AML Q&A: 5 key questions
Tim Pinkney and Bill Bewes share their knowledge and experience, answering five key questions to help accounting...
READ MORE
The Financial Conduct Authority has issued a list of risks that businesses dealing with, or exposed to, crypto assets should consider.
The FCA said that while crypto assets and their underlying technologies can offer benefits to financial services firms such as reducing costs and increasing efficiencies, they also present risks to market integrity and consumers, particularly when used as a speculative investment. This is additional to significant risks in relation to financial crime and money laundering.
It has outlined some areas of risk that firms need to consider and said although it is not a complete list, firms should consider any further controls and requirements that apply to them.
The FCA recommend that firms read the Letter from Sam Woods on existing or planned exposure to crypto assets published by the Prudential Regulation Authority (PRA), as well as publications from the Bank of England and the financial policy committee (FPC), which focus on crypto assets and new forms of digital money.
Being clear with customers
As stated in the Perimeter Report 2021, much of the crypto-asset sector continues to sit outside of the FCA’s current regulatory remit. When firms assess the risks crypto assets pose, they should use a similar approach to that for the regulated activities they conduct. There is a risk of consumer confusion where regulated firms provide services involving crypto assets. We expect firms to ensure that consumers understand the extent of business that is regulated and to clearly distinguish those elements that are unregulated business. At all times, firms remain responsible for identifying and managing potential risks related to crypto assets.
Financial crime and registration of crypto-asset business
Since January 2020, firms carrying on crypto-asset activity in the UK have had to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the “MLRs”). This includes the requirement to be registered with the FCA to continue to carry on business. Providing crypto-asset business in the UK by way of business, as set out in Regulation 9 of the MLRs, without registration (or temporary permission under the Temporary Registration Regime [TRR]) is a criminal offence.
Having appropriate systems and controls in place
The FCA said it expects all authorised and registered firms to have appropriate systems and controls to counter the risk of being misused for financial crime. As part of this, all firms should be reviewing whether crypto-asset businesses they interact with are listed on the FCA’s unregistered cryptoasset businesses page. It expects firms doing business with crypto-asset firms to check against this list and to make sure that they have sufficient due diligence and money laundering controls in place to manage the risks posed by their customers.
Assessing the risks
In its 2018 “Dear CEO” letter the FCA gave firms guidance on how to achieve best practice where clients and customers may be using crypto assets, or providing services to customers offering crypto assets. That guidance remains relevant – with some key elements outlined in this notice.
Where firms’ clients and customers are using crypto assets or offering related services, firms are given the flexibility to adapt their actions to the perceived risks. Firms should assess the risks posed by a customer whose wealth or funds derive from the sale of crypto assets, or other crypto-asset-related activities, using the same criteria that would be applied to other sources of wealth or funds. One way crypto assets differ from other sources of wealth is that the evidence trail behind transactions may be weaker. This does not justify applying a different evidential test on the source of wealth and we expect firms to exercise particular care in these cases.
Prudential considerations
While there are currently no specific prudential treatments that explicitly mention crypto assets, the authority reminds FCA-regulated firms that there are still regulatory obligations in this area. Firms subject to the new investment firm prudential regime (IFPR), have obligations (under MIFIDPRU 7) to assess and mitigate the potential for harm to clients, to the markets in which the firm operates and to itself, that could arise from all of their business. This applies whether or not that business consists of Markets in Financial Instruments Directive (MiFID) investment business, other regulated activity or is unregulated. It also applies irrespective of operating on an agency basis, principal basis, or in some other capacity. This therefore includes crypto-assets business however firms conduct that business.
Other firms subject to FG20/1: Assessing adequate financial resources should consider that guidance when assessing and managing risks and exposures from crypto assets. Where a firm accounts for a crypto asset as an intangible asset, it will likely need to deduct this asset from its regulatory capital.
If the FCA finds that there is a need for updated prudential requirements for crypto assets, it will consider what further steps it may need to take to ensure firms have adequate financial resources to address the potential for harm from conducting business involving crypto assets.
Custody considerations
All FCA-regulated firms must observe our Principles for Business, which all firms must comply with to be authorised by us. Principle 10 requires a firm to arrange adequate protection for clients’ assets. As part of these protections, the FCA’s Client Assets Sourcebook (CASS) provides detailed rules for firms to follow when holding regulated assets in custody, as part of their investment business. Where crypto assets are specified investments (security tokens), firms carrying out regulated activities involving custody of these assets are likely to be subject to the CASS regime. If firms have any questions about how the CASS rules may apply, they should speak to their relevant FCA supervisory contact.
The FCA said it continues to develop its understanding of how crypto-asset technology affects custody arrangements. It will continue to monitor the use of crypto assets in custody arrangements and act where appropriate, supporting responsible innovation, while protecting consumers and ensuring market integrity.
Domestic and international engagement
As effective regulation of a digital world requires international cooperation and common standards, the FCA will continue working closely with international partners, both bilaterally and through multilateral fora, including the International Organization of Securities Commissions (IOSCO), the Financial Stability Board (FSB) and the Financial Action Task Force (FATF). Domestically it will work closely with government and other parties through the Cryptoassets Taskforce (CATF) on a UK approach that balances innovation and competition, alongside orderly markets and consumer protection. It will also be engaging with industry participants to seek insights as we further develop our views.