It was interesting to read the following speech of Therese Chambers, Director of Retail and Regulatory Investigations.
Crypto businesses may want to consider the following when proving services via a UK entity:
Under the MLRs, any firm undertaking one of the specified cryptoasset activities is required to satisfy the FCA when they arrive at our authorisations team that they have:
Risk assessment: to identify where the risks of money laundering lies in their business and establish policies and procedures to tackle them.
Customer Due Diligence (CDD): as there is a zero threshold for all activity in this sector, all transactions, whether occasional or part of an ongoing business relationship, will need to be subject to CDD. This means identifying the customer and verifying their identity on the basis of reliable and independent documentation or information. As cryptoasset activities are online, then they will need to establish the veracity of the information provided to ensure the person on the other side of the screen is who they claim to be. We expect that many will apply similar approaches to e-money and challenger banks who often deploy new technologies such as video/photo identification via mobile.
Transaction monitoring: cryptoasset firms will need to monitor the transactions that they execute on behalf of their customers to identify any potential suspicious or unusual transactions that indicate a risk of money laundering. While we know of several services that offer blockchain analytics software which can help with this task, we will still require that firms have the right processes in place to evaluate transactions. This is because all FCA regulation is underpinned by the notion that you can outsource work but not responsibility.
Record keeping: the MLRs require all firms to retain documents and information used as part of CDD and transaction monitoring for a period of 5 years after the end of a business relationship, but they do not need to be kept for longer than 10 years since the start of that relationship.
Suspicious Activity Report (SAR) reporting: where a firm identifies suspicious activity that they have reasonable ground to suspect is the proceeds of crime then they need to make a SAR and send it to the National Crime Agency (NCA).
When a firm arrives at the FCA’s gateway looking to apply for registration, we believe that a ‘good’ application will clearly demonstrate to our authorisations team that they have robust systems and controls to cover each of these areas. But fundamentally, we are looking for more than just whether the firm has the right policies and procedures, we need to be satisfied that the firm take seriously their responsibilities to prevent their business being used to launder the proceeds of crime.
The FCA’s crypotasset AML regime is still in its infancy, as it only came into effect on the 10 January 2020. We are expecting several key challenges. First, this is largely a market that is new to regulation, and since the premise of the technology comes from a libertarian strand of ideology which eschews identity checks and advocates digital privacy, so we are expecting compliance with AML regulation will be met with resistance. But we are keen to work with the industry to ensure our AML standards are met in this market, particularly since this sector is closely integrated with traditional financial services.