Beta

Source: OJ L, 2025/303, 20.2.2025

Current language: EN

Article 3 Detection and prevention of money laundering and terrorist financing

For the purposes of Article 60(7), point (b)(i) and (ii), of Regulation (EU) 2023/1114, the notifying entity shall provide the competent authoritymeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; with information on its internal control mechanisms, policies and procedures to ensure compliance with the provisions of national law transposing Directive (EU) 2015/849 and on the risk assessment framework to manage risks relating to money laundering and terrorist financing, including the following:

  1. the notifying entity’s assessment of the inherent and residual risks of money laundering and terrorist financing associated with its provision of crypto-asset servicesmeans any of the following services and activities relating to any crypto-asset:providing custody and administration of crypto-assets on behalf of clients;operation of a trading platform for crypto-assets;exchange of crypto-assets for funds;exchange of crypto-assets for other crypto-assets;execution of orders for crypto-assets on behalf of clients;placing of crypto-assets;reception and transmission of orders for crypto-assets on behalf of clients;providing advice on crypto-assets;providing portfolio management on crypto-assets;providing transfer services for crypto-assets on behalf of clients;, including the risks relating to:

    1. the notifying entity’s customer base;

    2. the services provided;

    3. the distribution channels used;

    4. the geographical areas of operation;

  2. the measures that the notifying entity has or will put in place to prevent the identified risks and comply with applicable anti-money laundering and counter-terrorist financing requirements, including the notifying entity’s risk assessment process, the policies and procedures to comply with customer due diligence requirements, and the policies and procedures to detect and report suspicious transactions or activities;

  3. detailed information on how internal control mechanisms, policies and procedures are adequate and proportionate to the scale, nature, inherent risk of money laundering and terrorist financing, including the range of crypto-asset servicesmeans any of the following services and activities relating to any crypto-asset:providing custody and administration of crypto-assets on behalf of clients;operation of a trading platform for crypto-assets;exchange of crypto-assets for funds;exchange of crypto-assets for other crypto-assets;execution of orders for crypto-assets on behalf of clients;placing of crypto-assets;reception and transmission of orders for crypto-assets on behalf of clients;providing advice on crypto-assets;providing portfolio management on crypto-assets;providing transfer services for crypto-assets on behalf of clients; provided, the complexity of the business model and how the notifying entity ensures its compliance with Directive (EU) 2015/849 and Regulation (EU) 2023/1113 of the European Parliament and of the Council(7)Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849 (OJ L 150, 9.6.2023, p. 1, ELI: http://data.europa.eu/eli/reg/2023/1113/oj).;

  4. the identity of the person in charge of ensuring the notifying entity’s compliance with anti-money laundering and counter-terrorist financing requirements, including evidence of that person’s skills and expertise;

  5. arrangements, human and financial resources devoted to ensure, based on annual indications, that staff of the notifying entity is appropriately trained in anti-money laundering and counter-terrorist financing matters and on specific crypto-assetmeans a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology; related risks;

  6. a copy of the notifying entity’s anti-money laundering and counter-terrorism policies, procedures and systems;

  7. a summary document outlining changes that have been made to the notifying entity’s anti-money laundering and counter-terrorism procedures and systems as a consequence of the planned crypto-asset servicesmeans any of the following services and activities relating to any crypto-asset:providing custody and administration of crypto-assets on behalf of clients;operation of a trading platform for crypto-assets;exchange of crypto-assets for funds;exchange of crypto-assets for other crypto-assets;execution of orders for crypto-assets on behalf of clients;placing of crypto-assets;reception and transmission of orders for crypto-assets on behalf of clients;providing advice on crypto-assets;providing portfolio management on crypto-assets;providing transfer services for crypto-assets on behalf of clients;;

  8. the frequency of the assessment of the adequacy and effectiveness of the internal control mechanisms, systems and procedures, including the identity of the person or function responsible for such assessment.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod