Cryptoassets: AML / CTF regime

From 10 January 2020, we will be the anti-money laundering and counter terrorist financing (AML/CTF) supervisor of UK cryptoasset businesses under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, as amended (MLRs).

The MLRs apply to businesses in a range of sectors at risk of facilitating money laundering or terrorist financing, including approximately 19,500 firms including banks, building societies and credit unions supervised by us. From 10 January 2020, businesses carrying on certain cryptoasset activities will be in scope of these regulations. It was announced in July 2019 that we will be the AML/CTF supervisor for businesses carrying on cryptoasset activities in scope of the MLRs.

AML/CTF risks from cryptoasset activities have been identified both domestically and at an international level. The steps being taken to address them include:

  • The Financial Action Task Force (FATF) made changes to its recommendations in response to the increasing use of virtual assets for money laundering and terrorist financing, extending its Global AML Standards to cover virtual assets.
  • The EU’s 5th Money Laundering Directive (5MLD), which Member States will have to bring into national legislation by 10 January 2020. The UK are doing so through amendment to the MLRs.
  • The UK Cryptoasset Taskforce were required to look at the broader cryptoassets approach. Its final report, published in October 2018, highlighted evidence of increased risks from the use of cryptoassets for illicit activity, as well as risks to consumers and markets. The report states that that mitigating these risks should be the most immediate priority for the Government and financial regulators.

Scope of cryptoasset activities

The Treasury has not yet published its response to the consultation on 5MLD.

The Treasury consultation intends to cover the activities specified in 5MLD and a wider range of activities recommended by FATF.

The cryptoasset activities consulted on in April 2019 are listed below and cryptoasset businesses carrying out the activities listed below should assume they must comply with the MLRs from 10 January 2020, although Treasury may decide to reduce or extend the range of activities we oversee.

This page will be updated when Treasury publishes its Policy Statement.

Cryptoasset activity As described in the Treasury consultation
Cryptoasset exchange provider

A business that provides the following services:

  • exchanging fiat currency (government-issued currency) for a cryptoasset or vice versa
  • exchanging one cryptoasset for another cryptoasset.
Cryptoasset Automated Teller Machine (ATM) Physical kiosks that allow users to exchange cryptoassets and fiat currencies
Custodian Wallet Providers A business that looks after the customer’s tokens in its IT system or server and may administer or transfer the token on behalf of the customer.
Peer to Peer Providers A business that provides an online marketplace which facilitates the exchange of fiat currencies and cryptoassets (both fiat-to-crypto and crypto-to-crypto) between prospective buyers and sellers
Issuers of new cryptoassets, eg Initial Coin Offering (ICO) or Initial Exchange Offering (IEO) A business that sells a cryptoasset, promoted or sold as a new type of cryptoasset or one that will become usable in the future, in exchange for fiat currency.
Publication of open-source software eg Non-Custodian Wallet providers

A business that provides software such as an application, that may be downloaded and used by a customer on their device to store or administer a token, e.g.  a non-custodian wallet application that a customer can download onto a device to store the private key in relation to a token.

We understand, subject to confirmation from Treasury, that the publication of open-source software is unlikely to feature in the Government’s envisaged approach, recognising that AML/CTF regulation should be carried out on an activities-basis only.

Compliance with MLRs

From 10 January 2020, UK cryptoasset businesses must comply with the MLRs.

You may also want to consider guidance from:

Joint Money Laundering Steering Group (JMLSG)

FCA Financial Crime guide for firms

FCA Guidance (FG17/6) on the treatment for Politically Exposed Persons (PEPs)

FATF Guidance on a risk based approach


All UK cryptoasset businesses carrying on activities in scope of the MLRs will need to register with us from 10 January 2020. Cryptoasset businesses should ensure that they do not mislead customers as to what protections apply and the status of their FCA registration.

Our responsibility under this regime will be limited to AML/CTF registration supervision and enforcement only. Registration under the MLRs does not mean that customers will benefit from the protections of the Financial Ombudsman Service or the Financial Services Compensation Scheme (FSCS). As most cryptoassets are not specified investments under the Financial Services and Markets Act 2000 (FSMA), it is unlikely that customers will have access to Financial Ombudsman Service or FSCS.

