Cryptoassets: AML/CTF regime: Register with the FCA

From 10 January 2020, we are the anti-money laundering and counter-terrorist financing (AML/CTF) supervisor of UK cryptoasset businesses under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, as amended (MLRs). This page contains information on the registration process. 

From 10 January 2020, existing businesses (operating before 10 January 2020) carrying on cryptoasset activity in the UK have needed to be compliant and will need to register with the FCA. 

If you are a new business (who began operating after 10 January 2020), you must register with the FCA before you begin conducting business. 

We encourage all businesses to apply for registration as soon as possible. The latest date to submit applications for registration for priority review has now passed.

If you are not registered with the FCA, on 10 January 2021 you will have to cease trading. Submitting a complete application as soon as possible will help us to complete your registration before this date.

  • We will not consider your application as complete until you answer fully all the questions in your application forms, disclose all relevant information we require and provide any documentation requested as part of your assessment.  
  • Applications which are incomplete, or not of a sufficient standard, will result in further information requests to your firm, causing delays to the assessment. 
  • Applications which remain incomplete or of a poor quality, or failure to disclose all requested information or provide any further information when requested, may also lead to a refusal. 

Who needs to register?

Please consider the flowchart to help you decide whether you need to register with us.

If you are not sure whether you need to register, it is important you consider at an early stage whether, according to the conditions in the legislation, you are carrying on in-scope cryptoasset activity by way of business in the UK. See more information on this below.

How do I register?

First, you need to fill in our online application form and pay us a registration fee. Use our online system, Connect, to submit an application. 

In the application, we will ask for information about the applicant and key individuals in the business. This is explained further in the next section. When we review your application, it is likely that we will ask you for additional information so we can make the assessment. You will need to factor in this possibility and the time needed to gather the additional information requested.

Once we have all the information we need, we have up to 3 months to assess your application.  

It is important that you fully disclose any information that we ask for. We take any non-disclosure of information that could impact our assessment very seriously, especially where there is an apparent attempt to mislead. If in doubt, it is better to disclose information rather than withhold it. The success of your application could be affected if we find that you have deliberately withheld information or provided false or incomplete information.

We may suspend or cancel the registration of a business at any time after registration if it does not meet the requirements of the regulations.

Tips for applying for registration:

  • Be prepared: you can see a copy of the cryptoasset registration forms on our Connect system prior to submitting an application. Review the forms and the information on our website so you know what information and documents you will require.
  • Complete applications: you must ensure that you fully answer every question on the application form, and provide all information requested. Any omission will result in further information requests to your firm, causing delays. Continued failure to provide requested information may lead to your application being refused.
  • Provide up-to-date, specific information: the information and documents you supply should be up-to-date and specific – do not reuse older documents if they are not fit for purpose.
     

What information do we need?
What do we need to make a fit and proper assessment?
Cryptoasset activity under the MLRs
Registration fees
Contact us


What information do we need?

When making a registration assessment we will need information relating to your business. We will also need information on the applicant and all key individuals who hold a relevant function at your business to assess whether or not you are fit and proper (as set out in Regulation 58A).

The information we will ask about your business will include:

