Skip to content

News

FCA notice to all regulated firms with exposure to cryptoassets

Notice to all FCA regulated firms with exposure to cryptoassets
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

The FCA has issued reminders to all regulated firms of their existing obligations when interacting with or exposed to cryptoassets and related services.

While cryptoassets and their underlying technologies can offer benefits to financial services firms e.g., reduce costs and increase efficiencies, they also present risks to market integrity and consumers, particularly when used as a speculative investment. This is additional to significant risks in relation to financial crime and money laundering.

Below the FCA have set out some areas of risk that firms need to consider. This is not a complete list and firms should consider any further controls and requirements which apply to them. They should read this statement together the latest FCA guidance on how firms should manage financial crime risks associated with cryptoassets  in the ongoing Russia/Ukraine conflict.

The FCA also recommend that firms read the Letter from Sam Woods on existing or planned exposure to cryptoassets published by the Prudential Regulation Authority (PRA), as well as publications from the Bank of England and the Financial Policy Committee (FPC), which focus on cryptoassets and new forms of digital money.

Being clear with customers

As stated in the FCA’s Perimeter Report 2021, much of the cryptoasset sector continues to sit outside of the FCA’s current regulatory remit. When firms assess the risks cryptoassets pose, they should use a similar approach to that for the regulated activities they conduct. There is a risk of consumer confusion where regulated firms provide services involving cryptoassets. The FCA expects firms to ensure that consumers understand the extent of business that is regulated and to clearly distinguish those elements which are unregulated business. At all times, firms remain responsible for identifying and managing potential risks related to cryptoassets.

Financial Crime and registration of cryptoasset business

Since January 2020, firms carrying on cryptoasset activity in the UK have had to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the ‘MLR’s). This includes the requirement to be registered with the FCA to continue to carry on business. Providing cryptoasset business in the UK by way of business, as set out in Regulation 9 of the MLRs, without registration (or temporary permission under the Temporary Registration Regime (TRR)) is a criminal offence.

Having appropriate systems and controls in place

The FCA expects all authorised and registered firms to have appropriate systems and controls to counter the risk of being misused for financial crime. As part of this, all firms should be reviewing whether cryptoasset businesses they interact with are listed on the FCA’s Unregistered Cryptoasset Businesses page. The FCA also expect firms doing business with cryptoasset firms to check against this list and to make sure that they have sufficient due diligence and money laundering controls in place to manage the risks posed by their customers.

Assessing the risks

In the FCA’s 2018 Dear CEO letter, they gave firms guidance on how to achieve best practice where clients and customers may be using cryptoassets, or providing services to customers offering cryptoassets. That guidance remains relevant – with some key elements outlined in this notice.

Where firms’ clients and customers are using cryptoassets or offering related services, firms are given the flexibility to adapt their actions to the perceived risks. Firms should assess the risks posed by a customer whose wealth or funds derive from the sale of cryptoassets, or other cryptoasset related activities, using the same criteria that would be applied to other sources of wealth or funds. One way cryptoassets differ from other sources of wealth is that the evidence trail behind transactions may be weaker. This does not justify applying a different evidential test on the source of wealth and the FCA expects firms to exercise particular care in these cases.

Prudential considerations

While there are currently no specific prudential treatments that explicitly mention cryptoassets, FCA regulated firms are reminded that there are still regulatory obligations in this area. Firms subject to the new investment firm prudential regime (IFPR), have obligations (under MIFIDPRU 7) to assess and mitigate the potential for harm to clients, to the markets in which the firm operates and to itself, that could arise from all of their business. This applies whether or not that business consists of Markets in Financial Instruments Directive (MiFID) investment business, other regulated activity or is unregulated. It also applies irrespective of operating on an agency basis, principal basis, or in some other capacity. This therefore includes cryptoassets business, however firms conduct that business.

Other firms subject to FG20/1: Assessing adequate financial resources should consider that guidance when assessing and managing risks and exposures from cryptoassets. Where a firm accounts for a cryptoasset as an intangible asset, it will likely need to deduct this asset from its regulatory capital.

If the FCA find that there is a need for updated prudential requirements for cryptoassets, they will consider what further steps may need to be taken to ensure firms have adequate financial resources to address the potential for harm from conducting business involving cryptoassets.

Custody considerations

All FCA regulated firms must observe their Principles for Business, which all firms must comply with to be authorised by the FCA. Principle 10 requires a firm to arrange adequate protection for clients’ assets. As part of these protections, the FCA’s Client Assets Sourcebook (CASS) provides detailed rules for firms to follow when holding regulated assets in custody, as part of their investment business. Where cryptoassets are specified investments (ie, security tokens), firms carrying out regulated activities involving custody of these assets are likely to be subject to the CASS regime. If firms have any questions about how the CASS rules may apply, they should speak to their relevant FCA supervisory contact.

The FCA continues to develop their understanding of how cryptoasset technology affects custody arrangements. They will continue to monitor the use of cryptoassets in custody arrangements and act where appropriate, supporting responsible innovation, while protecting consumers and ensuring market integrity.

Domestic and international engagement

As effective regulation of a digital world requires international cooperation and common standards, the FCA will continue working closely with its international partners, both bilaterally and through multilateral fora, including the International Organization of Securities Commissions (IOSCO), the Financial Stability Board (FSB) and the Financial Action Task Force (FATF). Domestically they will work closely with Government and other parties through the Cryptoassets Taskforce (CATF) on a UK approach that balances innovation and competition, alongside orderly markets and consumer protection. They will also be engaging with industry participants to seek insights as they further develop our views.

If you have any queries about what the FCA’s expectations mean for your business, get in touch with our team for more information.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Related Posts

The Wolfsberg Group FAQs on NNS

An effective financial crime framework is built from an effective and appropriate screening program for PEPs, sanctions, and adverse media. However, adverse media is considered a grey area due to
Read More >
FCA proposes stronger protection for consumers in financial markets

New FCA powers to speed up cancellation of unused permissions

The Financial Conduct Authority has announced that it will use new powers to speed up the process of removing regulatory permissions of companies that are not using their permissions. The
Read More >