Source: OJ L 150, 9.6.2023, pp. 1–39

Current language: EN

Article 37 Review


Summary What does Article 37 of the Transfer of funds regulation (TFR) say?

This article sets out the Commission's review and reporting obligations in relation to the regulation.

It establishes a series of time-bound tasks for the Commission, covering alignment with broader AML/CFT legislation, an assessment of risks from self-hosted addresses and non-EU entities, and a comprehensive review of the regulation's application and enforcement.

The 2027 report in particular is notably detailed in its scope, covering everything from compliance by payment service providers and crypto-asset service providers, to technological solutions, the appropriateness of existing thresholds, and the risks posed by self-hosted addresses.

Important points:

  • The Commission is required to review this regulation and propose amendments, if appropriate, to align it with any new overarching AML/CFT regulation within 12 months of that regulation entering into force.
  • The Commission, after consulting EBA, must issue a report by 1 July 2026 assessing the risks posed by transfers to or from self-hosted addresses or entities not established in the Union.
  • The Commission must submit a report to the European Parliament and Council by 30 June 2027 on the application and enforcement of this regulation, accompanied, if appropriate, by a legislative proposal.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. By 12 months after the entry into force of a Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, the Commission shall review this Regulation and shall, if appropriate, propose amendments in order to ensure a consistent approach and alignment with the Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.

    1. By 1 July 2026, the Commission, after consulting EBA, shall issue a report assessing the risks posed by transfers to or from self-hosted addresses or entities not established in the Union, as well as the need for specific measures to mitigate those risks, and propose, if appropriate, amendments to this Regulation.

    1. By 30 June 2027, the Commission shall submit to the European Parliament and to the Council a report on the application and enforcement of this Regulation accompanied, if appropriate, by a legislative proposal.

    2. The report referred to in the first subparagraph shall include the following elements:

      1. an assessment of the effectiveness of the measures provided for in this Regulation and of compliance with this Regulation by payment service providers and crypto-asset service providers;

      2. an assessment of the technological solutions for complying with the obligations imposed on crypto-asset service providers under this Regulation, including of the latest development of technologically sound and interoperable solutions for complying with this Regulation and of the use of DLT analytic tools for identifying the origin and destination of transfers of crypto-assets and for performing a ‘know your transaction’ (KYT) assessment;

      3. an assessment of the effectiveness and suitability of the de minimis thresholds related to transfers of funds, in particular with respect to the scope of application and the set of information accompanying transfers, and an assessment of the need to lower or remove such thresholds;

      4. assessment of the costs and benefits of introducing de minimis thresholds related to the set of information accompanying transfers of crypto-assets, including an assessment of the related money laundering and terrorist financing risks;

      5. an analysis of the trends in the use of self-hosted addresses to perform transfers without the involvement of a third party, together with an assessment of the related money laundering and terrorist financing risks and an evaluation of the need, effectiveness and enforceability of additional mitigation measures, such as specific obligations on providers of hardware and software wallets and limitation, control or prohibition of transfers involving self-hosted addresses.

    3. That report shall take into account new developments in the field of anti-money laundering and counter-terrorist financing, as well as relevant evaluations, assessments and reports in that field drawn up by international organisations and standard setters, law enforcement authorities and intelligence agencies, crypto-asset service providers or other reliable sources.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod