Cryptoasset AML Registration
Market capitalisation and public awareness of cryptoassets – the most common of which are cryptocurrencies – has grown significantly over the past decade. Concurrent with the growth in their availability, the anonymous nature of cryptocurrencies and the absence of effective regulation had resulted in an increased risk of their exploitation to facilitate financial crime.
The EU’s Fifth Money Laundering Directive (5MLD) – which was transposed into UK legislation through the Money Laundering Regulations 2019 – brought cryptocurrency activities within scope of money laundering supervision for the first time. Consequently, from 10 January 2020, certain cryptoasset businesses have been required to comply with the requirements of the AML cryptocurrency regulations and register for supervision under the UK’s cryptocurrencies AML regime.
The businesses that have fallen within scope of the new regime are cryptocurrency exchange providers and custodian wallet providers. This includes businesses that offer the following types of activities:
- Exchange of fiat currency for cryptocurrencies
- Exchange of one cryptocurrencies for another
- Operating cryptocurrencies ATMS (CATMs)
- Facilitating peer-to-peer exchange of cryptocurrencies
- Participating in initial coin offerings (ICO)
- Providing custodian wallets for storing cryptocurrencies on behalf of customers
The FCA has been appointed as the supervisor for UK-based crypto businesses and is the authority responsible for accepting applications for AML cryptocurrency registrations. Existing cryptocurrency businesses that were offering services before 10 January 2020 were permitted to continue undertaking their activities but had to be registered before 10th January 2021. Businesses that were not registered by this deadline had to cease trading.
New cryptocurrency business must be approved by the FCA before they conduct any regulated activities.
Evaluating AML cryptocurrency risk
The money laundering regulations require businesses to undertake an assessment of their money laundering and terrorist financing risks. It is therefore imperative that cryptocurrency businesses, in accordance with the regulations, take steps to fully understand their vulnerability to a range of different risks. The extent of the risks experienced by each business will depend on several factors, including the nature of their activities, the types of cryptoassets being offered (e.g. exchange, utility or security tokens) and the characteristics of their customer base.
Examples of risks experienced by cryptoasset businesses may include the following:
- Enabling customers to sell cryptocurrencies for fiat currency on an exchange. This poses an increased risk as the business must be able to determine the customer’s source of funds for initially purchasing the cryptocurrency, which may have happened on another exchange.
- Offering custodial cryptocurrency wallets which are also hot wallets. The very nature of hot wallets, given their connectivity and ease with which high volumes of cryptocurrency transactions can be facilitated through them, make them an ideal tool for the layering stage of the traditional money laundering process
- Allowing brokers to buy and sell cryptocurrency through an exchange. Brokers will have their own customer base, making it vital for the business to conduct thorough due diligence on them and ensuring that their risk appetites align
- Accepting debit cards issued in overseas jurisdictions at CATMs. The debit cards used to purchase cryptocurrency may be issued by financial institutions in countries with weak national AML frameworks, increasing the risk that the cryptoassets may be purchased using laundered money
As part of the cryptocurrencies AML registration, the FCA expects businesses to provide detailed and accurate information across a range of categories.
The following information should be included with the registration application:
- Evidence that the business complies with money laundering regulations, including policies, procedures and a business-level risk assessment
- A business plan, setting out the business’s services, objectives and projections
- A description of how the business is structured and organised
- Details of the business’s key IT systems, including detailed policies and procedures
- Evidence that the shareholders and individual’s responsible for managing the business are fit and proper
- A description of the firm’s governance arrangements and internal control mechanisms
How can we help you?
Our expert team has extensive expertise in cryptocurrencies, money laundering regulations and the FCA’s registration process. We have a dedicated financial crime team who have assisted multiple firms in complying with their obligations under the AML regulations, including cryptoasset businesses. Our in-depth knowledge and experience make us well-suited to support your business through the FCA AML cryptocurrency registration process.