1. Scope and Objectives of the Recommendation
The Recommendation applies not only to traditional credit institutions, but also to all significant actors of the modern fintech and crypto sector.
- Personal scope: It applies to credit institutions, payment institutions, electronic money issuers, and in particular to crypto-asset service providers (CASPs).
- Material scope: In addition to fund transfers, it also covers crypto-asset transfers, in line with the revised European “Travel Rule” (TFR) regulation.
- Primary objective: To prevent sanctioned persons or entities from using the financial system to circumvent restrictive measures, with particular regard to the anonymity features of crypto-assets.
2. Internal Policies and Procedures: Foundations of Compliance
The Central Bank of Hungary requires institutions not merely to maintain “paper-based” policies, but to operate a living system capable of responding in real time to changing sanctions lists.
Risk assessment and risk classification
Institutions are required to conduct an institution-wide sanctions risk assessment. This must identify geographic areas, product types and customer segments that are particularly exposed to sanctions violations.
Application of automated screening systems
The Recommendation stipulates that manual screening is no longer sufficient given current transaction volumes. Institutions must:
-
apply real-time screening prior to the initiation and execution of transactions;
-
use fuzzy matching technologies to identify variations of names, typographical errors, or transliteration differences (e.g. Cyrillic names);
- in the case of crypto-asset transfers, monitor wallet addresses and blockchain analytics data.
3. Specific Treatment of Crypto-Assets
One of the most innovative elements of Recommendation No. 3/2026 is the detailed set of expectations applicable to the crypto sphere.
Implementation of the “Travel Rule”: Crypto service providers must ensure that data relating to the originator and the beneficiary are attached to the transfer.
Risk of un-hosted wallets: Where a client transfers to a self-hosted wallet independent of a service provider, enhanced due diligence (EDD) is required in order to exclude sanctions exposure.
Blockchain monitoring: The Central Bank of Hungary requires the use of software capable of indicating whether a crypto-asset originates from a “tainted” source (e.g. a sanctioned mixer service).
4. Organisational Requirements and Allocation of Responsibilities
Compliance is not merely a technological issue, but also a matter of governance responsibility.
Designation of a responsible senior manager: A responsible person must be appointed at board level for the implementation of restrictive measures.
Independent control function: Internal audit must regularly (at least annually) assess the effectiveness of screening systems and the adequacy of their parameterisation.
Training: Employees must participate in specialised training covering the identification of sanctions evasion techniques (e.g. shell companies, complex ownership structures).
5. Reporting and Asset Freezing Protocol
Where the screening system generates a hit, the institution must act in accordance with a strict protocol:
Immediate freezing: Where the match is confirmed, access to the assets must be prevented without delay.
Reporting: The hit must be reported to the competent authority (Hungarian Tax and Customs Administration – Financial Intelligence Unit).
Absence of notification prohibition: An important legal distinction compared to anti-money laundering rules is that the “tipping-off” prohibition does not apply in all cases; therefore, the client may be informed of the sanctions following the execution of the freezing measure.
Summary
Recommendation No. 3/2026 (25 March) of the Central Bank of Hungary sends a clear message to the market: sanctions compliance is no longer a “best effort” activity, but a stringent technological and legal requirement. Institutions that fail to place sufficient emphasis on the strict control of crypto-assets and digital financial flows risk not only substantial fines, but also significant reputational damage in an increasingly strict international environment.
