EU Transfer of Funds Regulation (TFR): Guide for CASPs

The EU Transfer of Funds Regulation (TFR), formally titled Regulation (EU) 2023/1113, is a significant milestone in the European financial and crypto-asset sectors. Effective from December 30, 2024, this regulation enhances transparency, strengthens anti-money laundering (AML) safeguards, and establishes stringent compliance requirements for fund and crypto-asset transfers.

For crypto-asset service providers (CASPs) and payment service providers (PSPs), TFR mandates the collection of detailed information about payers and payees for every transfer. The regulation aims to prevent financial crimes such as money laundering and terrorist financing, requiring immediate action to align with its provisions.

What is the EU Transfer of Funds Regulation (TFR)?

The EU Transfer of Funds Regulation (TFR) sets strict rules on:

Accompanying Information: Ensuring all transfers of funds or crypto-assets include accurate and complete information about both the payer and payee.
Enhanced Compliance: Expanding obligations to cover even small transactions and transfers involving unhosted wallets.
Risk Management Procedures: Mandating internal policies and controls to assess and mitigate risks associated with incomplete or suspicious transfers.

By standardizing these requirements across the EU, the TFR aims to create a unified framework that safeguards financial transactions while maintaining the sector’s operational integrity.

Who Does the TFR Apply To?

The TFR applies to a wide range of financial entities, including:

Crypto-asset service providers CASPs (old Virtual Asset Service Providers VASPs)
Payment service providers (PSPs)
Intermediary CASPs involved in transfers
Any financial entity facilitating fund or crypto-asset transfers where at least one party operates within the EU.

Key Requirements for CASPs

1. Mandatory Data Collection

CASPs must collect detailed information about both the payer and payee for each transfer. This includes:

Name of the payer and payee.
Distributed ledger address or crypto-asset account number, depending on the transfer’s technology.
Address details, including country, ID number, or date and place of birth (for individuals).
Legal Entity Identifier (LEI) or equivalent identifier, if applicable.

This data must accompany every transfer, ensuring full traceability and accountability.

2. Obligations for Transfers Involving Beneficiaries

When acting on behalf of the transfer’s beneficiary, CASPs must:

Monitor transfers to confirm they include all required information.
Ensure individual identification for transfers from unhosted wallets, particularly those exceeding €1,000. In such cases, CASPs must also assess whether the self-hosted address is owned or controlled by the beneficiary and not a third party.
Verify the beneficiary’s information using reliable documentation before making funds available.
Take action if information is incomplete, including rejecting, returning, or suspending transfers.

3. Addressing Missing or Incomplete Information

The TFR emphasizes a risk-sensitive approach to incomplete transfers. If the required data is missing, CASPs must:

Verify the information provided for the transfer using reliable and independent sources.
Take appropriate action based on the findings:
- Reject or return the transfer to the sender.
- Request the missing information before processing further.

For repeated non-compliance by the payer’s provider, CASPs must:

Issue warnings or set deadlines.
Escalate to rejecting future transfers or terminating the business relationship.
Report persistent violations to the relevant authority and factor them into risk assessments.

4. Obligations for Intermediary CASPs

Intermediary CASPs, which facilitate fund or crypto-asset transfers, have additional responsibilities:

Ensure that all information accompanying the transfer is transmitted and retained.
Implement procedures to detect missing or incomplete data during or after the transfer.
Use risk-based processes to decide whether to execute, reject, or suspend transfers with incomplete information.
Report repeated failures to authorities and take appropriate action against non-compliant entities.

Enhanced Measures for Unhosted Wallets

Unhosted wallets, or self-hosted addresses, pose unique challenges under the TFR. CASPs must:

Verify Ownership: For transfers exceeding €1,000, ensure the wallet belongs to the beneficiary through reliable documentation.
Implement Controls: Ensure transfers involving unhosted wallets are fully traceable.
Assess Risks: Use risk-sensitive measures to determine whether to accept transfers from these wallets.

Internal Policies and Procedures

TFR mandates robust internal policies and procedures to ensure compliance. These must address:

Data Protection and Record-Keeping: Policies to ensure the secure handling of sensitive data and adherence to record-keeping requirements as outlined in the TFR.
Data Collection: Systems to gather and verify payer and payee information.
Transaction Monitoring: Processes for identifying suspicious activity and ensuring data completeness.
Risk Mitigation: Risk-based frameworks to manage unhosted wallet transfers and incomplete transactions.
Reporting: Procedures for escalating non-compliance to authorities and filing reports on suspicious transactions.

The European Banking Authority (EBA) has issued guidelines specifying the policies and measures required under the TFR. Adhering to these guidelines is critical for ensuring compliance.

Challenges for CASPs and PSPs

1. Data Management

Implementing systems to collect, verify, and store payer and payee data requires significant investment in technology and expertise.

2. Cross-Border Transactions

The TFR applies to all transactions involving EU-based entities, even when the counterparties operate outside the EU. This poses challenges for cross-border transfers and global compliance.

3. Operational Readiness

Preparing for the enhanced scrutiny and reporting requirements under the TFR is time-sensitive. CASPs must align their operations with these obligations before the regulation takes effect.

