Between 4 December 2024 and 4 February 2025, we publicly consulted on amendments to Commission Delegated Regulation (EU) 2018/1108. We proposed to extend its scope to crypto-asset service providers (CASPs). The draft RTS specifies the criteria for CASPs to appoint a central contact point to ensure compliance with the host Member State’s AML/CFT obligations. A public hearing was held 16 January.

We are now reviewing the responses and feedback received. The final draft RTS is expected to be published in Q2 2025.

In March, we published the Consumer Trends Report (CTR). The CTR summarises the views of national consumer protection authorities, consumer associations, industry associations and national ombudsmen, among others.

This year, the information we obtained suggests that ‘de-risking’ remains an important issue for EU consumers.

De-risking occurs if a financial institution decides not to provide a financial service to a customer. It can be a necessary risk-management tool. But de-risking can also be unwarranted, for example if an institution does not take into account an individual customers’ risk profile. The information we received for the CTR does not distinguish between warranted and unwarranted derisking.

We are now assessing possible next steps because access to basic financial products and services is an important public interest goal. In the meantime, institutions and their supervisors should have regard to our Guidelines on derisking, which we issued last year. Our factsheet on de-risking has more information.

In January, ESMA issued a “Supervisory Briefing” to assist national competent authorities in the practical application of the Market in Crypto Assets Regulation (MiCA) requirements for authorising crypto-asset service providers (CASPs). It promotes harmonised authorisation practices across the EU, and highlights how different factors, such as CASP size, complexity, cross-border activity, and business models, can influence the level of scrutiny required during the authorisation process.

With regard to AML/CFT, ESMA highlights that ML/TF risks in the sector are often increased, which means that national competent authorities need to consider these risks as part of their authorisation processes. Where necessary, MiCAR authorities should consult and cooperate with AML/CFT authorities in this context.  

In January, we published a report with ESMA that analyses recent developments in the crypto-assets market, specifically focusing on decentralised finance (DeFi) and crypto lending, borrowing, and staking. This analysis contributes to the European Commission’s upcoming report to the European Parliament and Council, as required by Article 142 of MiCAR.

The report provides an in-depth look at the DeFi landscape, identifying key risks such as ICT vulnerabilities and the potential for money laundering and terrorist financing (ML/TF). It also examines the business models and associated risks in the crypto lending, borrowing, and staking markets, noting challenges such as information asymmetries and systemic risks.

In January 2025, the EBA, in coordination with the European Commission’s AMLA Task Force, hosted a workshop for AML/CFT supervisors on SupTech and AI. The aim was to explore the opportunities afforded by new technologies, and to identify best practices to support their effective adoption. Supervisors from all EU Member States and some third countries attended.

Technology can make AML/CFT supervision more effective and efficient by optimising workflows and supporting informed decision-making, but it needs to be targeted to meet specific supervisory needs. It also needs to be designed to make sure that appropriate safeguards are in place, especially where sensitive data is being processed. For this reason, close cooperation between IT, AML/CFT and data protection experts is important.

The use of SupTech in AML/CFT supervision is still at an early stage, with 35% of competent authorities exploring, developing, or implementing, their first SupTech tool. Going forward, closer collaboration between AML/CFT supervisors could be conducive to the development of common, innovative  solutions that enhance the effectiveness of AML/CFT supervision across the EU.

In February 2025, we published the findings of a peer review on tax integrity and dividend arbitrage schemes. This peer review looked at follow-up actions European supervisors, prudential and AML/CFT alike, completed since the EBA issuance, in April 2020, of an action plan on dividend arbitrage trading schemes.

It also considered tax integrity issues more broadly. The peer review found a number of good practices, but also revealed specific areas for improvement for EU supervisors in the areas of tax integrity and formulated specific recommendations and follow-up measures.

In November, we published two sets of Guidelines on internal policies, procedures and controls to ensure the implementation of Union and national restrictive measures. The Guidelines set out the common EU standards on the governance arrangements and the policies, procedures and controls financial institutions should have in place to be able to comply with Union and national restrictive measures. The Guidelines have now been translated into all official EU languages and were published on the EBA website on 11 February 2025.