  • Programme of operations: setting out the specific cryptoasset activities for the business.
  • Business Plan: setting out the business objectives, customers, employees, governance, plans and projections. It should provide enough detail to show that the proposal has been carefully thought through and that the adequacy of financial and non-financial resources has been considered. It should also include details on the volume and value of transactions, number and type of clients, pricing and the main lines of income and expenses.
  • Marketing plan: including a description of customers and distribution channels. 
  • Structural organisation: a description of how your business is structured and organised. You must include a description of relevant outsourcing arrangements, if any. We may ask for a copy of the outsourcing contract. This should contain a corporate structure chart.
  • Systems and controls: provide details of the key IT systems you will use to run the business, including details of IT security policies and procedures.
  • Individuals, beneficial owners and close links: directors and any other persons who are or will be responsible for the management, must satisfy us they have a good reputation, and have the appropriate knowledge and experience to act in this capacity. A business will have to appoint a person to be responsible for MLRs compliance, to monitor and manage compliance with policies, procedures and controls relating to money laundering and terrorist financing and to act as the nominated officer under the Proceeds of Crime Act 2002.
    The person you appoint to carry out any of these functions can be the same person, but we expect them to have the knowledge, experience and training as well as a level of authority and independence as well as sufficient access to resources and information, to enable them to carry out that function. Please note that for businesses already authorised by us for other activities, the relevant officer can be the same individual as for those other activities, subject to the person having appropriate knowledge, experience and probity for the cryptoasset business. You will still need to provide details of the relevant officer on the application form when registering for cryptoasset activity. 
  • Governance arrangements and internal control mechanisms: as part of registration, you will need to provide details of governance arrangements, the internal control mechanisms in place to identify and assess risks and a description of money laundering and counter terrorist financing control measures in place.
  • Anti-Money Laundering/Counter Terrorist Finance framework and risk assessment: this should highlight the risks specific to your business model activities and provide details on how you mitigate those risks. You should also include Anti-Money Laundering/Counter Terrorist Finance staff training material.  
  • Business-wide risk assessment: with monitoring and mitigation policy.
  • All cryptoassset public keys/wallet addresses: this should include all of the cryptoasset addresses controlled by the business and used in the activity of the business for each cryptoasset that the business deals with. 
  • Customer on-boarding agreements and process.
  • Customer due diligence and enhanced due diligence procedures, meeting the minimum standards required in the regulations.
  • Transaction monitoring procedures.
  • Record-keeping and recording procedures.
  • Business continuity plan.
  • Outsourcing arrangements policy and service license agreements.
  • Budget forecasts and financials for the first three financial years.
  • Money Laundering Reporting Individual forms for all directors, executives and officers.
  • Beneficial Owner forms for shareholders.
     

It may be helpful to consider our Financial Crime Guide: a firm’s guide to countering financial crime risks.

What we need to make a fit and proper assessment

Cryptoasset businesses regulated by us under the MLRs and any person who is an officer, manager and beneficial owner in the business, will be subject to the fit and proper requirements under Regulation 58A of the MLRs.

Any officer, manager and beneficial owner must pass the fit and proper test before the business can register, or remain registered, with us. This can include:

  • the Sole Proprietor of the business
  • a partner in the business
  • a director of the business
  • the Board member or Nominated Officer responsible for compliance with the Regulations 
  • the Nominated Officer for reporting suspicious activity reports to the National Crime Agency 
  • a beneficial owner, who owns or controls more than 25% of the shares or voting rights in the company and
  • other person performing a role of similar influence or responsibility

We cannot register your business if any applicant fails to pass the test.

An applicant must disclose to the FCA any issues as to why it may not be fit and proper.

When disclosing any matter under this requirement you may also, if appropriate, make representations explaining why the person should now be treated as fit and proper.

The FCA carries out checks on applications for fit and proper status and treats non-disclosure very seriously. The success of your application could be affected if we find that you have withheld information deliberately or provided false or incomplete facts. Giving us false or misleading information may be a criminal offence. We suggest that, if after reading the guidance you remain uncertain about disclosing convictions, you should seek legal advice.

We will use the information you provide, amongst other things, to determine whether the business and the relevant persons are fit and proper to carry on the regulated activity.  Before doing so we will carry out checks on the information you provide to make sure it is correct.

A business must ensure any person who has not been approved by the FCA does not act as a manager, officer or beneficial owner. Any material information which is determined to be false or misleading may lead to refusal of the application.

