TITLE: Hungarian National Bank Issues Cryptocurrency Service Recommendations on Risk Profiling and Transfer Services
BODY:
On May 4, 2026, the Hungarian National Bank (MNB) issued recommendations to cryptocurrency service providers regarding compliance requirements for cryptocurrency services and expectations for cryptocurrency transfer services. The MNB expects service providers to implement these recommendations by October 1, 2026.
The recommendations require cryptocurrency service providers to give clients clear, transparent information about the risk assessment process conducted before providing portfolio management or advisory services. Providers must explain why information is requested, maintain data currency, and review assessments at least every two years. Where necessary data is absent, providers cannot recommend cryptocurrency services or products.
The MNB expects providers to clearly document their responsibility for recommending appropriate cryptocurrency products and services based on assessment results. For robo-advisory services, providers must disclose the extent of human intervention to clients. Assessment surveys must be proportionate to client needs and may be conducted online. Providers must thoroughly evaluate recommended assets and those held in client portfolios, considering costs and complexity of equivalent products. When switching investments, providers must reasonably demonstrate that expected benefits exceed costs.
Regarding cryptocurrency transfer services, providers must send clear, easily understood information to clients electronically in advance. This must include the supervisor's name, service characteristics, client consent and withdrawal rules, rejection conditions, and receipt timeframes. Providers must provide information on maximum execution times and the point at which transfers become irreversible on distributed ledger technology (DLT) networks. Clients must see all service costs and minimum technical requirements for their devices and software. Providers must disclose fraud and security threat notification methods and timeframes for clients to report unauthorised or incorrect transfers, including maximum provider liability amounts.