# Article 23 — Internal policies, procedures and controls to ensure implementation of restrictive measures **Source:** [Regulation (EU) 2023/1113 — EUR-Lex](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1113) Payment service providers and crypto-asset service providers shall have in place internal policies, procedures and controls to ensure the implementation of Union and national restrictive measures when performing transfers of funds and crypto-assets under this Regulation. The European Banking Authority (EBA) shall issue guidelines by 30 December 2024 specifying the measures referred to in this Article. ## What this means in practice Article 23 is the **restrictive-measures controls floor** for both PSPs and CASPs. The duty is principles-based: internal policies, procedures and controls must ensure the implementation of Union and national restrictive measures when performing transfers covered by ToFR. EBA published final guidelines on these controls on 14 November 2024. Recital 18 makes clear that this duty includes screening against Union and national lists of designated persons. In practice, this means CASPs should be able to: * Maintain a sanctions list ingestion process (EU consolidated list at minimum, plus national lists for the Member State of registration). * Screen customers at onboarding and on an ongoing basis. * Screen transfer counterparties — including, where possible, the originator and beneficiary information that travels with each transfer. * Screen DLT addresses for sanctions exposure, where address-level screening is relevant to the applicable restrictive measure and technically feasible. * Document and report hits, freeze in-scope assets where required, and notify the competent national authority. Recital 18 also flags that this Article is **transitional**: the requirements are expected to be repealed and re-housed in the future Anti-Money Laundering Regulation (the "AMLR"), which forms part of the new EU AML package. ## Compliance checklist For CASPs specifically: * [ ] **Assign ownership** for restrictive-measures controls within the compliance framework. * [ ] Maintain a documented **sanctions policy** approved by the management body, including screening logic, escalation paths, freezing procedures, and reporting timelines. * [ ] **Screen at onboarding** against Union and applicable national restrictive-measures lists. * [ ] **Screen ongoing**: customers (rescreen on list updates), transfer counterparties (where information is available), and DLT addresses associated with the transfer (using analytics tooling). * [ ] **Freeze in-scope assets** without delay where a positive match is confirmed, in line with the applicable restrictive-measures regulation. * [ ] **Notify the competent national sanctions authority** (the Member State authority designated under the relevant Council regulation). * [ ] **Document escalations**, false-positive resolutions, and freezing decisions for both supervisory review and audit. * [ ] Incorporate the final **EBA Guidelines on Article 23** into the framework. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.mica.wtf/tofr/transfer-of-funds-regulation/chapter-iv-common-measures/article-23-internal-policies-restrictive-measures.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.