UK cryptoasset businesses receive guidance on their anti-money laundering obligations (updated)

Around the world, the introduction of anti-money laundering (AML) rules has often been the vanguard of the regulation of cryptoassets. In the UK, recently updated sectoral guidance clarifies the scope of the UK AML regime for cryptoassets firms and highlights specific money laundering risk factors for those firms. It is also a reminder for UK cryptoassets firms to apply to register with the FCA for AML supervision as soon as possible.

JMLSG sectoral guidance for cryptoasset businesses

The UK’s Joint Money Laundering Steering Group (JMLSG) is an authoritative source for the industry when interpreting AML rules. It has recently updated its sectoral guidance for cryptoasset businesses that are in the scope of the UK’s Money Laundering Regulations 2017 (MLRs). The updated guidance received HM Treasury ministerial approval on 19 August 2020. The FCA is now required to consider the guidance in determining whether a firm has breached the MLRs.

How the MLRs apply to UK cryptoassets businesses

The MLRs have applied to “Cryptoasset exchange providers” (CEPs) and “custodian wallet providers” (CWPs) carrying on business in the UK since 10 January 2020. The key obligation imposed by the UK’s AML regime is the requirement to conduct know your customer checks and customer due diligence. The MLRs impose various further obligations, such as requiring firms to have policies to mitigate the money laundering/terrorist financing risks that they face, to conduct enhanced diligence in higher risk situations (e.g. by verifying the customer’s source of funds and source of wealth), and to monitor and keep records of customer transactions.

The need to register for AML supervision - key dates 

A key point to note is that since 10 January 2020 CEPs and CWPs are required to register with the FCA specifically for AML supervision before undertaking the relevant cryptoasset business, even if they are already FCA-authorised.

As a transitional measure, CEP/CWPs which carried on business in the UK before 10 January 2020 have until 10 January 2021 to be registered. The FCA requested that CEPs/CWPs operating pre-10 January 2020 should submit applications to register by 30 June 2020 to ensure time for processing (by default, the FCA has up to 3 months to determine an application for registration). Although that deadline has now passed, affected firms should nevertheless submit their applications as soon as possible.

Key insights from the JMLSG’s Guidance
  • What is a CEP? The definition of a CEP broadly captures services which exchange, or arrange the exchange of, cryptoassets for money or other cryptoassets, including cryptoasset ATMs. The guidance clarifies that, for example, the issuance of cryptoassets in return for goods, services, rights or actions is unlikely to amount to a CEP business (e.g. where cryptoassets are issued in return for click-throughs or product reviews). By contrast, a cryptoasset escrow service is likely to be a CEP when the firm has custody over the relevant cryptoassets. Whether cryptoasset miners are caught will depend on their business model.
  • Non-custodial wallets: The guidance indicates that the CWP definition is unlikely to capture firms which hold and store cryptographic keys but are not involved in their transfer. Hardware wallet manufacturers and cloud storing service providers are therefore likely to fall out of scope.
  • Presence in the UK: In most cases, firms will be brought within the territorial scope of the MLRs through a physical presence in the UK through which CEP/CWP business is carried on (including an ATM located in the UK).
  • Reporting obligations: While customer-related AML obligations only apply to the CEP/CWP parts of an in-scope business, firms are also reminded that the obligation to report suspicions of money laundering under the Proceeds of Crime Act 2002 are broader.
  • Who is the customer? For CEPs, generally the customer is the person requesting the exchange of cryptoassets. For CWPs, it is generally the person for whom they hold, store and transfer a cryptoasset. Other firms dealing with cryptoasset businesses should conduct customer due diligence (CDD) on a risk-sensitive basis and may need to apply additional measures where the relationship is akin to a correspondent banking relationship.
  • Scope of obligations: The guidance provides an overview of obligations for CEP/CWPs to undertake CDD, evidence a customer’s source of funds and wealth, and monitor transactions on an ongoing basis. It also indicates that blockchain analysis can form part of a CEP/CWP’s KYC measures in addition to (but not in place of) the measures required by the MLRs. In terms of record-keeping, the guidance says that relying solely on a blockchain record is not sufficient.
Specific AML risks arising in the cryptoassets sector

The guidance also summarises the JMLSG’s views on risks arising in the cryptoassets sector, as well as factors which may increase risk depending on individual business models. These include (among other things):

  • darknet and blacklisted addresses;
  • links to multiple jurisdictions;
  • dealing with funds originating from decentralised systems; and
  • the use of outsourced service providers or agents.

It also flags factors which cryptoassets firms could consider implementing to mitigate money laundering/terrorist financing risks, such as applying account/transaction limits and prohibiting transfers to third parties.

Next steps 

We can help firms with cryptoasset businesses determine whether they are in scope of the MLRs and to apply for AML registration with the FCA if necessary. Please get in touch if you would like to discuss the scope of the MLRs, the associated AML obligations, or the process for registration with the FCA.

With thanks to Priya Chand for her contribution to this post.