On 14 November 2024, the European Banking Authority (EBA) published two sets of final Guidelines establishing common EU standards on the governance arrangements, policies, procedures and controls that financial institutions (FIs) should have in place to comply with EU and national restrictive measures. The first set of Guidelines includes provisions to ensure that FIs’ governance and risk management systems can address the risk of breaching or evading sanctions. The second set of Guidelines clarifies what payment service providers (PSPs) and crypto-asset service providers (CASPs) should do to comply with restrictive measures whilst performing transfers of funds or crypto-assets.

The deadline for competent authorities to report whether or not they comply with the Guidelines will be two months after the publication of the translations into the official EU languages. The amending Guidelines will apply as of 30 December 2025. As of 10 July 2027, internal policies, procedures and controls to ensure the implementation of targeted financial sanctions will be regulated under Regulation 2024/1624/EU (AMLR).