.svg)
The European Banking Authority (EBA) has published new draft Regulatory Technical Standards (RTS) that guide crypto-asset service providers (CASPs) on when they need to appoint a central contact point.
Under the , CASPs operating cross-border, for instance through establishments such as crypto ATMs in a different member state, may be required to appoint a local central contact point (CCP).
These contact points, described as 鈥渁n important tool in the fight against financial crime鈥, will act on behalf of the CASP to ensure compliance with national anti-money laundering and counter-terrorist financing (AML/CTF) obligations and facilitate regulatory supervision.
鈥淎s is the case for EMIs and PSPs, CASPs can provide services in other Member States through establishments other than branches. This can make the AML/CFT supervision of services provided through these establishments difficult,鈥 the EBA acknowledged in its document setting out the RTS.
This move updates earlier rules initially issued in 2017, which until now applied only to electronic money institutions (EMIs) and payment service providers (PSPs).
The latest update follows the introduction of the Transfer of Funds Regulation (TFR), which extended AML/CTF rules to CASPs from December 30, 2024, requiring the EBA to broaden the scope of its original standards.
The EBA said that the appointment of a CCP will be determined according to criteria focused on the size and scale of the CASP's activities in the host member state, so that there is 鈥渁 principle of proportionality within a risk-based approach鈥.
The EBA has also left the door open to member states to mandate a CCP even if these thresholds are not formally met, if they assess the money laundering or terrorist financing risks to be high.
The EBA stressed that although it sets the criteria and functions of the central contact points, it leaves it to each member state to determine the exact form the contact point should take.
As with all draft RTS, it will now be submitted to the European Commission for endorsement, and will then be reviewed by the European Parliament and the Council before it is formally adopted.
Responses to the consultation
The EBA鈥檚 proposals followed a two-month public consultation, which ended on February 4, 2025, and the final draft RTS incorporates feedback from industry bodies and the EBA鈥檚 Banking Stakeholder Group (BSG).
Respondents broadly welcomed the proposals, recognising that the EBA had sought to keep the regulatory burden on CASPs to a necessary minimum.
However, several concerns and suggestions were raised during the consultation. For example, some industry voices proposed that the RTS revision could also be used to enhance standards for EMIs and PSPs more broadly.
However, the EBA has responded that a comprehensive review was not feasible at this stage, explaining that broader updates would be considered once the EU鈥檚 new Anti-Money Laundering Authority (AMLA).
Several respondents also argued that the tasks of a CCP could be managed virtually, with the CCP based in the firm's home member state to better reflect the digital nature of CASP operations. However, the EBA clarified that its mandate does not allow it to dictate the form or location of CCPs.
In addition, concerns were raised about the definition of "establishment", particularly for service providers without physical premises.
The EBA confirmed that the definition provided in the new Anti-Money Laundering Regulation (AMLR) applies, encompassing situations where stable infrastructure is maintained, even if services are primarily provided online.
Some respondents also suggested that the creation of AMLA would eventually remove the need for CCPs, which the EBA countered with the fact that national authorities will still continue to supervise establishments within their territory, and that CCPs remain necessary to support this work.
Finally, questions were asked about vague terms such as the "size and scale" of activities and the 鈧3m threshold that triggers a CCP appointment, with some respondents arguing that this limit was too low for CASPs compared with traditional financial firms.
Nevertheless, the EBA has stood firm and decided to retain the threshold, adjusting it to refer to the value of activities rather than turnover. This is intended to ensure a proportionate and effective oversight, particularly in light of the ML/TF risks associated with crypto ATMs.
Could this be more challenging for crypto firms?
The decentralised nature of crypto will likely make complying with this type of regulation harder for CASPs compared with traditional financial institutions like banks.
In part due to legacy infrastructure, traditional firms usually have clearer operational footprints than more nimble elements of financial services, such as CASPs, but also fintechs such as neobanks.
This includes physical branches, agents and/or established customer bases tied to a geographic location. Santander, for example, is going to have greater overall management of where its branches are across the EU, and the same goes for other large entities such as France鈥檚 Cr茅dit Agricole Group and Belgium鈥檚 ING.
Online platforms for CASPs serve users across borders almost invisibly, which will make it challenging to identify where services are materially used, how large their activities are in a given member state and whether they meet thresholds requiring a CCP.
While awaiting the final verdict from the EU鈥檚 co-legislators, firms should assess whether their activities in any host member state exceed the thresholds outlined in the revised RTS, particularly when it comes to the newly clarified "value of activities" measure.
If their operations are significant, or if their ML/TF risk profile is elevated, they should plan to appoint a CCP to act as the liaison with local authorities.
CASPs should also review how they are "established" in each member state. Even if they have no physical offices, infrastructure such as crypto ATMs may amount to an establishment under the AMLR definition, triggering CCP obligations.
This jump will inevitably be challenging, but is perhaps also an important step on crypto鈥檚 journey to becoming a regulated, even normal, part of the financial services space.
