Article 37 AMLR – Specific enhanced due diligence measures for cross-border correspondent relationships for crypto-asset service providers
1. By way of derogation from Article 36, with respect to cross-border correspondent relationships involving the execution of crypto-asset services, with a respondent entity not established in the Union and providing similar services, including transfers of crypto-assets, crypto-asset service providers shall, in addition to the customer due diligence measures laid down in Article 20, when entering into a business relationship, be required to:
| (a) | determine if the respondent entity is licensed or registered; |
| (b) | gather sufficient information about the respondent entity to understand fully the nature of the respondent’s business and to determine from publicly available information the reputation of the entity and the quality of supervision; |
| (c) | assess the respondent entity’s AML/CFT controls; |
| (d) | obtain approval from senior management before establishing the new correspondent relationship; |
| (e) | document the respective responsibilities of each party to the correspondent relationship; |
| (f) | with respect to payable-through crypto-asset accounts, be satisfied that the respondent entity has verified the identity of, and performed ongoing due diligence on, the customers having direct access to accounts of the correspondent entity, and that it is able to provide relevant customer due diligence data to the correspondent entity, upon request. |
Where crypto-asset service providers decide to terminate correspondent relationships for reasons relating to AML/CFT policy, they shall document their decision.
Crypto-asset service providers shall update the due diligence information for the correspondent relationship on a regular basis or when new risks emerge in relation to the respondent entity.
2. Crypto-asset service providers shall take into account the information collected pursuant to paragraph 1 in order to determine, on a risk sensitive basis, the appropriate measures to be taken to mitigate the risks associated with the respondent entity.
3. By 10 July 2027, AMLA shall issue guidelines to specify the criteria and elements that crypto-asset service providers shall take into account for conducting the assessment referred to in paragraph 1 and the risk mitigating measures referred to in paragraph 2, including the minimum action to be taken by crypto-asset service providers upon identification that the respondent entity is not registered or licensed.