On 16 January 2024, the European Banking Authority (EBA) released a final report containing guidelines which amend its existing guidelines on money laundering / terrorist financing (ML/TF) risk factors so that they extend to crypto-asset service providers (CASPs). The guidelines will provide a common understanding of ML/TF risks associated with CASPs and the steps CASPs and other credit and financial institutions should take to manage these risks.

In particular, the EBA has provided sector-specific guidance for CASPs on the factors that they should consider when assessing ML/TF risks associated with their business relationships. It also sets out ML/TF risk factors which include:

  • Transactions, such as transfers to or from self-hosted addresses, decentralised platforms or transfers involving providers of crypto-assets services that are not authorised or regulated in accordance with Regulation (EU) 2023/1114.
  • Products, such as those containing anonymity-enhancing features, or which allow transfers to and from the CASP and self-hosted and decentralised trading platforms.
  • The nature of customers and their behaviour, including when customers provide inconsistent or incorrect information, or their transaction volumes or patterns are not in line with those expected from the type of customer.
  • The customers’ or beneficial owners’ links to high-risk jurisdictions or transactions to/from jurisdictions associated with a high risk of ML/TF.

The guidelines will be translated into the official EU languages and published on the EBA’s website. The deadline for Member State competent authorities to report whether they comply with the guidelines will be 2 months after the publication of the translations. The guidelines will apply from 30 December 2024.