The European Banking Authority (EBA) issued final guidance on sanctions, read the announcement The EBA issues final guidance on internal policies, procedures and controls to ensure the implementation of Union and national sanctions and the guidelines (pdf).

The Executive Summary:

Union restrictive measures are binding on any person or entity under the jurisdiction of EU Member States, and their violation might constitute a criminal offence. Although restrictive measures are set at the EU level, there are significant differences in the way competent authorities expect financial institutions to comply.

Divergent expectations by competent authorities of the internal policies, procedures and controls financial institutions put in place for restrictive measures make it difficult for financial institutions to adopt an effective approach. They expose financial institutions to legal risks and reputational risks and can undermine the implementation of the EU’s restrictive measures regimes. Ineffective approaches to compliance with restrictive measures can also lead to consumer detriment, as legitimate customers may be denied access to their funds or fall victim to unwarranted de-risking.

To address these challenges, the EBA issued two sets of guidelines that set common EU standards on the governance arrangements and the policies, procedures and controls financial institutions should have in place to be able to comply with restrictive measures.

One set of guidelines, EBA/GL/2024/14, is addressed to all institutions within the EBA’s supervisory remit. It contains provisions that are necessary to ensure that financial institutions’ governance and risk management systems are sound and sufficient to address the risk that they might breach or evade restrictive measures.

A second set of guidelines, EBA/GL/2024/15, is specific to payment service providers (PSPs) and crypto-asset service providers (CASPs) and specifies what PSPs and CASPs should do to be able to comply with restrictive measures when performing transfers of funds or crypto-assets.

The guidelines illustrate the tidal wave of information that financial institutions face. With the advent of Authority for Countering Money Laundering and Financing of Terrorism (AMLA), all organisations in the EU will face this kind of information deluge.