Source: OJ L 150, 9.6.2023, pp. 1–39

Current language: EN

Article 17 Transfers of crypto-assets with missing or incomplete information on the originator or the beneficiary


Summary What does Article 17 of the Transfer of funds regulation (TFR) say?

This article is the receiving-end counterpart to the information requirements established in Articles 14 and 15, which set out what originator information must accompany a crypto-asset transfer.

Article 17 places obligations on the crypto-asset service provider of the beneficiary to act when that required information is missing or incomplete.

It sets out a risk-based framework for deciding what to do with a non-compliant transfer — whether to execute, reject, return or suspend it — and escalates to stronger measures, including restricting or terminating a business relationship, where a counterpart crypto-asset service provider repeatedly fails to provide the required information.

Any such repeated failure must also be reported to the relevant competent authority.

Important points:

  • Implement effective risk-based procedures for handling incoming crypto-asset transfers that lack complete originator or beneficiary information, including the option to reject, return, or suspend them.
  • Where a counterpart crypto-asset service provider repeatedly fails to supply the required information, escalate by issuing warnings and setting deadlines, or directly reject future transfers and restrict or terminate the business relationship.
  • Any repeated failure by a counterpart, and the steps taken in response, must be reported to the competent authority responsible for anti-money laundering and counter-terrorist financing oversight.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. The crypto-asset service provider of the beneficiary shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis referred to in Article 13 of Directive (EU) 2015/849, for determining whether to execute, reject, return or suspend a transfer of crypto-assets lacking the required complete information on the originator and the beneficiary and for taking the appropriate follow-up action.

    2. Where the crypto-asset service provider of the beneficiary becomes aware that the information referred to in Article 14(1) or (2), or in Article 15, is missing or incomplete, that crypto-asset service provider shall, on a risk-sensitive basis and without undue delay:

      1. reject the transfer or return the transferred crypto-assets to the originator’s crypto-asset account; or

      2. request the required information on the originator and the beneficiary before making the crypto-assets available to the beneficiary.

    1. Where a crypto-asset service provider repeatedly fails to provide the required information on the originator or the beneficiary, the crypto-asset service provider of the beneficiary shall:

      1. take steps, which may initially include the issuing of warnings and setting of deadlines, before proceeding to a rejection, restriction or termination in accordance with point (b) if the required information is still not provided; or

      2. directly reject any future transfers of crypto-assets to or from, or restrict or terminate its business relationship with, that crypto-asset service provider.

    2. The crypto-asset service provider of the beneficiary shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter-terrorist financing provisions.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod