We are the anti-money laundering and counter-terrorist financing (AML/CTF) supervisor of UK cryptoasset businesses under the MLRs.
Since 10 January 2020, existing businesses (operating immediately before 10 January 2020) carrying on cryptoasset activity in the UK have needed to be compliant with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, as amended (MLRs) including the requirement to be registered with the FCA by 9 January 2021 in order to continue to carry on business.
If you are a new cryptoasset business (who intends to begin to trade in the UK), you must be registered with the FCA before you begin conducting business.
Update on Temporary Registration Regime (TRR)
The Temporary Registration Regime (TRR) for existing Cryptoasset businesses was established in December 2020 to allow existing Cryptoasset firms, which applied for registration before 16 December 2020, and whose applications were still being assessed, to continue trading.
We have concluded our assessments, and the TRR is now closed, for all but for a small number of firms where it is strictly necessary to continue to have temporary registration. This is necessary where a firm may be pursuing an appeal or may have particular winding-down circumstances.
By placing firms on our list of firms with temporary registration, this does not mean that the FCA has assessed them as fit and proper.
Only firms that are registered with us or on our list of firms with temporary registration can continue trading. Other firms must have ceased trading from 10 January 2021. Firms that have not ceased trading are at risk of being subject to the FCA’s criminal and civil enforcement powers.
You can find a list of unregistered cryptoasset businesses on the Financial Services Register.
The list details UK businesses that appear to be carrying on cryptoasset activity without being registered with us for anti-money laundering purposes.
Please note, this isn’t a complete list of all unregistered cryptoasset businesses operating in the UK. It contains the details of unregistered businesses that we are aware of.
Scope of cryptoasset activities
The Treasury has published the Statutory Instrument which covers the activities specified in the EU’s 5th Money Laundering Directive (5MLD) and a wider range of activities as recommended by the Financial Action Task Force (FATF).
Cryptoasset businesses carrying on the activities listed below must comply with the MLRs since 10 January 2020.
|Cryptoasset activity||As described in the Statutory Instrument|
|Cryptoasset exchange provider (including Cryptoasset Automated Teller Machine (ATM), Peer to Peer Providers, Issuing new cryptoassets, e.g Initial Coin Offering (ICO) or Initial Exchange Offerings).||
a firm or sole practitioner who by way of business provides one or more of the following services, including where the firm or sole practitioner does so as creator or issuer of any of the cryptoassets involved, when providing such services.
(a) exchanging, or arranging or making arrangements with a view to the exchange of, cryptoassets for money or money for cryptoassets,
|Custodian Wallet Providers||
a firm or sole practitioner who by way of business provides services to safeguard, or to safeguard and administer
Compliance with MLRs
Since 10 January 2020, UK cryptoasset businesses must comply with the MLRs.
You may also want to consider guidance from:
Joint Money Laundering Steering Group (JMLSG) PART II, Chapter 22 (Sectoral Guidance applicable to cryptoasset businesses) - this must be read in conjunction with the main guidance set out in JMLSG Part I (applicable to all relevant firms including cryptoasset businesses)
Our responsibility under this regime is limited to AML/CTF registration supervision and enforcement only. Registration under the MLRs does not mean that customers will benefit from the protections of the Financial Ombudsman Service or the Financial Services Compensation Scheme (FSCS). As most cryptoassets are not specified investments under the Financial Services and Markets Act 2000 (FSMA), it is unlikely that customers will have access to the Financial Ombudsman Service or FSCS.
Cryptoassets businesses may wish to consider our guidance, where we have set out our position on the types of cryptoassets which will fall within our regulatory remit and the implications this has on consumer protection.
- Cryptoasset activity involving security tokens, for example, are regulated tokens which will provide the same protections as specified investments set out in the Regulated Activities Order.
- Cryptoasset activity which falls in the unregulated space, as defined in the guidance on Cryptoassets, will not have the same consumer protections.
Firms should consider whether their cryptoasset activities are within the scope of the jurisdiction of the Financial Ombudsman Service and/or are subject to protection under the FSCS. Where an activity is not subject to such protection, cryptoasset businesses must inform the customer of that position, before establishing a business relationship or entering into a transaction with the customer.
