Cryptoassets and money laundering and terrorist financing risks

On 17 March 2020, the Joint Money Laundering Steering Group (JMLSG) published for consultation draft sectoral guidance on money laundering and terrorist financing risks (ML/TF) arising in the cryptoasset space (the Draft Guidance). This will be included as a separate chapter under Part II of JMLSG’s Anti-Money Laundering and Counterterrorist Financing (AML/CTF) guidance.


The fifth Money Laundering Directive (MLD5), as transposed into UK law by the Money Laundering and Terrorist Financing (Amendment) Regulations 2019, brings into scope of the UK AML/CTF regime cryptoasset exchange providers and custodian wallet providers. In particular, starting from 10 January 2020, these in-scope firms and sole practitioners will be required to comply with AML/CTF regulation and to register with the Financial Conduct Authority (FCA), as the relevant competent authority.

The draft guidance

The Draft Guidance provides some useful clarifications regarding the way that the AML/CTF rules will be applied in the cryptoasset space. It covers several issues, including:

  • definitions;
  • the scope of regulation and regulatory perimeter issues;
  • overview of main ML/TF risks in the cryptoasset sector, providing examples of high risk as well as low-risk situations;
  • risk management, including risk assessment and risk mitigation;
  • Customer Due Diligence (CDD);
  • record keeping;
  • dealing with suspicious transactions; and
  • sanctions screening.

More specifically, the Draft Guidance explains which entities are or are not likely to constitute cryptoasset exchange providers or custodian wallet providers.

Cryptoasset exchanges

A cryptoasset exchange provider is defined broadly to include firms providing the services of exchanging as well as “arranging or making arrangements with a view to the exchange” of cryptoassets. It is clarified that this may cover activities concerning a dedicated peer-to-peer platform, but it does not intend to capture firms that merely provide a forum allowing buyers and sellers to post their bids and offers, such as bulletin boards, where parties trade at an outside venue.

According to the Draft Guidance, the following entities/activities will likely be within the scope of the rules:

  • issuers, creators or miners, if they accept fiat currency or cryptoassets in exchange for the cryptoassets they issue, create or mine, including by way of cloud
  • mining and initial coin offerings;
  • services facilitating the issuance and trading of cryptoassets; however, excluding the mere provision of advice or technology services; and
  • cryptoasset escrow services.

By contrast, the following entities/activities are likely to fall outside the scope of the regulation:

  • buying and selling cryptoassets for one’s own account;
  • intermediaries acting as outsourced service providers, in which case the AML/CTF obligations remain with the outsourcing firm; and
  • the issuance or acceptance of utility tokens.

The FCA will assess the above activities on a case-by-case basis to determine the applicability of the rules.

Custodian wallet providers

The term custodian wallet provider includes firms or sole practitioners that provide services to safeguard, or to safeguard and administer private cryptographic keys on behalf of their customers in order to “hold, store and transfer cryptoassets.” In that regard, the Draft Guidance clarifies that firms that only hold and store cryptographic keys but are not involved at the same time in their transfer (i.e. where the owner of the cryptoassets interacts with the payment system directly), are not likely to constitute custodian wallet providers. These include hardware wallet manufacturers.