Crypto businesses: Update on AML and CTF Regulations

From 10 January 2020, the Financial Conduct Authority (FCA) became the supervisor of anti-money laundering (AML) and counter terrorist financing (CTF) for UK cryptoasset businesses under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 as amended (MLRs).

Who is being regulated?

The MLRs will now apply to businesses carrying out certain cryptoasset activities. The cryptoasset activities fall within two categories:

1. Cryptoasset exchange providers, which, in essence, include any business offering to exchange one cryptoasset for another, cryptoassets for money or vice versa. For example, any business taking part in an ICO, P2P exchange providers and Cryptoasset ATMs will all fall within the purview of the MLRs;
2. Custodian Wallet Providers, which is any business offering to safeguard or administer cryptoassets and/or private keys on behalf of its customers.

What do the MLRs mean for cryptoasset businesses?

The cryptoasset businesses that are now subject to the MLRs will need to consider the following principal regulatory requirements that are now imposed upon them:

1. Registration with the FCA – All UK businesses carrying out cryptoasset activities as set out above will need to register with the FCA, which in practice means filling out the online application form on the FCA’s Connect System and paying the registration fee (£2,000 for businesses with crypto income less than £250,000 and £10,000 for businesses with crypto income more than £250,000). New crypto businesses will need to register before they begin trading, whilst existing crypto businesses have until 10 January 2021 to register. The FCA has three months to assess the application once completed and the assessment will likely involve consideration of the policies, controls and procedures that the business has in place to monitor and manage AML and CTF risks;
2. Supervision – crypto businesses need to comply with the MLRs from 10 January 2020 whether they have registered or not. The FCA has indicated that its supervision will be risk-based such that business that pose the greatest money laundering and terrorist financing risk (e.g. due to their size or specific activity) will be subject to an increased level of scrutiny. If the FCA has reason to believe that serious misconduct has taken place, it may decide to commence and enforcement investigation;
3. Customer Disclosure – most cryptoasset businesses will not fall within the scope of the Financial Ombudsman Services (FOS) or the Financial Services Compensation Scheme (FSCS). This is because the majority of cryptoassets are not specified investments within the Financial Services and Markets Act 2000. However, cryptoasset businesses are required to inform customers that the business does not fall within the scope of the FOS or the FSCS before they enter into a business relationship or transaction. It is up to crypto businesses how best to disclose this information to customers, but they should bear in mind the purpose of the obligation, namely that investors are aware of this information before proceeding.

Outlook

The UK has proceeded with appropriate caution in the regulation of cryptoasset businesses. The fact that certain activities have now been brought within the MLRs is another gradual step forward. Whilst these changes may appear, at first blush, to impose a significant burden, they should be welcomed by the crypto industry, which has until recently carried with it (fairly or unfairly) the stigma of promoting an asset class which could be used by perpetrators of financial crime. It is time to remove that stigma and the imposition of the MLRs on certain cryptoasset activities is a step in the right direction.