We will consider:

  • convictions. An applicant or an officer, manager or beneficial owner that has an unspent conviction as listed in Schedule 3 of the MLRs will automatically fail the fit and proper test
  • failure by an individual to pay a penalty under Part 9 or a charge under Part 11 of the MLRs, or charge imposed by the authority under regulation 35(1) or 42(1) of the Money Laundering Regulations 2007
  • reasonable grounds that suggest an individual will fail to comply with the MLRs, Part 3 of the Terrorism Act 2000 and Parts 7 and 8 of the Proceeds of Crime Act 2002
  • any failure to comply with the MLRs
  • the risk of the business being used for money laundering or terrorist financing
  • an applicant and any individual’s honesty and integrity, skills and experience, financial soundness within the context of the regulations and the expectation to act with probity. For example, this may include any matters that cast doubt on the honesty and integrity of the individual, such as disciplinary proceedings or dismissal, competence or capability or financial soundness


Cryptoasset activity under the MLRs

Individuals and businesses have to register with us for anti-money laundering and counter terrorist financing purposes, if they are carrying on cryptoasset activities within scope of the MLRs, and if this activity is in the course of business carried on in the United Kingdom. This is set out in Regulations 8 and 9 of the MLRs.

In addition, a business must act by way of business as set out in Regulation 14A (1) of the MLRs to be within scope. You should take advice to consider whether your business requires FCA registration, as needed.

Businesses that are already registered or authorised with the FCA for other activities (eg, e-money institutions, payment services and FSMA firms) will also have to register with us if they are carrying on relevant cryptoasset activities.

Our assessment on whether an activity is being carried on by way of business in the UK will be on a case-by-case basis. We set out in this section some of the factors that we will take into account when making this decision. These factors will be considered together when making a decision. The factors include:

Is the activity carried on by way of business?

  • Commercial element: we will consider matters to assess whether the individual or organisation advertises, acts or holds itself out in such a way that suggests that they are providing services by way of business related to cryptoasset activities.
  • Commercial benefit: we will consider matters to assess whether the individual or organisation receives direct or indirect benefit from this service. 
  • Relevance to other business: It is possible that cryptoasset activities form only part of the overall business activities. We will consider matters to assess the significance of the cryptoasset asset activity in relation to its other activities.
  • Regularity/frequency: We will also consider matters to assess whether the frequency of carrying on a cryptoasset activity suggests that it is being carried on as a business.

Is the activity carried on in the UK?

Every case will need to be assessed on its own merits, with reference to the nature and business model that is being undertaken. When deciding whether we consider the business as being carried on in the UK, we will consider a variety of factors including:

  • Where the business has a UK office or its head office in the UK this may indicate that the activity is being carried on in the UK (MLRs, Regulation 9). If the office is not a registered office or head office, we will need to consider the type of activity that is carried on by that office (offices) and whether we consider the presence of that UK office means that it is carrying on business in the UK. In addition, the presence of a UK ATM will be considered business carried on in the UK, and so the operator will require registration. 
  • Where the business has no UK office or other activity in the UK, beyond simply having a client in the UK, we are likely to consider that the business firm is not carrying on UK business. For example, if a cryptoasset exchange, registered in a jurisdiction other than the UK, and which has no offices or agents in the UK but nevertheless permits UK customers to open trading accounts and permits them to buy/sell/hold cryptoassets; we would not automatically consider that as business being carried on in the UK.

Registration fees

Following our consultation on cryptoasset registration fees, the FCA Board has agreed that the charges will be:

  • £2,000 – for businesses with UK cryptoasset income up to £250,000
  • £10,000 - for businesses with UK cryptoasset income greater than £250,000

We have defined income as the gross inflow from economic benefits (that is. cash, receivables and other assets) recognised in the registered UK entity’s accounts during the reporting year in relation to the provision of the cryptoasset activities specified in the MLRs. 

We consulted on a flat rate of £5,000 for all businesses. In response to concerns raised in the consultation paper, we have introduced a lower fee for businesses within the lower income threshold and raised the fee for those in the higher income threshold to compensate for the reduction in revenue. 

We expect to publish detailed feedback in our Handbook Notice at the end of January.

Contact us

For any queries regarding the new regime, please email [email protected]