Customers and firms may wish to consider our guidance, where we have set out our position on the types of cryptoassets which will fall within our regulatory remit and the implications this has on consumer protection.

  • Cryptoasset activity which falls in the unregulated space, as defined in the Guidance on Cryptoassets, will not have the same consumer protections
  • Cryptoasset activity involving security tokens, for example, are regulated tokens which will provide the same protections as specified investments set out in the Regulated Activities Order.

For any customers that consider Financial Ombudsman Service and FSCS protection important, we recommend that you check with the firm as to whether this protection applies to the cryptoasset transaction.  

There are different dates to be aware of when registering your business with us:

  • New cryptoasset businesses that intend to carry on a cryptoasset activity after 10 January 2020, must be registered before they can carry on the activity.
  • Existing cryptoasset businesses which were already carrying out cryptoasset activity before 10 January 2020 may continue their business, in compliance with the MLRs, but must register by 10 January 2021 or stop all cryptoasset activity. We encourage businesses to apply well in advance of this deadline.

We will consider applications for registration carefully to see whether they meet the conditions for registration that will be set out in the MLRs. Applications will be refused if the conditions are not met.

Timeline and payment

The following things should be considered when a business makes an application (subject to final legislation):

  • If we do not consider your application is complete, we will request further information.
  • We are seeking a 3-month period to make registration assessments, through an amendment to the MLRs. The 3-month period will begin once we decide that the application is complete and it meets the conditions for registration.
  • To avoid delays or the application being rejected, we should be notified of any changes to the application as soon as possible
  • An application is not complete and an application cannot be considered until the registration fee is paid.
  • We encourage businesses to apply for registration early in case we require further information, and to ensure the registration deadline is met.

Step 1: 10 January 2020

FCA Gateway opens for businesses to submit applications for entry to the register. A business must comply with the MLRs in relation to cryptoasset activities. FCA have powers to supervise and enforce under the MLRs.

Step 2: 30 June 2020

Latest date for applications to be received for priority review to check that they are complete and ready to be determined.

Step 3: 10 October 2020

Latest date for complete applications ready to be determined by 10 January 2021.

Step 4: 10 January 2021

Any firm not registered must cease trading.

Supervision approach

All businesses will need to comply with the MLRs from 10 January 2020. We will start supervising businesses from 10 January 2020, irrespective of whether they have registered or applied to be registered.

Our supervisory approach to cryptoasset businesses will be in line with our approach to other businesses under the MLRs.

Firms who pose the greatest money laundering and terrorist financing risk will receive an increased level of supervisory focus. If, following supervisory engagement, we have reason to believe serious misconduct has taken place, we may decide to commence an enforcement investigation.


Our supervisory assessment will include a requirement for a business to demonstrate that it has policies, controls and procedures in place to effectively manage money laundering and terrorist financing risks in line with the nature, scale and complexity of its activities. Firms should also carry out regular assessments of their policies, controls and procedures to ensure that these remain relevant and appropriate. As part of this assessment, firms should be alert to any change in their operating model that may have an impact on the way they conduct their business.


Enforcement is one of several regulatory tools available to us. Our enforcement staff work closely with our authorisation and supervision functions, as well as with other regulators and law enforcement agencies to detect misconduct, including money laundering and terrorist financing. 

We already have enforcement powers under the existing MLRs and the Enforcement Guide sets out our general approach to using these powers. We expect the amended MLRs will extend our existing powers to cryptoasset firms and that we will apply the same approach to cryptoasset firms under the amended MLRs as we do under the existing MLRs.

  • Our Enforcement Guide sets out our approach to enforcement and how we use our powers of investigation, gather information and conduct an investigation. It also sets our approach to imposing financial penalties and other disciplinary sanctions,  explaining how we will use our powers under the money laundering regulations. 
  • Approach to Enforcement explains how we address harm and add public value through our statutory powers to investigate, take relevant civil, criminal and / or disciplinary action.  
  • Enforcement Information Guide - this short guide includes a flowchart showing the process of a typical FCA enforcement case. It sets out the options to contest or resolve a case, the opportunities to make representations, and who the decision-makers are.


For any queries regarding the new regime, please email CryptoassetTeamFinancialC[email protected].

Page updates

28/10/2019: Link added Added link to CP19/29 under Timeline and payment section