Article 23 Internal policies, procedures and controls to ensure implementation of restrictive measures

This Regulation should apply without prejudice to the national restrictive measures and Union restrictive measures imposed by regulations based on Article 215 of the Treaty on the Functioning of the European Union, such as Regulations (EC) No 2580/2001, (EC) No 881/2002 and (EU) No 356/2010 and Council Regulations (EU) No 267/2012(¹⁴)Council Regulation (EU) No 267/2012 of 23 March 2012 concerning restrictive measures against Iran and repealing Regulation (EU) No 961/2010 (OJ L 88, 24.3.2012, p. 1)., (EU) 2016/1686(¹⁵)Council Regulation (EU) 2016/1686 of 20 September 2016 imposing additional restrictive measures directed against ISIL (Da’esh) and Al-Qaeda and natural and legal persons, entities or bodies associated with them (OJ L 255, 21.9.2016, p. 1). and (EU) 2017/1509(¹⁶)Council Regulation (EU) 2017/1509 of 30 August 2017 concerning restrictive measures against the Democratic People’s Republic of Korea and repealing Regulation (EC) No 329/2007 (OJ L 224, 31.8.2017, p. 1)., which may require that payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; of payersmeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and of payeesmeans a person that is the intended recipient of the transfer of funds;, crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; of originatorsmeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and of beneficiariesmeans a person that is the intended recipient of the transfer of crypto-assets;, intermediary payment service providersmeans a payment service provider that is not the payment service provider of the payer or of the payee and that receives and transmits a transfer of funds on behalf of the payment service provider of the payer or of the payee or of another intermediary payment service provider;, as well as intermediary crypto-asset service providersmeans a crypto-asset service provider that is not the crypto-asset service provider of the originator or of the beneficiary and that receives and transmits a transfer of crypto-assets on behalf of the crypto-asset service provider of the originator or of the beneficiary, or of another intermediary crypto-asset service provider;, take appropriate action to freeze certain fundsmeans funds as defined in Article 4, point (25), of Directive (EU) 2015/2366; and crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds; or that they comply with specific restrictions concerning certain transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; or of crypto-assetsmeans a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114, except where falling within the categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as funds;. Payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; should have in place internal policies, procedures and controls to ensure implementation of those restrictive measures, including screening measures against Union and national lists of designated persons. EBA should issue guidelines specifying those internal policies, procedures and controls. It is intended that the requirements of this Regulation on internal policies, procedures and controls related to restrictive measures will be repealed in the near future by a Regulation of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;.