Firms’ preparations to comply with the cryptoasset financial promotions regime – feedback on good and poor practice

Good and poor practice Published: 07/09/2023 Last updated: 15/11/2023

Ahead of the cryptoasset financial promotions regime coming in on 8 October 2023, we met with various regulated cryptoasset firms to understand how prepared they were. This review covered firms of ranging sizes and business models.

We outline our findings and provides examples of good and poor practice. We want to support firms to clearly understand their obligations so they can comply with the regime.

1. Who this applies to

This information is relevant for all cryptoasset firms registered with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (information on the Payer) Regulations 2017 (MLRs). However, the points set out below are relevant for any firm that currently promotes cryptoassets to UK consumers or is likely to in the future. They are also relevant to any FCA-authorised firm intending to approve cryptoasset financial promotions on behalf of another firm, known as s.21 approvers.

2. Rules these examples refer to

On 8 June 2023, we published PS23/6 setting out our rules on financial promotions for cryptoassets. They will have effect from 8 October 2023.

These rules aim to reduce and prevent harm to consumers from investing in cryptoassets that do not match their risk appetite. It is up to consumers to decide whether they buy cryptoassets, but they should do so based on fair and accurate information that helps them make effective investment decisions. The rules will also create a fairer and more consumer-focused landscape for firms to compete and innovate in.

3. What we looked at

We assessed firms’ readiness in the following areas:

Scope of the regime

  • communication channels
  • territorial scope of the regime and promotions made by firms in a global group structure
  • brand advertising

Planning for implementation activities

  • oversight and responsibility
  • planning and timetable
  • contingency planning

Intended approach to implementation

  • financial promotion rules including being fair, clear and not misleading
  • plans for using social media
  • incentives to invest
  • risk warnings
  • risk summaries for firms offering multiple product types
  • appropriateness assessments
  • facilitating the customer journey
  • use of elected professional client status

4. What we found

In general, we found: 

Most firms have faced significant challenges preparing for the financial promotions regime

The challenges have been concentrated in preparing for the ‘back end’ financial promotion rules such as those relating to the 24-hour cooling off period and appropriateness assessment. These rules require significant system builds and operational changes. In contrast, the ‘front end’ financial promotions are more straightforward to implement.

Firms in global group structures are having to make significant changes to their business models to comply with the regime

These firms must significantly restructure how they provide services to UK customers to ensure they comply. They must also implement effective systems and controls in their wider group to prevent UK consumers being promoted to by unauthorised/unregistered firms, or risk committing a criminal offence.

Firms have under-appreciated the broad scope and nature of the financial promotion regime

The regime covers ‘traditional’ promotional material and also applies to a wide range of customer communications including websites and apps.

Firms were not sufficiently considering how certain rules apply to the specifics of the cryptoasset services they provide

In particular, how their risk summaries and appropriateness assessments should be tailored to the specific cryptoassets being promoted.

5. Our detailed findings

5.1. Scope of the regime

Communication channels 

The definition of a financial promotion is intentionally very broad. The regime is designed to be technology neutral and applies to a broad range of communications including websites, blog posts, mobile phone apps and many other types of content. We expect that the vast majority, if not all, websites and apps that enable a UK consumer to invest in cryptoassets will be in scope of the financial promotions regime 

Firms that were least prepared had potentially misunderstood the broad nature of the financial promotions definition. They had focused their attention on ‘traditional’ advertising material produced by marketing departments but had failed to consider the content on their websites and apps. This leaves them open to breaching our rules when they come into effect and the financial promotion restriction under section 21 of the Financial Services and Markets Act 2000 (FSMA). 

The firms that were best prepared had begun full reviews of all their published material including their website, apps and any other articles or published material that are still publicly available. Their review included fully considering the content of these to ensure that all material promoted to UK consumers after 8 October 2023 would be fair, clear and not misleading and comply with all other relevant requirements. 

Some firms may provide crypto services to third party businesses, such as allowing customers of that third party to buy or sell crypto. If that business provides information to its UK customers about the crypto facility and enables those UK customers to purchase crypto via the MLR-registered firm, it is likely that they will have communicated a financial promotion. 

If firms intend to operate this business model they should carefully consider how they will legally communicate financial promotions. In particular, MLR-registered cryptoasset businesses should carefully consider the scope of the Article 73ZA exemption and how it relates to communications by third parties. Firms that are MLR-registered, but are not otherwise authorised, cannot approve the promotions of third parties.

