1.  Members of the management body of crypto-asset service providers shall be of sufficiently good repute and possess the appropriate knowledge, skills and experience, both individually and collectively, to perform their duties. In particular, members of the management body of crypto-asset service providers shall not have been convicted of offences relating to money laundering or terrorist financing or of any other offences that would affect their good repute. They shall also demonstrate that they are capable of committing sufficient time to effectively perform their duties.

2.  Shareholders and members, whether direct or indirect, that have qualifying holdings in crypto-asset service providers shall be of sufficiently good repute and, in particular, shall not have been convicted of offences relating to money laundering or terrorist financing or of any other offences that would affect their good repute.

3.  Where the influence exercised by the shareholders or members, whether direct or indirect, that have qualifying holdings in a crypto-asset service provider is likely to be prejudicial to the sound and prudent management of that crypto-asset service provider, competent authorities shall take appropriate measures to address those risks.

4.  Crypto-asset service providers shall adopt policies and procedures that are sufficiently effective to ensure compliance with this Regulation.

5.  Crypto-asset service providers shall employ personnel with the knowledge, skills and expertise necessary for the discharge of the responsibilities allocated to them, taking into account the scale, nature and range of crypto-asset services provided.

6.  The management body of crypto-asset service providers shall assess and periodically review the effectiveness of the policy arrangements and procedures put in place to comply with Chapters 2 and 3 of this Title and take appropriate measures to address any deficiencies in that respect.

7.  Crypto-asset service providers shall take all reasonable steps to ensure continuity and regularity in the performance of their crypto-asset services. To that end, crypto-asset service providers shall employ appropriate and proportionate resources and procedures, including resilient and secure ICT systems as required by Regulation (EU) 2022/2554.

8.  Crypto-asset service providers shall have in place mechanisms, systems and procedures as required by Regulation (EU) 2022/2554, as well as effective procedures and arrangements for risk assessment, to comply with the provisions of national law transposing Directive (EU) 2015/849. They shall monitor and, on a regular basis, evaluate the adequacy and effectiveness of those mechanisms, systems and procedures, taking into account the scale, the nature and range of crypto-asset services provided, and shall take appropriate measures to address any deficiencies in that respect.

9.  Crypto-asset service providers shall arrange for records to be kept of all crypto-asset services, activities, orders, and transactions undertaken by them. Those records shall be sufficient to enable competent authorities to fulfil their supervisory tasks and to take enforcement measures, and in particular to ascertain whether crypto-asset service providers have complied with all obligations including those with respect to clients or prospective clients and to the integrity of the market.