The Financial Conduct Authority's (FCA) first criminal prosecution for breaches of the UK money laundering regulations have generated headlines and demonstrate the FCA's tough approach to anti-money laundering (AML) compliance. However, enforcement is not the only area where the FCA is playing hardball. Information recently obtained by Mishcon de Reya from the FCA highlights the extent to which the FCA is using its position as AML gatekeeper to keep out cryptoasset firms which it considers do not come up to its high standards.
On 10 January 2020, UK cryptoasset businesses became subject to UK anti money laundering legislation contained in the 2017 anti-money laundering regulations ('the Regulations'). At the same time, the FCA became the anti-money laundering and counter terrorist financing supervisor for these types of firms, which include exchanges and wallet providers. Existing cryptoasset businesses are subject to a temporary registration regime that entitles them to continue to trade until 9 July 2021, but they must have applied for registration with the FCA before 16 December 2020. New cryptoasset firms that were not operating prior to 10 January 2020 are required to register with the FCA before they begin business.
Cryptoasset firms do not need to be authorised by the FCA to operate. However, under the Regulations, they do need to register with the FCA. Application for registration ought to be more straightforward than for full FCA authorisation. The only requirement under the Regulations is that applicants should be "fit and proper". This requires an assessment of the regulatory history of the firm, its officers and beneficial owners, an assessment of the risk that the business may be used for money laundering or terrorist financing and whether the firm and its staff have adequate skills and experience. However, in implementing the regulations, the FCA has determined that applicants must provide a long and detailed list of documents and information, which not only includes AML policies and procedures but also a business plan, marketing plan, details of IT systems, policies and procedures, three year budget forecasts and financials and other documents more usually provided as part of a full authorisation process.
Getting through this rigorous process has turned out to be difficult for firms. Data provided by the FCA to Mishcon de Reya, shows that of 209 applications made to the FCA since January 2020 (most of which are from new applicants) only four firms have had their applications for registration accepted; 39 applications have been withdrawn (commonly where firms have received a "minded to refuse decision") and 166 applications remain outstanding. The earliest application was made in January 2020 and an outcome is still awaited. In June 2020 (the most popular month for applications), 95 applications were made. To date, only one has been successful with 30 withdrawn and 64 remaining to be determined. This is notwithstanding provisions within the Regulations that provide that FCA decisions on application should be made within three months of the date of application or the date when the firm has responded to any further information requests.
The lack of progress in applications for registration has not gone without comment by the industry. In an open letter to the Chancellor of the Exchequer last month, the cryptoasset trade association Crypto UK complained: "The regime was meant to ensure crypto asset firms implement and adhere to financial industry standard anti-money laundering practices. However, the application process far exceeded this scope and endeavours to assess applicants against a higher standard more closely aligned to a full electronic money institution authorisation."
Crypto UK is concerned that FCA delays negatively impact upon the UK's message that it is "open for business and innovation".
If firms do manage to become registered, they can expect no let-up on supervision activity and, where necessary, enforcement. Last month the FCA announced that it was extending requirements to provide financial crime returns to include cryptoasset businesses. Financial crime returns are typically used by the FCA to identify firms which are high risk or outliers to their peers. Those firms can expect heightened supervisory attention from the FCA.