A business must register with us as set out by the MLRs. It is not a license or a recommendation or endorsement of the business. A business may not carry on cryptoasset activities in the UK within the scope of the MLRs unless they are registered in line with specified timelines and requirements.
Registered businesses should be careful to avoid using language in this context that might give the impression that registration was a form of endorsement or recommendation. Cryptoasset businesses should ensure that they do not mislead customers as to what protections apply and the status of their FCA registration.
We are considering all applications carefully to make sure they meet the conditions for registration set out in the MLRs. Applications will be refused if the conditions are not met.
Timeline and payment
Existing cryptoasset businesses which were already carrying on cryptoasset activities in scope of the MLRs prior to 10 January 2020, must have been complying with the MLRs since 10 January 2020, irrespective of whether they are registered or not with the FCA.
- New cryptoasset businesses that intend to carry on a cryptoasset activity after 10 January 2020 must be registered before any activity can be carried out.
- Existing cryptoasset businesses may be in the following categories:
- If they are registered with the FCA, they may continue trading and will appear on our Register.
- If they have applied for registration by 15 December 2020 and we are still assessing their application, they will have temporary registration. This will enable them to continue trading after 9 January 2021 until 31 March 2022, pending determination of their application.
If you have not applied for registration
From 10 January 2021, if a firm is not registered or on the list of firms with temporary registration, they must not carry on any cryptoasset activities, which includes (among other things) exchanging and holding custody of cryptoassets on a customer’s behalf.
We expect firms to act in the best interests of their customers and should seek their own legal advice on how to do this as firms may be committing a criminal offence from 10 January 2021 by continuing to provide services involving cryptoassets. If so, they are at risk of being subject to the FCA’s criminal and civil enforcement powers.
All businesses need to have complied with the MLRs from 10 January 2020.
Our supervisory approach to cryptoasset businesses will be in line with our approach to other businesses under the MLRs. It will be risk based so that businesses who pose the greatest money laundering and terrorist financing risk will receive an increased level of supervisory focus. If we have reason to believe serious misconduct has taken place, we may decide to commence an enforcement investigation.
Our supervisory assessment will include a requirement for a business to demonstrate that it has policies, controls and procedures in place to effectively manage money laundering and terrorist financing risks proportionate to the size and nature of the business’ activities. Businesses should also carry out regular assessments of their policies, controls and procedures to ensure that these remain relevant and appropriate. Businesses should be alert to any change in their operating model that may have an impact on the way they conduct their business.
Some requirements are set out below, however this is not an exhaustive list. It also does not include the wider rules and guidance that an FCA authorised business under FSMA must adhere to (which FSMA authorised firms must comply with in addition to the MLRs):
- take appropriate steps to identify and assess the risks of money laundering and terrorist financing which the business is subject to,
- assess the ML/TF risks related to any new technologies prior to launch and take appropriate measures to manage and mitigate those risks,
- have in place policies, systems and controls appropriate to mitigate the risk of the business being used for the purposes of money laundering or terrorist financing. This risk-based approach should seek to mitigate the risks identified in the business’s risk assessment,
- where appropriate with regard to the size and nature of its business, appoint an individual who is a member of the board or senior management to be responsible for compliance with the MLRs and the nominated officer. The nominated officer is also the person responsible for reporting suspicious activity to the National Crime Agency (NCA) under part 7 (money laundering) of the Proceeds of Crime Act 2002,
- where appropriate, with regard to the size and nature of its business, establish an independent internal audit function with responsibility for examining and evaluating the adequacy and effectiveness of the policies, controls and procedures, and making recommendations, as well as monitoring the controls,
- undertake screening of employees,
- undertake customer due diligence (CDD) when entering into a business relationship or occasional transactions,
- apply more intrusive due diligence, known as enhanced due diligence (EDD), when dealing with customers who may present a higher ML/TF risk. This includes customers who meet the definition of a politically exposed person (PEP),
- undertake ongoing monitoring of all customers to ensure that transactions are consistent with the business’ knowledge of customer, the customer’s business and risk profile.