Territorial scope of the regime and promotions made by firms in a global group structure 

The regime applies to financial promotions that are capable of having effect in the UK. As many cryptoasset firms operate internationally, this can pose challenges for UK firms in ensuring that associated entities in a global group structure do not inadvertently breach UK regulations by promoting to UK consumers. 

MLR-registered cryptoasset businesses must carefully consider the scope of the Article 73ZA and explicitly identify the entity within the group responsible for promoting cryptoassets to UK consumers. Other firms in their group will be committing a criminal offence if they communicate financial promotions to UK consumers without using 1 of the 4 legal routes available under the regime. 

Financial promotions do not need to be specifically directed at UK consumers to be capable of having effect in the UK. If a UK consumer can access and respond to cryptoasset promotions to engage in the cryptoasset activities, such as through websites, apps and/or social media, it is likely that those promotions will be capable of having an effect in the UK. This applies regardless of the location of the firm making the promotion or who it was primarily aimed at. 

The best-prepared firms had clearly identified which entity in their group would be communicating financial promotions to UK consumers. They had robust controls in place to prevent other firms in their group from communicating promotions to UK consumers. This included geo-blocking or other location-based controls to prevent customers, that could be identified as being in the UK, from accessing those promotions. This was supplemented by controls in the KYC/AML and onboarding process to ensure UK consumers (such as those giving a UK address or using a UK-based payment method) could not subscribe to products which weren’t intended to be promoted or sold in the UK. 

The least-prepared firms could not clearly explain which entity in their group would be communicating financial promotions to UK consumers. This was particularly common in firms that use global websites and social media accounts. These firms relied on the fact that these would not be actively ‘directed at’ UK consumers, but had no controls to prevent UK consumers from accessing the services in the promotion. There was a real risk that the firms in their group structure running those global accounts would commit a criminal offence by promoting cryptoassets to UK consumers when the regime comes into force.

Brand advertising 

Some firms intended to focus their marketing on developing brand awareness. For example through sponsorships deals with UK based firms such as football clubs. Their work to assess the compliance of promotional material with our rules had excluded information focused on promoting their brand, rather than specific products.

Many of our financial promotion rules do not apply to ‘image advertising’. However, this is a narrowly defined term, referring to a communication that consists only of 1 or more of the following: 

  • (a) the name of the firm 
  • (b) a logo or other image associated with the firm 
  • (c) a contact point 
  • (d) a reference to the types of regulated activities provided by the firm, or to its fees and commissions 

Any brand advertising or marketing material that includes content outside of these specific categories is likely to come under our financial promotion rules. Many examples we have seen of ‘brand advertising’ have gone beyond the scope of ‘image advertising’ and are likely to be financial promotions. 

Firms should carefully review their sponsorships deals to ensure they are compliant with the financial promotions regime. 

5.2. Planning for implementation activities

Oversight and responsibility 

One of the key factors we commonly see in firms that have successfully delivered significant implementation projects is having clear, senior, individual accountability.

Those firms that were best prepared had a clearly defined individual who had overall responsibility for ensuring the implementation project was delivered and that the firm complied with the regime on an ongoing basis. This was most effective when this person was a senior individual in a ‘business’ role, such as the CEO or COO (rather than sitting with the Head of Compliance, or another compliance-focused role). 

Firms that were least prepared often distributed responsibility among several individuals, responsible for delivering separate parts of the firm’s preparations. There was no clearly identified individual who had accepted responsibility and accountability for the overall delivery. In some cases, there was also confusion over who would be held responsible if plans were not delivered. In other cases, overall accountability was identified as resting with the Board or a collective body, but no individual Board member had been identified as being individually accountable. 

Planning and timetable 

By this point, we expect firms to have clear plans setting out their key milestones for delivering their implementation plans and have clear reporting in place to show their progress against those plans. They should be able to identify if they are on course to deliver any critical milestones that must be met to avoid failing to comply. 

Firms’ planning should extend past go-live dates to consider activities needed after the rules come in. This should include considering ongoing monitoring and reviewing the effectiveness of processes and controls once implemented, and how these support good customer outcomes. We expect firms to be planning for likely scenarios, such as dealing with: 

  • Increased volumes of questions from customers as they go through the revised on-boarding processes. 
  • Questions from existing customers who fail the appropriateness test or client categorisation, including those that want to continue trading cryptoassets. 
  • Complaints from customers who object to parts of the customer journey. 

