ToFR Issue #024 Accuracy Review
ToFR Issue #024 Accuracy Review
Section titled “ToFR Issue #024 Accuracy Review”Scope: all 34 tofr/**/article-*.md pages, limited to ## What this means in practice and nearby editorial checklists or cross-references.
Official sources used:
- Regulation (EU) 2023/1113 on EUR-Lex: https://eur-lex.europa.eu/eli/reg/2023/1113/oj
- EBA/GL/2024/11 Travel Rule Guidelines, applicable from 30 December 2024: https://www.eba.europa.eu/sites/default/files/2024-07/6de6e9b9-0ed9-49cd-985d-c0834b5b4356/Travel%20Rule%20Guidelines.pdf
- EBA restrictive-measures guidelines press release and documents, published 14 November 2024: https://www.eba.europa.eu/publications-and-media/press-releases/eba-issues-final-guidance-internal-policies-procedures-and-controls-ensure-implementation-union-and
- Directive (EU) 2015/849 (AMLD5 consolidated source for CDD, FIU reporting, central contact points, sanctions publication): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32015L0849
- Regulation (EU) 2016/679 (GDPR): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679
Review Matrix
Section titled “Review Matrix”| Article file | Practical claims reviewed | Source basis | Risk | Outcome / edit |
|---|---|---|---|---|
article-1-subject-matter.md | Information-accompanying-transfer limb; restrictive-measures controls; Union nexus. | ToFR Arts. 1, 2(1), 23; MiCA Art. 59(2). | Medium | Needs edit: changed sanctions wording from screening/enforcement to implementation of restrictive measures. |
article-2-scope.md | CASP registered-office trigger; crypto-ATM inclusion; EMT treatment; person-to-person and own-book CASP carve-outs; no crypto EUR 1,000 scope threshold. | ToFR Art. 2(1), (3), (4), (5); Recitals 24-25; EBA GL paras. 16, 77-80. | High | Needs edit: narrowed non-EU-to-EU example to beneficiary-side obligations. |
article-3-definitions.md | Self-hosted address definition; crypto-ATM channel; crypto transfer trigger; originator/payer distinction; EMT/funds distinction. | ToFR Art. 3(8), (10), (13), (17), (20), (21); Art. 2(4). | High | Needs edit: removed overstatement that Article 14 information must be exchanged with the non-EU entity instead of collected from the client. |
article-4-information-accompanying-transfers-of-funds.md | Default funds rule; LEI condition; payer verification and AMLD CDD reliance. | ToFR Art. 4(1)-(5); EBA GL paras. 25-32. | High | Needs edit: qualified “one-time” verification language. |
article-5-transfers-of-funds-within-the-union.md | Intra-Union minimum payload; three-working-day response; small-transfer verification carve-out. | ToFR Art. 5(1)-(3); EBA GL paras. 16-23, 56. | Medium | Accurate. |
article-6-transfers-of-funds-to-outside-the-union.md | Extra-Union full payload; batch and small non-linked concessions; cash/anonymous e-money and suspicion exceptions. | ToFR Art. 6(1)-(2); EBA GL paras. 16-23. | Medium | Accurate. |
article-7-detection-of-missing-information.md | Payee PSP syntax/substance detection; intra-/extra-Union data sets; payee verification threshold and AMLD CDD reliance. | ToFR Art. 7(1)-(5); EBA GL paras. 49-51. | High | Needs edit: qualified verification language. |
article-8-transfers-with-missing-or-incomplete-information.md | Payee PSP reject/suspend/execute-and-request options; repeat-failure escalation and reporting. | ToFR Art. 8(1)-(2); EBA GL paras. 52-75. | High | Accurate. |
article-9-assessment-and-reporting.md | Missing/incomplete information as suspicion-assessment factor. | ToFR Art. 9; EBA GL paras. 47-48. | High | Needs edit: clarified missing information is not automatically suspicious by itself. |
article-10-retention-of-information.md | Intermediary PSP passes received payer/payee information with the transfer. | ToFR Art. 10. | Low | Accurate. |
article-11-detection-of-missing-information.md | Intermediary PSP syntax/substance detection in transit. | ToFR Art. 11; EBA GL paras. 49-51. | Medium | Accurate. |
article-12-transfers-with-missing-information.md | Intermediary PSP execute/reject/request triad; repeat-failure reporting. | ToFR Art. 12; EBA GL paras. 52-75. | High | Accurate. |
article-13-assessment-and-reporting.md | Intermediary PSP missing-information suspicion factor and FIU reporting where suspicious. | ToFR Art. 13; EBA GL paras. 47-48. | Medium | Accurate. |
article-14-information-accompanying-transfers-of-crypto-assets.md | Outgoing CASP data set; secure timing; not on-chain payload; beneficiary data; originator verification; self-hosted address baseline and above-EUR 1,000 ownership/control check; hard stop. | ToFR Art. 14(1)-(8); Recital 39; EBA GL paras. 24-32, 76-87. | High | Needs edit: removed vendor/protocol examples, qualified verification, corrected threshold wording to above EUR 1,000, replaced unsupported self-hosted examples with final EBA methods. |
article-15-batch-file-transfers.md | Single-originator batch carve-out; batch wrapper data; individual leg traceability; simultaneous secure submission. | ToFR Art. 15; Recital 41. | Medium | Accurate. |
