Source: OJ L 150, 9.6.2023, pp. 1–39Current language: EN
- Anti-money laundering
Basic legislative acts
- Transfer of funds regulation (TFR)
Article 17 Transfers of crypto-assets with missing or incomplete information on the originator or the beneficiary
Summary What does Article 17 of the Transfer of funds regulation (TFR) say?
This article is the receiving-end counterpart to the information requirements established in Articles 14 and 15, which set out what originator information must accompany a crypto-asset transfer.
Article 17 places obligations on the crypto-asset service provider of the beneficiary to act when that required information is missing or incomplete.
It sets out a risk-based framework for deciding what to do with a non-compliant transfer — whether to execute, reject, return or suspend it — and escalates to stronger measures, including restricting or terminating a business relationship, where a counterpart crypto-asset service provider repeatedly fails to provide the required information.
Any such repeated failure must also be reported to the relevant competent authority.
Important points:
- Implement effective risk-based procedures for handling incoming crypto-asset transfers that lack complete originator or beneficiary information, including the option to reject, return, or suspend them.
- Where a counterpart crypto-asset service provider repeatedly fails to supply the required information, escalate by issuing warnings and setting deadlines, or directly reject future transfers and restrict or terminate the business relationship.
- Any repeated failure by a counterpart, and the steps taken in response, must be reported to the competent authority responsible for anti-money laundering and counter-terrorist financing oversight.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
The crypto-asset service provider of the beneficiary shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis referred to in Article 13 of Directive (EU) 2015/849, for determining whether to execute, reject, return or suspend a transfer of crypto-assets lacking the required complete information on the originator and the beneficiary and for taking the appropriate follow-up action.
Where the crypto-asset service provider of the beneficiary becomes aware that the information referred to in Article 14(1) or (2), or in Article 15, is missing or incomplete, that crypto-asset service provider shall, on a risk-sensitive basis and without undue delay:
reject the transfer or return the transferred crypto-assets to the originator’s crypto-asset account; or
request the required information on the originator and the beneficiary before making the crypto-assets available to the beneficiary.
Where a crypto-asset service provider repeatedly fails to provide the required information on the originator or the beneficiary, the crypto-asset service provider of the beneficiary shall:
take steps, which may initially include the issuing of warnings and setting of deadlines, before proceeding to a rejection, restriction or termination in accordance with point (b) if the required information is still not provided; or
directly reject any future transfers of crypto-assets to or from, or restrict or terminate its business relationship with, that crypto-asset service provider.
The crypto-asset service provider of the beneficiary shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter-terrorist financing provisions.
Relevant recitals
Recital 44 Risk-based procedures for transfers with missing or incomplete information
Given the potential threat of money laundering and terrorist financing presented by anonymous transfers, it is appropriate to require payment service providers to request information on the payer and the payee and to require crypto-asset service providers to request information on the originator and the beneficiary. In line with the risk-based approach developed by FATF, it is appropriate to identify areas of higher and lower risk, with a view to better targeting the risk of money laundering and terrorist financing. Accordingly, the crypto-asset service provider of the beneficiary, the payment service provider of the payee, the intermediary payment service provider and the intermediary crypto-asset service provider should have effective risk-based procedures that apply where a transfer of funds lacks the required information on the payer or the payee, or where a transfer of crypto-assets lacks the required information on the originator or the beneficiary, in order to allow that service provider to decide whether to execute, reject or suspend that transfer and to determine the appropriate follow-up action to take.
Recital 45 Enhanced due diligence for self-hosted address transactions and suspicious patterns
Crypto-asset service providers, like all obliged entities, should assess and monitor the risk related to their clients, products and delivery channels. Crypto-asset service providers should also assess the risk related to their transactions, including where performing transfers to or from self-hosted addresses. In the event that the crypto-asset service provider is or becomes aware that the information on the originator or beneficiary using the self-hosted address is inaccurate, or where the crypto-asset service provider encounters unusual or suspicious patterns of transactions or situations of higher risks of money laundering and terrorist financing associated with transfers involving self-hosted addresses, that crypto-asset service provider should implement, where appropriate, enhanced due diligence measures to manage and mitigate the risks appropriately. The crypto-asset service provider should take those circumstances into account when assessing whether a transfer of crypto-assets, or any related transaction, is unusual and whether it is to be reported to the Financial Intelligence Unit (FIU) in accordance with Directive (EU) 2015/849.
Recital 49 Application without prejudice to civil, administrative or criminal law obligations
The provisions on transfers of funds and transfers of crypto-assets in relation to which information on the payer or the payee or the originator or the beneficiary is missing or incomplete, and in relation to which transfers of crypto-assets are required to be considered suspicious based on the origin or destination of the crypto-assets concerned, apply without prejudice to any obligations on payment service providers, intermediary payment service providers, crypto-asset service providers and intermediary crypto-asset service providers to reject or suspend transfers of funds and transfers of crypto-assets which breach a provision of civil, administrative or criminal law.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
intermediary crypto-asset service provider
Definition
crypto-asset services
Definition
supervisor
Definition
self-hosted address
- a crypto-asset service provider;
- an entity not established in the Union and providing services similar to those of a crypto-asset service provider;
Definition
funds
Definition
originator
Definition
electronic money
Definition
crypto-asset account
Definition
crypto-asset
Definition
payment service provider
Definition
payment account
Definition
transfer of funds
- a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;
- a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;
- a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;
- a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics;
Definition
property
Definition
intermediary payment service provider
Definition
crypto-asset
Definition
competent authority
- a Financial Intelligence Unit (FIU);
- a supervisory authority;
- a public authority that has the function of investigating or prosecuting money laundering, its predicate offences or terrorist financing, or that has the function of tracing, seizing or freezing and confiscating criminal assets;
- a public authority with designated responsibilities for combating money laundering or terrorist financing;
Definition
terrorist financing
Definition
DLT
Definition
terrorist financing
Definition
distributed ledger technology
Definition
beneficiary
Definition
crypto-asset service provider
Definition
money laundering
Definition
transfer of crypto-assets
Definition
distributed ledger address
Definition
payee
Definition
self-regulatory body
Definition
third country
Definition
business relationship
Definition
supervisory authority
Definition
payer
Definition
money laundering