KMAG & EU Regulation 2023/1113: Stronger Rules Against Money Laundering in the Crypto Sector

Written by p400123 on 25. May 2025. Posted in Uncategorized.

KMAG & EU Regulation 2023/1113: Stronger Rules Against Money Laundering in the Crypto Sector

The Crypto Markets Supervision Act (KMAG) obliges crypto service providers to comply with comprehensive regulations for combating money laundering and terrorist financing. This law is complemented by the Regulation (EU) 2023/1113, which introduces new obligations related to crypto transfers. Particularly relevant are the verification obligations for auditors and possible measures against the management body of an institution.

KMAG & EU Regulation 2023/1113: Stronger rules against money laundering in the crypto sector

🔍 Audit Obligations for Auditors According to § 40 KMAG

§ 40 para. 1 KMAG obliges the auditor to check as part of the annual audit whether the company has fulfilled its obligations under the Money Laundering Act (GwG) and the Regulation (EU) 2023/1113. This particularly affects the due diligence obligations, risk analyses and the correct forwarding of data in crypto transactions.

👉 Reporting Obligation in Case of Violations

§ 40 para. 2 KMAG goes even further: If the auditor discovers serious violations of the aforementioned regulations, he must immediately inform the BaFin and the Deutsche Bundesbank. This effectively turns the audit office into an early warning system for regulatory risks.

⚠️ Measures Against the Management Body (§ 24 para. 3 KMAG)

The BaFin can prohibit individual members of the management from continuing their work or from becoming active again at a company subject to the GwG, if they can be held responsible for violations. This significantly increases individual pressure on management – and motivates stronger compliance.

💸 Fines for Breaches of Duty (§ 47 para. 3 KMAG)

Infringements of the GwG or the EU Regulation can be penalized as an administrative offense. The amount of the fines depends on the degree of fault and the severity of the breach of duty – with potentially drastic financial and reputational consequences.

🔐 Regulation (EU) 2023/1113 – Overview of Key Regulations

The regulation extends anti-money laundering regulations to the area of crypto transfers and introduces the following obligations, among others:

Obligation	Content
Accompanying Information at Transfers	Both sender and recipient data must be transmitted during transactions.
Data Storage	The obligated must store information on transactions and parties involved for at least five years.
Due Diligence for Transfers with Third Countries	Transfers from or to third countries are subject to stricter requirements – for example, identity verification before execution.
Reaction Obligations in Case of Missing Data	Transfers with incomplete information must be rejected or examined in more detail.
Relation to Unhosted Wallets	Transfers to or from wallets without a provider (so-called unhosted wallets) are subject to special verification obligations.

📊 Comparison Table: Previous Regulations vs. New Requirements

Previous Regulations	New Regulations According to KMAG & EU Regulation 2023/1113
No express audit obligation for auditors in the crypto area	Obligation for auditors to audit compliance with GwG and EU Regulation (§ 40 KMAG)
No obligation for auditors to report violations to supervisory authorities	Immediate reporting obligation to BaFin and Bundesbank in case of significant violations (§ 40 para. 2 KMAG)
Measures against management only in cases of serious violations	Possibility of prohibition of activity in case of violations of anti-money laundering obligations (§ 24 para. 3 KMAG)
General fine regulations of the GwG	Additional fine offenses in the KMAG for violations of EU Regulation 2023/1113 (§ 47 para. 3 KMAG)
GwG obligations for financial transfer service providers	New specific obligations for crypto service providers according to EU Regulation 2023/1113, e.g., data transmission during transfers

🧭 Conclusion: What Does This Mean for Crypto Service Providers?

With the interaction of KMAG and the new EU Regulation 2023/1113, supervision in the crypto sector is significantly intensified. The requirements affect not only the management and compliance team but extend to the audit. Transparency, traceability, and early documentation of all AML measures are now more important than ever.

✅ To-Do List for Money Laundering Officers: KMAG & EU Regulation 2023/1113

🔎 1. Check and Document Obligations

Formal analysis: Which of the new regulations apply to my institution?
Conduct a gap analysis: Where are there gaps between current practice and new requirements?
Documentation of obligations including references to § 40 KMAG and EU Regulation 2023/1113

📁 2. Adapt Internal Control Systems (ICS)

Introduce control mechanisms to ensure complete sender and recipient information for crypto transfers
Define and secure processes for unhosted wallets in a risk-oriented manner
Implement procedures for storing and archiving transaction data (at least 5 years)
Prepare control reports and audit trails for the auditors

👥 3. Prepare Cooperation with the Auditor

Ensure clear communication with the auditor regarding anti-money laundering requirements
Provide relevant documents and reports centrally
Prepare reporting templates for auditor inquiries

🚨 4. Define Reporting Channels for Violations Internally

Set up internal escalation processes for suspected cases
Establish early warning systems, e.g., for transactions with missing or implausible information
Understand and prepare information obligations to BaFin and Bundesbank regarding internal findings (in coordination with internal audit)

🌍 5. Check Special Regulations for Third Countries

Identify high-risk countries according to the EU list
Implement additional checks and enhanced due diligence for third-country transfers
Regularly update the list and integrate it into screening systems

🧠 6. Update Employee Training

Integrate new requirements into training concepts and eLearning courses
Focus on transaction verification, data requirements, and handling of missing information
Train executives on potential liability risks and activity bans according to § 24 KMAG

🗂️ 7. Adapt Risk Management

Expand risk analysis to include crypto-specific scenarios (e.g., mixers, anonymizing technologies)
Adapt scoring models for transactions with unhosted wallets
Revise monitoring rules for suspicious patterns and thresholds

📝 8. Reporting and Control Reports

Supplement the money laundering annual report with new elements (EU Regulation 2023/1113)
Create regular control reports for management
Document reporting to supervisory authorities (including voluntary notifications of structural risks)

📘 Request “Corporate Governance & KMAG” Whitepaper

Do you want to delve deeper into the supervisory requirements for crypto service providers? Then request the current whitepaper “Corporate Governance in the Crypto Sector – KMAG in Practice” for free from S+P Seminars.

👉 Request Whitepaper Here

AML, Anti Money Laundering, crypto AML rules, crypto assets, crypto compliance, crypto sector, cryptocurrency, EU law, EU Regulation 2023/1113, FATF, financial regulation, KMAG, MiCA, money laundering prevention, regulatory compliance, risk mitigation, transaction monitoring

Name	Borlabs Cookie
Provider	Eigentümer dieser Website, Imprint
Purpose	Speichert die Einstellungen der Besucher, die in der Cookie Box von Borlabs Cookie ausgewählt wurden.
Cookie Name	borlabs-cookie
Cookie Expiry	1 Jahr

Name	phpSession-Cookie
Provider	Eigentümer dieser Website
Purpose	Um einem Benutzer während der Nutzung zusammengehörige Anfragen zuordnen zu können.
Privacy Policy	https://sp-unternehmerforum.de/datenschutz-sp-recht/
Host(s)	sp-unternehmerforum.de
Cookie Name	PHPSESSID
Cookie Expiry	1 Jahr