The FCA have recently announced an extension to the Temporary Registration Regime for cryptoasset businesses, from 9 July 2021 to 31 July 2022.
During this period, firms who submitted their applications before 16 December 2020 will be allowed to continue to trade whilst their applications are being processed.
From 10 January 2020, the FCA was appointed as the Anti Money Laundering and Countering Terrorist Financing (AML/CTF) supervisor for businesses carrying out various cryptocurrency ventures. As such, firms were required to register with the FCA. A recent parliamentary question submitted to the Treasury revealed that to date, only five firms had received approval, with 167 businesses having outstanding applications for AML/CTF registration with the FCA, and 77 new cryptoasset businesses with applications pending full assessment.
The number of firms with pending applications highlights the difficulties faced in passing the approval process, both from the point of view of firms wishing to attain regulated status, and with the FCA’s ability to deal with the volume of applications submitted. Criticism has been levelled at both sides. On the one hand, some crypto firms stand accused of not focusing sufficiently on their regulatory obligations, yet on the other, the application process itself has attracted complaints for being ‘arduous’, and beyond the limits of normal requirements. I was recently asked to comment on the issue by Global Banking Regulation Review.
So what are the regulatory requirements for firms who wish to trade in cryptoassets?
In 2018, the EU issued the 5th Anti-Money Laundering Directive, which extended the scope of persons and firms subject to money laundering regulations to include cryptoasset exchange providers and custodian wallet providers. The provisions of the directive were incorporated into UK domestic law on 10 January 2020 via the Money Laundering and Terrorist Financing (Amendment) Regulations 2019. The 2019 regulations amended the existing Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR).
To operate in the UK, crypto exchanges need to have registered with the Financial Conduct Authority and adhere to a number of compliance rules. Those include regulations around KYC (Know-Your-Customer), AML (Anti-Money Laundering) and CFT (Combatting the Financing of Terrorism). The regulations concerning due diligence can be found in Part 3, Chapters 1-3 of the MLR.
Customer Due Diligence (CDD)
This relates to obtaining access to addresses and owners of virtual currency, and applying ‘Know Your Customer’ (KYC) to clients to identify and verify that a customer is who they say they are.
Enhanced Due Diligence (EDD)
This is for transactions that are complex or unusual (i.e., transactions from high risk third countries and Politically Exposed Persons (PEPs);
The EDD measures required are:
Obtaining additional information on the customer and the customer’s UBO;
Obtaining additional information on the intended nature of the business relationship;
Obtaining information on the source of funds and source of wealth of the customer;
Obtaining information on the reasons for the transaction;
Obtaining the approval of senior management for establishing or continuing the business relationship; and
Conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.
Guidance on when to apply EDD is set out in regulation 33.
Simplified Due Diligence (SDD)
This is used in circumstances which present a lower risk of money laundering and terrorist financing.
For example, a customer which is a publicly owned enterprise, resident in a geographically lower risk area, or a company with securities listed on a regulated market.
Here, the rules are less stringent and a client’s identification may be supported by fewer documents.
There are a number of other AML requirements which firms need to adhere to, such as the appointment of an anti-money laundering officer. Given that breaches of the AML regulations can attract potential civil or criminal penalties, it is important that firms seeking regulatory approval are aware of all the requirements, and have in place robust policies to ensure compliance.
For those who would like advice on this issue, our specialist regulatory and compliance team can guide individuals and companies through the process. If you have any questions arising from this blog, do not hesitate to contact us, send us an e-mail, or alternatively, follow us on Twitter to stay up to date.
The information in these blogs is for general information purposes only and does not purport to be comprehensive or to provide legal advice. Whilst every effort is made to ensure the information and law is current as of the date of publication it should be stressed that, due to the passage of time, this does not necessarily reflect the present legal position. Gherson accepts no responsibility for loss which may arise from accessing or reliance on information contained in these blogs. For formal advice on the current law please don’t hesitate to contact Gherson. Legal advice is only provided pursuant to a written agreement, identified as such, and signed by the client and by or on behalf of Gherson.
Solicitor in our White Collar Crime Defence Team