Some firms were considering actions to reduce the likely affect of some of these, including: 

  • Providing clear communications to customers on the changes and how they will affect customers. 
  • Providing clear communication channels for customers to help address their questions or concerns. This could include information resources, FAQs, and customer service contacts. 
  • Completing some parts of the process before the required date, such as client categorisation and appropriateness tests for existing customers where relevant.

Contingency planning 

Firms should consider what to do if they cannot complete all aspects of their implementation plans. This should include plans for what the firm will do if there are problems with the roll out of technical solutions. 

Firms’ planning should include considering how firms will: 

  • stop promoting cryptoassets if they cannot do so in a compliant way
  • withdraw or restrict access to promotional content (including, for example, websites) that does not comply with the relevant requirements 

Some firms currently service UK-based customers through a connected overseas entity who were planning to transfer those customers to a UK-based MLR registered cryptoasset businesses which would also be responsible for all financial promotions to UK consumers. Those firms should consider what their approach would be to any customers they do not successfully transfer to the UK entity by 8 October 2023. This includes what services they could continue to provide to any UK-based customers of the overseas entity.

5.3. Intended approach to implementation

Financial promotion rules including fair, clear and not misleading

The intention of the cryptoassets financial promotions regime is that firms take a holistic approach to considering how their services are promoted to UK consumers. Firms should consider, at each stage in the product lifecycle, how they can promote to customers in a way that is fair, clear and not misleading. To comply with the regime, firms should not only implement the steps of the customer journey as required by the rules and summarised in PS23/6, but also consider the substance and presentation of any financial promotion. 

The standards required by these rules are significantly more detailed than those set out by the Advertising Standards Agency (ASA). We expect that, for most firms, complying with the financial promotion rules will be a significant change and will require a careful review of promotions. This should include a review of the substance and presentation of all current, and planned promotional material that will be communicated to UK consumers after 8 October 2023. 

The best prepared firms had clear processes to review the content of current and future promotions. They planned to amend or remove any material that is still promoted to customers on their website, app or other media that would not comply with our financial promotion rules. These firms were already considering the proposed guidance contained in GC23/1 when planning their future promotions. 

The least-prepared firms felt that the content of their promotions were already sufficiently clear and fair, and would not need amending, in some cases stating that their promotions meet ASA requirements. However, these firms had not carried out a detailed assessment against the new, higher standards of the financial promotions rules.

Plans for using social media

The use of social media to promote financial services, including cryptoassets, presents some particular issues and challenges. In July 2023, we issued GC23/2 consulting on updated guidance on financial promotions on social media. We recommend that all cryptoasset firms intending to promote to UK consumers consider this proposed guidance. We have also produced an infographic guide for ‘finfluencers’ to help to any influencers intending to work with cryptoasset or other financial services firms. 

Some cryptoasset firms have used social media influencers in the past to promote their services. Continuing to do so may pose challenges for firms that are registered under the MLRs but not authorised by the FCA.

The exemption established in Article 73ZA of the Financial Promotion Order (FPO) allows a MLR-registered cryptoasset businesses to communicate a relevant financial promotion or for another party to communicate a financial promotion on that firm’s behalf, subject to the conditions of the exemption. However MLR-registered cryptoasset businesses that are not FCA authorised do not have the ability to approve promotions on behalf of a third party. 

Some firms had no intention to work with social media influencers in the UK but did have connected entities in other countries that were likely to work with influencers. These firms need to consider the above factors on the territorial scope of financial promotions. Using social media can present specific challenges, given the cross-border nature of these services, and the challenges in restricting who can see posts and how these can be shared by users. 

The best-prepared firms had carefully considered the risks of social media, and the use of influencers, taking into account the points in GC23/2. In some cases, firms had decided to temporarily pause promotions on social media until they were confident they could comply with the financial promotions regime. 

The least-prepared firms had not determined their approach to social media after 8 October 2023. This included deciding which, if any, platforms they would use and how they would ensure that all content, including content issued by connected overseas companies that could have effect in the UK, would comply with the requirements.

Incentives to invest 

The rules in COBS 4.12A will ban a firm from promoting cryptoassets which offer a retail client any monetary or non-monetary incentive to invest. Currently, ahead of our rules coming into effect, there are a wide range of offers, rewards, perks and other incentives available to UK customers of cryptoasset firms. 

