On 10 January 2020, the Financial
Conduct Authority (FCA) became the
anti-money laundering and counter
terrorist financing supervisor for
businesses that undertake the
following cryptoasset activities:
- Cryptoasset Exchange Providers;
and/or
- Custodian Wallet Providers.
These cryptoasset activities
have been brought in-scope of
anti‑money laundering and counter
terrorist financing (AML/CFT) laws
due to:
- the anonymity provided by their
trading online;
- the limited identification and
verification of participants;
- the lack of clarity regarding
the responsibility for
AML/CFT compliance,
supervision and enforcement
for these transactions that
are segmented across
several countries; and
- the lack of a central
oversight body.
The FCA was granted this additional
responsibility as a result of the
coming into effect of the Fifth
Anti‑Money Laundering Directive
(EU) 2018/843 (5MLD) in the UK.
MLD5 has been implemented via an
update to the Money Laundering,
Terrorist Financing and Transfer of
Funds Regulations 2017 (MLRs).
Cryptoasset activities
A Cryptoasset Exchange Provider
is defined broadly and applies to
a whole range of businesses that
exchange or arrange the exchange
of cryptoassets. The definition
extends to creators or issuers of
any cryptocurrencies via an Initial
Coin Offering or Initial Exchange
Offering where they provide services
for exchanging, arranging or
making arrangements with a view
to the exchange of the cryptoasset
in question for money or other
cryptoassets. The definition also
covers operators of Cryptoasset
Automated Teller Machines.
A Custodian Wallet Provider
means any firm that safeguards
or administers cryptocurrency on
behalf of customers or private
cryptographic keys on behalf of
its customers.
There are no specific exemptions
for Cryptoasset Exchange Providers
and Custodian Wallet Providers in
the MLRs.
Regulation 15 of the MLRs contains
a general exemption for persons
that would otherwise be in-scope
solely as a result of engaging in
financial activity on an occasional or
very limited basis.
To qualify for this exemption,
a person must meet several
conditions including that:
- the total annual turnover from
the financial activity cannot
exceed GBP100,000;
- the financial activity is ancillary
and directly related to the
person’s main activity;
- the financial activity does not
exceed 5% of the person’s total
annual turnover; and
- the financial activity is provided
only to customers of the main
activity of the person and is not
offered to the public.
These conditions will exclude many
Cryptoasset Exchange Providers
and Custodian Wallet Providers
from relying on the Regulation
15 exemption from the MLRs.
Registration with the
FCA – timeframes
New cryptoasset businesses that
intend to carry on a cryptoasset
activity after 10 January 2020 must
be registered before any activity
can be carried out. Registration is
not a license, recommendation or
endorsement of the business by
the FCA.
Existing cryptoasset businesses
which were already carrying on
cryptoasset activity immediately
before 10 January 2020 may
continue with that business, in
compliance with the MLRs, but must
be registered by 10 January 2021,
or stop all cryptoasset activity.
To ensure this deadline is met,
these businesses must submit
a completed application for
registration via the FCA’s Connect
portal by June 2020.
Registration with the FCA does not
mean the cryptoasset businesses
or the cryptoassets in question will
be subject to the financial services
licensing and regulatory regime in
the UK under the Financial Services
and Markets Act 2000 (FSMA).
The FCA has set out its guidance on
which cryptoassets will be specified
investments under FSMA in Policy
Statement 19/22.
Existing FCA authorised firms,
including those authorised under
Financial Services, Payment
Services or Electronic Money laws,
are also required to apply for
registration when they perform a
cryptoasset activity.
New requirements on
cryptoasset businesses
Cryptoasset Exchange Providers and
Custodian Wallet Providers must
comply with the MLRs. The MLRs
impose various requirements
including to:
- identify and assess the risks of
money laundering and terrorist
financing which their business is
subject to;
- have policies, systems and
controls to mitigate the risk of
the business being used for the
purposes of money laundering or
terrorist financing;
- where appropriate to the size and
nature of its business, appoint
an individual who is a member of
the board or senior management
to be responsible for compliance
with the MLRs;
- undertake customer due
diligence when entering into
a business relationship or
occasional transactions;
- apply enhanced due diligence
when dealing with customers
who may present a higher money
laundering/terrorist finance
risk including for politically
exposed persons;
- undertake ongoing monitoring
of all customers to ensure that
transactions are consistent with
the business’s knowledge of the
customer and the customer’s
business and risk profile.
The FCA have a number of
supervisory powers under the MLRs
including to order skilled persons
reviews, direct firms, require
disclosure or to require firms to
report information as directed.
The FCA also has significant powers
to enforce the MLRs including via
disciplinary action as well as through
criminal or civil proceedings.