Regulation of the UK cryptoasset sector for AML and counter-terrorist financing (AML/CTF)
27 January 2020
This significant milestone in the regulation of the cryptoasset market follows the implementation of the EU’s 5th Anti-Money Laundering Directive (5AMLD).
Cryptoasset businesses that fall within the scope of the regulations must:
- register with the FCA
- comply with the full scope of the regulations
On 23 December 2019, the FCA published a summary of the key changes stemming from the updated regulations. In relation to cryptoasssets, the FCA said businesses must comply with the regulations from 10 January 2020, irrespective of whether they are registered or not with the FCA. Supervision will start from this date.
The FCA also launched a dedicated webpage for the market to provide relevant information and updates.
Our perspective
The inherently anonymous nature of coin wallets has historically led to crypto currency being considered a high risk area which requires deep knowledge to safely navigate.
With the implementation of 5AMLD, and the FCA’s new regulatory responsibility, you could say that crypto’s position as a legitimate market currency is gaining recognition. This legitimacy may well result in more risk adverse participants exploring the possibility of incorporating crypto into investment strategies. This has been pre-empted in the FCA’s consultation on banning the sale, marketing and distribution of derivatives and exchange traded notes referencing cryptoassets to all retail consumers. Nonetheless, firms looking to invest in this space will need to think about important compliance considerations and of course, the associated cost.
In general, the FCA’s approach to firms that are not compliant from implementation date, is to take into account evidence that they have taken sufficient steps before that date to comply during its supervisory visits. However, the FCA did not explicitly mention this in respect of cryptoasset businesses. Does this indicate that the FCA is planning to take a more hard lined approach to the market? It’s clear from FCA consultations and communications to date on crytoassets that it views the potential harm to consumers and market integrity as high. Therefore an aggressive supervisory approach can be expected.
Here is a summary of what you need to know if you are a cryptoasset business now regulated by the FCA.
Definition of cryptoasset activity falling within the scope of the regulations
The definition of activities that are subject to the regulations are set out in the associated statutory instrument.
These are set out in the table below for ease of reference:
CRYPTOASSET ACTIVITY | AS DESCRIBED IN THE STATUTORY INSTRUMENT |
Cryptoasset exchange provider (including Cryptoasset Automated Teller Machine Peer to Peer Providers, Issuing new cryptoassets, e.g Initial Coin Offering or Initial Exchange Offerings). | A firm or sole practitioner who by way of business provides one or more of the following services, including where the firm or sole practitioner does so as creator or issuer of any of the cryptoassets involved, when providing such services.
|
Custodian Wallet Providers | A firm or sole practitioner who by way of business provides services to safeguard, or to safeguard and administer
|
What firms must do
The registration process
New cryptoasset businesses that intend to carry on a cryptoasset activity after 10 January 2020 must be registered with the FCA before any activity can be carried out
Existing cryptoasset businesses which were already carrying on cryptoasset activity immediately before 10 January 2020 may continue with that business, in compliance with the regulations. However, they must be registered by 10 January 2021, or stop all cryptoasset activity.
Supervisory expectations
The FCA set out a summary of some of the requirements that a firm is expected to comply with, in addition to the other more general obligations of an FCA authorised business under Financial Services and Markets Act 2000. A firm must:
HEADLINE | CONSIDERATION |
Conduct a business risk assessment to understand inherent AML risks within the business |
|
Develop risk-based policies and procedures |
|
Ensure Senior management ownership of ML/TF risk |
|
Establish an internal audit function |
|
Undertake screening of employees |
|
Carry out due diligence on customers |
|
Apply extra scrutiny and checks on customers with higher ML/TF risk |
|
Undertake ongoing and transaction monitoring |
|
In addition, there are various requirements for ensuring all management and employees receive appropriate training so that they can identify ML/TF risk and suspicious activity, as well, as obligations for record keeping.
An effective anti-money laundering framework needs to be established to include components such as those outlined above by ‘supervisory expectations’.
However, the road to compliance can be a long one, and certainly does not end once a compliant framework has been achieved. A well-coordinated strategy must be put in place, not just to get to a state of compliance, but to maintain that state indefinitely.
Get in touch
Our Financial Crime Risk and Compliance team can address any questions or queries you may have, so please feel free to get in touch.