On 16th January, the European Banking Authority (EBA) published new Guidelines on the prevention of money laundering and terrorist financing (MLTF) specifically applicable to crypto-asset service providers (CASPs).
These new orientations amend Guidelines EBA/2021/02 and provide sector-specific instructions for CASPs to, on one hand, support these entities in their MLTF risk assessment, and, on the other, support them in the effective mitigation of these risks. For this purpose, EBA’s Guidelines provide a non-exhaustive list of specific risk factors, adjusted to the specific activity of crypto-asset service providers, since said risks differ in many ways from the MLTF risks typically associated with the activity pursued by other financial entities.
Additionally, the Guidelines aim to harmonise the approach that should be adopted by CASPs established in the European Union when implementing the risk-based approach principle within the scope of MLTF prevention.
The European Banking Authority emphasises that the speed of crypto-asset transfers and the possible use of products that mask or completely hide the identity of their beneficiaries and/or their recipients increase the likelihood of CASPs being used for the purposes of committing illicit activities, which may include MLTF. Bearing that in mind, the European Banking Authority emphasises the importance of correctly identifying the risks to which CASPs are exposed to and equipping themselves with the appropriate means and procedures for the effective mitigation of said risks, notably through the use of appropriate IT monitoring systems (blockchain analytics tools).
The non-exhaustive list of specific risk factors and their corresponding mitigation measures, as included in the new Guidelines, also considers the type of clients, products, distribution channels, as well as the geographical location of the parties involved in the transaction. Moreover, the Guidelines highlight the enhanced due diligence (EDD) measures that CASPs should implement in situations of increased risks specifically associated with their type of activity, namely in relation to (i) establishing correspondence relationships with CASPs headquartered outside the European Union, (ii) transfers associated with self-hosted wallets, and (iii) transfers involving decentralised platforms.
Due to the correlation verified within the financial sector, the new Guidelines also include orientations for all credit and financial institutions in general, insofar as they have crypto-asset service providers as clients or are otherwise exposed to crypto‑assets.
The revised Guidelines as published by the European Banking Authority must now be translated into the various official languages and will be officially applicable from 30th December 2024.
The European Banking Authority’s Guidelines are particularly important since national supervisory authorities will now follow these guidelines when assessing supervised entities. Therefore, it is expected that the Bank of Portugal will closely monitor this issue.
Morais Leitão has been advising its clients on the legal analysis of the legislation and sector regulations applicable to the prevention of money laundering and terrorist financing, both in its theoretical aspects and in relation to its practical implementation, remaining available for any clarification on this matter.