Source: OJ L 150, 9.6.2023, pp. 1–39

Current language: EN

Article 32 Reporting of breaches


Summary What does Article 32 of the Transfer of funds regulation (TFR) say?

This article addresses whistleblowing and breach reporting, operating on two levels simultaneously.

At the national level, it requires Member States to put in place mechanisms that encourage reporting of breaches to competent authorities.

At the firm level, it requires payment service providers and crypto-asset service providers to establish internal channels through which their employees can report breaches.

This article connects directly to the sanctions framework established in Articles 28 and 29, supporting enforcement by ensuring breaches can be surfaced both internally and to authorities.

Important points:

  • Member States are required to establish effective mechanisms for reporting breaches to competent authorities, at minimum meeting the standards set out in Article 61(2) of Directive (EU) 2015/849.
  • Establish internal procedures allowing employees to report breaches through a secure, independent, specific and anonymous channel.
  • These internal reporting channels must be proportionate to the nature and size of your organisation, and set up in cooperation with competent authorities.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. Member States shall establish effective mechanisms to encourage the reporting to competent authorities of breaches of this Regulation.

    2. Those mechanisms shall include at least those referred to in Article 61(2) of Directive (EU) 2015/849.

    1. Payment service providers and crypto-asset service providers, in cooperation with the competent authorities, shall establish appropriate internal procedures for their employees, or persons in a comparable position, to report breaches internally through a secure, independent, specific and anonymous channel, proportionate to the nature and size of the payment service provider or the crypto-asset service provider concerned.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod