The UK Financial Conduct Authority (FCA) has become the anti-money laundering and counter terrorist financing (AML/CTF) supervisor for businesses engaging in certain cryptoasset activities under the amended Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLRs).
Any UK business conducting specific cryptoasset activities falls within scope of the regulations and will need to comply with their requirements.
Inter alia, the FCA requires cryptoasset businesses to:
- identify and assess the risks of money laundering and terrorist financing which their business is subject to;
- have policies, systems and controls to mitigate the risk of the business being used for the purposes of money laundering or terrorist financing;
- where appropriate to the size and nature of its business, appoint an individual who is a member of the board or senior management to be responsible for compliance with the MLRs;
- undertake customer due diligence when entering into a business relationship or occasional transactions;
- apply more intrusive due diligence, known as enhanced due diligence, when dealing with customers who may present a higher money laundering / terrorist finance risk. This includes customers who meet the definition of a politically exposed person;
- undertake ongoing monitoring of all customers to ensure that transactions are consistent with the business’s knowledge of the customer and the customer’s business and risk profile.
The UK regulator notes that it will proactively supervise firms’ compliance with the new regulations, and will take swift action where firms fail to meet the standards and cause risks to market integrity.
New UK businesses carrying out cryptoasset activity in scope of the MLRs must be registered with the FCA before conducting businesses – registration forms are available on Connect.
Existing businesses already conducting cryptoasset activity before January 10, 2020 may continue their business but will need to ensure their compliance with the MLRs with immediate effect.
All existing businesses undertaking cryptoasset activities must be registered by January 2021. To ensure this deadline is met, these businesses must submit a completed application for registration via Connect by June 2020.
Existing Financial Services and Markets Act firms, e-money institutions or payment services businesses undertaking cryptoasset activity will also be required to apply for registration.
The new requirements apply to cryptoasset exchange providers (including cryptoasset automated teller machine (ATM), peer to peer providers, issuing new cryptoassets, e.g initial coin offering (ICO) or initial exchange offerings), and custodian wallet providers.