The deadline for competent authorities to confirm their intention to comply with the Guidelines or to provide their justification for non compliance is 11 April 2025. Compliance notifications are public and can be accessed on the EBA website.

On 31 December 2024, the new EU crypto-asset framework entered into force. This includes MiCAR (Regulation (EU) 2023/1114), the transfer of funds and certain crypto-assets Regulation (Regulation (EU) 2023/1113) and amendments to Directive (EU) 2015/849. CASPs must put in place robust systems and controls to ensure that they are not misused for illicit activities.

We published an overview of all financial crime requirements that apply to CASPs here.

While the new EU AML/CFT package is now legally in force, the EBA will retain its AML/CFT responsibilities until the end of 2025, while AMLA is set up.

During the transition phase, we monitor risks, set common standards and work closely with national supervisors, the European Commission and AMLA to minimise disruption and ensure continuity in the EU’s fight against financial crime (see more explanation here).

The EBA is currently focusing on establishing cooperation mechanisms to ensure a holistic approach to the fight against financial crime. For instance, we are working on handing over EuReCA, the EBA’s AML/CFT database, to AMLA. And together with ESMA and EIOPA, we are preparing an agreement on how AMLA and the ESAs will cooperate to ensure that we can share information, and that synergies between our respective areas of competence are factored into the policy-making process, making the EU’s fight against financial crime more targeted and effective.

The EBA  consults on new rules related to the anti- money laundering and countering the financing of terrorism package

In March, we launched a consultation on four draft technical standards (RTS) that will be central to the EU’s future AML/CFT regime. These draft technical standards will form part of our response to the European Commission’s Call for Advice.

The public consultation is open until 6 June 2025. There will be a public hearing on 10 April. Registrations for the public hearing are open until 8 April, 16:00 CET.

The consultation paper consists of four RTSs

In March, we launched a consultation on four draft technical standards (RTS) that will be central to the EU’s future AML/CFT regime. These draft technical standards will form part of our response to the European Commission’s Call for Advice.

The public consultation is open until 6 June 2025. There will be a public hearing on 10 April. Registrations for the public hearing are open until 8 April, 16:00 CET.

The consultation paper consists of four RTSs:

And a happy new year!

We wish you a merry Christmas from all at the EBA!

To round off the year, we have produced a short video highlighting key areas of our work and progress in 2024. The video cuts through the jargon that may hinder European citizens from fully understanding the role of the EBA, and details everything you need to know in a fuss-free way.

Merry Christmas!

To round off the year, we have produced a short video highlighting key areas of our work and progress in 2024. The video cuts through the jargon that may hinder the European citizens from fully understanding the role of the EBA, and details everything you need to know in a fuss-free way.

To round off the year, we have produced a short video highlighting key areas of our work and progress in 2024. The video cuts through the jargon that may hinder the European citizens from fully understanding the role of the EBA, and details everything you need to know in a fuss-free way.

We wish you a merry and peaceful Christmas from all at the EBA!

In December, we published a Report on the functioning of AML/CFT colleges in 2023. This Report sets out the findings and observations from our monitoring of colleges. The Report finds that competent authorities continued to improve the functioning of AML/CFT colleges. Nevertheless, further progress is needed especially in two key areas, namely: adjusting the functioning of AML/CFT colleges to the ML/TF risks to which the underlying firm is exposed, and discussing the need for a common approach or joint action. Lastly, the Report includes some targeted recommendations addressed to competent authorities to further improve the effectiveness of AML/CFT colleges going forward.

The MiCAR sets out that “Crypto-asset service providers that provided their services in accordance with applicable law before 30 December 2024, may continue to do so until 1 July 2026 or until they are granted or refused an authorisation pursuant to Article 63, whichever is sooner.” This transitional provision gives CASPs that already operated under an applicable framework (AMLD or a domestic AML/CFT regime) before the date of application of the MiCAR on 30 December 2024 the possibility to continue to provide their services while applying for a CASP license under the MiCAR.