We are a *knowledge business

Whilst currently cryptoassets are generally unregulated in the UK, businesses that provide certain cryptoasset services are required to register with the Financial Conduct Authority (FCA) – the UK’s main financial regulatory body.

For businesses operating within the crypto industry, FCA registration represents a critical compliance milestone, and has been a requirement for cryptoasset businesses operating in the UK since 10 January 2020.

If Cryptoassets are unregulated, why is there a requirement for FCA registration?

On 10 January 2020, the EU’s 5^th Anti-Money Laundering Directive came into effect, which was implemented in the UK by way of amendments to the existing Money Laundering Regulations (MLR).

The effect of the directive being implemented was that, amongst other things, it sought to provide a legal definition of cryptocurrency. It also detailed the types of entities and business operations involving cryptoassets that would be subject to Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) regulations akin to traditional financial institutions.

This directive also appointed the FCA as the supervisor of UK cryptoasset businesses under the MLR.

These regulations require that all businesses that conduct activities, by way of business that fall within its scope, to comply with anti-money laundering and counter-terrorist financing regulations, which includes registering with the FCA.

It is important to note, however, that there is a distinction between being ‘authorised’ by the FCA and being ‘registered’. Successful registration with the FCA as a cryptoasset business shows that the business follows an appropriate level of AML and CTF measures and safeguards,  while complying with the regulations in a manner acceptable to the FCA. It also serves as a mark of credibility in what has, at times, been an industry characterised by a number of bad actors.

As such, FCA registration can enhance the reputation of the business in the eyes of potential customers. However, consumers should be aware that being registered with the FCA does not mean that they will be protected by the Financial Services Compensation Scheme should something go wrong.

What type of cryptoasset businesses fall within the scope for registration?

Currently, the following types of cryptoasset business activity would fall within the scope for registration with the FCA under regulation 14A of the MLR 2017:

• Exchanging, or arranging or making arrangements with a view to the exchange of, cryptoassets for money or money for cryptoassets;
• Exchanging or arranging or making arrangements with a view to the exchange of, one cryptoasset for another;
• Operating a machine which utilises automated processes to exchange cryptoassets for money or money for cryptoassets (e.g. Crypto ATMs) and;
• Providing services to safeguard and/or administer cryptoassets or private cryptographic keys to hold on behalf of customers in order to hold, store and transfer cryptoassets.

Registering with the FCA

Registering with the FCA is an involved process and requires significant preparation and understanding of the regulatory requirements. Once a business has determined it falls within the scope of registration, it is then necessary for them to demonstrate that the business has in place a robust financial crime control framework which is compliant with the requirements of the MLR.

This framework should encompass a comprehensive business-wide financial crime risk assessment, tailored to your business model. Essentially, this should demonstrate how a specific business could be manipulated or be used as a conduit for financial crime.

The FCA will expect businesses to identify all risks pertaining to their business model and, as perturbing as some applicants might find this process, being upfront in identifying risks will not weaken an application. Rather, the accurate and detailed identification of risks will make it more likely that the frameworks built around a business model (and in support of a business’ application) are fit for purpose.

As part of the application the business will also be required to provide clear governance structures, customer risk assessment methodologies, policies for due diligence and suspicious activity reporting, as well as financial crime prevention training procedures. Businesses are also required to appoint a Money Laundering Reporting Officer (MLRO) with relevant knowledge and experience.

The FCA will also expect to see a business plan and forecast in support of an application. This plan should include details of the business model, key individuals and responsibilities, sources of liquidity, details of the customer journey and flow of funds.

Since the Travel Rule requirement for cryptoassets came into effect on 1 September 2023, cryptoasset businesses must demonstrate compliance with this. The requirements of the Travel Rule are contained within the Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulation 2022, and require relevant businesses such as exchanges or custodian wallet providers to collect, verify and share information relating to cryptoasset transfers.

As with any application with a regulatory body, the process should not be contentious, and businesses should be aware that the FCA is not actively trying to catch them out or deny an application. A collaborative approach inevitably yields more positive feedback.

Despite this, however, the application process can be long winded and subject to delays. It is not uncommon to have different case handlers and multiple requests for information provided previously which can cause dissatisfaction with applicants.

As such, a well-prepared and presented application is inevitably more likely to succeed and so engaging with an advisor can provide valuable insights and improve the chances of a successful registration. Therefore, as the FCA itself recommends, seeking independent legal advice can be key in presenting a well prepared and informed application.

Will registering with the FCA “future proof” a business?

Currently, relevant cryptoasset businesses are subject to limited financial services regulation, primarily aimed at anti-money laundering and counter-terrorist financing obligations. However, subject to governmental consultations, the future regulatory landscape will become more widely applicable, and the government anticipates implementing the legislation required to develop this regulatory regime in 2024.

Businesses wishing to undertake activities involving cryptoassets by way of business will, under this new regulatory environment, be required to obtain authorisation from the FCA. This is because it is intended that certain cryptoassets will be brought within the scope of the definition of ‘specified investments’ and, therefore, the activities in relation to these cryptoassets will be regulated as opposed to the cryptoassets themselves.

It is envisaged that this regulatory regime will be specific to certain types of cryptoassets depending on the regulated activity, and there will be more precise criteria set out in secondary legislation to determine whether a cryptoasset and activity is within the regulatory scope.

As well as existing regulated activities being applicable in relation to cryptoassets, there are also additional proposed activities specific to cryptoassets which will fall within the scope of future regulation, including:

• Safeguarding and/or administration (custody) activities;
• Issuance, payment and exchange activities;
• Investment and risk management activities;
• Lending, borrowing and leverage activities and;
• Validation and governance activities.

 As such, carrying out regulated activities involving cryptoassets by way of business will require authorisation by the FCA under part 4A of the Financial Services and Markets Act (FSMA), and this will equally apply to firms already registered with the FCA under the MLR.

At Lawrence Stephens, our team is adept at assisting diverse businesses in harnessing the potential of cryptoassets. With our bespoke legal insights, we ensure your cryptocurrency adoption journey is seamless, safeguarded, and aligned with the developing digital finance sector.