27 November 2023

The European Banking Authority (EBA) today extended its risk-based anti-money laundering and countering the financing of terrorism (AML/CFT) supervision guidelines to AML/CFT supervisors of crypto-asset service providers (CASPs). The new guidelines set clear expectations of the steps supervisors should take to identify and manage money laundering and terrorism financing (ML/TF) risks in this sector and are an important step forward in the EU’s fight against financial crime.

CASPs can present high ML/TF risks. They also operate across borders. This is why a common supervisory approach to tackling ML/TF risks in that sector is important. By extending the scope of its AML/CFT Supervision Guidelines to supervisors of CASPs, the EBA fosters a common understanding, across all Member States, of the risk-based approach to the AML/CFT supervision of CASPs and how it should be applied.

Today’s amendments include guidance on the sources of information competent authorities should consider when assessing ML/TF risks associated with CASPs. They highlight the importance of a consistent approach in setting supervisory expectations, where multiple competent authorities are responsible for the supervision of the same institutions. They also emphasise the importance of training so that staff from competent authorities have the technical skills and expertise necessary to carry out their roles.

The EBA will issue AML/CFT guidance for CASPs through forthcoming amendments to the EBA’s ML/TF Risk Factors Guidelines, and new Guidelines to prevent the abuse of fund and crypto-asset transfers for ML/TF purposes.

Legal basis, background and next steps

Directive (EU) 2015/849 puts the risk-based approach at the centre of Europe’s AML/CFT regime. The requirements in this Directive were complemented by the mandate given to the EBA under Article 48(10) of the same Directive requiring the EBA to issue guidelines to competent authorities on the characteristics of a risk-based approach to AML/CTF supervision.

Article 36 of Regulation (EU) 2023/1113 requires the EBA to issue Guidelines addressed to competent authorities on the characteristics of a risk-based approach to supervision of CASPs and the steps to be taken when conducting such supervision.

Additionally, Regulation (EU) 2023/1114 will bring crypto-asset services and activities within the EU regulatory scope and will ensure that CASPs become subject to EU AML/CFT obligations and supervision. This will ensure that the AML/CTF regulatory and supervisory framework is aligned with international recommendations and that the ML/TF risks associated with this sector are addressed and effectively managed.

The amending Guidelines will be translated into the official EU languages and published on the EBA website. A consolidated version will also be published on the EBA website. The deadline for competent authorities to report whether they comply with the Guidelines will be two months after the publication of the translations. The amending Guidelines will apply from 30 December 2024.