On 14 November 2024, the European Banking Authority (EBA) issued two sets of final guidelines that, for the first time, set common EU standards on the governance arrangements and the policies, procedures and controls financial institutions should have in place to be able to comply with the EU and national restrictive measures.

First guidelines

The first set of guidelines is addressed to all institutions within the EBA’s supervisory remit. They are own-initiative guidelines under Directives 2013/36/EU, 2015/2366 and 2009/110/EC. They include provisions that are necessary to ensure that financial institutions’ governance and risk management systems are sound and sufficient to address the risk that they might breach or evade restrictive measures.

Second guidelines

The second set of guidelines fulfil the mandate in Article 23 of Regulation (EU) 2023/1113 and is specific to payment service providers (PSPs) and crypto-asset service providers (CASPs) and specify what PSPs and CASPs should do to be able to comply with restrictive measures when performing transfers of funds or crypto-assets.

Next steps

The deadline for Member State competent authorities to report whether they comply with the guidelines will be two months after the publication of the translations into the official EU languages.

The guidelines will apply from 30 December 2025.