Since 10 January 2021, cryptoasset exchange providers and custodian wallet providers with operations in the UK have been required to register with, and be supervised for, anti-money laundering and counter terrorist financing (AML/CTF) purposes by the FCA.
For crypto businesses which do not carry on any investment, payment services, e-money or other UK regulated business, this relatively limited regime is the main tool currently available to UK financial services regulators in this emerging sector.
In order to allow firms to continue trading while their applications are being assessed, the FCA introduced a Temporary Registration Regime (TRR) for existing cryptoasset businesses. The TRR expires on 31 March 2022.
In June 2021, the FCA stated that many temporarily registered crypto firms submitted deficient applications and it had asked some firms to withdraw their applications. The FCA has also publicly listed crypto firms that have failed to register under the MLR. In this post, we explain important aspects of the UK regime; key takeaways are:
- Carrying out registrable crypto business in the UK without MLR registration can constitute a criminal offence.
- Crypto firms with temporary registration under the TRR may wish to seek legal advice to assist with evidencing to the FCA a good compliance framework as part of the application process.
- New crypto firms (which have not yet lodged their MLR application) may wish to seek legal advice on what their compliance framework should look like.
- Both sets of crypto firms should also consider developing contingency plans in case they are asked to withdraw their registrations or their applications are rejected.
- We have experience of and can assist clients with navigating the application process and assessing compliance controls.
What kind of crypto business is registrable?
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) were updated in 2019 to capture ‘crypto exchanges’ and ‘custodian wallet providers’ (other kinds of businesses are also registrable under the MLRs, but will not be considered further in this note).
The MLRs contain the full definition of registrable crypto business. Briefly, the MLRs capture firms that:
- exchange (or arrange for the exchange of) cryptoassets for fiat currency and/or other cryptoassets;
- operate a machine which utilises automated processes to exchange cryptoassets for money or money for cryptoassets; and/or
- safeguard cryptoassets or private cryptographic keys on behalf of customers.
The definition of ‘cryptoassets’ used in the MLRs is intentionally broad and will likely capture most kinds of tokens based on distributed ledger technology (DLT), for example, stablecoins, security tokens, utility tokens and other types of cryptoassets.
EU crypto firms should note that the definition of registrable crypto business under the MLRs is broader than the equivalent definition under the EU 5th Money Laundering Directive (5MLD). When implementing 5MLD, HM Treasury made a policy decision to use a broader definition, aligned with the (then current) Financial Action Task Force (FATF) standards. Therefore it is possible that certain crypto business would not be registrable under an EU Member State’s (or another jurisdiction’s) money laundering regime, but would be registrable under the UK MLRs. Firms with businesses in multiple jurisdictions may therefore wish to consider the definition of MLR-registrable crypto activity under English law against the equivalent definitions in EU or other jurisdictions, as they are not necessarily aligned.
Territorial scope: Is crypto business being carried on in the UK?
The UK MLR registration requirement is territorially limited. It only applies to a firm that is regarded, under English law, as ‘carrying on business in the UK’.
The fact that a firm has UK-based customers does not conclusively determine that it is carrying on MLR-registrable business in the UK. Other factors, for example, whether day-to-day management takes place in the UK or whether the activity is carried on from an establishment in the UK, will need to be considered. It can sometimes be difficult to determine, especially where a firm operates on a decentralised basis with staff or has a corporate presence across different countries (e.g., branches, subsidiaries or staff working remotely). Firms may also outsource various activities to other group companies or third parties (whether based in the UK or not), which can further complicate the analysis. Firms in the initial stages of establishing operations should consider at an early stage whether their desired set-up is subject to the UK MLRs.
Transitional relief and the temporary registration regime
‘New’ crypto firms (i.e., those which were not carrying on crypto business in the UK before 10 January 2020) must be registered with the FCA before they begin conducting business.
For pre-existing crypto firms (those carrying on crypto business in the UK before 10 January 2020), the MLRs provided a transitional relief for such firms to submit registration applications, and to continue business, up to 10 January 2021. The FCA also established the TRR for pre-existing crypto firms who had submitted their registration applications by 15 December 2020, granting them a temporary MLR registration to continue business until 31 March 2022. The FCA has stated that it extended the duration of the TRR regime due to a significant number of businesses not meeting the required standards under the MLRs and therefore being asked to withdraw their MLR applications.
