Blog

Only 15% of firms applying under the FCA’s MLR cryptoasset regime have made it through to the other side. It is fair to say these applications are not simple. The FCA require firms to evidence they have a competent governance structure as well as an extensive documented AML framework. The firm also needs to evidence it has the appropriate knowledge and experience to run a registered business, this includes having a MLRO onboard with the expertise to implement a robust risk-based approach to identify and mitigate financial crime exposure. Bringing all of this evidence together in a language the regulator understands is tough, but get it right, and the firm could have an amazing opportunity to target the market from the UK.

The FCA’s latest publication on this topic, “Cryptoasset AML/CTF regime: feedback on good and poor quality applications”, is a great starting point for firms that are considering entering this space. Find a detailed overview of the FCA’s feedback below. 

What has happened?

In January 2023, the FCA provided feedback on good and poor quality cryptoasset firm registration applications made under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, known as the MLRs.

This feedback is designed to help cryptoasset applicant firms when they prepare their application for registration and help make the process as simple and efficient as possible for them.

What are the key points of the feedback?

The FCA has been the anti-money laundering and counter-terrorist financing supervisor of UK cryptoasset businesses since 10 January 2020. Since then, it has received over 300 applications for registration under the MLRs and has determined over 260 as of January 2023. 

Of the applications determined, the FCA approved and registered 41 (15%), 195 (74%) were either refused or withdrew their application and the FCA rejected 29 (11%) submissions.

The FCA emphasises the following suggested areas for firms’ attention

Before preparing an application 

The FCA expects applicant firms to demonstrate an understanding of the UK AML registration regime as set out in the MLRs.

Firms applying for registration should refer to the flowchart provided and consider if they will be carrying on relevant cryptoasset activities by way of business, as set out in Regulation 14A of the MLRs. Where relevant, firms should consider seeking independent legal/compliance advice as part of preparing an application.
The applicant firm must appoint a Money Laundering Reporting Officer/Nominated Officer with relevant knowledge, experience and training as well as a level of authority, independence and sufficient access to resources and information, to enable them to monitor and manage compliance with policies, procedures and controls to carry out their roles and responsibilities under the MLRs.

When preparing an application

The applicant firm’s business plan should include details of its business model, roles and responsibilities of business partners (such as service providers, brokers, introducers, sub-custodians and outsourcing partners), sources of liquidity, detailed customer journey and flow-of-funds (fiat and cryptoassets both) charts. The business plan should also include a comprehensive and accurate description of the applicant firm’s products and services. This should include, where applicable, a cryptoasset token vetting policy, a detailed description of how dependent it is on external ecosystems for liquidity, custodian services, and underlying smart contracts/decentralised finance implementations.

Firms must demonstrate a thorough understanding of the risks from dealing in cryptoassets and design a business wide risk assessment (BWRA) that is tailored to its business model. In addition to the AML/ CTF risks, the BWRA should identify and assess any proliferation financing risks to which the applicant’s business is subject. The firms AML framework must include policies, systems, and controls to appropriately manage and mitigate the risks identified in the BWRA. The FCA will also expect applicants to adequately evidence their assessment of the strength of these controls.
The documentation submitted to the FCA should demonstrate how the firm is implementing effective transaction monitoring and blockchain analysis, adequate for its size and complexity.

The application must focus on the applicant firm’s business model and explain how its proposed cryptoasset activities relate to the MLRs. The application must demonstrate  how the firm and any officer, manager and beneficial owner of the applicant, will comply with the MLRs. The firm must provide complete information regarding its outsourcing arrangements, both within and outside the group, as well as within and outside the UK.

The applicant must be able to evidence staff training material tailored to its particular business model and associated AML/CTF risks along with its annual training plan.

The AML framework in place must evidence adequate and current sanctions-specific controls within the applicant firm’s control framework in line with its cryptoasset-based business model.

The applicant firm’s website or other marketing materials must contain an accurate and fair representation of the applicant firm’s products and services and must not contain misleading information.

When submitting an application

Most importantly, the application must demonstrate that the firm understands its obligations to comply with the requirements of the MLRs and is ready, willing and organised to meet these requirements when they apply.

While the FCA is assessing the application

Applicant firms should be proactive and self-reliant. They should not expect the FCA to act as an adviser in completing their application or to recommend solutions when deficiencies are highlighted.
The firms should demonstrate that they are agile and prepared to deal with a rapidly evolving regulatory framework, scanning for emerging risks and industry changes and tracking financial crime typologies and new rules that could affect their operations.

How can we help you?

Thistle Initiatives has supported firms, including cryptoasset firms, for over 10 years as a trusted compliance and regulatory advisor. In addition to assisting you as and when our team of specialists can serve as your right hand in a meeting and complying with regulations. We understand the importance of staying up-to-date and compliant and are dedicated to providing the guidance and support needed to do so.

We have provided expert advice, thought leadership, and training for over 10 years

If you want to discuss anything covered in this blog, please contact our specialist cryptoasset team now to schedule a free consultation. Contact our specialist team now to schedule a free consultation.  Get in touch with us by calling 020 7436 0630 or sending an email to info@thistleinitiatives.co.uk.