Beta

Source: OJ L, 2025/305, 31.3.2025

Current language: EN

Article 4 Information about governance arrangements and internal control mechanisms and conflict of interests

    1. For the purposes of Article 62(2), points (f) and (i), of Regulation (EU) 2023/1114 applicants shall provide to the competent authoritymeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; the following information on their governance arrangements and internal control mechanisms:

      1. a detailed description of the organisational structure of the applicant, where relevant encompassing the group, including the indication of the distribution of the tasks and powers and the relevant reporting lines and the internal control arrangements implemented, together with an organisational chart;

      2. the personal details of the heads of internal functions (management, supervisory and internal control functions), including their location and a curriculum vitae, stating relevant education, professional training and professional experience and a description of the knowledge, skills and experience necessary for the discharge of the responsibilities allocated to those heads of internal functions;

      3. the policies and procedures that are sufficiently effective to ensure compliance with Regulation (EU) 2023/1114 in accordance with Article 68(4) of that Regulation and a detailed description of the arrangements ensuring that relevant staff are aware of the procedures to be followed for the proper discharge of their responsibilities, including a detailed description of the procedures for the applicant’s staff to report potential or actual infringements of Regulation (EU) 2023/1114 in accordance with Article 116 of that Regulation;

      4. a detailed description of the arrangements for keeping records of the business and internal organisation of the applicant in accordance with Article 68(9) of Regulation (EU) 2023/1114, including the applicant’s record keeping arrangements in accordance with Commission Delegated Regulation establishing technical standards adopted pursuant to Article 68(10)(b) of Regulation (EU) 2023/1114;

      5. the arrangements enabling the management bodymeans the body or bodies of an issuer, offeror or person seeking admission to trading, or of a crypto-asset service provider, which are appointed in accordance with national law, which are empowered to set the entity’s strategy, objectives and overall direction, and which oversee and monitor management decision-making in the entity and include the persons who effectively direct the business of the entity; to assess and periodically review the effectiveness of the policy arrangements and procedures put in place to comply with Title V, Chapters 2 and 3, of Regulation (EU) 2023/1114 in accordance with Article 68(6) of that Regulation, including all the following:

        1. identification of the internal control functions in charge of monitoring those policy arrangements and procedures, together with the scope of their responsibility and reporting lines to the management bodymeans the body or bodies of an issuer, offeror or person seeking admission to trading, or of a crypto-asset service provider, which are appointed in accordance with national law, which are empowered to set the entity’s strategy, objectives and overall direction, and which oversee and monitor management decision-making in the entity and include the persons who effectively direct the business of the entity; of the applicant;

        2. indication of the periodicity of internal control functions reporting to the management bodymeans the body or bodies of an issuer, offeror or person seeking admission to trading, or of a crypto-asset service provider, which are appointed in accordance with national law, which are empowered to set the entity’s strategy, objectives and overall direction, and which oversee and monitor management decision-making in the entity and include the persons who effectively direct the business of the entity; of the applicant on the effectiveness of those policy arrangements and procedures;

        3. explanation specifying:

          1. how the applicant ensures that the internal control functions operate independently and separately from the functions they control;

          2. whether the internal control functions have access to the necessary resources and information;

          3. whether those internal control functions can report directly to the management bodymeans the body or bodies of an issuer, offeror or person seeking admission to trading, or of a crypto-asset service provider, which are appointed in accordance with national law, which are empowered to set the entity’s strategy, objectives and overall direction, and which oversee and monitor management decision-making in the entity and include the persons who effectively direct the business of the entity; of the applicant both at least once a year and on an ad hoc basis, including where they detect a significant risk of failure for the applicant to comply with its obligations under Regulation (EU) 2023/1114;

        4. a description of the ICT systems, safeguards and controls put in place to monitor the activities of the applicant and to comply with Title V, Chapters 2 and 3, of Regulation (EU) 2023/1114, including back-up systems, and ICT systems and risk controls, where not provided in accordance with Article 9 of this Regulation;

      6. where relevant, a description of the arrangements put in place to prevent and detect market abuse in accordance with Article 92 of Regulation (EU) 2023/1114;

      7. whether the applicant has appointed or will appoint external auditors and, if that is the case, their name and contact details, where available;

      8. the accounting policies and procedures by which the applicant will record and report its financial information, including the start and end dates of the applied accounting year.

    1. In accordance with Article 72 of Regulation (EU) 2023/1114 to idenitfy, prevent, manage and diclose conflicts of interest, applicants shall provide to the competent authoritymeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; all the following information on the management of conflicts of interests:

      1. a copy of the applicant’s conflicts of interest policy, together with a description of how that policy:

        1. ensures that the applicant identifies, prevents and manages conflicts of interests in accordance with Article 72(1) of Regulation (EU) 2023/1114 and discloses conflicts of interest in accordance with Article 72(2) of that Regulation;

        2. is commensurate to the scale, nature and range of crypto-asset servicesmeans any of the following services and activities relating to any crypto-asset:providing custody and administration of crypto-assets on behalf of clients;operation of a trading platform for crypto-assets;exchange of crypto-assets for funds;exchange of crypto-assets for other crypto-assets;execution of orders for crypto-assets on behalf of clients;placing of crypto-assets;reception and transmission of orders for crypto-assets on behalf of clients;providing advice on crypto-assets;providing portfolio management on crypto-assets;providing transfer services for crypto-assets on behalf of clients; that the applicant intends to provide and of the other activities of the group to which the applicant belongs;

        3. ensures that the remuneration policies, procedures and arrangements do not create conflicts of interest;

      2. how the applicant’s conflicts of interest policy ensures compliance with Commission Delegated Regulation establishing technical standards adopted pursuant to Article 72(5) of Regulation (EU) 2023/1114, including information on the systems and arrangements put in place by the applicant to:

        1. monitor, assess, review the effectiveness of its conflicts of interests policy and remedy any deficiencies;

        2. record cases of conflicts of interests, including the identification, assessment, remedy and the fact whether the case was disclosed to the clientmeans any natural or legal person to whom a crypto-asset service provider provides crypto-asset services;.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod