EBA AML/CFT Newsletter Issue 15 – 2025
Read the online version
  07 April 2025  

EBA AML/CFT Newsletter
EBA
EBA-logo-full-colour-2355x872-small2

Follow us |

Latest News

The new crypto-asset framework is now fully implemented

On 31 December 2024, the new EU crypto-asset framework entered into force. This includes MiCAR (Regulation (EU) 2023/1114), the transfer of funds and certain crypto-assets Regulation (Regulation (EU) 2023/1113) and amendments to Directive (EU) 2015/849. CASPs must put in place robust systems and controls to ensure that they are not misused for illicit activities.

We published an overview of all financial crime requirements that apply to CASPs here.

EBA and ESMA report on recent developments in crypto-assets

In January, we published a report with ESMA that analyses recent developments in the crypto-assets market, specifically focusing on decentralised finance (DeFi) and crypto lending, borrowing, and staking. This analysis contributes to the European Commission’s upcoming report to the European Parliament and Council, as required by Article 142 of MiCAR.

The report provides an in-depth look at the DeFi landscape, identifying key risks such as ICT vulnerabilities and the potential for money laundering and terrorist financing (ML/TF). It also examines the business models and associated risks in the crypto lending, borrowing, and staking markets, noting challenges such as information asymmetries and systemic risks.

EBA hosts a workshop on AML/CFT SupTech

In January 2025, the EBA, in coordination with the European Commission’s AMLA Task Force, hosted a workshop for AML/CFT supervisors on SupTech and AI. The aim was to explore the opportunities afforded by new technologies, and to identify best practices to support their effective adoption. Supervisors from all EU Member States and some third countries attended.

Technology can make AML/CFT supervision more effective and efficient by optimising workflows and supporting informed decision-making, but it needs to be targeted to meet specific supervisory needs. It also needs to be designed to make sure that appropriate safeguards are in place, especially where sensitive data is being processed. For this reason, close cooperation between IT, AML/CFT and data protection experts is important.

The use of SupTech in AML/CFT supervision is still at an early stage, with 35% of competent authorities exploring, developing, or implementing, their first SupTech tool. Going forward, closer collaboration between AML/CFT supervisors could be conducive to the development of common, innovative  solutions that enhance the effectiveness of AML/CFT supervision across the EU.

ESMA asks supervisors to consider ML/TF risks when authorising CASPs

In January, ESMA issued a “Supervisory Briefing” to assist national competent authorities in the practical application of the Market in Crypto Assets Regulation (MiCA) requirements for authorising crypto-asset service providers (CASPs). It promotes harmonised authorisation practices across the EU, and highlights how different factors, such as CASP size, complexity, cross-border activity, and business models, can influence the level of scrutiny required during the authorisation process.

With regard to AML/CFT, ESMA highlights that ML/TF risks in the sector are often increased, which means that national competent authorities need to consider these risks as part of their authorisation processes. Where necessary, MiCAR authorities should consult and cooperate with AML/CFT authorities in this context.  

EBA Peer review on tax integrity

In February 2025, we published the findings of a peer review on tax integrity and dividend arbitrage schemes. This peer review looked at follow-up actions European supervisors, prudential and AML/CFT alike, completed since the EBA issuance, in April 2020, of an action plan on dividend arbitrage trading schemes.

It also considered tax integrity issues more broadly. The peer review found a number of good practices, but also revealed specific areas for improvement for EU supervisors in the areas of tax integrity and formulated specific recommendations and follow-up measures.

The Restrictive Measures Guidelines have been translated into all EU languages

In November, we published two sets of Guidelines on internal policies, procedures and controls to ensure the implementation of Union and national restrictive measures. The Guidelines set out the common EU standards on the governance arrangements and the policies, procedures and controls financial institutions should have in place to be able to comply with Union and national restrictive measures. The Guidelines have now been translated into all official EU languages and were published on the EBA website on 11 February 2025.

The deadline for competent authorities to confirm their intention to comply with the Guidelines or to provide their justification for non compliance is 11 April 2025. Compliance notifications are public and can be accessed on the EBA website.

The EBA consults on new rules related to the anti- money laundering and countering the financing of terrorism package

In March, we launched a consultation on four draft technical standards (RTS) that will be central to the EU’s future AML/CFT regime. These draft technical standards will form part of our response to the European Commission’s Call for Advice.

The public consultation is open until 6 June 2025. There will be a public hearing on 10 April. Registrations for the public hearing are open until 8 April, 16:00 CET.

