For all financial institutions (EBA/GL/2024/14):

These standards emphasise robust governance and risk management systems to prevent breaches or circumventions of sanctions. Financial institutions must:

• Implement updated policies and controls for compliance
• Allocate clear accountability for sanctions compliance
• Conduct risk assessments tailored to their sanctions exposure

For payment and crypto service providers (EBA/GL/2024/15):

These specific provisions guide Payment Service Providers (PSPs) and Crypto-Asset Service Providers (CASPs) on ensuring compliance during fund and crypto-asset transfers. Providers must:

• Use reliable and effective screening systems
• Monitor data against EU and national sanctions lists
• Mitigate risks of sanctions violations or circumvention

The guidelines align with the Anti-Money Laundering and Countering the Financing of Terrorism reforms of the EU initiated in 2021. The foundational regulation, Regulation (EU) 2023/1113, effective from 30 December 2024, mandates internal controls for fund and crypto-asset transfers. The EBA has also issued supplementary measures to address broader risk management issues.

The new guidelines aim to:

• Minimise legal and reputational risks for financial institutions
• Minimise risk of significant fines for non-compliance for financial institutions
• Enhance compliance consistency across the EU
• Safeguard the financial system’s stability and integrity

The guidelines will take effect on 30 December 2025 and competent authorities must assess financial institutions’ compliance against these unified standards.

EBA’s press release can be found here and the guidelines here.