On 21 December 2023, the EBA published a Consultation Paper (CP) on 2 draft Guidelines (GLs) on internal policies, procedures and controls to ensure the implementation of EU and national restrictive measures. The draft EBA GLs create a common understanding, among entities like payment service providers (PSPs), crypto-asset service providers (CASPs) and their supervisors, of the steps needed to comply with restrictive measures (EU restrictive measures adopted by the EU under Art. 29 TEU or Art. 215 TFEU and national restrictive measures adopted by Member States in compliance with their national legal order). Restrictive measures are binding on any person or entity under the jurisdiction of Member States and comprise individual measures (targeted financial sanctions) and sectoral measures (financial and economic measures or embargoes). The first set of draft EBA GLs is addressed to financial institutions (FIs) subject to supervision and regulation under, among others, the PSD2 and EMD2 and prudential supervisors and sets common, regulatory expectations with regard to the role of senior management, internal governance and risk management in the context of restrictive measures. The second set of draft EBA GLs is addressed to PSPs and CASPs and sets out the steps needed to comply with restrictive measures when they are performing transfers of funds and crypto-assets as defined in the TFR and it especially focuses on Know Your Customer (KYC), screening and due diligence. The deadline for comments is 24 March 2024. The consultation form can be found here. A virtual public hearing will be held by the EBA on 8 February 2024 from 10h to 12h CET (deadline for registration via this link is by 31 January 2024 at 18h CET).
Related Posts
ESAs publication of the Joint Final Report on the draft Regulatory Technical Standards (RTS) to specify the elements that a financial entity needs to determine and assess when subcontracting information and communication technology (ICT) services supporting critical or important functions as mandated under Regulation 2022/2554/EU (DORA), 26 July 2024
EBA publication of the Final Report on the Final Draft ITS amending Commission Implementing Regulation 2021/451/EU on supervisory reporting mentioned in Art. 430(7) of Regulation 575/2013/EU (CRR) concerning output floor, credit risk, market risk, operational risk, crypto assets and leverage ratio, 9 July 2024
Publication of the European Commission Delegated Regulation 2024/1774/EU supplementing Regulation 2022/2554/EU (DORA) with regard to RTS specifying ICT risk management tools, methods, processes and policies and the simplified ICT risk management framework in the Official Journal of the European Union, 25 June 2024
Publication of the European Commission Delegated Regulation 2024/1773/EU supplementing Regulation 2022/2554/EU (DORA) with regard to RTS specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers in the Official Journal of the European Union, 25 June 2024
Publication of the European Commission Delegated Regulation 2024/1772/EU supplementing Regulation 2022/2554/EU (DORA) with regard to RTS specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents in the Official Journal of the European Union, 25 June 2024