FCA regulation of cryptocurrency service providers: A slow start

Posted on

By Henry Hillman, Lecturer in Law at UWE Bristol.

The UK implemented the 5th Anti-Money Laundering Directive in January 2020,[1] which extended anti-money laundering and counter terrorist financing (AML/CTF) regulation to include exchanges of fiat currency for cryptocurrency. As of 10th January 2020, the Financial Conduct Authority (FCA) was made responsible for the regulation of cryptocurrency service providers (CSPs) for the purposes of AML/CTF. As part of taking on such responsibility, and brining CSPs into the AML/CTF regulatory perimeter, the FCA required applicable CSPs to register with them by 9th January 2021, or cease operations. At the time of writing there are only four entries on the FCA’s register,[2] and 104 firms awaiting registration, which raises questions as to the proactivity of the FCA in fulfilling its responsibilities. This paper will set out the intended regulation of CSPs, and consider the reasons behind the FCA’s lacklustre performance so far.

AML/CTF regulation of cryptocurrencies in the UK is to exceed the requirements of the latest EU Directive, by applying AML/CTF measures to transactions involving exchanges between cryptocurrencies as well as exchanges between cryptocurrencies and fiat currencies. The CSPs which will be regulated are those that provide exchange services or are custodian wallet providers. Regulation 14A(1) defines a “cryptoasset exchange provider”[3] as any individual or firm which provides services for “exchanging, or arranging or making arrangements”[4] to exchange cryptocurrency for either money[5] or another cryptocurrency,[6] including any activities which are automated.[7] A custodian wallet provider is defined as any individual or firm that “provides services to safeguard, or to safeguard and administer”[8] cryptocurrency on behalf of customers, or provides “private cryptographic keys”[9] for customers to manage their cryptocurrency with. Cryptocurrency transactions are protected using public-key cryptography, which allows a user to receive cryptocurrency that has been sent to their public key, much like an address, using their private key, akin to a door key.[10] Not all cryptocurrency users use custodian wallets. A custodian wallet as described in the regulations is comparable to an online bank account, and so may be the most appealing to cryptocurrency beginners as the security is managed by their service provider. More experienced cryptocurrency users may utilise alternative types of wallets, which will not be regulated.[11] 

The amendment to the Money Laundering and Terrorist Financing Regulations 2017,[12] means any business carrying out newly regulated activity must register with the FCA, and comply with the Regulations. AML/CTF regulation can be divided into two broad elements; data collection in the form of record keeping and completing customer due diligence requirements, and reporting requirements, principally suspicious activity reports. The measures are intended to increase financial intelligence.

Bringing CSPs into the regulatory perimeter shows the intent of the government to address a clear gap in its approach to AML/CTF, but the amended legislation is only valuable if it is utilised by the FCA. The initial steps by the FCA appeared to be positive, with the announcement of a year-long registration period, but this time looks to have been wasted as only four entries appear on the register as of January 2021.[13] A mitigating factor for the FCA’s performance so far could be the ongoing coronavirus pandemic, and that they are working through the 104 applicants on their temporary registration list, but neither of these arguments hold up to scrutiny. Firstly, the entries on the register so far were all added between 18th August and 1st September 2020, which illustrates firms could be vetted within the restrictions in place over the summer and autumn of 2020. Secondly, the temporary register appears to have a very low bar for inclusion, yet bestows included firms with “temporary registration”[14] to carry out regulated activities. The FCA state that the firms on the temporary list have not been assessed by them as “fit and proper,”[15] and the information appears to simply be an alphabetical list of firms which have applied to the FCA. The 104 temporary registered firms appear with their name, their address, and any other trading names used, however, this data is inputted in an inconsistent manner. There are entries which are in full capitals and other which lack capitals where required, the address formats vary, and there are two near identical entries; such errors and inconsistencies suggest the temporary register is simply pasted data from the firms applications. Questions might also be raised as to the integrity of the approved register too, as three of the four entries are registered at the same address and two of those entries lack a registered telephone number.[16] Based on the state of both the register and the temporary register, the commitment of the FCA to regulating CSPs can be questioned. While disappointing, the performance of the FCA in implementing AML/CTF regulation of cryptocurrency activity is consistent with their approach to cryptocurrencies to date.

