Are CASPs/VASPs in the EU required to perform KYC before providing services to clients?

light

Pan-European Regulation

Regulation 2024/1624. According to Article 19(3) of Regulation 2024/1624, CASPs/VASPs are required to:

  • apply customer due diligence measures when conducting a single transaction with a value of at least EUR 1,000 or the equivalent in national currency, regardless of whether the transaction is carried out as a single operation or through linked transactions;
  • apply at least the customer due diligence measures specified in Article 20(1)(a), namely customer identification and verification of the customer’s identity, when conducting a single transaction with a value of less than EUR 1,000 or the equivalent in national currency, regardless of whether the transaction is carried out as a single operation or through linked transactions.

This means that, under the EU Regulation, CASPs/VASPs are required to identify the customer regardless of the transaction amount. Single transactions below EUR 1,000 are still considered transactions without the establishment of a business relationship, but they require verification of the customer’s identity. At the same time, for transactions exceeding EUR 1,000, or when establishing a business relationship regardless of the amount, CASPs/VASPs must collect additional information.

It should be noted that EU Member States may lower the EUR 1,000 threshold when implementing the provisions of the Regulation.

Regulation 2023/1113. The Regulation introduces new rules, also known as the Travel Rule, effective from 1 January 2025, for all CASPs/VASPs within the EU, related to the disclosure of information about the originator and the beneficiary of a crypto-asset transaction, regardless of the transaction amount. Article 14 specifies the information that CASPs/VASPs must collect and transmit to other CASPs/VASPs, namely:

  • for the originator of the transaction – 1) full name, 2) residential address, passport number, or date and country of birth, 3) DLT address;
  • for the beneficiary of the transaction – 1) full name, 2) DLT address.

In terms of collecting information about the originator of a transaction, Regulation (EU) 2023/1113 corresponds with Regulation (EU) 2024/1624, as once the user has been identified, the CASP/VASP will be able to automatically transmit the originator’s information. It is also worth noting the specific requirements for the collection and verification of information for transactions of €1,000 or more conducted via non-custodial wallets.

National Regulation

Let us turn to the national regulation of popular jurisdictions for crypto companies — Poland and Lithuania.

Polish Regulation. As of the end of January 2025, the Polish AML Act had not yet implemented the provisions of Regulation EU 2024/1624, Regulation EU 2023/1113, or the MiCA Regulation. Therefore, the current provisions of the AML Act do not yet reflect the new concepts and requirements introduced by these regulations.

For example, Article 35 still permits the non-identification of users when carrying out occasional transactions not exceeding €1,000, provided that no business relationship is established. We expect amendments to the Polish AML Act following the adoption of the legislative proposal for the implementation of MiCA.

Regardless of the forthcoming amendments to the Polish AML Act, we believe that CASPs/VASPs should be guided by the applicable EU regulations.

Lithuanian Regulation. Unlike Poland, Lithuania has harmonised its national legislation in line with the latest EU requirements and, in some cases, has adopted stricter provisions. For instance, Article 9(1)(6) of the updated Lithuanian AML Law still allows for occasional transactions in crypto-assets of up to €700 without establishing a business relationship. At the same time, the newly introduced Article 9(11)(21-1) prohibits CASPs/VASPs from opening anonymous accounts.

These new rules should be interpreted in conjunction with EU-wide regulations and understood as follows: for occasional transactions not exceeding €700 and where no business relationship is established, CASPs/VASPs are required to verify the customer’s identity. For transactions exceeding €700 or where a business relationship is established, additional data must be collected. Lithuania has exercised the option provided by the Regulation to lower the threshold from €1,000 to €700.

As Conclusion

As of 1 January 2025, under the applicable rules, CASPs/VASPs are unconditionally required to verify the identity of their clients, regardless of the transaction amount. CASPs/VASPs must be guided by directly applicable EU Regulations as well as by national legislation that implements or complements these Regulations.

Our contacts

If you want to become our client or partner, feel free to contact us at support@manimama.eu.

Or use our telegram @ManimamaBot and we will respond to your inquiry.

We also invite you to visit our website: https://manimama.eu/.

Join our Telegram to receive news in a convenient way: Manimama Legal Channel.

Manimama Law Firm provides a gateway for the companies operating as the virtual asset wallet and exchange providers allowing to enter to the markets legally. We are ready to offer an appropriate support in obtaining a license with lower founding and operating costs. We offer KYC/AML launch, support in risk assessment, legal services, legal opinions, advice on general data protection provisions, contracts and all necessary legal and business tools to start business of virtual asset service provider.

The content of this article is intended to provide a general guide to the subject matter, not to be considered as a legal consultation.

Tags

Chat

Ready to start working with us? Fill out the form.

We are a team that maintains a high level of integrity and a “client first” approach, applying our skills and knowledge.

Tokenization

Tokenization

Licensing

Incorporation

MiCA

Send Request
send
Telegram send
Closing deals
in innovation