On 10 January 2020, the Financial Conduct Authority (FCA) became the anti-money laundering and counter terrorist financing supervisor for businesses that undertake the following cryptoasset activities:

• Cryptoasset Exchange Providers; and/or
• Custodian Wallet Providers.

These cryptoasset activities have been brought in-scope of anti‑money laundering and counter terrorist financing (AML/CFT) laws due to:

• the anonymity provided by their trading online;
• the limited identification and verification of participants;
• the lack of clarity regarding the responsibility for AML/CFT compliance, supervision and enforcement for these transactions that are segmented across several countries; and
• the lack of a central oversight body.

The FCA was granted this additional responsibility as a result of the coming into effect of the Fifth Anti‑Money Laundering Directive (EU) 2018/843 (5MLD) in the UK.

MLD5 has been implemented via an update to the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLRs).

Cryptoasset activities

A Cryptoasset Exchange Provider is defined broadly and applies to a whole range of businesses that exchange or arrange the exchange of cryptoassets. The definition extends to creators or issuers of any cryptocurrencies via an Initial Coin Offering or Initial Exchange Offering where they provide services for exchanging, arranging or making arrangements with a view to the exchange of the cryptoasset in question for money or other cryptoassets. The definition also covers operators of Cryptoasset Automated Teller Machines.

A Custodian Wallet Provider means any firm that safeguards or administers cryptocurrency on behalf of customers or private cryptographic keys on behalf of its customers.

There are no specific exemptions for Cryptoasset Exchange Providers and Custodian Wallet Providers in the MLRs.

Regulation 15 of the MLRs contains a general exemption for persons that would otherwise be in-scope solely as a result of engaging in financial activity on an occasional or very limited basis.

To qualify for this exemption, a person must meet several conditions including that:

• the total annual turnover from the financial activity cannot exceed GBP100,000;
• the financial activity is ancillary and directly related to the person’s main activity;
• the financial activity does not exceed 5% of the person’s total annual turnover; and
• the financial activity is provided only to customers of the main activity of the person and is not offered to the public.

These conditions will exclude many Cryptoasset Exchange Providers and Custodian Wallet Providers from relying on the Regulation 15 exemption from the MLRs.

Registration with the FCA – timeframes

New cryptoasset businesses that intend to carry on a cryptoasset activity after 10 January 2020 must be registered before any activity can be carried out. Registration is not a license, recommendation or endorsement of the business by the FCA.

Existing cryptoasset businesses which were already carrying on cryptoasset activity immediately before 10 January 2020 may continue with that business, in compliance with the MLRs, but must be registered by 10 January 2021, or stop all cryptoasset activity.

To ensure this deadline is met, these businesses must submit a completed application for registration via the FCA’s Connect portal by June 2020.

Registration with the FCA does not mean the cryptoasset businesses or the cryptoassets in question will be subject to the financial services licensing and regulatory regime in the UK under the Financial Services and Markets Act 2000 (FSMA). The FCA has set out its guidance on which cryptoassets will be specified investments under FSMA in Policy Statement 19/22.

Existing FCA authorised firms, including those authorised under Financial Services, Payment Services or Electronic Money laws, are also required to apply for registration when they perform a cryptoasset activity.

New requirements on cryptoasset businesses

Cryptoasset Exchange Providers and Custodian Wallet Providers must comply with the MLRs. The MLRs impose various requirements including to:

• identify and assess the risks of money laundering and terrorist financing which their business is subject to;
• have policies, systems and controls to mitigate the risk of the business being used for the purposes of money laundering or terrorist financing;
• where appropriate to the size and nature of its business, appoint an individual who is a member of the board or senior management to be responsible for compliance with the MLRs;
• undertake customer due diligence when entering into a business relationship or occasional transactions;
• apply enhanced due diligence when dealing with customers who may present a higher money laundering/terrorist finance risk including for politically exposed persons;
• undertake ongoing monitoring of all customers to ensure that transactions are consistent with the business’s knowledge of the customer and the customer’s business and risk profile.

The FCA have a number of supervisory powers under the MLRs including to order skilled persons reviews, direct firms, require disclosure or to require firms to report information as directed.

The FCA also has significant powers to enforce the MLRs including via disciplinary action as well as through criminal or civil proceedings.