Ramp up in outsourcing trend ↗
Legal Deep Dive: Regulation (EU) 2023/1113 and Its Implications for Crypto-Asset Transfers
On 31 May 2023, the European Parliament and the Council formally adopted Regulation (EU) 2023/1113, establishing detailed requirements for the information accompanying transfers of funds and certain crypto-assets. This regulation forms an integral part of the European Union’s revised Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) framework and represents a decisive step toward the institutionalization of compliance expectations for crypto-asset service providers (CASPs).
Context and Legislative Intent
Regulation (EU) 2023/1113 seeks to transpose into binding EU law the core tenets of Financial Action Task Force (FATF) Recommendation 16, commonly referred to as the "Travel Rule." It mandates the collection, verification, retention, and transmission of specific identifying information concerning both the originator and the beneficiary in all crypto-asset transfers executed by obliged entities. The primary policy rationale is to enable the traceability of transactions, prevent anonymity in crypto-related financial flows, and facilitate regulatory supervision and cross-border cooperation.
Key Regulatory Requirements
1. Scope of Application
The Regulation applies to any crypto-asset transfer involving at least one CASP established within the European Union.
Exemptions apply only to peer-to-peer transfers executed without the involvement of a CASP or other obliged entity.
2. Mandatory Information
For each transfer, the CASP of the originator must collect and transmit:
Full name of the originator
Crypto-asset account identifier (e.g., wallet address)
Address, official personal document number, or date and place of birth
The CASP of the beneficiary must implement due diligence procedures to confirm the accuracy and completeness of received data.
3. Intermediary Obligations
Where a transaction involves intermediary providers, such entities are required to ensure that all transmitted information is preserved intact and unaltered.
Missing or incomplete data must be addressed through internal controls, with the transaction either suspended or rejected.
4. Data Retention and GDPR Compliance
All relevant data must be stored for a minimum period of five years, with mandatory safeguards under Regulation (EU) 2016/679 (GDPR) to ensure lawful processing and data minimization.
5. Non-EU Counterparty Risk
Where the beneficiary or originator CASP is located in a third country, the EU-based CASP must assess the adequacy of data sharing mechanisms and implement enhanced due diligence where equivalence cannot be established.
Legal and Operational Implications
From a compliance and governance standpoint, Regulation 2023/1113 imposes substantial procedural obligations that go beyond the traditional scope of financial crime prevention. CASPs must design interoperable systems capable of securely transmitting personal data in real-time, while maintaining audit trails, access logs, and risk assessments consistent with both AML and data protection regimes.
Failure to comply may expose entities to regulatory sanctions, reputational damage, and, in cross-border contexts, restrictions on the provision of services to or from jurisdictions deemed non-cooperative or deficient.
Strategic Advisory Considerations
At APOG we provide CASPs with strategic counsel and operational support in:
- Drafting internal AML/CFT and data handling policies tailored to Regulation 2023/1113
- Integrating compliant transaction monitoring and identity verification tools
- Preparing regulatory submissions, licensing documentation, and audit response protocols
- Conducting training and awareness programs for compliance and technical staff
Conclusion
Regulation (EU) 2023/1113 marks a watershed moment in the European regulation of crypto-asset flows. Its successful implementation will not only reduce financial crime risks but also lend greater legitimacy and institutional confidence to the digital asset sector. Stakeholders are advised to act proactively, leveraging expert legal and technical guidance to meet the regulatory standard with diligence and integrity.
For further insights on compliance with Regulation 2023/1113 and related EU digital finance initiatives, please contact our regulatory compliance team.
