EBA sectoral explanation: Strengthening AML/CTF controls in the EU crypto-asset sector

On 4 December 2024, the European Banking Authority (hereinafter: “EBA”)published a comprehensive summary of guidelines on the prevention of money laundering and terrorist financing in the EU cryptocurrency asset sector. It discusses the legal developments that have taken place in this historically unregulated area of cryptocurrency asset activities and outlines the role of the EBA in this regard.

The EBA has been monitoring the use of crypto-assets since 2013, identifying two important developments in this sector from the point of view of the development of sectoral EU regulations in the field of AML/CTF. The first of these is the adoption of Directive (EU) 2018/849, which applies AML/CTF requirements to two types of service providers: a) custodian wallet providers, and b) providers engaged in exchange services between virtual and fiat currencies. The second event is the adoption of Regulation (EU) 2013/1114 (hereinafter: “MiCA Regulation”), which introduced a new legal framework in this area from December 2024.

The EBA indicates 4 elements characterising the regime introduced by the MiCA Regulation:

1. CASPs, ART and EMT issuers must obtain EU authorization by demonstrating robust controls and risk management, including AML/CFT compliance.

2. After authorization, CASPs and EMT issuers must continuously assess and address ML/TF risks with proportional policies, controls, and procedures.

3. Non-CASP ART issuers aren’t bound by specific AML/CFT controls but must still prevent serious ML/TF risks and criminal abuse.

4. CASPs must ensure transfers include originator and beneficiary details, and apply extra measures for self-hosted addresses to maintain traceability.

The EBA's role in this regard, in addition to monitoring legal changes, also includes issuing relevant guidelines (e.g. Guidelines on ML/TF risk factors or Travel rule Guidelines), draft RTS and ITS to MiCA (RTS on information for authorisation as issuers of ARTs under MiCAR or RTS specifying the information to be included in an application for authorisation as CASP), or guidelines for the supervisory authorities of the member states (Guidelines on risk-based supervision or Guidelines on the suitability assessment of members of management body of issuers of ARTs and of CASPs).

To read the full EBA explainer on preventing money laundering and terrorism financing in the EU's crypto assets sector, follow the link: https://buff.ly/41r9fiI