FCA Regulation of Cryptoassets | Rosenblatt’s Tech Team

Introduction

Regulatory authorities in the UK have long agonised over how to regulate cryptocurrency and its associated activities and the debate on this continues.

Certain investment services which come within the definition of the Markets in the Financial Instruments Directive (“MiFID”) must be authorised by the Financial Conduct Authority (“FCA”) under Financial Services and Markets Act 2000 (“FSMA”) as regulated activities. Certain types of crypto investments can be covered.

Other types of crypto investments fall outside FSMA. For a long time, these activities were entirely unregulated. However, the passage of Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLRs”) has brought those crypto activities within the regulatory net for the first time.

In this article we review what type of crypto activities are likely to be caught by the FSMA and may need to be specifically authorised by the FCA and what crypto activities not otherwise caught by FSMA are now subject to registration under the MLRs.

When do cryptoassets need to be specifically authorised under the Financial Services and Markets Act 2000 (“FSMA”)?

Most cryptoassets are not specified investments under the FSMA. However, there are a number of circumstances where cryptoassets may need to be specifically authorised under FSMA. If an investment category comes within the scope of MiFiD then there is a requirement for that activity to be specifically authorised by the FCA.

Examples of the types of activities covered include but are not limited to where cryptoassets are the underlying assets and are the subject of a Contracts for Differences (“CFD”), or derivative instruments such as Futures or Options. In these cases, it is necessary to apply to the FCA to be specifically authorised under the FSMA.

Authorisation under the MLRs

Since January 2020, those businesses which engage in cryptoasset activities as defined below need to be compliant with the MLRs.

Businesses carrying on the following crypto asset activities in the UK will need to be registered with the FCA as defined in The Money Laundering & Terrorist Financing (Amendment) Regulations 2019 (“the Amendment Regulations”).

i) Cryptoasset exchange providers

Cryptoasset ATMs, Peer to Peer Providers and those issuing new cryptoassets, including Initial Coin Offerings (ICO) and Initial Exchange Offerings.

The definition covers any firm or sole practitioner who by way of business provides one or more of the following services:

• Exchanging, arranging or making arrangements with a view to the exchange of cryptoassets for money or money for cryptoassets or the exchange of one cryptoasset for another; or
• Operating a machine which utilises automated processes to exchange cryptoassets for money or money for cryptoassets

ii) Custodian Wallet Providers

Any firm or sole practitioner who by way of business provides services to safeguard, or to safeguard and administer:

• cryptoassets on behalf of its customers, or
• private cryptographic keys on behalf of its customers in order to hold, store and transfer cryptoassets, when providing such services.

Businesses which carry on crypto exchange activities or provide Custodian Wallet services are only liable to register with the FCA under the MLR if they conduct those activities “by way of business” in the UK.

To ascertain whether any activity is carried out “by way of business” the following factors should be considered:

• Commercial element – Does the business advertise or act in a way that suggests the business is providing crypto asset services by way of business?
• Commercial benefit – Does the business receive direct or indirect benefit from this service?
• Relevance to other business – How significant is the activity to the business’ other activities (i.e. are crypto asset activities only part of the business)?
• Regularity/frequency – Does the frequency of the activity suggest that it is being carried on as a business?

Further questions to be considered include whether the business:

• Has a registered or head office in the UK and where day-to-day management of these activities is carried out, irrespective of where, geographically, the crypto asset activity is conducted?
• Operates one or more ATMs in the UK?
• Has any UK presence that is engaged in or facilitates crypto asset activities?

Positive responses to the above questions would suggest that FCA registration is likely to be required. If a business considers that its activities do not fall within the FCA’s scope, then the FCA may enquire as to why a business considers that their activities are not within scope. If there is uncertainty regarding whether registration with the FCA is required, the FCA states that businesses may wish to seek legal advice.

All firms which have not registered with the FCA or submitted an application for registration are required to have ceased trading from 10 January 2021 or may not commence trading after that date. Those firms must not carry on any cryptoasset activates which includes (but is not limited to) exchanging and holding custody of cryptoassets on a customer’s behalf. Those firms which continue to provide cryptoasset services regardless, risk FCA enforcement action.

The Registration Process

As we have seen since January 2020 those businesses which engage in relevant crypto asset activities need to be compliant with the MLRs.

