Cryptoasset service providers should plan, not panic


Spead read: The recent Financial Conduct Authority (FCA) ban on crypto-derivatives trading to retail consumers sent waves of commentary through the crypto world. While it is debatable whether the course of action by the FCA was correct, it does serve as a reminder that cryptoasset service providers are fully regulated and must comply with the laws and regulations of the land.

The Current Regulatory Position

The 5th Anti-Money Laundering Directive (5MLD) required the UK to regulate cryptoasset wallet and exchange providers, and on 10 January 2020, the United Kingdom transposed the 5MLD. The FCA was given the power to regulate cryptoasset service providers, which ranges from the operation of exchange providers to some initial coin offerings. The FCA regulates the service providers in line with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, or MLRs.

The companies are required to not only register with the FCA by 10 January 2021, but also abide by the MLRs from 10 January 2020, or risk enforcement including fines and sanctions.

How should cryptoasset service providers respond?

The FCA’s recent decision to ban derivatives trading to retail consumers for certain cryptoassets displays the lengths it is willing to go to create safeguards for the public. Whether the decision was accurate or not, companies working within this area will need to cease trading on 6 January 2021 or risk punishment for breaching the ban.

How should other service providers respond to the FCA decision? The companies should use the FCA’s action as a reminder of the power their regulator holds and to ensure they are operating in line with the MLRs. Further, it is an excellent time to look at compliance across the board and check that internal policies factor in the reporting obligations under Part 7 of the Proceeds of Crime Act 2002 (POCA 2002).

Mind the MLRs

Service providers have been required since January 2020 to comply with the MLRs. Their duties include the need to have a money laundering reporting officer, or MLRO, appointed in the company. Further, there must be anti-money laundering training for employees. It is no longer sufficient for companies to set their standards for due diligence, the procedures must be risk-based and screen for politically exposed persons (PEPs) and those operating from sanctioned countries.

As the deadline for registration with the FCA nears, cryptoasset service providers should be asking themselves the following questions:

  • Am I registered with the FCA per the MLRs?
  • Do I have an MLRO in place, does the MLRO have sufficient continuing professional development and staff support?
  • Are my frontline staff trained in anti-money laundering procedures?
  • If using regulatory technology for due diligence, does this technology include the necessary screening for PEPs, funds from sanctioned countries and individuals placed on the United States’ OFAC sanctions list?
  • Where compliance and frontline staff are working from home, do my employees have the necessary tools or resources at home to carry out their due diligence?
  • If operating as a cryptoasset wallet or exchange provider, has the recent Joint Money Laundering Steering Group’s guidance[1] been reviewed?

Finally, service providers will need to consider if their businesses could be affected by the sanctions changes post-Brexit. Is there a risk that criminals may attempt to evade financial sanctions through cryptoassets? It is possible, an example being petro, the Venezuelan national cryptocurrency. The coin was exploited by both the Venezuelan President and reportedly the Russians, to evade US sanctions,[2] until an executive order was signed in 2018 banning all transactions via petro or any Venezuelan ‘digital currency, digital coin, or digital token’ in the US.[3]

Do not forget the NCA

The National Crime Agency (NCA) is responsible for handling the suspicious activity reports related to financial transactions. Cryptoasset service providers fall within the regulated sector under the POCA 2002 and are required to submit a suspicious activity report (SAR) to the NCA for any suspicious activity.

Failure to report suspicious activity to the NCA could result in an offence under section 330 POCA 2002 against individual employees within a service provider.

Therefore, service providers will need to ensure they have a SAR reporting regime in place and are alert to the need to make a defence against money laundering SAR (DAML SAR) to prevent triggering a money laundering offence potentially.


Cryptoasset service providers should not go into a state of panic about the recent decision by the FCA. Instead, companies should remain focused on completing registration and, or complying with their regulator. Further, there should be sufficient attention paid to making sure there are steps in place to comply with the NCA moving forward.

Ariana Caines is a Barrister and Associate at Bright Line Law with experience in Part 7 POCA 2002 matters and an interest in cryptoassets.


[1] Available here: last accessed 3 November 2020. Guidance for cryptoasset wallet and exchange providers is within Part 2, sector 22

[2] Simon Shuster, Exclusive: Russia Secretly Helped Venezuela Launch a Cryptocurrency to Evade U.S. Sanctions, 20 March 2018. Last accessed 2 November 2020

[3] The White House, Executive Order on Taking Additional Steps to Address the Situation in Venezuela, 19 March 2020, Last accessed 2 November 2020