Some crypto firms have successfully obtained MLR registrations (see the FCA’s list of MLR-registered crypto firms here). However, given statements made by the FCA, it would appear that many firms have had difficulties with their MLR registrations and have been asked to withdraw their applications. If a temporarily registered crypto firm faces the possibility of failing to be fully registered by 31 March 2022 it would be prudent to consider now how its business might be restructured (if it wishes to continue to operate in the UK) or wound-down.
Fit & proper assessments
Crypto firms are subject to fit and proper requirements under the MLRs. Various key individuals must also be assessed (by the FCA) as fit and proper for the role, including officers, managers and beneficial owners (broadly, those who own or control more than 25% of the shares or voting rights) in the business. These individuals will need to pass the fit and proper test before the business can be fully registered or remain registered. This is a key tool for the regulator. Applications must disclose any issues as to why the business or person may not be fit and proper; the FCA treats non-disclosure very seriously.
Other on-going requirements
The compliance requirements imposed by the MLR (such as customer due diligence, monitoring, and other systems and controls requirements) and Suspicious Activity Reporting requirements under the Proceeds of Crime Act 2002 are not covered by this blog. Note that there is no relevant transitional period for compliance with these requirements – firms that are undertaking registrable crypto business whilst in the TRR regime must comply with the MLRs pending, as well as after, registration.
What to do next?
While each crypto firm is subject to its own circumstances, we suggest considering the following:
Crypto firms in the FCA TRR:
- Has the FCA identified any weakness in the firm’s application? Firms should consider any interim FCA feedback they have received.
- Has the firm considered how it would respond were the FCA to request that it withdraw its application?
- Has the firm developed a contingency plan to re-structure or wind-down operations to comply with the UK MLR regime?
- What impact would any contingency plan have on UK customers? If the FCA has already responded negatively to the firm’s application, has the firm discussed the UK customer impact with the FCA?
‘New’ crypto firms that have yet to apply for MLR registration:
- To what extent are the firm’s operations subject to the UK MLR regime, considering the firm’s corporate/operational set-up and the activities being carried on in the UK?
- Has the firm reviewed the extent to which it complies with the MLRs?
- If the firm’s review of MLR compliance identifies shortcomings, what is the firm’s strategy for remedying those before it applies for registration?
- Has the firm identified key outsourced resources (including staff) or systems that may affect its MLR compliance?
- Does the firm have sufficient legal and compliance resource and experience (including AML/CTF risk management) to deal with the FCA registration process and ongoing MLR compliance?
Is there anything else to think about?
Unfortunately, yes. Crypto firms should consider the following when starting crypto business for the first time or, if already operating, before launching any new products or services:
- Licensing: Cryptoassets are a novel asset class with many legal uncertainties. But from a financial services regulatory perspective, crypto firms should be aware of the other UK financial services regimes’ licensing and authorisation requirements (e.g. the regimes for investment business (which is relevant to securities tokens), insurers, consumer credit, payment services and e-money) which are separate from the MLR regime (albeit such activities will also fall within the scope of the MLR). Licensing triggers under these regimes are generally technology agnostic so regardless of the method (DLT-based or otherwise), if the function or service offered to the firm’s customers constitutes a regulated activity then a licensing and/or authorisation requirement can be triggered.
- Marketing: Marketing or promoting certain crypto services can fall within the scope of the UK’s financial promotion regime which (with some exceptions e.g. for marketing to high net worth clients) generally requires the promoting firm to be authorised or for an authorised firm to approve a crypto firm’s marketing communications. Crypto firms should also note that crypto-specific disclosures under the MLRs must be made before a business relationship or transaction is entered into. Authorised firms should note there is a specific prohibition on firms promoting (or approving financial promotions in relation to) cryptoasset derivatives or cryptoasset exchange traded notes to UK retail clients.
- Breach: Carrying on business in breach of UK financial services or MLR licensing requirements or the UK financial promotions regime can constitute a criminal offence. In relation to the MLR regime, the FCA has published a list of firms (here) that it considers appear to be carrying on cryptoasset business without being MLR-registered.
- Firms operating in other jurisdictions: Firms with operations and/or customers in the EU or other jurisdictions should consider whether there are similar regulatory issues in the relevant jurisdiction. The position in all jurisdictions will also need to be kept under review; in particular, the EU’s AML reform package, published in July 2021 (see this briefing for more details) proposes a new definition of cryptoasset and cryptoasset service provider, which is aligned to the scope of the draft EU Regulation on Markets in Cryptoassets (MiCA).