Virtual asset businesses in the UK must comply with anti-money laundering regulations, as the UK joins a growing list of countries aligning with global FATF Recommendations.
As from 10 January 2020, virtual asset (cryptoasset in the UK) businesses operating in the UK, must comply with national anti-money laundering and counter-terrorism financing (AML/CTF) Regulations.
The EU’s Fifth Anti-Money Laundering Directive (5AMLD) will strengthen the requirements that EU Member States must adopt to combat money laundering and terrorist financing. One of the fundamental changes is the inclusion of certain virtual asset-related activities. A deadline of 10 January 2020 was set for Member States to make necessary changes to their national legislation to give effect to the Directive.
In the UK, this has been achieved through the adoption of The Money Laundering and Terrorist Financing (Amendment) Regulations 2019, amending the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). However, the approach taken by the UK goes beyond the requirements of 5AMLD, which focuses on virtual asset businesses that exchange virtual assets for fiat (traditional) currencies and vice versa, and custodian wallet providers.
In October 2018, the Financial Action Task Force (FATF) adopted changes to its Recommendations to explicitly clarify that they apply to financial activities involving virtual assets and to virtual asset service providers (VASPs). FATF’s definition of virtual asset activities is much broader. The UK has acted to more closely align the scope of its MLRs to the FATF Recommendations.
The UK AML/CFT supervisor for virtual asset businesses is the Financial Conduct Authority (FCA).
Who is affected?
The changes apply to the following types of virtual asset businesses operating in the UK:
Virtual asset exchange providers
- Firms that exchange fiat currencies to virtual assets and vice versa and between one type of virtual asset and another.
- Firms that facilitate or provide a marketplace that brings together prospective buyers and sellers to exchange fiat currencies to virtual assets and vice versa and between one type of virtual asset and another.
- Issuers of new virtual assets in, for example, an initial coin offering (ICO) or initial exchange offering (IEO).
- Firms that are operating automated teller machines (ATMs) that exchange fiat currencies to virtual assets and vice versa.
Custodial wallet providers
- Firms that provide services of safeguarding and administering virtual assets or private cryptographic keys to hold, store or transfer virtual assets for its customers.
In the UK a cryptoasset is defined as:
a cryptographically secured digital representation of value or contractual rights that uses a form of distributed ledger technology and can be transferred, stored or traded electronically.
What is the impact on those affected?
All virtual asset businesses that fall within scope will need to assess the risks of money laundering and terrorist financing they are exposed to. Businesses will need to develop and maintain policies and procedures to effectively manage and mitigate the risks of money laundering and terrorist financing identified in their risk assessment.
In effect, they will need to carry out due diligence on the individuals and businesses they engage with, including verifying the identities and understanding the economic activities and source of wealth of their clients. They will need to monitor transactions and report any suspicious activities to the National Crime Agency (NCA).
Controls need to be proportionate to the size and nature of the business and level of risk. In other words, firms will need to take a risk-based approach, carrying out enhanced levels of due diligence and monitoring of customers and activities that pose the most significant risks of money laundering and terrorist financing.
Board members and senior management must have the skills and experience to identify and mitigate money laundering and terrorist financing risks effectively.
Undertaking a risk assessment as a one-off exercise is not enough. Virtual asset businesses will need to regularly review the environment in which they operate, the business relationships that they have established and regularly review their policies and procedures to ensure they continue to be effective and fit for purpose.
Registration with the FCA
Virtual asset businesses can register with the FCA as from 10 January 2020. Any firm providing virtual asset-related activities before this date can continue to do so in compliance with the MLRs but must have registered with the FCA by 10 January 2021. Firms are, therefore, encouraged to register as soon as possible.
The FCA aims to assess registrations within three months. Applications from existing businesses must be submitted by 30 June 2020 in order to be determined in good time. Firms that have not completed registration by 10 January 2021 must cease activities.
New virtual asset businesses must be registered before they start operations.
As part of the registration process, firms will need to evidence to the FCA that they have assessed the money laundering and terrorist financing risks to which their business is exposed. The assessment must take into account the products and services they offer, the type of clients they deal with, the delivery channels and the countries in which they provide services.
Firms must satisfy the FCA that they have implemented robust controls, effective at mitigating the money laundering and terrorist financing risks identified in its assessment.
Members of the board and senior management will also need to evidence that they have the necessary expertise to fulfil their roles. The FCA’s assessment of this may be carried out by interviews of key role holders.
The FCA encourages the use of independent third parties with the relevant expertise to support boards and senior management understand the risks and meet their regulatory obligations.
As from 10 January 2020, virtual asset businesses in the UK and across the EU will be subject to the same AML/CFT requirements as financial services businesses, creating a more level playing field.
The FATF’s clarification that its Recommendations apply to virtual assets and VASPs firmly establishes the global trend for bringing virtual asset businesses in line with traditional finance, normalising crypto innovation. Crypto is now part of the global financial system.
Although this will no doubt present a challenge for virtual asset businesses, and increase the cost of doing business, it will also present some opportunities. Aligning virtual asset businesses with traditional financial services and subjecting them to the same AML/CFT obligations can help solve one of the biggest challenges virtual asset businesses face — accessing financial services such as banking facilities. It will also bring about greater institutional involvement.
It makes good practical sense to be aware of the money laundering and terrorist financing risks your business is exposed to and be able to develop ways of mitigating them. The key is making sure you understand the risks well enough to be able to create targeted, risk-based controls, effective at reducing the risk while supporting commercial objectives, allowing firms to continue to be competitive and customer-focused.