.svg)
Internal governance and risk management and financial crime risk management will be among the European Banking Authority’s (EBA) key areas of focus for the coming year.
The Paris-based regulator has issued a statement aiming to ensure the consistent application of the Markets in Crypto-Assets Regulation (MiCA) across the EU.
It has proposed common supervisory priorities that it hopes will ensure consistent oversight in the EU and a level playing field, something that has proven challenging with other EU regulations such as the revised Payment Services Directive (PSD2) and anti-money laundering directives.
These priorities will guide efforts for 2024/2025, leveraging supervisors' expertise and experience in monitoring crypto market risks, and will be reviewed annually based on market developments, supervisory experience and regulatory changes, according to the EBA.
The announcement is targeted at issuers, public offerers and those seeking to trade asset-referenced tokens (ARTs) and e-money tokens (EMTs), as well as consumers.
With MiCA now in force and its stablecoin compliance rules active since last week, the EBA has urged issuers to comply with new regulatory requirements and follow the technical standards and guidelines on its website.
Key supervisory priorities for 2024/2025
The EBA has identified four main supervisory priority areas: internal governance and risk management; financial resilience; technology risk management; and financial crime risk management.
High levels of holder protection and financial stability are overarching objectives in all these areas, according to the EBA.
Supervisors will verify that issuers have clear governance frameworks, assess management suitability, handle conflicts of interest, and ensure effective complaints-handling procedures and risk management frameworks.
Meanwhile, as distributed ledger technology (DLT) evolves, supervisors will assess ICT risks and operational resilience, ensuring that issuers manage these risks effectively.
They will also focus on financial crime risk management, ensuring that issuers have adequate controls to prevent and detect financial crimes, including money laundering and terrorist financing.
This includes assessing the suitability of individuals managing issuers and the adequacy of proposed financial crime controls.
The EBA said it expects a proportionate and risk-based approach to implementing supervisory priorities, considering the specific risks of entities and their impact on holders.
Supervisory activities will focus on the most relevant risks, with supervisors adapting to changes in market conditions, technology and the regulatory framework.
The regulator also said it will continue to promote cooperation and coordination between competent authorities, using tools such as bilateral discussions, peer reviews and workshops to strengthen and monitor supervisory convergence.
New guidelines on the 'travel rule'
To further combat money laundering and terrorist financing, the EBA has also issued new guidelines on the "travel rule".
This rule mandates specific information to accompany transfers of funds and certain crypto-assets.
It outlines the responsibilities of payment service providers (PSPs), intermediary PSPs (IPSPs), crypto-asset service providers (CASPs) and intermediary CASPs (ICASPs) to detect and address missing or incomplete information in such transfers.
The guidelines aim to ensure a uniform and effective implementation of the travel rule across the EU, facilitating the traceability of transfers to support the prevention, detection and investigation of financial crimes.
The EBA's guidelines clarify the application of the Transfer of Funds Regulation (TFR) by outlining criteria to determine if a payment card or device is exclusively for goods and services.
They address technical limitations in data transfer, ensure interoperability of payment systems, specify data points required for fund transfers, manage self-hosted wallets and set obligations for PSPs in direct debit transactions.
The guidelines also align with existing EBA standards on customer due diligence, compliance management, outsourcing, ICT security and restrictive measures, ensuring comprehensive regulatory compliance and financial crime prevention in the crypto-asset sector.
