The EBA consults on Guidelines on internal policies, procedures and controls to ensure the implementation of Union and national sanctions

The European Banking Authority (EBA) today launched a public consultation on two sets of Guidelines on internal policies, procedures and controls to ensure the implementation of Union and national restrictive measures. Restrictive measures are binding on any person or entity under the jurisdiction of Member States. They comprise individual measures, i.e. targeted financial sanctions, and sectoral measures, i.e. financial and economic measures or embargoes. Through these Guidelines, the EBA creates, for the first time, a common understanding, among payment service providers (PSPs), crypto-asset service providers (CASPs) and their supervisors, of the steps they need to take to be able to comply with restrictive measures. The consultation runs until 25 March 2024.

Weaknesses in internal policies, procedures and controls expose financial institutions to legal, reputational risks, and the risk of significant fines in case of non-compliance. Together, they undermine the effectiveness of the EU’s restrictive measures regimes, lead to potential circumvention of restrictive measures and affect the stability and integrity of the EU’s financial system.

One set of draft Guidelines is addressed to financial institutions and prudential supervisors and sets common, regulatory expectations regarding the role of senior management, internal governance and risk management in the restrictive measures context. 

A second set of draft Guidelines, addressed to PSPs and CASPs, sets out what PSPs and CASPs should do to be able to comply with restrictive measures when performing transfers of funds and crypto-assets and focus, in particular, on know your customer (KYC), screening and due diligence. 

Consultation process

Comments to the consultation paper can be sent by clicking on the "send your comments" button on the EBA's consultation page. The deadline for the submission of comments is 25 March 2024.

The EBA will hold a virtual public hearing on the consultation paper on 8 February 2024 from 10:00 to 12:00 CET. The EBA invites interested stakeholders to register using this link by 31 January  2024 at 18:00 CET.  The dial-in details will be communicated to those who have registered for the meeting.  

All contributions received will be published following the end of the consultation, unless requested otherwise.

Legal basis, background

In July 2021 the European Commission issued a legislative package with four proposals to reform the EU’s legal and institutional anti-money laundering and countering the financing of terrorism (AML/CFT) framework. The legislative package included a proposal for a new Regulation (EU) on information accompanying transfers of funds and certain crypto-assets. This Regulation (EU) 2023/1113 was adopted on 9 June 2023 and applies from 30 December 2024.

Article 23 of this Regulation requires the EBA to issue guidelines on internal policies, procedures and controls to ensure the implementation of Union and national restrictive measures when performing transfers of funds and crypto-assets under this Regulation.

The EBA complements the Guidelines under Regulation (EU) 2023/1113 with own-initiative Guidelines to address wider internal controls and risk management issues, based on Articles 74 of Directive 2013/36/EU, 11(4) of Directive (EU) 2015/2366 and 3(1) of Directive (EC) 2009/110/EC.  They clarify how restrictive measures policies and procedures interact with financial institutions’ wider governance and risk management frameworks, to avoid operational and legal risks for financial institutions and ensure an effective implementation of restrictive measures.