk mitigating measures taken in accordance with Article 19b of Directive (EU) 2015/849, in the case of a transfer of an amount exceeding EUR 1 000 from a self-hosted address, the crypto-asset service provider of the beneficiary shall take adequate measures to assess whether that address is owned or controlled by the beneficiary.
Before making the crypto-assets available to the beneficiary, the crypto-asset service provider of the beneficiary shall verify the accuracy of the information on the beneficiary referred to in Article 14(2) on the basis of documents, data or information obtained from a reliable and independent source.
Verification as referred to in paragraphs 2 and 3 of this Article shall be deemed to have taken place where one of the following applies:
the identity of the beneficiary has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been retained in accordance with Article 40 of that Directive;
Article 14(5) of Directive (EU) 2015/849 applies to the beneficiary.
Relevant recitals
Recital 30 Features of crypto-asset transfers justifying uniform information requirements regardless of amount
Compared to transfers of funds, transfers of crypto-assets can be carried out across multiple jurisdictions at a larger scale and higher speed due to their global reach and technological characteristics. In addition to the pseudo-anonymity of crypto-assets, those features of transfers of crypto-assets offer criminals the opportunity to carry out at high speed large illicit transfers while circumventing traceability obligations and avoiding detection, by means of structuring a large transaction into smaller amounts, using multiple seemingly unrelated DLT addresses, including one-time use DLT addresses, and using automated processes. Most crypto-assets are also highly volatile and their value can fluctuate significantly within a very short timeframe which makes the calculation of linked transactions more uncertain. In order to reflect those specific features, transfers of crypto-assets should be subject to the same requirements regardless of their amount and of whether they are domestic or cross-border transfers.
Recital 31 No re-verification where customer due diligence has already taken place
For transfers of funds or for transfers of crypto-assets where verification is deemed to have taken place, payment service providers and crypto-asset service providers should not be required to verify the accuracy of the information on the payer or the payee accompanying each transfer of funds, or on the originator and the beneficiary accompanying each transfer of crypto-assets, provided that the obligations laid down in Directive (EU) 2015/849 are met.
Recital 38 Application to transfers involving self-hosted addresses where a provider is involved
Regarding transfers of crypto-assets, the requirements of this Regulation should apply to all transfers including transfers of crypto-assets to or from a self-hosted address, as long as there is a crypto-asset service provider involved.
Recital 39 Verification obligation for transfers to or from self-hosted addresses above EUR 1 000
In the case of a transfer to or from a self-hosted address, the crypto-asset service provider should collect the information on both the originator and the beneficiary, usually from its client. A crypto-asset service provider should in principle not be required to verify the information on the user of the self-hosted address. Nonetheless, in the case of a transfer of an amount exceeding EUR 1 000 that is sent or received on behalf of a client of a crypto-asset service provider to or from a self-hosted address, that crypto-asset service provider should verify whether that self-hosted address is effectively owned or controlled by that client.
Recital 43 Beneficiary-side procedures to detect missing crypto-asset transfer information
As regards transfers of crypto-assets, the crypto-asset service provider of the beneficiary should implement effective procedures to detect whether the information on the originator or beneficiary is missing or incomplete. Those procedures should include, where appropriate, monitoring after or during the transfers. It should not be required that the information is attached directly to the transfer of crypto-assets itself, as long as it is submitted in advance of, or simultaneously or concurrently with, the transfer of crypto-assets, and is available upon request to appropriate authorities.
Recital 45 Enhanced due diligence for self-hosted address transactions and suspicious patterns
Crypto-asset service providers, like all obliged entities, should assess and monitor the risk related to their clients, products and delivery channels. Crypto-asset service providers should also assess the risk related to their transactions, including where performing transfers to or from self-hosted addresses. In the event that the crypto-asset service provider is or becomes aware that the information on the originator or beneficiary using the self-hosted address is inaccurate, or where the crypto-asset service provider encounters unusual or suspicious patterns of transactions or situations of higher risks of money laundering and terrorist financing associated with transfers involving self-hosted addresses, that crypto-asset service provider should implement, where appropriate, enhanced due diligence measures to manage and mitigate the risks appropriately. The crypto-asset service provider should take those circumstances into account when assessing whether a transfer of crypto-assets, or any related transaction, is unusual and whether it is to be reported to the Financial Intelligence Unit (FIU) in accordance with Directive (EU) 2015/849.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
crypto-asset services
Definition
self-hosted address
- a crypto-asset service provider;
- an entity not established in the Union and providing services similar to those of a crypto-asset service provider;
Definition
funds
Definition
originator
Definition
electronic money
Definition
crypto-asset account
Definition
linked transactions
Definition
crypto-asset
Definition
payment service provider
Definition
payment account
Definition
transfer of funds
- a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;
- a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;
- a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;
- a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics;
Definition
batch file transfer
Definition
crypto-asset
Definition
DLT
Definition
terrorist financing
Definition
distributed ledger technology
Definition
beneficiary
Definition
crypto-asset service provider
Definition
transfer of crypto-assets
Definition
distributed ledger address
Definition
payee
Definition
payer
Definition
money laundering