article-16-detection-of-missing-information.md | Beneficiary CASP detection; no Article 7-style syntax rule; inbound self-hosted baseline and above-EUR 1,000 ownership/control check; beneficiary verification. | ToFR Art. 16(1)-(4); EBA GL paras. 49-51, 76-87. | High | Needs edit: qualified verification, narrowed Travel Rule channel wording, corrected threshold wording. |
article-17-transfers-with-missing-or-incomplete-information.md | Beneficiary CASP execute/reject/return/request choices; repeat-failure escalation; competent-authority reporting; return mechanics. | ToFR Art. 17(1)-(2); EBA GL paras. 52-75. | High | Needs edit: removed speculative FIU/supervisor parenthetical for repeat-failure reporting. |
article-18-assessment-and-reporting.md | Beneficiary CASP missing/incomplete information as suspicion-assessment factor. | ToFR Art. 18; EBA GL paras. 47-48. | High | Needs edit: clarified not automatically suspicious by itself. |
article-19-retention-of-information.md | Intermediary CASP transmit, retain, and make records available. | ToFR Art. 19; Art. 26. | Medium | Accurate. |
article-20-detection-of-missing-information.md | Intermediary CASP detection subset; self-hosted coverage; during/after detection. | ToFR Art. 20; EBA GL paras. 49-51. | Medium | Accurate. |
article-21-transfers-with-missing-information.md | Intermediary CASP execute/reject/return/request choices; narrower trigger set; repeat-failure escalation/reporting. | ToFR Art. 21(1)-(2); EBA GL paras. 52-75. | High | Needs edit: corrected reporting trigger to repeated failures and steps taken. |
article-22-assessment-and-reporting.md | Intermediary CASP own suspicion assessment; FIU reporting where suspicious. | ToFR Art. 22; EBA GL paras. 47-48. | High | Needs edit: clarified not automatically suspicious by itself. |
article-23-internal-policies-restrictive-measures.md | Restrictive-measures policies, procedures and controls; screening against Union/national lists; final EBA guidelines. | ToFR Art. 23; Recital 18; EBA restrictive-measures guidelines press release. | High | Needs edit: updated final guideline status, replaced broad sanctions-screening wording, removed UN-list overstatement, qualified DLT address screening. |
article-24-provision-of-information.md | Authority requests; Member State of establishment/registered office; central contact point. | ToFR Art. 24; AMLD5 Art. 45(9). | Medium | Needs edit: qualified central-contact-point statement. |
article-25-data-protection.md | GDPR processing; purpose limitation; onboarding notice; third-country transfers; security; vendor controls. | ToFR Art. 25(1)-(4); GDPR Arts. 13, 32, Chapter V. | High | Needs edit: broadened non-EU recipient wording and removed vendor-specific overstatement. |
article-26-record-retention.md | Five-year retention; deletion; national-law extension; intermediary CASP Art. 19 relation. | ToFR Art. 26(1)-(3); GDPR Art. 5(1)(e). | High | Needs edit: removed unsupported start-date phrasing. |
article-27-cooperation-among-competent-authorities.md | AMLD5 cooperation framework and onward authority exchange. | ToFR Art. 27; AMLD5 Chapter VI. | Medium | Accurate. |
article-28-administrative-sanctions-and-measures.md | AMLD5-consistent sanctions regime; personal and legal-person liability. | ToFR Art. 28(1)-(6). | Medium | Accurate. |
article-29-specific-provisions.md | Four heightened breach categories; AMLD5 sanction ceilings; repeated/systematic/serious qualifiers. | ToFR Art. 29(1); AMLD5 Art. 59(2)-(3). | High | Accurate. |
article-30-publication-of-sanctions-and-measures.md | Publication of sanctions; identity disclosure; necessity/proportionality; anonymous publication carve-outs. | ToFR Art. 30; AMLD5 Art. 60(1)-(3). | Medium | Accurate. |
article-31-application-of-sanctions-and-measures.md | Sanctioning factors; appeal rights and safeguards. | ToFR Art. 31(1)-(2); AMLD5 Arts. 60(4), 62. | Medium | Accurate. |
article-32-reporting-of-breaches.md | External breach reporting mechanisms; internal anonymous channels; proportionality. | ToFR Art. 32(1)-(2); AMLD5 Art. 61(2); Directive (EU) 2019/1937 as implementation context. | Medium | Accurate. |
article-33-monitoring.md | Active competent-authority monitoring; Commission reports every three years from 31 December 2026. | ToFR Art. 33(1)-(2). | Medium | Accurate. |
article-34-committee-procedure.md | Examination procedure for implementing acts; no direct CASP obligation. | ToFR Art. 34; Regulation (EU) No 182/2011 Art. 5. | Low | Accurate. |
PR Note
Section titled “PR Note”- Sections reviewed: 34 article practice sections.
- Sections changed: Articles 1, 2, 3, 4, 7, 9, 14, 16, 17, 18, 21, 22, 23, 24, 25 and 26.
- Unresolved legal questions: none requiring escalation.
- Main consistency checks: PSP/CASP verification language, self-hosted address threshold language, missing-information suspicion language, repeat-failure reporting, restrictive-measures controls, retention/data-protection wording.