The French Financial Markets Authority (Autorité des Marchés Financiers, “AMF”) adopted its DOC-2025-02 position on April 7, 2025. Through this position, the AMF has announced that it is integrating the European Banking Authority (“EBA”)’s Guidelines (EBA/GL/2024/15) adopted on November 14, 2024. These EBA Guidelines were issued pursuant to regulation (EU) 2023/1113 dated May 31, 2023, regarding information accompanying transfers of funds and certain crypto assets, known as “TFR 2” (for Transfer of Funds Regulation)[1].
These Guidelines (EBA/GL/2024/15) aim to clarify the requirements applicable to policies, procedures, and internal controls that Crypto Asset Service Providers (“CASPs”) (as well as Digital Asset Service Providers, benefitting from a transitional period) must implement to ensure the effective application of restrictive measures decided by the European Union (“EU”) and Member States during crypto asset transfers[2], as defined by the “TFR 2” Regulation.
The EBA Guidelines enter into application from December 30, 2025, and further substantiate an already significant regulatory framework, with CASPs already subject to a set of requirements on anti-money laundering and combating the financing of terrorism (“AML-CFT”), asset freezing, and the prohibition on making funds or economic resources available or used.
Expectations growing clearer year by year
From the initial regulatory obligations to the latest European requirements on restrictive measures, AML-CFT and asset freezing regulations applicable to CASPs have been significantly strengthened in recent years:
According to Article L. 562-4, 2°, of the French Monetary and Financial Code (“MFC”), CASPs are subject to the asset freezing regime. Consequently, CASPs must apply national and European assets freezing measures and the prohibition of the availability or use of digital assets and legal tender that they hold, buy or sell for legal tender, exchange for other digital assets, receive transfer or manage under mandate of the said assets.
Furthermore, according to Articles L. 54-10-3 and L. 54-10-5 of the MFC, prospective CASP applicants for authorization must set up an organization, procedures and internal control frameworks suited to ensure compliance with AML-CFT and asset freezing regulations. In this regard, AMF instruction DOC-2025-05 on information deemed complete for the assessment of the application for authorization as a CASP (recently published on June 17, 2025) indicates that applicants must provide a description of their framework on asset freezing and prohibiting the availability or use of funds or economic resources. Applicants must also clarify the procedure for informing the Minister of Economy as required by Article L. 562-4 of the MFC.
These policies, procedures, and controls must enable CASPs to identify individuals or entities subject to restrictive measures. They must also allow CASPs to ensure that (i) no crypto assets are made available to such persons, entities or organizations, (ii) that no financial transactions are carried out or services provided that are prohibited by restrictive measures, and (iii) that risks related to circumventing restrictive measures are managed.
| Terminology Reminder | |
| Restrictive measures | EU restrictive measures as defined by Article 2(1) of directive (UE) 2024/1226, and national restrictive measures adopted by Member States according to their national legal framework (insofar as they are applicable to financial institutions). |
| Targeted financial sanctions | Both asset freezing and the prohibition of making funds or other assets available (directly or indirectly) to designated individuals and entities under Council decisions adopted under Article 29 of the TEU, and Council regulations adopted under Article 215 of the TFEU. |
| Sectoral restrictive measures | Restrictive measures such as arms embargoes and related equipment, or economic and financial measures (e.g., import and export restrictions, restrictions on providing specific services such as banking services). |
What Clarifications are offered by the EBA Guidelines (EBA/GL/2024/15)?
Requirement to establish a filtering system
To ensure the effective implementation of restrictive measures, CASPs will be required to establish an effective filtering system to reliably identify targets of restrictive measures.
To be effective, this system should be based on:
- The choice of a filtering system suited to their size, activity, and exposure to restrictive measures.
- Defining the applicable restrictive measure list: CASPs should define and set up a system to promptly identify the adoption, modification, or lifting of measures to ensure an immediate update of the data to be filtered.