Generally, where firms offered new customer bonuses, discounts or similar, they had recognised that these would not be allowed under our rules and intended to remove these for UK customers. However, for other products, including those offering ongoing rewards, many firms had not considered how the ban on incentives would apply. 

The ban applies to incentives offered to retail clients as part of a financial promotion, even when there is no requirement to invest to gain the benefit. The ban applies regardless of the rationale for offering the incentive, which consumer it is aimed at, or whether it might be incentivising actions related to investing, such as registration or sign-up. 

The best-prepared firms had reviewed their full product range to identify any incentives, and had clear plans to withdraw – or prevent UK customers from accessing – products that could potentially breach the incentives ban. 

The least-prepared firms included those with products that offered incentives on an ongoing basis or later in the customer relationship rather than on account opening. These firms had not reviewed the incentives on these products to determine whether they would breach the ban.

Risk warnings

In most cases, firms were still in the process of determining the precise format and presentation of their risk warnings. However, we have seen in other industries that compliance with the prominence requirements has in some cases been poor. Firms should carefully consider the rules and guidance set out in COBS 4.12A on the prominence of risk warnings. This includes the positioning of risk warnings and using fonts and background colours that distinguish the risk warning from other information in the financial promotion. 

The best-prepared firms had prepared examples of how their risk warnings would be presented in compliance with our requirements. They had mapped out how the customer journey would work, including collecting information needed to present the personalised risk warning early in the journey and before the client categorisation and appropriateness assessment, as our rules require.  

The personalised risk warning should expressly invite the customer to say if they want to leave the investment journey. This option should be presented with equal prominence to the option to proceed to receive the direct offer financial promotion. We have seen in other industries firms seeking to rely on the customer actively undertaking some action that implies they wish to proceed. This practice goes does not meet our requirements.

Risk summaries for firms offering multiple product types 

Our rules allow firms to tailor the risk summary to their investment offering. Given the diverse range of cryptoassets, we expect firms will need to frequently amend the risk summary to the specifics of the cryptoasset they are promoting. We expect firms to consider their customers’ information needs and tailor the risk summaries where appropriate to reflect the particular features and risks of the products they offer. There is no requirement for a particular firm to present the same risk summary throughout the whole journey and for every product. 

Some firms offer a variety of different products including cryptoassets that claim a form of stability, and products with complex yield models or arrangements. These can have significantly different risks. Many of the firms we engaged with were still deciding how they would present information on these different types of products, and whether they would be included in 1 risk summary or have separate risk summaries. 

The risk summary should contain the key risks of the investment in a consumer-friendly way and take around 2 minutes to read. Firms should consider whether it is practicable to achieve this within 1 risk summary while covering the full range of products that they offer. If the differences in the features and risks of different products make this impractical, then they should consider having different risk summaries for different products. 

The best-prepared firms had considered the different risks of their products to their customers, and had plans to tailor the risk summaries accordingly. 

The least-prepared firms had a wide range of cryptoassets with significantly different risks and were intending to use only 1 risk summary. However they had not considered how they could present this information in a way that would allow customers to adequately understand the risks and how these varied between different products.

Appropriateness assessments 

The firms we engaged with were at different stages of designing the format and content of the appropriateness assessments their customers would go through. 

We do not specify these aspects of the appropriateness assessment as they will depend on the nature and variety of the products the firm offers. However, we expect there to be enough appropriate questions for the customer to demonstrate that they have sufficiently understood all material risks. Simplistic questions and questions with binary answers (eg Yes / No) are likely to be insufficient to comply with our rules. 

Most firms intended to require customers to answer all questions correctly to demonstrate their understanding. However, some firms intended to allow customers to incorrectly answer a proportion of questions and still pass. Our rules do not specify a particular pass mark. However, where firms are considering setting a pass mark below 100%, they should consider whether there are any particular questions, or combinations of questions, where incorrect answers would suggest a fundamental misunderstanding of a key risk of the product that means it is inappropriate for them to invest. 

Firms were proposing different approaches to implementing the requirement that repeat assessments must not be based on the same questions used in a previous assessment. Some firms proposed to use a pool of questions, selected at random. If adopting this approach, firms should ensure that the way questions are selected means that each test covers all relevant material risks and that the random selection cannot, for example, select only questions that test understanding of 1 particular risk. 

