Information accompanying transfers of funds and certain crypto assets
SUMMARY OF:
Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto assets
WHAT IS THE AIM OF THE REGULATION?
The regulation is a recast of Regulation (EU) 2015/847 on information accompanying transfers of funds. It extends the scope of Regulation (EU) 2015/847 in order to also cover transfers of crypto-assets*.
The regulation lays down rules on the information on payers and payees accompanying transfers of funds, in any currency, and on the information on originators and beneficiaries accompanying transfers of crypto assets, along with rules on internal policies, procedures and controls to ensure implementation of restrictive measures.
KEY POINTS
The regulation applies to transfers of funds (in any currency) and crypto assets sent or received by a payment service provider or intermediary registered in the EU.
It does not apply to:
-
transfers of funds or electronic money tokens using payment cards, electronic money instruments, mobile phones or other similar digital or IT prepaid or postpaid devices when:
- the transfer is to pay for goods or services,
- the number of the card instrument or device accompanies all transfers flowing from the transaction;
-
certain transfers such as a payer withdrawing money from their own account or the payment of taxes or fines to a public authority;
-
transfers of crypto -assets when:
- both the sender and the beneficiary are acting on their own behalf,
- the transfer is from person to person without the involvement of a crypto asset service provider.
A payer’s payment service provider:
-
must provide and verify information such as the name and account number of the payer and payee and the former’s address and official identity details when transferring funds;
-
may limit the information to the account details of the payer and payee and, if necessary, the unique transaction identifier, if all the payment service providers involved in the transfer are established in the EU;
-
must supply additional information within 3 working days if so requested by the payee’s service provider.
A payee’s service provider:
-
must check whether all the required information on the payer and the payee has been inputted correctly in the messaging or payment and settlement system and determine whether any data are missing;
-
decides whether to execute, reject or suspend a transfer if basic payer and payee information has not been provided and may request additional details;
-
warns a payment service provider if they repeatedly fail to supply the information requested before rejecting transfers from that source and informing the authority responsible for anti-money laundering and counterterrorist financing;
-
takes account of missing information when assessing whether a transfer is suspicious and should be reported to the financial intelligence unit.
Intermediary payment service providers also have obligations when confronted with missing information. They have the additional responsibility of ensuring all payer and payee details remain with the transfer at all times.
An originator’s crypto asset service provider:
-
ensures that all transfers are accompanied by details of the originator and the beneficiary, such as their names, distributed ledger address and crypto asset account numbers;
-
checks the accuracy of the information it has received;
-
verifies whether a self-hosted address is owned or controlled by the originator for all transfers over €1,000.
A beneficiary’s crypto asset service provider:
-
checks that the information about the originator and beneficiary is included with, or follows, the transfer or batch file transfer of crypto assets;
-
ensures that the transfer of crypto assets from a self-hosted address can be individually identified;
-
assesses, for all transfers over €1,000 from a self-hosted address, whether the beneficiary owns or controls that address;
-
verifies the accuracy of the information about the beneficiary before handing over the crypto assets;
-
decides whether to execute, reject, return or suspend a transfer of crypto assets that lacks information and takes appropriate follow-up action;
-
may reject or return crypto assets or request further details if the information is missing or incomplete;
-
warns a crypto asset service provider if they repeatedly fail to supply the information requested before rejecting transfers from that source, restricting or terminating its business relationship, and informing the authority responsible for anti-money laundering and counterterrorist financing;
-
takes account of missing information when assessing whether a transfer is suspicious and should be reported to the financial intelligence unit.
Intermediary crypto asset service providers also have obligations when confronted with missing information. They have the additional responsibility of ensuring that all originator and beneficiary details are transmitted with the transfer and the information is kept and made available when requested.
Both payment and crypto asset service providers will:
-
have internal policies, procedures and controls in place to ensure EU and national rules are applied when transferring funds or crypto assets;
-
respond fully and without delay to enquiries from authorities responsible for preventing and combating money laundering and terrorist financing;
-
keep information on the payer/payee and originator/beneficiary for 5 years with the option of a further 5 years if an EU Member State so decides.
The European Banking Authority and European Data Protection Board issue guidelines on implementing the legislation.
Member States:
-
determine sanctions for breaches of the regulation;
-
publish when these are applied;
-
encourage reporting of law-breaking to the authorities charged with monitoring compliance.
The European Commission:
-
will submit a report to the European Parliament and the Council of the European Union by 31 December 2026, and every 3 years thereafter, on sanctions and monitoring activities;
-
will assess the risks of transfers to or from non-EU self-hosted addresses by 1 July 2026;
-
will report to the Parliament and the Council by 30 June 2027 on the regulation’s application and enforcement;
-
can authorise a Member State, under specific conditions, to treat transfers with a non-EU country as if they were a domestic operation.
The regulation:
FROM WHEN DOES THE REGULATION APPLY?
It applies from 30 December 2024.
BACKGROUND
The regulation is part of a package of measures the Commission tabled in July 2021. It ensures traceability of crypto asset transfers to identify and block possible suspicious transactions. It implements standards on new technologies issued by the Financial Action Task Force to tackle money laundering and terrorist financing.
KEY TERMS
Crypto asset. A digital representation of a value or right that can be transferred and stored electronically using a distributed ledger or similar technology.
MAIN DOCUMENT
Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849 (OJ L 150, 9.6.2023, pp. 1–39).
RELATED DOCUMENTS
Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (OJ L 150, 9.6.2023, pp. 40–205).
Successive amendments to Regulation (EU) 2023/1114 have been incorporated into the original text. This consolidated version is of documentary value only.
Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (OJ L 141, 5.6.2015, pp. 1–18).
See consolidated version.
Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, pp. 73–117).
See consolidated version.
last update 24.04.2024