FCA becomes AML and CTF supervisor of UK cryptoasset activities
From 10 January 2020, the FCA are the anti-money laundering and counter-terrorist financing (AML/CTF) supervisor of UK cryptoasset businesses under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, as amended (MLRs). The FCA will proactively supervise firms’ compliance with the new regulations, and will take swift action where firms fall short of desired standards and cause risks to market integrity.
Compliance with MLRs ALSO consider guidance from:
1. Joint Money Laundering Steering Group (JMLSG) http://www.jmlsg.org.uk/
2. FCA Financial Crime guide for firms https://www.handbook.fca.org.uk/handbook/FCG.pdf
3. FCA Guidance (FG17/6) on the treatment for Politically Exposed Persons (PEPs) https://www.fca.org.uk/publications/finalised-guidance/fg17-6-treatment-politically-exposed-persons-peps-money-laundering
4. FATF Guidance on a risk-based approach https://www.fatf-gafi.org/media/fatf/documents/reports/Risk-Based-Approach-Banking-Sector.pdf
5. FATF VASP Guidance https://www.fatf-gafi.org/publications/fatfrecommendations/documents/guidance-rba-virtual-assets.html
Any UK business conducting specific cryptoasset activities falls within scope of the regulations and will need to comply with their requirements. For further information please see The FCA dedicated cryptoasset webpage. https://www.fca.org.uk/firms/financial-crime/cryptoassets-aml-ctf-regime
Amongst other things, The FCA require cryptoasset businesses to:
1. identify and assess the risks of money laundering and terrorist financing which their business is subject to;
2. have policies, systems and controls to mitigate the risk of the business being used for the purposes of money laundering or terrorist financing;
3. where appropriate to the size and nature of its business, appoint an individual who is a member of the board or senior management to be responsible for compliance with the MLRs;
4. undertake customer due diligence when entering into a business relationship or occasional transactions;
5. apply more intrusive due diligence, known as enhanced due diligence, when dealing with customers who may present a higher money laundering / terrorist finance risk. This includes customers who meet the definition of a politically exposed person;
6. undertake ongoing monitoring of all customers to ensure that transactions are consistent with the business’s knowledge of the customer and the customer’s business and risk profile.
This is not an exhaustive list. More information can be found on The FCA webpage. https://www.fca.org.uk/news/news-stories/fca-becomes-aml-and-ctf-supervisor-uk-cryptoasset-activities / https://www.fca.org.uk/firms/financial-crime/cryptoassets-aml-ctf-regime
UK businesses undertaking cryptoasset must register with The FCA:
1. New businesses carrying out cryptoasset activity in scope of the MLRs must be registered with the FCA before conducting businesses – registration forms are available on Connect. You can find out more about the registration process on The FCA website.
2. Existing businesses already conducting cryptoasset activity before 10 January 2020 may continue their business but will need to ensure their compliance with the MLRs with immediate effect.
3. All existing businesses undertaking cryptoasset activities must be registered by January 2021. To ensure this deadline is met, these businesses must submit a completed application for registration via Connect by June 2020.
4. Existing Financial Services and Markets Act firms, e-money institutions or payment services businesses undertaking cryptoasset activity will also be required to apply for registration.
Registration key facts
1. All UK cryptoasset businesses carrying on activities in scope of the MLRs will need to register with The FCA from 10 January 2020.
2. The FCA responsibility under this regime will be limited to AML/CTF registration supervision and enforcement only.
3. Registration under the MLRs does not mean that customers will benefit from the protections of the Financial Ombudsman Service or the Financial Services Compensation Scheme (FSCS). As most cryptoassets are not specified investments under the Financial Services and Markets Act 2000 (FSMA), it is unlikely that customers will have access to the Financial Ombudsman Service or FSCS.
4. Customers and firms may wish to consider The FCA guidance, where The FCA have set out The FCA position on the types of cryptoassets which will fall within The FCA regulatory remit and the implications this has on consumer protection.
a. Cryptoasset activity involving security tokens, for example, are regulated tokens which will provide the same protections as specified investments set out in the Regulated Activities Order http://www.legislation.gov.uk/uksi/2001/544/contents/made
b. Cryptoasset activity which falls in the unregulated space, as defined in the guidance on Cryptoassets, will not have the same consumer protections. https://www.fca.org.uk/publication/policy/ps19-22.pdf
5. For any customer that considers Financial Ombudsman Service and FSCS protection important, The FCA recommend that you check with the business as to whether this protection applies to the cryptoasset transaction.
6. A business must register with The FCA as set out by the MLRs. It is not a license or a recommendation or endorsement of the business. A business may not carry on cryptoasset activities in the UK within the scope of the MLRs unless they are registered in line with specified timelines and requirements.
7. Registered businesses should be careful to avoid using language in this context that might give the impression that registration was a form of endorsement or recommendation. Cryptoasset businesses should ensure that they do not mislead customers as to what protections apply and the status of their FCA registration.
8. All applications for registration will be considered carefully to make sure they meet the conditions for registration set out in the MLRs. Applications will be refused if the conditions are not met.
Timeline and payment key facts
1. Businesses must comply with the MLRs from 10 January 2020, irrespective of whether they are registered or not with the FCA.
2. New cryptoasset businesses that intend to carry on a cryptoasset activity after 10 January 2020 must be registered before any activity can be carried out.
3. Existing cryptoasset businesses which were already carrying on cryptoasset activity immediately before 10 January 2020 may continue with that business, in compliance with the MLRs, but must be registered by 10 January 2021, or stop all cryptoasset activity. The FCA encourage businesses to consider the table below setting out the timeline for registration.
When making a business application, please consider the points below:
1. The FCA may refuse to register the applicant where any information or document required in the registration form is missing. The FCA may also ask for additional information supplementary to that set out in the registration form if it is reasonably considered necessary to enable The FCA to determine the application.
2. Once The FCA have received all the required information, there is a 3 month period to make a registration assessment.
3. To avoid delays or the application being rejected, The FCA should be notified of material changes and inaccuracies to the application as soon as possible. This is a legal obligation under the MLRs.
4. The FCA will not consider your registration application until the registration fee is paid. There is more information in the fees section on this page.
5. Businesses will need to apply for registration early in case The FCA require further information, and to ensure the registration deadline is met.
6. Please read the registration process for more information on applications and what The FCA expect from cryptoasset applications.
1. FCA’s dedicated cryptoasset AML/CTF page https://www.fca.org.uk/firms/financial-crime/cryptoassets-aml-ctf-regime
To read more please click here