Written by Carly Phillips-Jones 

On 24 March 2022, the FCA published a notice to all FCA regulated firms, reminding them of their obligations when they are interacting with or are exposed to cryptoassets. This notice was synchronised with a number of other publications from UK authorities, including: a “Dear CEO” letter from Sam Woods at the PRA; responses to the Bank of England’s discussion paper on digital money; a paper on “Cryptoassets and decentralised finance” by the Financial Policy Committee (FPC); and a complementary reminder from the Advertising Standards Authority (ASA) on the advertising of cryptocurrencies.

The general message from the UK authorities is that, as cryptoassets grow and develop, enhanced regulatory and law enforcement frameworks are needed both domestically and at a global level. The Bank of England and other UK authorities have been actively engaging with the UK government on the future regulatory landscape, including through HM Treasury’s recent consultation on the UK regulatory approach to cryptoassets and stablecoins. However, in the meantime, the FCA and the PRA have reiterated firms’ existing risks and obligations when interacting with cryptoassets.

What risk areas do firms need to consider?

  • Being clear with customers. The FCA expects firms to ensure that consumers understand the extent of business that is regulated and to clearly distinguish those elements which are unregulated business. At all times, firms remain responsible for identifying and managing potential risks related to cryptoassets. This is reaffirmed in the ASA guidance and enforcement notice mentioned above.
  • Having appropriate risk controls in place. Both the PRA and the FCA expect all regulated firms to have appropriate systems and controls in place to counter the risk of cryptoassets being misused for financial crime. Where firms’ clients and customers are using cryptoassets or offering related services, firms should adapt their actions to the perceived risks, using the same criteria that would be applied to other sources of wealth or funds.
  • Custody considerations. The FCA’s Client Assets Sourcebook (CASS) provides detailed rules for firms to follow when holding regulated assets in custody, as part of their investment business. Where cryptoassets are considered to be specified investments (i.e. security tokens), firms carrying out regulated activities involving custody of these assets are likely to be subject to the CASS regime and these rules must be considered.
  • Prudential considerations. The FCA reminds firms that, although there are currently no specific prudential treatments that explicitly mention cryptoassets, there are still regulatory obligations in this area such as those under the new investment firm prudential regime (IFPR). The PRA further emphasises that firms should consider the full prudential framework when assessing and mitigating risks and exposure to cryptoassets including PRA Fundamental Rules, Pillar 1, the Internal Capital Adequacy Assessment Process (ICAAP) and related Pillar 2 capital considerations.

Next steps

Both the FCA and the PRA have stated that they will be working closely with international partners including the International Organization of Securities Commissions (IOSCO), the Financial Stability Board (FSB), the Financial Action Task Force (FATF), and domestic bodies including the UK government and other parties through the Cryptoassets Taskforce (CATF) on a UK approach that balances innovation and competition, alongside orderly markets and consumer protection.

The PRA will be launching a survey of firms covering existing crypto exposures and future plans for 2022, the deadline for responses to this survey is 3 June 2022. The Bank of England and HM Treasury are also currently considering the case for issuing a UK retail Central Bank Digital Currency and in 2022, they will launch a joint consultation setting out their assessment of the case for doing so.