Source: OJ L 150, 9.6.2023, pp. 1–39Current language: EN
- Anti-money laundering
Basic legislative acts
- Transfer of funds regulation (TFR)
Article 37 Review
Summary What does Article 37 of the Transfer of funds regulation (TFR) say?
This article sets out the Commission's review and reporting obligations in relation to the regulation.
It establishes a series of time-bound tasks for the Commission, covering alignment with broader AML/CFT legislation, an assessment of risks from self-hosted addresses and non-EU entities, and a comprehensive review of the regulation's application and enforcement.
The 2027 report in particular is notably detailed in its scope, covering everything from compliance by payment service providers and crypto-asset service providers, to technological solutions, the appropriateness of existing thresholds, and the risks posed by self-hosted addresses.
Important points:
- The Commission is required to review this regulation and propose amendments, if appropriate, to align it with any new overarching AML/CFT regulation within 12 months of that regulation entering into force.
- The Commission, after consulting EBA, must issue a report by 1 July 2026 assessing the risks posed by transfers to or from self-hosted addresses or entities not established in the Union.
- The Commission must submit a report to the European Parliament and Council by 30 June 2027 on the application and enforcement of this regulation, accompanied, if appropriate, by a legislative proposal.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
By 12 months after the entry into force of a Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, the Commission shall review this Regulation and shall, if appropriate, propose amendments in order to ensure a consistent approach and alignment with the Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.
By 1 July 2026, the Commission, after consulting EBA, shall issue a report assessing the risks posed by transfers to or from self-hosted addresses or entities not established in the Union, as well as the need for specific measures to mitigate those risks, and propose, if appropriate, amendments to this Regulation.
By 30 June 2027, the Commission shall submit to the European Parliament and to the Council a report on the application and enforcement of this Regulation accompanied, if appropriate, by a legislative proposal.
The report referred to in the first subparagraph shall include the following elements:
an assessment of the effectiveness of the measures provided for in this Regulation and of compliance with this Regulation by payment service providers and crypto-asset service providers;
an assessment of the technological solutions for complying with the obligations imposed on crypto-asset service providers under this Regulation, including of the latest development of technologically sound and interoperable solutions for complying with this Regulation and of the use of DLT analytic tools for identifying the origin and destination of transfers of crypto-assets and for performing a ‘know your transaction’ (KYT) assessment;
an assessment of the effectiveness and suitability of the de minimis thresholds related to transfers of funds, in particular with respect to the scope of application and the set of information accompanying transfers, and an assessment of the need to lower or remove such thresholds;
assessment of the costs and benefits of introducing de minimis thresholds related to the set of information accompanying transfers of crypto-assets, including an assessment of the related money laundering and terrorist financing risks;
an analysis of the trends in the use of self-hosted addresses to perform transfers without the involvement of a third party, together with an assessment of the related money laundering and terrorist financing risks and an evaluation of the need, effectiveness and enforceability of additional mitigation measures, such as specific obligations on providers of hardware and software wallets and limitation, control or prohibition of transfers involving self-hosted addresses.
That report shall take into account new developments in the field of anti-money laundering and counter-terrorist financing, as well as relevant evaluations, assessments and reports in that field drawn up by international organisations and standard setters, law enforcement authorities and intelligence agencies, crypto-asset service providers or other reliable sources.
Relevant recitals
Recital 46 Review in the context of the forthcoming AML/CFT legislative package
This Regulation should be reviewed in the context of the adoption of a Regulation of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, a Directive of the European Parliament and of the Council on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849 and a Regulation of the European Parliament and of the Council establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010, in order to ensure consistency with the relevant provisions.
Recital 58 Commission review of risks and restrictions for self-hosted addresses by 2026
Given the potential high risks associated with, and the technological and regulatory complexity posed by, self-hosted addresses, including in relation to the verification of ownership information, by 1 July 2026, the Commission should assess the need for additional specific measures to mitigate the risks posed by transfers to or from self-hosted addresses or to or from entities not established in the Union, including the introduction of possible restrictions, and should assess the effectiveness and proportionality of the mechanisms used to verify the accuracy of information concerning the ownership of self-hosted addresses.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
crypto-asset services
Definition
self-hosted address
- a crypto-asset service provider;
- an entity not established in the Union and providing services similar to those of a crypto-asset service provider;
Definition
funds
Definition
originator
Definition
electronic money
Definition
crypto-asset account
Definition
crypto-asset
Definition
payment service provider
Definition
payment account
Definition
transfer of funds
- a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;
- a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;
- a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;
- a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics;
Definition
crypto-asset
Definition
DLT
Definition
terrorist financing
Definition
distributed ledger technology
Definition
beneficiary
Definition
crypto-asset service provider
Definition
transfer of crypto-assets
Definition
distributed ledger address
Definition
payee
Definition
payer
Definition
money laundering