**Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets, and amending Regulation (EU) 2015/847 and Directive (EU) 2015/849 (TFR)**:

**Relevant Hungarian Legislation (for general AML/CTF obligations):**

**Act LIII of 2017 on the Prevention and Combatting of Money Laundering and Terrorist Financing (Pénzmosás és terrorizmus finanszírozása megelőzéséről és megakadályozásáról szóló 2017. évi LIII. törvény)**: This act defines obligated entities (which include VASPs) and outlines general AML/CTF duties. It has been amended to reflect EU AMLD requirements.

**General AML/CTF obligations for VASPs:** These have been in effect in Hungary since the national transposition of AMLD5 (which brought VASPs under the scope of AML/CTF regulations).

**Specific Travel Rule obligations for crypto-asset transfers (under TFR 2023/1113):** The majority of the provisions of Regulation (EU) 2023/1113 will apply from **30 December 2024**.

**No de minimis threshold.** For any amount, the originating VASP must obtain and submit specific information about the originator and beneficiary, and the beneficiary VASP must receive and store this information.

**Transfers to/from an unhosted wallet (VASP-to-unhosted or unhosted-to-VASP):**

**Above €1,000:** When a transfer from an unhosted wallet to a VASP, or from a VASP to an unhosted wallet, exceeds **€1,000**, the VASP must collect and verify information about the originator or beneficiary, respectively.

**Below €1,000:** Below this threshold, simplified due diligence may apply, but VASPs are still expected to implement risk-based controls.

**Exchanges** between crypto-assets and fiat currencies.

**Exchanges** between one or more crypto-assets.

**Custody and administration** of crypto-assets on behalf of clients.

**Operating a trading platform** for crypto-assets.

**Implement policies and procedures** to ensure the transmission and receipt of required originator and beneficiary information with crypto-asset transfers.

**Ensure the accuracy and completeness** of the collected information.

**Store the information** securely and for the legally required period (typically 5 years, extensible to 10 years).

**Detect missing or incomplete information** and have procedures for handling such cases (e.g., rejecting or suspending transfers, reporting to authorities).

**Fines:** Significant monetary fines, which can be substantial, especially for legal entities (up to a certain percentage of turnover or a fixed high amount, whichever is greater). The EU TFR itself mandates that penalties for legal persons should be at least €5 million or 10% of annual turnover, and for natural persons at least €5 million.

**Public Censure:** Publication of a statement indicating the responsible natural or legal person and the nature of the breach.

**Withdrawal or Suspension of Authorization/License:** For severe or repeated breaches, the MNB can revoke or suspend a VASP's operating license.

**Issuance of Orders:** Directives to the VASP to cease specific practices, take remedial action, or implement new procedures.

**Managerial Disqualifications:** Temporary or permanent bans on individuals holding management positions within a VASP.

**MNB (Magyar Nemzeti Bank) Financial Supervision:**