Additional supervisory powers
The MLRs include additional powers for the FCA to maintain a robust AML/CTF cryptoasset supervisory regime. A summary of some of those additional powers are listed below (for the detail see the relevant references to the regulations):
Skilled Person Review
Regulation 74B permits the FCA to appoint, or require the cryptoasset business to appoint, a skilled person to prepare a report for the FCA concerning a matter under the MLRs.
Power of direction
Regulation 74C, permits the FCA to give a direction (which is similar to the requirement power under section 55L(3) of FSMA) to a business before, on or after registration to a business for the purpose of;
This power of direction allows us to require or prohibit certain action.
Regulation 60A requires a business, whose cryptoasset activity does not fall within the scope of the Financial Ombudsman Services (FOS) or the Financial Services Compensation Scheme (FSCS), to inform customers of this fact before they enter into a business relationship or transaction. (see ‘Disclosure’ section for more information).
Regulation 74A grants us the power to require businesses to provide us with information, as we may direct, and at a frequency and form that we may specify, and which could include information to assist us to calculate our charges under the MLRs.
Businesses whose cryptoasset activity does not fall within the scope of the Financial Ombudsman Services (FOS) or the Financial Services Compensation Scheme (FSCS) will be required to inform customers of this before they enter into a business relationship or transaction.
We remind businesses that in relation to cryptoasset activities within the scope of the Financial Services and Markets Act (FSMA), for example relating to securities tokens that are financial instruments, these might be in the scope of FOS and/or FSCS. Businesses might need to make this fact clear to consumers under requirements set out in the FCA Handbook. We remind businesses of the Policy Statement (PS19/22) addressing guidance on cryptoassets.
We expect businesses to provide a clear disclosure to customers where FOS/FSCS does not apply. It will be up to each business to decide how best they meet this requirement.
We are not expecting a business to make several disclosures of this fact but that it is made where it is relevant and in an appropriate manner to the consumer.
We set out below some factors a business may wish to consider:
- timing: the disclosure should be prior to carrying on activities in relation to the business or before concluding a transaction. It is down to the business to consider their business model and consider when it is best to make this disclosure.
- where: it is down to the business to consider how they target and sell to consumers, and whether these are repeat or one-off clients, or a mix. The purpose of the obligation is that investors are aware of this information before deciding to proceed. In considering where to make this disclosure a business may wish to consider:
- is there key information or regulatory information that a business discloses to the consumer, and where it may be appropriate to include this information, with equal prominence.
- how are consumers targeted and should this information be included with key marketing information, its main website or terms and conditions (as long as it is clear to consumers).
A business will need to decide how best to disclose this information, particularly if it is doing a mix of FSMA regulated and unregulated cryptoasset or other activity. For businesses only carrying on activities in relation to unregulated cryptoassets, we would suggest wording along the following lines:
‘The Financial Ombudsman Service or the Financial Services Compensation Scheme do not apply to the cryptoasset activities carried on by [Name of cryptoasset business].’
All registered Cryptoasset firms are required to submit a REP-CRIM return (Annual financial crime reporting) annually via RegData from 30 March 2022 onwards. The report should be submitted within 60 business days of the firm's Accounting Reference Date (ARD). More details can be found in the Cryptoasset Direction with guidance notes for completing the return.
Our enforcement staff work closely with our authorisation and supervision functions as well as with other regulators and law enforcement agencies, to detect serious misconduct, including money laundering and terrorist financing.
We already have enforcement powers under the existing MLRs and the Enforcement Guide sets out our general approach to using these powers. The amended MLRs have extended our powers in relation to cryptoasset businesses.
- Our Enforcement Guide sets out our approach to enforcement and how we use our powers of investigation, gather information and conduct an investigation. It also sets our approach to imposing financial penalties and other disciplinary sanctions, explaining how we will use our powers under the money laundering regulations.
- Approach to Enforcement explains how we address harm and add public value through our statutory powers to investigate, take relevant civil, criminal and / or disciplinary action.
- Enforcement Information Guide - this short guide includes a flowchart showing the process of a typical FCA enforcement case. It sets out the options to contest or resolve a case, the opportunities to make representations, and who the decision-makers are.
For any queries regarding the new regime, please email us.
28/10/2019: Link added Added link to CP19/29 under Timeline and payment section