Article 40 Measures to mitigate risks in relation to transactions with a self-hosted address
1. Crypto-asset service providers shall identify and assess the risk of money laundering and financing of terrorism associated with transfers of crypto-assets directed to or originating from a self-hosted address. To that end, crypto-asset service providers shall have in place internal policies, procedures and controls.
Crypto-asset service providers shall apply mitigating measures commensurate with the risks identified. Those mitigating measures shall include one or more of the following:
- (a)taking risk-based measures to identify, and verify the identity of, the originator or beneficiary of a transfer made from or to a self-hosted address or beneficial owner of such originator or beneficiary, including through reliance on third parties;
- (b)requiring additional information on the origin and destination of the crypto-assets;
- (c)conducting enhanced ongoing monitoring of transactions with a self-hosted address;
- (d)any other measure to mitigate and manage the risks of money laundering and financing of terrorism as well as the risk of non-implementation and evasion of targeted financial sanctions.
2. By 10 July 2027, AMLA shall issue guidelines to specify the mitigating measures referred to in paragraph 1, including:
- (a)the criteria and means for identification and verification of the identity of the originator or beneficiary of a transfer made from or to a self-hosted address, including through reliance on third parties, taking into account the latest technological developments;
- (b)criteria and means for the verification of whether or not the self-hosted address is owned or controlled by a customer.