4. Reputational Risks

Non-compliance can lead to severe penalties, legal challenges, and reputational damage, undermining customer trust and market position.

TFR and MiCA: A Unified Compliance Landscape

While the TFR focuses on transaction-level transparency, the Markets in Crypto-Assets Regulation (MiCA) governs the broader operations of CASPs. Together, these regulations form a comprehensive compliance framework for the EU’s crypto-asset sector.

Key intersections include:

AML Compliance: Both regulations emphasize anti-money laundering measures, including KYC, KYB, and reporting obligations.
Operational Preparedness: MiCA’s requirements for CASP licensing align with the TFR’s focus on transaction monitoring and reporting.
Global Standards: Together, TFR and MiCA set a high benchmark for compliance, enhancing the EU’s position as a leader in regulatory innovation.

Why Act Now?

The Transfer of Funds Regulation (TFR) came into effect on December 30, 2024, leaving little time for preparation. Acting promptly is crucial for Crypto-Asset Service Providers (CASPs) to:

Ensure Operational Continuity: Align with TFR requirements early to avoid disruptions and maintain seamless operations.
Strengthen Compliance Frameworks: Establish robust systems for data collection, monitoring, and reporting to meet regulatory standards effectively.
Stay Competitive: Compliance builds trust with regulators, partners, and clients, enhancing your reputation and market position.

How Complium Can Help

Navigating TFR’s complexities requires expert guidance. Complium offers tailored solutions to help CASPs and PSPs meet their obligations seamlessly:

Policy Development: Create and implement internal policies that comply with TFR and AML directives.
Data Management Systems: Advise on collection, verification, and storage of payer and payees information.
Risk Assessment: Develop frameworks for evaluating unhosted wallet transfers and incomplete transactions.
Compliance Training: Equip your team with the knowledge and tools to adhere to TFR requirements.
Regulatory Updates: Stay informed about evolving obligations and ensure ongoing compliance.

Conclusion

The Transfer of Funds Regulation (TFR) marks a significant step forward in combating financial crime within the EU. For CASPs and PSPs, compliance is not just a regulatory obligation but an opportunity to build trust and resilience in an evolving market.

Ready to ensure your business is TFR-compliant? Contact Complium today to learn how we can simplify your compliance journey.

Subject:	Advanced Training of Anti-Money Laundering and Countering Terrorism Financing (AML/CFT) for Virtual Currency Service Providers

Target Group:	Members of the Board, Money Laundering Reporting Officers for the Financial Intelligence Unit, Anti-Money Laundering service providers and employees who are responsible and/or manage and/or organize the prevention of money laundering and terrorist financing in virtual currency service providing companies.

Objective:	To ensure that the virtual currency service provider is prepared to implement anti-money laundering requirements, to map its risks (i.e. “vulnerability” in the context of money laundering), determine its risk appetite, prepare a risk assessment, develop a risk management methodology and approve risk mitigation rules. In addition, to prepare the Rules of Procedure, implement the due diligence measures and monitor its compliance according to the Internal Control Rules. The aim of this advanced training is to provide additional knowledge from the perspective of the regulator, to present essential nuances in legal regulation of money laundering prevention, documentation requirements and solutions to most common problems in the application of procedural rules. Also, to introduce the most common problems related to the due diligence, the nuances of KYC and KYT procedures and relevant case studies.

Description of the Subject Content:	1. A more in-depth overview of the legal regulations preventing money laundering. Expectations from the regulator. What lies behind the field terms and definitions. Requirements for identification of persons. 2. Responsibility of the Member of the Board for preventing money laundering; obligations of the MLRO. 3. Risk assessment and Risk Appetite (exercises based on a specific company’s business plan). 4. Mitigating KYC and KYT risks regarding persons, documents, transactions and implementation of proper due diligence measures. 5. Case analysis.	3 h 1 h 4 h 6 h 3 h

Learning Outcome:	Learner who has completed the training: – knows the professional legal space, – knows the established requirements for virtual currency handlers, – knows the tasks and responsibilities of the: 1st line of defense, of the 2nd line of defense and of the 3rd line of defense, – can adapt and implement due diligence measures to prevent money laundering in the company, if necessary, – knows and is able to recognize possible frauds when carrying out KYC and KYT procedures.

Study form:	Online lecture and independent exercises.

Requirements for graduation	Passing the exam

Evaluation method	The exam threshold is 70% correct answers in the written test.	1 h

Document to be issued	Certificate.

Volume of study:	Total 18 hours.

Rights	Realisation
Right to consent to data processing	Consent is requested immediately upon data collection (if the data is collected directly from you) or within one month (if the data is collected from a third party)
Right to withdraw consent to data processing	Instantly, without unreasonable delay
Right to access data	Within one month of the application
Right to rectification of data	Within one month of the application
Right to erasure of data, “to be forgotten”	Instantly, without unreasonable delay
Right to restriction of data processing	Instantly, without unreasonable delay
Right to data portability	According to the submitted application
Right to state objections	Proceedings shall be initiated on receipt of an objection
Rights related to automated processing or profiling.	According to the submitted application

EU Transfer of Funds Regulation (TFR): Key Compliance Guide for CASPs