ITS on non-EU currency reporting

For the purposes of the reporting requirement referred to in Article 22(1), point (c), of Regulation (EU) 2023/1114, issuers should provide the information on the transactions with a breakdown for geographical distribution, meaning the countries of holders involved in the transactions. Such a breakdown would provide useful information on the concentration of transactions for the competent authorities performing their supervisory roles. The information provided with the breakdown by countries of the transactions will be also used to determine which competent authorities will qualify to be members of a college under Article 119 of Regulation (EU) 2023/1114, as provided for in Delegated Regulation [C(2024)6911]. That breakdown is not required for the transactions and transfers between non-custodial wallets or between non-custodial wallets and other types of distributed ledger addresses that are not controlled by a holder of an asset-referenced token or by a crypto asset service provider, due to the limited information issuers have on the holders involved in such transactions and transfers.

To be effective, the reporting framework should include reporting reference dates and remittance dates ensuring proper and timely sharing of data so that the data relates to the same period and is submitted at the same time for all reporting entities, and to allow the comparability of data across the issuers and competent authorities, while using standardised formats and templates.

Continuity of reporting should be ensured in cases where temporary changes in the issue value of the tokens would make that value go below the threshold referred to in Article 22(1) of Regulation (EU) 2023/1114. Therefore, it is necessary to require reporting for extra time so as to confirm whether the drop below the threshold is temporary. That would not have an impact on the issuers, as they will already have their reporting systems in place.

For the purposes of the reporting requirement referred to in Article 22(3) of Regulation 2023/1114, some information which crypto-asset service providers should provide to the issuers could include personal data when it relates to natural persons. That includes full names accompanied by national identification numbers, official tax registration numbers, or passport numbers. The collection of such personal data in that case is necessary in order to achieve the objectives of Regulation (EU) 2023/1114 as, without that information, the issuers could not determine the precise number of holders of an asset-referenced token and they would be double counting holders having multiple accounts with different crypto-asset service providers. Such imprecise data would distort the information reported to the competent authorities about the number of holders of an asset-reference token and would therefore hinder proper supervision by the competent authorities. As a result, there is no other way to accurately reflect the information on the holders of asset-referenced tokens in the reporting and the usual measures for limiting or protecting personal data sharing, such as pseudonymisation, cannot be applied in that case.

For the purposes of the reporting requirement referred to in Article 22(3) of Regulation 2023/1114, crypto-asset service providers should also provide to the issuer the public distributed ledger addresses they use for making transfers on behalf of their clients. Such information is necessary for issuers to be able to identify which transactions registered on the distributed ledger take place between non-custodial wallets and to report the transactions in scope of the reporting obligations.

To ensure that the information reported to the competent authority is correct and complete, issuers should have systems and procedures in place that allow the issuer to reconcile the data received from the crypto-asset service providers pursuant to Article 22(3) of Regulation (EU) 2023/1114. Such systems and procedures should also allow the issuer to reconcile the data reported by crypto-asset service providers with the data available to the issuer from other sources, including, where applicable, transactional data available on the distributed ledger.

Issuers should implement in their internal policies a maximum retention period for the personal data of the individual holders shared by the crypto-asset service providers. Considering the objective of ensuring compliance with the reporting obligations pursuant to Article 22(1) of Regulation (EU) 2023/1114, that maximum retention period should not exceed 5 years from the date of obtaining the personal data.

This Regulation should also apply mutatis mutandis to e-money tokens denominated in a currency that is not an official currency of a Member State, given that Article 22 of Regulation (EU) 2023/1114 applies to e-money tokens denominated in such a currency.

The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council(³)Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj). and delivered an opinion on 16 July 2024.

To align with the date of application of Regulation (EU) 2023/1114 with respect to crypto-asset service providers, the date of application of this Regulation should be deferred.

This Regulation is based on the draft implementing technical standards submitted to the Commission by the European Banking Authority.

The European Banking Authority has conducted open public consultations on the draft implementing technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the advice of the Banking Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1093/2010 of the European Parliament and of the Council(⁴)Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC (OJ L 331 15.12.2010, p. 12, ELI: http://data.europa.eu/eli/reg/2010/1093/oj).,