The European Banking Authority (EBA) has expanded its Guidelines on money laundering (ML) and terrorist financing (TF) risk factors to include crypto-asset service providers (CASPs). These Guidelines emphasize the importance of addressing ML/TF risks in the context of crypto assets and represent a significant advancement in the EU’s efforts against financial crime.

CASPs are identified as potential avenues for financial crime, given their susceptibility to money laundering and terrorist financing. Risks are heightened due to the rapidity of crypto-asset transfers and certain products with features that conceal user identities.

The Guidelines aim to help CASPs recognize and mitigate these risks by providing a non-exhaustive list of factors related to customers, products, delivery channels, and geographical locations.

The Guidelines encourage CASPs to understand their customer base and identify vulnerable aspects of their business susceptible to ML/TF. Additionally, they outline how CASPs should tailor mitigating measures, including using blockchain analytics tools. The EBA recognizes the interconnectedness of the financial sector and extends guidance to credit and financial institutions with business relationships or exposure to crypto assets, especially when dealing with unauthorized crypto-asset service providers.

The expansion of the ML/TF Risk Factors Guidelines harmonizes the risk-based approach to anti-money laundering and combating the financing of terrorism (AML/CFT) across the EU for CASPs. Competent authorities must report compliance within two months after translations into official EU languages, with the Guidelines taking effect from December 30, 2024.
The EBA has also issued Guidelines on AML/CFT supervision for CASPs and is in the consultation phase for new Guidelines to prevent the misuse of fund and crypto-asset transfers for ML/TF purposes (Travel Rule Guidelines). Additionally, Guidelines on internal policies, procedures, and controls, applicable to CASPs and other financial institutions complying with restrictive measures, are under consideration.

The updated title and new points in Guideline 1.7 underscore the importance of assessing ML/TF risk exposure before launching new products, services, or business practices, including the adoption of innovative technologies. The EBA emphasizes the need for a thorough assessment, reflecting this in the overall business-wide risk assessment and relevant policies and procedures.

The EBA’s extended Guidelines address ML/TF risks associated with crypto assets, guide CASPs in risk assessment and mitigation and promote a standardized approach to AML/CFT across the EU.