The consultation paper consists of four RTSs:

Draft RTS on sanctions  

This RTS is about the indicators and criteria supervisors need to take into account when setting the level of pecuniary sanctions or taking administrative measures for AML/CFT breaches. They also include a methodology on periodic penalty payments. The objective is to ensure that anti-money laundering and countering the financing of terrorism (AML/CFT) breaches are assessed in the same way by all supervisors across the EU and that the enforcement action is proportionate, dissuasive and effective. 

Draft RTS on Customer Due Diligence (CDD)  

The RTS on CDD is about the information obliged entities need to collect to perform standard, enhanced or simplified CDD. They also help supervisors determine the extent to which e-money issuers can benefit from CDD exemptions and specify which attributes electronic identification means must feature so that they can be used for CDD purposes. The aim is to support the adoption of robust CDD processes that are proportionate and effective, and that are consistent across all Member States  

Draft RTS on ML/TF risks  

This RTS defines the methodology supervisors will use to assess and classify the inherent and residual ML/TF risk profiles of obliged entities. They also include the data points obliged entities may have to provide to make that assessment possible.  These data points are specific to different sectors, which limits the amount of data smaller and less complex institutions will have to provide. Cross-border institutions will also benefit as all supervisors will request the same data. Overall, the aim is to put in place a common risk-assessment process that leads to reliable and comparable outcomes, and that keeps the reporting burden to a necessary minimum. 

Draft RTS Article on the selection of directly supervised firms  

These RTS contain the methodology AMLA will use to determine which institutions it will directly supervise. Under this proposal, AMLA would first determine which institutions are eligible in principle, based on the nature and scale of their cross-border activity. It would then use the ML/TF risk assessments under Article 40 of the AMLD to select those institutions that would benefit most from central, EU-level, AML/CFT supervision. 

The EBA supports the smooth transition to the new legal and institutional AML/CFT framework

While the new EU AML/CFT package is now legally in force, the EBA will retain its AML/CFT responsibilities until the end of 2025, while AMLA is set up.

During the transition phase, we monitor risks, set common standards and work closely with national supervisors, the European Commission and AMLA to minimise disruption and ensure continuity in the EU’s fight against financial crime (see more explanation here).

The EBA is currently focusing on establishing cooperation mechanisms to ensure a holistic approach to the fight against financial crime. For instance, we are working on handing over EuReCA, the EBA’s AML/CFT database, to AMLA. And together with ESMA and EIOPA, we are preparing an agreement on how AMLA and the ESAs will cooperate to ensure that we can share information, and that synergies between our respective areas of competence are factored into the policy-making process, making the EU’s fight against financial crime more targeted and effective.

The EBA’s Consumer Trends Report 2024/25 finds that de-risking remains a key issue facing EU consumers

In March, we published the Consumer Trends Report (CTR). The CTR summarises the views of national consumer protection authorities, consumer associations, industry associations and national ombudsmen, among others.

This year, the information we obtained suggests that ‘de-risking’ remains an important issue for EU consumers.

De-risking occurs if a financial institution decides not to provide a financial service to a customer. It can be a necessary risk-management tool. But de-risking can also be unwarranted, for example if an institution does not take into account an individual customers’ risk profile. The information we received for the CTR does not distinguish between warranted and unwarranted derisking.

We are now assessing possible next steps because access to basic financial products and services is an important public interest goal. In the meantime, institutions and their supervisors should have regard to our Guidelines on derisking, which we issued last year. Our factsheet on de-risking has more information.

Coming up

The EBA is finalising its draft RTS on the criteria to appoint a central contact point for CASPs

Between 4 December 2024 and 4 February 2025, we publicly consulted on amendments to Commission Delegated Regulation (EU) 2018/1108. We proposed to extend its scope to crypto-asset service providers (CASPs). The draft RTS specifies the criteria for CASPs to appoint a central contact point to ensure compliance with the host Member State’s AML/CFT obligations. A public hearing was held 16 January.

We are now reviewing the responses and feedback received. The final draft RTS is expected to be published in Q2 2025.
You are receiving this newsletter because you have previously expressed an interest in the European Banking Authority’s work to lead, coordinate and monitor the EU financial sector’s fight against money-laundering and terrorist financing. | We will be publishing this newsletter four times per year. If you do not wish to receive the newsletter, please ‘unsubscribe’. You can also find more information on the EBA’s AML/CFT page. Subscribe, if this email was forwarded to you. | You can unsubscribe on your profile page.
The European Commission is committed to personal data protection. Any personal data is processed in line with the Regulation (EU) 2018/1725. Please read the privacy statement.