Source: OJ L 150, 9.6.2023, pp. 1–39

Current language: EN

Article 21 Transfers of crypto-assets with missing information on the originator or the beneficiary


Summary What does Article 21 of the Transfer of funds regulation (TFR) say?

This article is the intermediary crypto-asset service provider equivalent of Article 17, which sets out the same framework for the crypto-asset service provider of the beneficiary.

Article 21 focuses specifically on intermediary crypto-asset service providers — those sitting in the middle of a transfer chain — and sets out how they must handle transfers where required originator or beneficiary information is missing or incomplete.

It establishes a risk-based decision-making framework for acting on such transfers, and also sets out an escalation path when a counterparty repeatedly fails to supply the required information, up to and including termination of the business relationship.

Important points:

  • Establish risk-based procedures for deciding whether to execute, reject, return, or suspend a crypto-asset transfer that is missing required originator or beneficiary information.
  • Where missing or incomplete information is detected on receipt of a transfer, either reject or return the transfer, or request the missing information before transmitting it further.
  • Where a crypto-asset service provider repeatedly fails to provide the required information, escalate through warnings and deadlines, and ultimately reject future transfers or restrict or terminate the business relationship — and report the failure and steps taken to the competent authority.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. The intermediary crypto-asset service provider shall establish effective risk-based procedures, including procedures based on the risk-sensitive basis referred to in Article 13 of Directive (EU) 2015/849, for determining whether to execute, reject, return or suspend a transfer of crypto-assets lacking the required information on the originator and the beneficiary and for taking the appropriate follow up action.

    2. Where the intermediary crypto-asset service provider becomes aware, when receiving a transfer of crypto-assets, that the information referred to in Article 14(1), points (a), (b) and (c), and Article 14(2), points (a), (b) and (c), or Article 15(1), is missing or incomplete, that intermediary crypto-asset service provider shall, on a risk-sensitive basis and without undue delay:

      1. reject the transfer or return the transferred crypto-assets; or

      2. request the required information on the originator and the beneficiary before making the transmission of the transfer of crypto-assets.

    1. Where the crypto-asset service provider repeatedly fails to provide the required information on the originator or the beneficiary, the intermediary crypto-asset service provider shall:

      1. take steps, which may initially include the issuing of warnings and setting of deadlines, before proceeding to a rejection, restriction or termination in accordance with point (b) if the required information is still not provided; or

      2. directly reject any future transfers of crypto-assets to or from, or restrict or terminate its business relationship with, that crypto-asset service provider.

    2. The intermediary crypto-asset service provider shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter-terrorist financing provisions.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod