Notification Form for the Provision of Crypto-Asset Services

Notification Form for the Provision of Crypto-Asset Services Under Article 60 of Regulation (EU) 2023/1114 (Markets in Crypto-Assets Regulation)

2 Contents Applicability................................................................................................................... 3 Application Details ...................................................................................................... 5 Notes on completing the notification form......................................................... 6 Declaration:.................................................................................................................... 7 Required Information................................................................................................. 8

1. Programme of operations.................................................................................................. 8
2. Business continuity............................................................................................................11
3. Detection and prevention of money laundering and terrorist financing...........11
4. ICT systems and related security arrangements.......................................................13
5. Segregation of clients’ crypto-assets and funds........................................................15
6. Custody and administration policy ...............................................................................17
7. Operating rules of the trading platform and market abuse detection ...............18
8. Exchange of crypto-assets for funds or other crypto-assets.................................20
9. Execution Policy .................................................................................................................21
10. Provision of advice or portfolio management on crypto-assets ......................22
11. Transfer services ............................................................................................................23
12. Other comments.............................................................................................................24

3 Applicability In accordance with Article 60 of the Markets in Crypto-Assets Regulation (MiCAR), certain authorised financial entities can provide all or some crypto-asset services in relation to specified equivalent services without obtaining authorisation as a crypto-asset service provider if they notify the Central Bank of Ireland (Central Bank) with certain information before providing those services for the first time. Those entities are subject to all requirements applicable to crypto-asset service providers under MiCAR with the exception of authorisation requirements, own funds requirements and the approval procedure regarding shareholders and members that have qualifying holdings, as those matters are covered by the respective Union legislative acts under which they were authorised. The following entities must submit a CASP Notification Form to their supervision team at least 40 working days before providing specified equivalent services ( refer to Article 60 of MiCAR) for the first time:  A Credit Institution intending to provide any/all crypto-asset services.  A Central Securities Depository intending to provide custody and administration of crypto￾assets on behalf of clients.  An Investment Firm intending to provide services equivalent to the investment services and activities for which it is specifically authorised under Directive 2014/65/EU. With respect to equivalence: a) providing custody and administration of crypto-assets on behalf of clients is deemed equivalent to the ancillary service referred to in Section B, point (1), of Annex I to Directive 2014/65/EU; b) the operation of a trading platform for crypto-assets is deemed equivalent to the operation of a multilateral trading facility and operation of an organised trading facility referred to in Section A, points (8) and (9), respectively, of Annex I to Directive 2014/65/EU c) the exchange of crypto-assets for funds and other crypto-assets is deemed equivalent to dealing on own account referred to in Section A, point (3), of Annex I to Directive 2014/65/EU; d) the execution of orders for crypto-assets on behalf of clients is deemed equivalent to the execution of orders on behalf of clients referred to in Section A, point (2), of Annex I to Directive 2014/65/EU; e) the placing of crypto-assets is deemed equivalent to the underwriting or placing of financial instruments on a firm commitment basis and placing of financial instruments without a firm commitment basis referred to in Section A, points (6) and (7), respectively, of Annex I to Directive 2014/65/EU; f) the reception and transmission of orders for crypto-assets on behalf of clients is deemed equivalent to the reception and transmission of orders in relation to one or

4 more financial instruments referred to in Section A, point (1), of Annex I to Directive 2014/65/EU; g) providing advice on crypto-assets is deemed equivalent to investment advice referred to in Section A, point (5), of Annex I to Directive 2014/65/EU; or h) providing portfolio management on crypto-assets is deemed equivalent to portfolio management referred to in Section A, point (4), of Annex I to Directive 2014/65/EU.  An Electronic Money Institution intending to provide custody and administration of crypto￾assets on behalf of clients and/or transfer services for crypto-assets on behalf of clients with regard to the e-money tokens it issues.  A UCITS Management Company or Alternative Investment Fund Manager intending to provide crypto-asset services equivalent to the management of portfolios of investment and non-core services for which it is authorised under Directive 2009/65/EC or Directive 2011/61/EU. With respect to equivalence: a) the reception and transmission of orders for crypto-assets on behalf of clients is deemed equivalent to the reception and transmission of orders in relation to financial instruments referred in Article 6(4), point (b)(iii), of Directive 2011/61/EU; b) providing advice on crypto-assets is deemed equivalent to investment advice referred to in Article 6(4), point (b)(i), of Directive 2011/61/EU and in Article 6(3), point (b)(i), of Directive 2009/65/EC; c) providing portfolio management on crypto-assets is deemed equivalent to the services referred to in Article 6(4), point (a), of Directive 2011/61/EU and in Article 6(3), point (a), of Directive 2009/65/EC.  A Market Operator authorised under Directive 2014/65/EU intending to provide a trading platform for crypto-assets. Please note that notifying entities must consider whether, in addition to the 40 working day notice period under MiCAR, approval or notification is required under their existing authorisation/supervisory regime. Notifying entities should contact their supervision team for further information.

5 Application Details Details: Response: Date PERSON IN CHARGE OF PREPARING THE APPLICATION Name Position Phone Email FROM Name of the notifying entity Reference number Address of the Applicant DETAILS OF THE DESIGNATED CONTACT PERSON Name Phone Email TO Competent Authority The Central Bank of Ireland Address New Wapping Street, North Wall Quay, Dublin 01 Email

6 Dear Supervision Team, In accordance with Commission Implementing Regulation (EU) XXXX/XXX, laying down implementing technical standards for the application of Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to standard forms, templates and procedures for the notification of certain entities of their intention to provide crypto-asset services, kindly find attached our notification of our intention to provide crypto-asset services. Notes on completing the notification form Please do not complete this form until you have read and are familiar with all of the relevant regulation, legislation and guidance from the Central Bank.

1. All applications must be typed.
2. For each section, the applicant must answer all questions asked and must provide any information or documentation requested. Where there is a request for a “description” please provide a sufficiently detailed account of the requested information and specific reference to supporting documentation or underlying evidence. In the event that a question does not apply, the applicant must provide an explanation as to why it considers this to be the case.
3. The Central Bank reserves the right to request additional information and documentation.
4. All responses and documents provided must reference the relevant section in the notification form.
5. For each section, where separate and distinct documentation is requested, the notifying entity should ensure that these documents, along with any other accompanying documents, are clearly marked and referenced in accordance with the relevant section.
6. Where possible, information provided should be in MSWord (or equivalent) format rather than scanned versions.
7. If circumstances as stated in the notification form change during the notification process, the applicant must inform the Central Bank without delay.
8. Documentation should be submitted in accordance with the instruction given by the relevant supervision team. The Central Bank may process personal data provided by you in order to fulfil its statutory functions or to facilitate its business operations. Any personal data will be processed in accordance with the requirements of data protection legislation. Any queries concerning the processing of personal data by the Central Bank may be directed to dataprotection@centralbank.ie. A copy of the Central Bank’s Data Protection Notice is available at www.centralbank.ie/fns/privacy-statement.

7 Declaration: We [the notifying entity] declare that the submitted information is true, accurate, complete and not misleading. Unless specifically stipulated otherwise, the information is up to date on the date of this notification. Information indicating a future date is explicitly identified in the notification and we undertake to notify the authority in writing without delay if any such information should turn out to be untrue inaccurate, incomplete or is misleading. Signature: Date: X DD/MM/YYYY Note: The signature must be that of the person responsible for day-to-day operations.

8 Required Information

1. Programme of operations
2. Please provide the programme of operations for the following three years, including all of the following information: Ref. Details Document reference and other comments a. Where the notifying entity belongs to a group, an explanation of how the activities of the notifying entity will fit within the group strategy and interact with the activities of the other entities of the group, including an overview of the current and planned organisation and structure of the group. b. An explanation of how the activities of the entities affiliated with the notifying entity, including where there are regulated entities in the group, is expected to impact the activities of the notifying entity. This explanation shall include a list of and information on the entities affiliated with the notifying entity, including where there are regulated entities, the services provided by these entities (including regulated services, activities and types of clients) and the domain names of each website operated by such entities. c. A list of crypto-asset services that the notifying entity intends to provide as well as the types of crypto-assets to which the crypto-asset services will relate. d. Other planned activities, regulated in accordance with Union or national law or unregulated, including any services, other than crypto-asset services, that the notifying entity intends to provide. e. Whether the notifying entity intends to offer crypto￾assets to the public or seek admission to trading of crypto￾assets and if so, of what type of crypto-assets. f. Alist of jurisdictions, in and outside the European Union, in which the notifying entity plans to provide crypto-asset services, including information on the domicile of targeted clients and the targeted number by geographical area.

9 Ref. Details Document reference and other comments g. Types of prospective clients targeted by the notifying entity’s crypto-asset services. h. A description of the means of access to the notifying entity’s crypto-asset services by clients, including all of the following: (i) the domain names for each website or other ICT-based application through which the crypto-asset services will be provided by the notifying entity and information on the languages in which the website will be available, the types of crypto-asset services that will be accessed through it and, where applicable, from which Member States the website will be accessible; (ii) the name of any ICT-based application available to clients to access the crypto-asset services, in which languages it is available and which crypto-asset services can be accessed through it. i. The planned marketing and promotional activities and arrangements for the crypto-asset services, including: (i) all means of marketing to be used for each of the services, the means of identification that the notifying entity intends to use and information on the relevant category of clients targeted and types of crypto-assets; (ii) languages that will be used for the marketing and promotional activities. j. A detailed description of the human, financial and ICT resources allocated to the intended crypto-asset services as well as their geographical location. k. The notifying entity’s outsourcing policy and how it was adapted to crypto-asset services as well as a detailed description of the notifying entity’s planned outsourcing arrangements, including intra-group arrangements, how the notifying entity intends to comply with the requirements set out in Article 73 of Regulation (EU) 2023/1114 and the Central Bank of Ireland’s Cross-

10 Ref. Details Document reference and other comments Industry Guidance on Outsourcing. The notifying entity shall also include information on the functions or person responsible for outsourcing, the resources (human and ICT) allocated to the control of the outsourced functions, services or activities of the related arrangements and on the risk assessment related to the outsourcing. l. The list of entities that will provide outsourced services for the provision of crypto-asset services, their geographical location and the relevant services outsourced. m. A forecast accounting plan including stress scenarios at an individual and, where applicable, at consolidated group and sub-consolidated level in accordance with Directive 2013/34/EU. The financial forecast should consider any intra-group loans granted or to be granted by and to the notifying entity. n. Any exchange of crypto-assets for funds and other crypto￾asset activities that the notifying entity intends to undertake, including through any decentralised finance applications with which the notifying entity wishes to interact on its own account. 2. Where the notifying entity intends to provide the service of reception and transmission of orders for crypto-assets on behalf of clients, please provide a copy of the policies and procedures and a description of the arrangements for ensuring compliance with the requirements set out in Article 80 of Regulation (EU) 2023/1114. [Document reference and other comments] 3. Where the notifying entity intends to provide the service of placing of crypto-assets, please provide a copy of the policies and procedures and a description of the arrangements in place to comply with Article 79 of Regulation (EU) 2023/1114 as well as Article 9 of [RTS on conflicts of interest of CASPs].

11 [Document reference and other comments] 2. Business continuity

1. Please provide a detailed description of the notifying entity’s business continuity plan, including which steps will be taken to ensure continuity and regularity in the performance of the notifying entity’s crypto-asset services. [Document reference and other comments]
2. The description should include details showing that the established business continuity plan is appropriate and that arrangements are set up to maintain and periodically test it. The description shall explain, with regard to critical or important functions supported by third￾party service providers, how business continuity is ensured in the event that the quality of the provision of such functions deteriorates to an unacceptable level or fails. The description should also explain how business continuity is ensured in the event of the death of a key person and, where relevant, political risks in the service provider’s jurisdiction. [Document reference and other comments]
3. Detection and prevention of money laundering and terrorist financing
4. Please provide information on internal control mechanisms and policies and procedures to ensure compliance with the provisions of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended) and with information on the risk assessment framework to manage risks relating to money laundering and terrorist financing, including all of the following:

12 Ref. Details Document reference and other comments a. The notifying entity’s assessment of the inherent and residual risks of money laundering and terrorist financing associated with its provision of crypto-asset services, including the risks relating to the notifying entity’s customer base, to the services provided, to the distribution channels used and to the geographical areas of operation. b. The measures that the notifying entity has or will put in place to prevent the identified risks and comply with applicable anti-money laundering and counter-terrorist financing requirements, including the notifying entity’s risk assessment process, the policies and procedures to comply with customer due diligence requirements, and the policies and procedures to detect and report suspicious transactions or activities. c. Detailed information on how such mechanisms, systems and procedures are adequate and proportionate to the scale, nature, inherent money laundering and terrorist financing risk, the range of crypto-asset services provided, the complexity of the business model and how they ensure the notifying entity’s compliance with Directive (EU) 2015/849 and Regulation (EU) 2023/1113. d. This identity of the person in charge of ensuring the notifying entity’s compliance with anti-money laundering and counter-terrorist financing obligations, and evidence of the person’s skills and expertise. e. Arrangements, human and financial resources devoted to ensure that staff of the notifying entity are appropriately trained in anti-money laundering and counter-terrorist financing matters (annual indications) and on specific crypto-asset related risks. f. A copy of the notifying entity’s anti-money laundering and counter-terrorism policies and procedures and systems. g. A summary document outlining changes that have been made to the notifying entity’s anti-money laundering and counter-terrorism policies and procedures and systems as a consequence of the planned crypto-asset services.

13 Ref. Details Document reference and other comments h. The frequency of the assessment of the adequacy and effectiveness of such mechanisms, systems and policies and procedures as well as the person or function responsible for such assessment. 4. ICT systems and related security arrangements

1. Please provide all of the following information: Ref. Details Document reference and other comments a. Technical documentation of the ICT systems, on the DLT infrastructure relied upon, where relevant, and on the security arrangements. Please include a description of the arrangements and deployed ICT and human resources established to ensure that the applicant complies with Regulation (EU) 2022/2554, including, but not limited to: (i) a sound, comprehensive and well–documented ICT risk management framework as part of its overall risk management system, including a detailed description of ICT systems, protocols and tools and of how the applicant’s procedures, policies and systems to safeguard the security, integrity, availability, authenticity and confidentiality of data comply with Regulation (EU) 2022/2554 and Regulation (EU) 2016/679; (ii) an identification of ICT services supporting critical or important functions, developed or maintained by the applicant, as well as those provided by third-party service providers, a description of such contractual arrangements (identity and geographical location of the providers, description of the outsourced activities or ICT services with their main characteristics, copy of contractual agreements) and how they comply with Article 73 of Regulation (EU) 2023/1114 and the Chapter V of Regulation (EU) 2022/2554;

14 Ref. Details Document reference and other comments (iii) a description of the applicant’s procedures, policies, arrangements and systems for security and incident management. b. A cybersecurity audit realized by a third-party cybersecurity auditor having sufficient experience in accordance with DORA Threat Led Penetration Testing RTS detailing the minimum requirements on capabilities which are described in DORA Level 1 Article 27 covering: the following audits or tests performed by external independent parties: (i) organisational cybersecurity, physical security and secure software development lifecycle arrangements; (ii) vulnerability assessments and scans, network security assessments; (iii) configuration reviews of ICT assets supporting critical and important functions as defined in Article 3(22) of Regulation (EU) 2022/2554; (iv) penetration tests on the ICT assets supporting critical and important functions as defined in Article 3(22) of Regulation (EU) 2022/2554, in accordance with all the following audit test approaches:

• black box: the auditor has no information other than the IP addresses and URLs associated with the audited target. This phase is generally preceded by the discovery of information and the identification of the target by querying domain name system (DNS) services, scanning open ports, discovering the presence of filtering equipment, etc.;
• grey box phase: auditors have the knowledge of a standard user of the information system (legitimate authentication, “standard” workstation, etc.). The identifiers can belong to different user profiles in order to test different privilege levels;
• white box phase: auditors have as much technical information as possible (architecture, source code, telephone contacts, identifiers, etc.) before starting the

15 Ref. Details Document reference and other comments analysis. They also have access to technical contacts related to the target. (v) if the applicant uses and/or develops smart-contracts, a cybersecurity source code review of them. c. A description of conducted audits of the ICT systems including used DLT infrastructure and security arrangements. d. A description of the relevant information set out in subparagraphs a. and b. in non-technical language, of the information provided under points a. and b. e. A roadmap detailing the steps the notifying entity is taking to be DORA-compliant, including clear insight into when policies and procedures are established and when they are implemented within the organization, including any intermediate steps. 5. Segregation of clients’ crypto-assets and funds

1. Where the notifying entity intends to hold crypto-assets belonging to clients or the means of access to such crypto-assets, or clients’ funds (other than e-money tokens), please provide a detailed description of its policies and procedures for the segregation of clients’ crypto￾assets and funds, including all of the following: Ref. Details Document reference and other comments a. How the notifying entity ensures that: (i) clients’ funds are not used for its own account; (ii) crypto-assets belonging to its clients are not used for its own account; and (iii) the wallets holding clients’ crypto-assets are different from the notifying entity’s own wallets.

16 Ref. Details Document reference and other comments b. A detailed description of the approval system for cryptographic keys and safeguarding of cryptographic keys (for instance, multi-signature wallets); c. How the notifying entity will ensure that an individual client’s crypto-assets, can be identified from another client’s crypto-assets in the event of wallets containing crypto-assets of more than one client (omnibus accounts). d. A description of the procedure to ensure that clients’ funds (other than e-money tokens) are deposited with a central bank or a credit institution by the end of the business day following the day on which they were received and are held in an account separately identifiable from any accounts used to hold funds belonging to the notifying entity. e. Where the notifying entity does not intend to deposit funds with a central bank, which factors the applicant is taking into account to select the credit institutions to deposit clients’ funds, including the applicant’s diversification policy, where available, and the frequency of review of the selection of credit institutions to deposit clients’ funds. f. How the notifying entity ensures that clients are informed in clear, concise and non-technical language about the key aspects of the applicant’s systems and policies and procedures to comply with Article 70(1), (2) and (3) of Regulation (EU) 2023/1114. In accordance with Article 70(5) of Regulation (EU) 2023/1114, crypto-asset service providers that are electronic money institutions or payment institutions are only required to provide the information listed above in relation to the segregation of clients’ crypto-assets.

17 6. Custody and administration policy

1. Where the notifying entity intends to provide the service of custody and administration of crypto-assets on behalf of clients, please provide all of the following information: Ref. Details Document reference and other comments a. A description of the arrangements linked to the type or types of custody offered to clients, a copy of the notifying entity’s standard agreement for the custody and administration of crypto-assets on behalf of clients as well as a copy of the summary of the custody policy made available to clients in accordance with Article 75(3) of Regulation (EU) 2023/1114. b. The notifying entity’s custody and administration policy, including a description of identified sources of operational and ICT risks for the safekeeping and control of the crypto￾assets or the means of access to the crypto-assets of clients, together with: (i) the policies and procedures, and a description of, the arrangements to ensure compliance with Article 75(8) of Regulation (EU) 2023/1114; (ii) the policies and procedures, and a description of the systems and controls, to manage those risks, including when the custody and administration of crypto-assets on behalf of clients is outsourced to a third party; (iii) the policies and procedures relating to, and a description of, the systems to ensure the exercise of the rights attached to the crypto-assets by the clients; (iv) the policies and procedures relating to, and a description of, the systems to ensure the return of crypto-assets or the means of access to the clients. c. Information on how the crypto-assets and the means of access to the crypto-assets of the clients are identified. d. Information on arrangements to minimise the risk of loss of crypto-assets or of means of access to crypto-assets.

18 Ref. Details Document reference and other comments e. Where the crypto-asset service provider has delegated the provision of custody and administration of crypto-assets on behalf of clients to a third-party: (i) information on the identity of any third-party providing the service of custody and administration of crypto-assets and its status in accordance with Article 59 or Article 60 of Regulation (EU) 2023/1114; (ii) a description of any functions relating to the custody and administration of crypto-assets delegated by the crypto￾asset service provider, the list of any delegates and sub￾delegates (as applicable) and any conflicts of interest that may arise from such a delegation; (iii) a description of how the notifying entity intends to supervise the delegations or sub-delegations. 7. Operating rules of the trading platform and market abuse detection

1. Where the notifying entity intends to operate a trading platform for crypto-assets, please provide a description of all of the following: Ref. Details Document reference and other comments a. Rules regarding the admission of crypto-assets to trading. b. The approval process for admitting crypto-assets to trading, including the customer due diligence carried out in accordance with Directive (EU) 2015/849. c. The list of any categories of crypto-assets that will not be admitted to trading and the description of the reasons for such exclusion. d. The policies and procedures and fees for the admission to trading, together with a description, where relevant, of membership, rebates and the related conditions.

19 Ref. Details Document reference and other comments e. The rules governing order execution, including any cancellation procedures for executed orders and for disclosing such information to market participants. f. The policies and procedures adopted to assess the suitability of crypto-assets in accordance with Article 76(2) of Regulation (EU) 2023/1114. g. The systems, procedures and arrangements put in place to comply with Article 76(7) points (a) to (h) of Regulation (EU) 2023/1114. h. The systems, procedures and arrangements to make public any bid and ask prices, the depth of trading interests at those prices which are advertised for crypto-assets through their trading platforms and price, volume and time of transactions executed in respect of crypto-assets traded on their trading platforms. i. The fee structures and a justification of how they comply with the requirements laid down in Article 76(13) of Regulation (EU) 2023/1114. j. The systems, procedures and arrangements to keep data relating to all orders at the disposal of the competent authority or the mechanism to ensure that the competent authority has access to the order book and any other trading system. k. With regards to the settlement of transactions: (i) whether the final settlement of transactions is initiated on the distributed ledger or outside the distributed ledger; (ii) the timeframe within which the final settlement of crypto￾asset transactions is initiated; (iii) the systems and procedures to verify the availability of funds and crypto-assets; (iv) the procedures to confirm the relevant details of transactions;

20 Ref. Details Document reference and other comments (v) the measures foreseen to limit settlement fails; (vi) the definition of the moment at which settlement is final and the moment at which final settlement is initiated following the execution of the transaction. l. The policies and procedures and systems to detect and prevent market abuse, including information on the communications to the Central Bank of possible market abuse cases. 2. Where the notifying entity intends to operate a trading platform for crypto-assets, please provide a copy of the operating rules of the trading platform and of any policies and procedures to detect and prevent market abuse. [Document reference and other comments] 8. Exchange of crypto-assets for funds or other crypto-assets

1. Where a notifying entity intends to exchange crypto-assets for funds or other crypto-assets, please provide all of the following information: Ref. Details Document reference and other comments a. A description of the commercial policy established in accordance with Article 77(1) of Regulation (EU) 2023/1114. b. The methodology for determining the price of the crypto￾assets that the notifying entity proposes to exchange for funds or other crypto-assets in accordance with Article 77(2) of Regulation (EU) 2023/1114, including how the volume and market volatility of crypto-assets impact the pricing mechanism.

21 9. Execution Policy

1. Where a notifying entity intends to provide the service of executing orders for crypto-assets on behalf of clients, please provide the execution policy, including all of the following: Ref. Details Document reference and other comments a. The arrangements to ensure the client has provided consent on the execution policy prior to the execution of the order. b. A list of the trading platforms for crypto-assets on which the applicant will rely for the execution of orders and the criteria for the assessment of execution venues included in the execution policy in accordance with Article 78(6) of Regulation (EU) 2023/1114. c. Which trading platforms it intends to use for each type of crypto-assets and confirmation that it will not receive any form of remuneration, discount or non-monetary benefit in return for routing orders received to a particular trading platform for crypto-assets. d. How the execution factors of price, costs, speed, likelihood of execution and settlement, size, nature, conditions of custody of the crypto-assets or any other relevant factors are considered as part of all necessary steps to obtain the best possible result for the client. e. Where applicable, the arrangements for informing clients that the applicant will execute orders outside a trading platform and how the applicant will obtain the prior express client consent before executing such orders. f. How the client is warned that any specific instructions from a client may prevent the applicant from taking the steps that it has designed and implemented in its execution policy to obtain the best possible result for the execution of those orders in respect of the elements covered by those instructions. g. The selection process for trading venues, execution strategies employed, the procedures and processes used to analyse the quality of execution obtained and how the

22 Ref. Details Document reference and other comments applicant monitors and verifies that the best possible results were obtained for clients. h. The arrangements to prevent the misuse of any information relating to clients’ orders by the employees of the notifying entity. i. The arrangements and procedures for how the notifying entity will disclose to clients information on its order execution policy and notify them of any material changes to the order execution policy. j. The arrangements to demonstrate compliance with Article 78 of Regulation (EU) 2023/1114 to the Central Bank, upon its request. 10. Provision of advice or portfolio management on crypto-assets

1. Where a notifying entity intends to provide advice on crypto-assets or portfolio management of crypto-assets, please provide all of the following information: Ref. Details Document reference and other comments a. The policies and procedures and a detailed description of the arrangements put in place by the notifying entity to ensure compliance with Article 81(7) of Regulation (EU) 2023/1114. This information should include details on: (i) the mechanisms to control, assess and maintain effectively the knowledge and competence of the natural persons providing advice or portfolio management on crypto￾assets; (ii) the arrangements to ensure that natural persons involved in the provision of advice or portfolio management are aware of, understand and apply the notifying entity’s internal policies and procedures designed to ensure compliance with Regulation (EU) 2023/1114, especially Article 81(1) of Regulation (EU) 2023/1114 and anti-

23 Ref. Details Document reference and other comments money laundering and anti-terrorist financing obligations in accordance with Directive (EU) 2015/849; (iii) the amount of human and financial resources planned to be devoted on a yearly basis by the notifying entity to the professional development and training of the staff providing advice or portfolio management on crypto￾assets. b. The arrangements adopted by the notifying entity to ensure that the natural persons giving advice on behalf of the notifying entity have the necessary knowledge and expertise to conduct the suitability assessment referred to in Article 81(1) of Regulation (EU) 2023/1114. c. Evidence that the natural persons giving advice on behalf of the notifying entity or managing portfolios on behalf of the notifying entity have the necessary knowledge and expertise to fulfil their obligations. 11. Transfer services

1. Where the notifying entity intends to provide transfer services for crypto-assets on behalf of clients, please provide all of the following information: Ref. Details Document reference and other comments a. Details on the types of crypto-assets for which the notifying entity intends to provide transfer services. b. The policies and procedures and a detailed description of the arrangements put in place by the notifying entity to ensure compliance with Article 82 of Regulation (EU) 2023/1114, including detailed information on the notifying entity’s arrangements and deployed ICT and human resources to address risks promptly, efficiently and thoroughly during the provision of transfer services for crypto-assets on behalf of clients, considering potential operational failures and cybersecurity risks.

24 Ref. Details Document reference and other comments c. If any, a description of the notifying entity’s insurance policy, including the insurance coverage of detriment to client’s crypto-assets that may result from cyber security risks. d. Arrangements to ensure that clients are adequately informed about the policies and procedures and arrangements referred to in point b. 12. Other comments [Any other comments to be included here]

www.centralbank.ie