Cryptoassets Registration

Although largely unregulated in the UK, specific cryptoasset services must be registered with the Financial Conduct Authority (FCA). Firms dealing with cryptoassets that offer one or more of the services listed in the scope of services as detailed in Regulation 14A of the MLRs, are required to adhere to the Money Laundering Regulations (MLRs) in their operations. Under the regulations this includes:

1. A “cryptoasset exchange provider” is defined as any business or individual offering services such as:
   • Trading or facilitating the trade of cryptoassets for traditional money or vice versa,
   • Exchanging one cryptoasset for another, or
   • Running automated machines for cryptoasset exchanges.
2. A “custodian wallet provider” refers to businesses or individuals that:
   • Secure or manage cryptoassets for clients, or
   • Handle private cryptographic keys for managing cryptoassets.

Under these regulations, cryptoasset denotes a digitally secured representation of value or rights, using distributed ledger technology, capable of being electronically transferred, stored, or traded. Money encompasses sterling, any foreign currency, or other exchange mediums, excluding cryptoassets.

It is essential that your firm establish if you are required to register with the FCA for carrying on cryptoasset activity, the FCA have put together a flowchart which will assist with this process.

Objectivus can assist firms which require registration with the FCA, specifically with the production of materials in which to remain in compliance with the regime. If your firm is looking at registration or aspects concerning cryptoassets please get in touch.

Firms should be conducting risk mitigation measures which will include:

• Product and Service Restrictions: Implement transaction limits, restrict the value of privacy coins, introduce time delays for transactions, and prohibit transfers to certain third parties.
• Customer Due Diligence (CDD): Apply CDD for all business relationships, especially for transactions of EUR 15,000 or more, or when operating ATMs, suspecting money laundering/terrorist financing, doubting the authenticity of customer information, or when a customer’s risk profile changes. Simplified due diligence can be applied for low-risk scenarios, while enhanced due diligence involves verifying identity with third-party databases, assessing publicly available information, tracing IP addresses, and requesting transaction history.
• Blockchain Analysis: Employ blockchain analysis techniques to monitor transactions.
• Source and Destination Assessment: Evaluate the origins and destinations of funds to detect any illicit activities.
• Know Your Customer: Identify and verify customer identities, understand the purpose of the account, and identify beneficial owners for business clients, including collecting information like wallet addresses and transaction hashes.
• Ongoing Monitoring: Continuously monitor accounts for suspicious activities and reassess customer risk profiles as necessary.
• Record Keeping: Maintain comprehensive records of customer identities, transaction details, and relevant parties’ public keys or identifiers.
• Sanction Screening: Ensure compliance with sanctions obligations by screening against relevant lists.

To remain in compliance with the cryptoasset business compliance requirements firms must consider:

• Identify and evaluate the risks of money laundering and terrorist financing.
• Analyse the money laundering / terrorist financing risks associated with emerging technologies.
• Implement suitable policies, procedures, and controls to address and reduce money laundering/terrorist financing risks.
• Depending on the scale and type of the operation, designate a senior management member or board member as the nominated officer responsible for adhering to anti-money laundering regulations.
• Establish an independent audit function to review compliance internally if it aligns with the size and complexity of the business.
• Perform screening on employees.
• Execute customer due diligence at the initiation of a business relationship or transaction.
• Implement additional due diligence procedures for customers assessed as higher risk for money laundering/terrorist financing, such as those identified as politically exposed persons (PEPs).
• Continuously monitor the activities of all customers to identify and manage risks effectively.

The FCA will require firms engaging in cryptoasset activities to submit a comprehensive set of documents outlining operational, strategic, and compliance frameworks. This includes a detailed account of the specific cryptoasset activities to be undertaken, supported by a business plan that articulates the firm’s objectives and its viability. Additionally, a marketing strategy must be presented, specifying the target market segments and the distribution channels intended for market penetration. The submission should also encompass detailed organisational charts which illustrate the company’s structure, highlighting key personnel and their roles, alongside an emphasis on the critical IT infrastructure that will underpin the firm’s operations, including cybersecurity measures. Governance policies and internal control mechanisms must be documented to ensure operational integrity and compliance. Furthermore, a robust framework for Anti-Money Laundering and Counter-Terrorist Financing is required, including risk assessment procedures and preventive measures. Lastly, a holistic risk evaluation that encompasses continuous monitoring and the implementation of a mitigation strategy to address identified risks is essential.

The full set of requirements can be found and more detailed information can be found within the FCA website, we can of course provide assistance with any information which requires clarity or detail.