Temporary Registration Regime

On 16 December 2020, the FCA announced a Temporary Registration Regime (“TRR”), where firms which had applied for FCA registration before that date and whose applications the FCA were still processing could continue to trade up to 9 July 2021 while the FCA considers their application. The deadline for the submission of applications to the FCA was 15 December 2020 and the list of firms covered by the TRR was published on 9 January 2021. The current position is that only firms which are either FCA registered or which come under the TRR can continue or commence trading.

Those firms which have obtained temporary registration are eligible to trade until the TRR ends.

New registrations

If a firm has not obtained temporary registration under the TRR then an online application to the FCA is required to register. Firms applying after 15th December 2020 are not allowed to commence trading in relevant crypto asset activities until their registration application has been approved by the FCA.

What Information is required

As part of the application process the FCA will request information about the applicant and key individuals in the business. It is likely that the FCA will request additional information after an application has been submitted in order to make an assessment.

The FCA will ask questions about a business when making an application, including (but not limited to) the business:

• Programme of operations;
• Business plan;
• Marketing plan;
• Structural organisation;
• Systems and controls;
• Individuals, beneficial owners, and close links;
• Governance arrangement and internal control mechanisms;
• AML/counter terrorist finance framework and risk assessment;
• Business-wide risk assessment; and
• All cryptoasset public keys/wallet addresses

A fit and proper assessment will also be undertaken.

Registration Fees

Registration fees are payable dependent on the UK cryptoasset income of the business:

For businesses with a UK cryptoasset income of up to £250,000, a fee of £2,000 will be charged, while businesses with UK cryptoasset income greater than £250,000, a fee of £10,000 will be charged.

Supervision and other regulatory considerations

The FCA’s supervisory assessment will include a requirement for a business to demonstrate that it has policies, controls and procedures in place to effectively manage money laundering and terrorist financing risks proportionate to the size and nature of the business’ activities.

Some requirements that FCA authorised businesses must comply with in relation to the MLRs are set out below, however this is not an exhaustive list and does not include obligations under FSMA:

• identifying and assessing money laundering and terrorist financing risks which the business is subject to;
• assessing those risks related to any new technologies prior to launch, managing and mitigating those risks;
• a requirement to have in place policies, systems and controls appropriate to mitigate the risk of the business being used for the purposes of money laundering or terrorist financing. This risk-based approach should seek to mitigate the risks identified in the business’s risk assessment;
• where appropriate with regard to the size and nature of the business, appoint an individual responsible for compliance with the MLRs and establish an internal audit function to assess policies and controls;
• undertake screening of employees;
• undertake customer due diligence when entering into a business relationship or occasional transactions;
• apply more intrusive due diligence, known as enhanced due diligence when dealing with customers who may present a higher risks, including those who may be apolitically exposed person; and
• undertake ongoing monitoring of all customers.

Important Customer Protections/Disclosures

Protecting customers is an important part of the FCA’s regulatory remit. However, those crypto investment activities which do not need full authorisation under FSMA but only registration under the AMLs give customers less regulatory protection. Trading in cryptoassets has often in the past led to customer /consumer complaints so the FCA emphasises it is important to highlight to customers the extent of the regulatory protection available to them when engaging in such activities.

Cryptoasset activities not subject to authorisations under FSMA offer less protection to investors. They do not have the relevant protections under the Financial Ombudsman Service and/or are not subject to protection under the Financial Services Compensation Scheme (“FSCS”). In these cases businesses must inform customers of that position before entering into a transaction or starting a business relationship with the customer.

Cryptoasset businesses which obtain FCA registration under the AMLs must ensure customers are not misled as to what protections apply and be aware that FCA registration is not an endorsement. It will be up to each business to decide how best they meet this requirement.

Businesses may wish to consider the timing of a disclosure, which would normally occur prior to carrying on activities in relation to the business. Additionally, investors should be made aware of this information before deciding to proceed with a transaction. Key information to be disclosed in addition to how information is presented when marketing are factors to be considered when businesses draft wording to provide.

Rosenblatt can help

We have a wealth of experience across diverse sectors and closely collaborate with institutions, large and small companies (both public and private), start-ups and individual entrepreneurs. The regulatory regime which applies to cryptoassets is increasing in complexity, Rosenblatt advises on all aspects of cryptoassets and regulatory law.

In particular we can assist in helping crypto businesses obtain the correct authorisations and registrations from the FCA necessary for compliant operation of all forms of crypto investment activity.