A tale of woe: cryptoasset businesses and anti-money laundering registration, Brandon Wong

The FCA has published feedback for cryptoasset businesses on good and poor-quality applications for anti-money laundering registration.

Since January 2020, the FCA has been the anti-money laundering (AML) supervisor of UK cryptoasset businesses, with certain cryptoasset businesses being required to register with the FCA for AML purposes. In total, the FCA has received over 300 applications for registration and determined over 260 as of January 2023. The breakdown:

41 approved and registered (15%);
195 refused or withdrawn (74%); and
29 rejected (11%).

For those considering registration, the FCA also provides further feedback setting out its expectations of applicants at the various stages of the application process:

Before preparing an application, applicants should:

consider if they will be carrying on relevant cryptoasset activities by way of business, therefore requiring registration;
consider seeking independent legal advice as part of preparing an application (including with respect to wider regulations potentially applicable to the product proposition);
register on the Connect system and review the cryptoasset registration form; and
appoint a Money Laundering Reporting Officer (MLRO)/Nominated Officer with relevant knowledge, experience and training as well as a level of authority, independence and sufficient access to resources and information, to enable them to monitor and manage compliance with policies, procedures and controls to carry out their roles and responsibilities.

When preparing an application, applicants should:

prepare their business plan which should include details of their business model, roles and responsibilities of business partners, sources of liquidity, detailed customer journey and flow-of-funds charts. Business plans should also explain the firm’s compliance oversight, risk mitigation and financial controls, especially for its cryptoasset holdings;
include a comprehensive and accurate description of the applicant’s products and services, including a description of any cryptoassets native to or otherwise associated with the applicant and relevant whitepapers, token classification and functionalities assigned within the business;
demonstrate a thorough understanding of the risks from dealing in cryptoassets and design a business wide risk assessment (BWRA) that is tailored to their business model;
have policies, systems and controls in place to appropriately manage and mitigate the risks identified in the BWRA;
demonstrate that they have effective transaction monitoring and blockchain analysis, adequate for their size and complexity;
explain how their proposed cryptoasset activities relate to the money laundering regulations and demonstrate how the applicant, and any officer, manager and beneficial owner of the applicant, will comply with the relevant regulations;
provide complete information regarding their outsourcing arrangements;
evidence staff training material tailored to their particular business model and associated money laundering risks along with their annual training plan;
ensure their Suspicious Activity Reporting (SAR) policy covers their cryptoasset-related activities;
proactively inform customers that the applicant’s cryptoasset activities will not be within the scope of the Financial Ombudsman Service and will not benefit from the Financial Services Compensation Scheme’s protection before establishing a business relationship or entering into a transaction with the customer;
evidence adequate and current sanctions-specific controls within the applicant’s control framework in line with their cryptoasset-based business model; and
ensure their website or other marketing materials contain an accurate and fair representation of the applicant’s products and services and does not contain misleading information.

While the FCA assesses the application, applicants should:

keep the FCA up to date and provide transparent and timely disclosures of relevant changes in circumstances;
be prepared to deal with a rapidly evolving regulatory framework, scanning for emerging risks and industry changes, tracking financial crime typologies and new rules that could affect their operations; and
not use their application to promote their products or services or include language that gives the impression that making an application for registration is a form of endorsement or recommendation by the FCA.

If you want legal advice in relation to AML applications for registration or other cryptoasset-related topics please get in touch with Burges Salmon's fintech team.

{

"Applicants must recognise that being registered is not a one-off formality or a tick-box exercise without any further obligations or interaction with the FCA. The applicant must continue to ensure that it complies with the requirements of the MLRs and the FCA will supervise this compliance."

https://www.fca.org.uk/cryptoassets-aml-ctf-regime/feedback-good-poor-quality-applications