On 15 January 2025, the Bank of Italy issued a public consultation proposing to extend the Regulation on customer due diligence and the Regulation on organisation, procedures and internal controls to cryptoasset service providers (CASPs).
Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain cryptoassets (TFR) included CASPs among financial institutions obliged to comply with anti-money laundering (AML) obligations, in order to subject them to the more intensive AML controls provided for this category of entities. This differs from the previous legal framework, where virtual asset service providers (VASPs) were subject to less intense requirements and level of supervision, and is coupled with the adoption of Regulation (EU) 2023/1114 on markets in cryptoassets (MiCA) which sets a harmonized regulatory framework for CASPs.
The Italian implementation of the TFR amended the Legislative Decree 231/2007 (Italian AML Decree), assigning the role of AML supervisory authority for CASPs to the Bank of Italy.
The Bank of Italy has now issued a public consultation proposing to extend to this new category of market players both the Regulation on customer due diligence and the Regulation on organization, procedures and internal controls, which would entail CASPs being subject to rules already applicable to banks and other financial intermediaries, including but not limited to self-risk assessment exercises, reporting obligations to the Bank of Italy, the adoption of detailed policies and procedures, and the appointment of a senior manager responsible for AML.
See also our article Bank of Italy consults on the extension of its AML Regulations to CASPs.