The FCA has repeatedly stated that it does not regulate cryptocurrencies. The leading lines of advice on the FCA website state that cryptocurrencies are “considered very high risk, speculative investments”[17] and those buying them should be “prepared to lose all your money.”[18] Since the extension of the AML/CTF regulation, the FCA has caveated its advice, to state that cryptocurrencies are “only regulated in the UK for money laundering purposes.”[19] The FCA appears reluctant to be proactive with regards to cryptocurrencies, it could have interpreted the broad definition of a ‘money services business’ in Regulation 3 of the Money Laundering Regulations[20] to allow it to regulate cryptocurrencies three years before being explicitly handed the role by government. A money services business includes “an undertaking which by way of business operates a currency exchange office, transmits money (or any representations of monetary value) by any means,[21] which can clearly include cryptocurrencies, given their monetary value.

The FCA has commissioned research to ascertain the level of consumer engagement with cryptocurrencies. The research by Revealing Reality for the FCA identified three main factors fuelling cryptocurrency investment; a weakened trust in mainstream media, looking for the next ‘shortcut’, and acting on recommendations.[22] These are worrying trends in behaviour, which will lead to individuals making losses as they invest in spurious products in an unregulated market. Such findings should be the catalyst for an intervention, but no such response has materialised. The justifications for the FCA’s approach are not clear, but may be explained by their understanding of the demographic of cryptocurrency investors. In December 2019 the FCA claimed that 80% of cryptocurrency holdings in the UK were held by 1% of the population,[23] suggesting the industry is not popular enough to be of concern. 50% of those who had invested held less than £260,[24] which further suggests a low risk in terms of potential losses. The information from the FCA also suggested investors were well informed as 89% knew they were not protected, and 92% could identify a definition of a ‘cryptoasset’.[25] It appears that although research shows poor investment practices from consumers, the levels of money involved means the FCA does not see the need to regulate.

In conclusion, it appears as though cryptocurrencies and CSPs will remain largely unregulated, unless the FCA’s approach changes drastically. The legislation is in place to cover a degree of cryptocurrency activity, but this legislation does not appear to be being enforced. The FCA has only processed four entries onto its register of approved firms, out of 108 applicants, which is a poor performance. It appears as though the FCA does not hold cryptocurrencies in high regard and does not view the issue as affecting a large proportion of the population. The approach of the FCA has been lacklustre, which raises a number of questions as to the reasoning; a lack of understanding, a lack of available resources, or simply a low priority?

First published in the Open University Law, Information, Future, Technology Blog.


[1] The Money Laundering and Terrorist Financing (Amendment) Regulations 2019, SI 2019/1511.

[2] Financial Conduct Authority, ‘Registered Cryptoasset firms’ <https://register.fca.org.uk/s/search?predefined=CA> accessed 21 January 2021.

[3] The Money Laundering and Terrorist Financing (Amendment) Regulations 2019, SI 2019/1511 Regulation 14A(1).

[4] ibid at Regulation 14A(1)(a) and (b).

[5] ibid at Regulation 14A(1)(a).

[6] ibid at Regulation 14A(1)(b).

[7] ibid at Regulation 14A(2).

[8] ibid at Regulation 14A(2).

[9] ibid at Regulation 14A(2)(b).

[10] For an accessible explanation of public-key cryptography see: Robert Miles – Computerphile, ‘Public Key Cryptography’ (22 July 2014) <https://www.youtube.com/watch?v=GSIDS_lvRv4> accessed 22 January 2021.

[11] For further details in types of wallet see: Bitcoin.org, ‘Choose your Bitcoin wallet’ <https://bitcoin.org/en/choose-your-wallet?step=1> accessed 22 January 2021.

[12] Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

[13] Financial Conduct Authority, ‘Registered Cryptoasset firms’ <https://register.fca.org.uk/s/search?predefined=CA> accessed 21 January 2021.

[14] Financial Conduct Authority, ‘Cryptoasset firms with Temporary Registration’ (8 January 2021) <https://register.fca.org.uk/servlet/servlet.FileDownload?file=0154G0000062BtF> accessed 21 January 2021.

[15] ibid.

[16] Financial Conduct Authority, ‘Registered Cryptoasset firms’ <https://register.fca.org.uk/s/search?predefined=CA> accessed 21 January 2021.

[17] Financial Conduct Authority, ‘Cryptoassets’ (7 March 2019, last updated 11 January 2021) <https://www.fca.org.uk/consumers/cryptoassets> accessed 22 January 2021.

[18] ibid.

