The MLR Amendment updates the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the MLR), and transposes the EU’s Fifth Money Laundering Directive (MLD5) into UK domestic law.
In bringing ‘cryptoasset exchange providers’ within the scope of the UK MLR regime, the MLR Amendment significantly ‘gold-plates’ MLD5. This will bring increased work for cryptoasset business in the UK and signifies the growing regulatory attention in this space.
Cryptoasset businesses should act now to ensure that they are registered with the Financial Conduct Authority (FCA) by 10 January 2021. To ensure priority review of their registration applications, existing cryptoasset businesses should apply to the FCA by 30 June 2020 to check that their applications are ready to be assessed.
Background
MLD5 entered into force on 9 July 2018 (see our previous client alert). Amongst other things, MLD5 expanded the existing regime to cover ‘virtual currency exchanges’ and ‘custodian wallet providers’, meaning that these businesses will need to carry out customer due diligence on prospective clients.
On 15 April 2019, HM Treasury published a consultation on how the UK should transpose MLD5 into UK law (the Consultation). The Consultation acknowledged that there are risks associated with cryptoasset entities and activities that are not covered by MLD5, and sought stakeholder views on: (i) how to transpose MLD5 into UK law, (ii) the controls virtual currency exchanges and custodian wallet providers should put in place, and, crucially, (iii) whether MLD5 should be ‘gold-plated’ in UK law.
The majority of responses to the Consultation agreed that all relevant activity involving exchange, security and utility tokens (as set out in the Cryptoasset Taskforce’s Framework) should be captured for the purposes of UK anti-money laundering and counter-terrorist financing (AML/CTF) regulation. The MLD5 definition of ‘virtual currencies’ would therefore need to be amended in order to capture these three types of cryptoasset. A majority of the respondents also agreed that additional regulatory provisions should be included, to bring certain types of exchange providers into the scope of the MLR.
What’s changed?
The MLR Amendment has extended the scope of the MLR so that it applies to ‘cryptoasset exchange providers’ and ‘custodian wallet providers’. As can be seen from the table below, the MLR Amendment goes further than MLD5 by using the much wider defined term ‘cryptoasset’ instead of ‘virtual currency’. In line with the Cryptoasset Taskforce’s framework, this wider term would cover:
- Exchange tokens: these tokens are usually used as a means of exchange or for investment. They are often referred to as ‘cryptocurrencies’ and include Bitcoin, Ethereum and Litecoin
- Security tokens: these tokens are regulated ‘specified investments’ and typically provide rights such as ownership of an asset, repayment of a specific sum of money, or entitlement to a share in future profits.
- Utility tokens: these tokens can be redeemed for access to a specific product or service that is typically provided using a DLT platform.
Observations relating to the definition of cryptoasset exchange provider
The definition of ‘cryptoasset exchange provider’ likely includes peer-to-fiat providers, crypto-to-crypto providers (whether by means of an exchange or any other platform or process), cryptoasset ATMs and issuers of new cryptoassets such as through initial coin offerings. By contrast, the MLD5 definition of ‘virtual currency exchange provider’ is far more limited, covering pure fiat to crypto exchange providers only.
The UK MLR makes clear that this definition includes activities involving a right to, or interest in, the cryptoasset. This means that the issuer of an index that tracks the price of a cryptoasset (or an exchange that lists such an index) might be caught.
Next steps
Since 10 January 2020, all UK cryptoasset businesses carrying on activities which meet the above definitions have been obliged to comply with the MLR (as amended by the MLR Amendment) and the UK’s AML/CTF regime. Firms that fail to comply may be subject to significant fines, public censure, and in cases of employee obstruction of regulatory investigations, up to two years’ imprisonment.
FCA registration
The FCA is responsible for the supervisory and enforcement aspects of AML/CTF in respect of UK cryptoasset businesses.
All UK cryptoasset businesses must register with the FCA. Existing cryptoasset businesses (i.e., those that were already carrying on cryptoasset activity immediately before 10 January 2020) are able to continue with that business, in compliance with the MLR provided they register with the FCA by 10 January 2021. Failure to do so will mean that the cryptoasset business must stop all cryptoasset activity.
New cryptoasset businesses that intend to carry on a cryptoasset activity must be registered with the FCA before any activity can be carried out.
Applications for registration must meet the conditions for registration set out in regulation 57 of the MLR. Under regulation 58A of the MLR, the cryptoasset business must also satisfy the FCA that it and its owners and senior managers are ‘fit and proper’ to perform their roles before it can be registered with the FCA.
Once registered, the FCA’s supervisory approach is in line with the other financial institutions and firms it supervises for AML/CTF purposes. The FCA’s supervisory assessment will include a requirement for the business to demonstrate “that it has policies, controls and procedures in place to effectively manage AML/CTF risks in line with the nature, scale and complexity of the activities; and that it is able to identify, assess, monitor and effectively manage the financial crime risks to which it is exposed.” The cryptoasset business should also identify its AML/CFT risks and carry out regular assessments of its policies and procedures to ensure they remain relevant and appropriate.
Customer disclosure obligations
Cryptoasset exchange providers and custodian wallet providers will be required to disclose to customers whether or not their activities fall within the scope of the Financial Ombudsman Services (FOS) or the Financial Services Compensation Scheme (FSCS) before they enter into a business relationship or transaction.
The FCA notes that cryptoasset businesses will generally fall outside the scope of both the FOS and FSCS unless they are regulated for other reasons, and firms must clearly state this to their customers.
Reporting obligations
Cryptoasset businesses must provide the FCA with such information as the FCA may direct about their compliance with requirements imposed in or under parts 2 to 6 of the MLR, or which is required by the FCA for calculating supervision charges or to enable it to effectively carry out its supervisory and enforcement functions.
The FCA also has the power to require cryptoasset businesses to appoint a skilled person to provide a report on the business’ activities, and to give specific directions to those businesses.
Are there any other changes on the horizon relating to cryptoasset business?
The MLR Amendment extends the FCA’s existing investigative and sanctioning powers to cryptoasset businesses. It also provides the FCA with a new power to impose a direction on a cryptoasset business under regulation 74C of the MLR to ensure that the requirements of the MLR are met. In addition, these powers provide the FCA with the power to publish information about any such direction imposed on a cryptoasset business and where the FCA has published such information as considered appropriate, they impose requirements on the FCA to publish certain follow-up information.
The FCA has consulted on amendments to its handbook to enact these changes.
Conclusion
The implementation of MLD5 in the UK brings previously unregulated cryptoasset businesses into the purview of the FCA, and provides these firms with regulatory obligations in relation to AML/CTF akin to other FCA-regulated firms.
New cryptoasset businesses must register with the FCA before they start trading. Cryptoasset businesses that were carrying on the relevant activities before 10 January 2020 should act now to ensure that they are registered with the FCA by 10 January 2021. As part of this process, firms will need to ensure that the necessary processes and support frameworks are in place to implement strong AML/CFT principles at the core of their activities.
To meet this deadline in good time, the FCA is encouraging existing businesses to apply by 30 June 2020 for priority review.
Client Alert 2020-293