- Defining all data to be filtered: CASPs should determine in their policies and procedures the types of data to be filtered for each type of restrictive measure applicable, relying on their exposure assessments and available client data.
- Customer filtering determined according to risk level and updated with each significant triggering event, such as entering into a client relationship, changes in sanctions lists, modifications in customer data (name, residence, nationality, activity), or any suspicion of circumvention attempts.
- Filtering of crypto-assets transfers which must be carried out before execution and imply the verification of all involved parties, transfer motives and identification data (BIC, SWIFT, wallet addresses), and
- Calibrating the filtering system parameters to maximize alert quality and proceed with unequivocal identification while ensuring compliance with restrictive measures.
Requirement to establish vigilance and verification measures for analyzing alerts
CASPs should establish vigilance and verification measures based on:
- The analysis of alerts related to restrictive measures: CASPs must establish policies and procedures for the prompt and documented analysis of alerts to confirm a positive match (or “true match” in English), indicating a situation where an alert generated by a filtering system (e.g., a name appearing on a sanction or restrictive measures list) effectively corresponds to a person, entity, or operation targeted by these measures. In case of doubt regarding match veracity, CASPs should use additional information not used at the filtering stage. After this additional analysis and if doubt persists, no service should be provided.
- The assessment of the level of ownership or control exerted by a designated person: CASPs must define in their procedures how to assess if an entity is owned or controlled by a designated person or entity.
- Compliance with sectoral restrictive measures: CASPs should pay attention to sectoral restrictive measures linked to specific jurisdictions or territories. As part of these restrictive measures, CASPs should examine all underlying information related to cryptoasset transfers to or from these specific jurisdictions or territories, or transfers initiated by clients known for conducting activities in these specific jurisdictions or territories, and
- The detection of attempts to circumvent restrictive measures: CASPs must stay informed about typologies and trends in circumventing restrictive measures. They need to establish vigilance policies and procedures to detect possible attempts to circumvent restrictive measures (e.g., altering payment messages, concealing involved parties, using fraudulent documents).
Requirement to establish measures for freezing and notification
CASPs must be able to:
- Freeze cryptoasset transfers: In case of confirmed matches, CASPs must set up policies and procedures providing for immediate freezing and blocking of funds in a waiting account until they receive instructions from the competent national authority (in France, the Treasury Directorate General – Direction générale du Trésor).
- Inform the competent national authority: CASPs must clearly define processes for promptly notifying, or notifying within a set time frame, the competent national authority of any measure taken, detected violation, or filtering failure. Additionally, CASPs should set up policies and procedures to determine if exemptions, authorization schemes, or derogations apply and, if applicable, how to proceed. CASPs should inform clients about rights and procedures required in case of derogation requests to release frozen funds.
Experts’Opinion
The EBA Guidelines (EBA/GL/2024/15), integrated by the AMF, provide little room for interpreting the regulator’s expectations for CASPs regarding asset freezing. The serious consequences that may ensue for concerned stakeholders only amplify the stakes for the comprehensive understanding and considering of the specifications provided by these guidelines. These stakeholders’ short-term goal will be to adjust their asset freezing mechanisms.
For specific needs, feel free to consult our offer of assistance on Anti-Money Laundering (AML-CFT) (in French)
[1] The key contributions of the “TFR 2” Regulation are (i) extending the obligations initially set out in Regulation (EU) 2015/847 of May 20, 2015 (known as “TFR 1”) to crypto-assets and (ii) amending Directive (EU) 2015/849 aimed at preventing the use of the financial system for money laundering or terrorism financing, subjecting crypto-assets to European rules.
[2] Any transaction aimed at moving crypto-assets from a distributed ledger address, a crypto-asset account, or another device allowing crypto-assets storage to another, executed by at least one CASP acting on behalf of a crypto-assets initiator or beneficiary, whether the initiator and beneficiary of crypto-assets, and the initiator and that of the beneficiary’s CASPs are the same person or not.