[19] ibid.

[20] Money Laundering Regulations 2017, Regulation 3.

[21] ibid Regulation 3(1)(d).

[22] Financial Conduct Authority, ‘How and why consumers buy cryptoassets: A report for the FCA’ (07 March 2019) <https://www.fca.org.uk/publication/research/how-and-why-consumers-buy-cryptoassets.pdf> accessed 22 January 2021 at p.47.

[23] Financial Conduct Authority, ‘Infographic: Cryptoasset consumer research 2020’ (December 2019) <https://www.fca.org.uk/publication/documents/crypto-assets-infographic.pdf> accessed 22 January 2021.

[24] ibid.

[25] ibid.

Superfast Scout software could put more cyber criminals into jail

Posted on

Experts at the University of the West of England (UWE Bristol) are working with a technology company to develop software that is set to drastically reduce the amount of time it takes to identify financial crime. The two-year project, which is co-funded by the UK’s Innovation agency, Innovate UK, could help tackle money laundering and financing of criminal activities, as well as potentially lead to more convictions.

UWE Bristol’s Professor Nicholas Ryder, an expert in financial crime, Dr Phil Legg, who specialises in cybersecurity, and Henry Hillman (cryptocurrency) are working with the team at Synalogik, an SME based in Tewkesbury that develops systems that automate intelligence-gathering and investigation.

Together they are developing Scout™, a system that can detect suspicious online money transfer activity extremely fast and therefore potentially save hours of laborious police work. The program locates financial activity that could be fraudulent, scores it in terms of risk, and does all this in minutes rather than the hours or even days it could take police analysts to sift through data.

The subsequent effect is creating an environment where investigators or analysts have more capacity to conduct immediate lines of enquiries and are significantly more productive than when operating previous obsolete criminal investigation procedures manually.

Professor Ryder said: “This is an exciting project to be involved in and is ground breaking when it comes to tackling activist financing as it will massively speed things up and will therefore save valuable time in tracking down criminals or activists. It has never been done before in this way and the quicker the intelligence comes through, the better.”

He explained that previously it was compulsory for financial institutions to provide data around potentially fraudulent activity to the National Crime Agency (NCA) and this could cause delay in identifying cyber criminals because, in many cases, these were false leads.

“One of the major problems of reporting allegations of financial crime has been that financial institutions have been obligated to report it. That system is flawed because people feel they have to report allegations of money laundering, even when there is no evidence. This has led to too much reporting that’s not necessarily accurate,” said Professor Ryder.

Scott Coughtrie, who is Head of Strategic Operations at Synalogik, said: “Our innovative software is disruptive because the operational capabilities and applications in the differing investigative sectors in which Scout is deployed provide real time investigation and live analysis opportunities which never existed until very recently.”

“The expertise provided by UWE Bristol’s Research and Global Crime, Justice and Security Research Group is essential to understanding criminal methodology, processes, operational practices and patterns of behaviour to enable a complete insight into the risk associated with criminal activity and how we predict, identify, prevent and, in the cases of prosecution, evidence all material and actions.”

Innovate UK drives productivity and economic growth by supporting businesses to develop and realise the potential of new ideas. Innovate UK is part of UK Research and Innovation. For more information visit www.innovateuk.ukri.org

Take advantage of degree apprenticeship SME funding with UWE Bristol

Posted on

15 May 2019 15:00 – 17:00

Register here

Are you interested in upskilling your workforce and does the cost of training seem a barrier to accessing local talent?

This event provides an opportunity to hear first-hand accounts from existing businesses who have apprentices at UWE, and how to make it work. In addition to this, we will be highlighting upcoming degree apprenticeships and further opportunities for your business to train your employees at degree level with the funding available.

UWE Bristol is the only university in the region with funding from the Education and Skills Funding Agency (ESFA) to support non-levy employers and has secured funding to support apprentices from Small and Medium-sized Enterprises (SMEs).

David Barrett, Director of Apprenticeships at UWE Bristol, will welcome you to the event and alongside the Degree Apprenticeship Hub team will be able to help identify your training needs and suitable solutions.

Spaces are limited for this event, so please register below.

If you have any questions about this event or degree apprenticeships please feel free to contact Ellen Parkes.

We are looking forward to meeting you and beginning the degree apprenticeship partnership journey.

The event takes place in the University Enterprise Zone on Frenchay Campus from 15:00 – 17:00.

Register here