Source: OJ L 150, 9.6.2023, pp. 1–39

Current language: EN

Article 37 Review

    1. By 12 months after the entry into force of a Regulation on the prevention of the use of the financial system for the purposes of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;, the Commission shall review this Regulation and shall, if appropriate, propose amendments in order to ensure a consistent approach and alignment with the Regulation on the prevention of the use of the financial system for the purposes of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;.

    1. By 1 July 2026, the Commission, after consulting EBA, shall issue a report assessing the risks posed by transfers to or from self-hosted addresses or entities not established in the Union, as well as the need for specific measures to mitigate those risks, and propose, if appropriate, amendments to this Regulation.

    1. By 30 June 2027, the Commission shall submit to the European Parliament and to the Council a report on the application and enforcement of this Regulation accompanied, if appropriate, by a legislative proposal.

    2. The report referred to in the first subparagraph shall include the following elements:

      1. an assessment of the effectiveness of the measures provided for in this Regulation and of compliance with this Regulation by payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation;;

      2. an assessment of the technological solutions for complying with the obligations imposed on crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; under this Regulation, including of the latest development of technologically sound and interoperable solutions for complying with this Regulation and of the use of DLT analytic tools for identifying the origin and destination of transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same; and for performing a ‘know your transaction’ (KYT) assessment;

      3. an assessment of the effectiveness and suitability of the de minimis thresholds related to transfers of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics;, in particular with respect to the scope of application and the set of information accompanying transfers, and an assessment of the need to lower or remove such thresholds;

      4. assessment of the costs and benefits of introducing de minimis thresholds related to the set of information accompanying transfers of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;, including an assessment of the related money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; risks;

      5. an analysis of the trends in the use of self-hosted addresses to perform transfers without the involvement of a third party, together with an assessment of the related money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; risks and an evaluation of the need, effectiveness and enforceability of additional mitigation measures, such as specific obligations on providers of hardware and software wallets and limitation, control or prohibition of transfers involving self-hosted addresses.

    3. That report shall take into account new developments in the field of anti-money laundering and counter-terrorist financing, as well as relevant evaluations, assessments and reports in that field drawn up by international organisations and standard setters, law enforcement authorities and intelligence agencies, crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; or other reliable sources.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod