AML REQ for Crypto-Asset Service Providers (CASPs)
The AML REQ is the Central Bank of Irelandâs annual data return on your firmâs money laundering and terrorist financing risk. Customers, products, jurisdictions, controls.
The return must be submitted through the Central Bank Portal using the prescribed XML schema. Only XML submissions are accepted.
Why it matters:
Statutory: Mandatory under your AML/CFT obligations.- Supervisory: The data directly shapes whether the CBI lines you up for a deep-dive inspection.
- Strategic: Feeds into the incoming EU AMLA framework
- Visible: Quality and completeness signal the maturity of your AML programme.
Whatâs the scope?
Entities in scope
CASPs regulated by the CBI must each submit their own REQ, with reporting scope determined by the institutionâs legal structure and whether EEA-wide aggregation applies, while former VASPs must also include relevant data relating to both former VASP activity and CASP activity where crypto-asset services commenced in 2025.
Activity covered
The REQ covers crypto-asset custody and administration, trading platforms, exchanges, order execution and transmission, placement, advisory and portfolio management, transfer services, correspondent relationships, and transaction monitoring and sanctions controls.
Reporting dates
Reference date: 31 December of the preceding calendar year
First submission deadline: 31 July 2026
Reporting frequency
Annual reporting
File format
XML format only, aligned with the prescribed XSD schema, and submitted via the Central Bank Portal. Excel files are provided for reference purposes only and cannot be submitted.
Customer / Geographic nexus
Reporting includes EEA customer exposure, high-risk jurisdictions, cross-border activity under FOE/FOS, customer residence and establishment, the geography of funds flows, and self-hosted addresses and certain crypto-asset transaction channels.
Key data areas
The REQ captures information relating to:
- Legal structure and business model
- CASP services and activity comments
- Customer segments and risk ratings
- Transaction volumes and values
- High-risk customers and sectors
- Crypto-assets traded and gross traded value
- Cash transactions and prepaid cards
- Funding methods and payment instruments
- Intermediaries and distribution channels
- Remote onboarding
- Correspondent relationships
- BWRA and risk appetite
- AML/CFT policies and procedures
- Transaction monitoring and STR controls
- Governance, audit and training arrangements
- Compliance with the Fund Transfers Regulation
Reporting considerations to keep in mind
- All data points are mandatory, including non-applicable fields
- Non-applicable fields must use prescribed default values, such as 0, N/A or 2000-01-01
- All values should be reported in EUR
- XML submissions must follow the required schema, table structures and table ordering
- Files must be validated before submission
- Firms must complete both âFinaliseâ and âSign-Offâ steps within the portal
- The REQ is not the channel for sole communication of material issues; these should be raised through normal supervisory channels
So, what do you need to do?
There are no shortcuts, here is what the CBI requires end-to-end.
Download and review the REQ guidance pack
Download and review the sector-specific REQ pack, including the guidance notes, XML schema and reference files, to understand the reporting requirements in full.
Prepare and map your reporting data
Align internal AML/CFT, customer, product and transaction data to the required REQ fields. Every field is mandatory & has a strict format.
Validate against the XSD schema
Validate the XML file against the Central Bankâs schema and formatting rules to identify structural or mandatory field errors before submission. Excel wonât fly. XML schema only.
Obtain internal sign-off
Complete internal review and approval processes before submission (typically MLRO and board-level).
Upload the return via the Central Bank Portal before 31 July 2026
Submit the validated XML return through the Central Bank Portal and complete the required finalisation and sign-off steps.
Maintain an audit trail
Retain supporting documentation, validation records and reporting evidence to support audit and regulatory review requirements. The CBI will ask.