The best-prepared firms had considered how to tailor their assessments to the particular cryptoassets being offered. For firms with a range of different cryptoassets with different features and risks, they had considered different options including: 

Having separate appropriate assessments for different products types. 

Having 1 assessment with some sections specific to particular product types. Customers would need to correctly answer the question in those sections to access the related product types. 

The least-prepared firms were planning to have 1 appropriateness assessment. However, they had not considered how they would tailor this to their specific products, or whether it was practical to cover their full range of products within the one assessment.

Enabling the customer journey 

Providing information to customers on the customer journey can reduce customer frustration and lead to better customer engagement and outcomes. For example, we have seen good examples in other industries of firms giving clear information to customers on the 24-hour cooling off period, the reasons for this period and notifying them when the period has ended. 

However, firms should ensure that they do not pressure customers to proceed or coach them through steps that are designed to prevent inappropriate investments being made. For example: 

Customers should be presented with clear, express options to leave the process after the 24-hour cooling off period, and in the personalised risk warning. We have seen poor practice in another industry where the option to leave is either not presented or is given significantly less prominence than the option to continue. 

We expect firms to provide customers with information on the risks associated with the products they offer. But this information should not be presented in a way that undermines the effectiveness of the appropriateness assessment in assessing the customer’s understanding of those risks. For example, we have seen a situation in another industry where information was provided immediately before each question in the appropriateness assessment. The information contained the answer to the question that immediately followed, using similar or identical wording. This reduced the value of the appropriateness assessment as an objective means of assessing customers’ understanding. 

For client categorisation, firms should not unduly direct, or influence, how customers classify themselves within a particular category that would allow them to invest. Firms should not ignore information from the customer suggesting they may be incorrectly categorised. This includes, where customers appear to retrospectively change information already submitted specifically to fit a particular category rather than to correct genuine errors. 

Additionally, on client categorisation, we have seen in another sector firms seeking to alter the names / descriptions of the client categories they use. We believe this introduces inconsistency between firms and can underplay the risks associated with investing. Firms should use the category names that are set out in our rules.

Use of elected professional client status 

A few firms indicated that they intend to use the rules in COBS 3 to re-categorise retail clients as elective professional clients. Firms must meet requirements to do this. This includes carrying out an assessment of the expertise, experience and knowledge of the client that gives reasonable assurance, in light of the nature of the transactions or services envisaged, that the client is capable of making their own investment decisions and understanding the risks involved. We expect that only a very limited number of retail consumers will be able to meet this standard to be re-categorised. 

We will take robust action against firms that circumvent our rules, deliberately miscategorise clients and wrongly encourage retail clients to waive the protections afforded by our financial promotion rules. 

Alongside the rules in COBS 3, firms should also consider the following if they intend to recategorise clients: 

Firms should not simply rely on retail clients’ own opinions of their expertise, knowledge and experience. This is inevitably subjective and unlikely to be reliable, at least on its own. Firms should request evidence and verifiable information to support their assessment of a client. 

The assessment firms must undertake is a significantly higher standard than the appropriateness assessment. 

Firms should ensure clients fully understand the risks and the consequences of removing their protections once re-categorised. 

Firms should keep records of any retail client that is re-categorised. As part of our supervision of the regime we will ask firms to provide evidence on how they made an assessment to re-categorise a client. As part of their continuing obligations to deal with us in an open way, we are requesting that firms intending to treat certain recipients of crypto promotions as elective professionals provide prior notification of this to us. 

The re-categorisation must be initiated solely by the client. Firms should strictly avoid implementing any form of practice that aims at incentivising, inducing or pressuring a prospective investor to request to be treated as professional client.  

Where firms use affiliates to market their services, they need to ensure that the financial promotion rules continue to be properly complied with. It is particularly important that firms understand the nature of the prospective investors that the affiliates may be marketing to ensure that the rules are properly followed. Firms should not work with affiliates suspected of operating illegally or engaging in poor conduct.  

Principle 7 still applies to communications made to elective professional clients. 

6. Next steps

All firms intending to communicate or approve cryptoasset financial promotions should carefully consider these findings as part of their implementation plans. 

Firms should also review our Finalised Guidance FG23/3: Finalised Guidance on cryptoasset financial promotions and our Guidance Consultation GC23/2 Financial promotions on social media.