The UK implemented the 5th Anti-Money Laundering Directive in January 2020 (The Money Laundering and Terrorist Financing (Amendment) Regulations [MLR] 2019), which extended anti-money laundering and counter terrorist financing (AML/CTF) regulation to include exchanges of fiat currency for cryptocurrency.
As of 10th January 2020, the Financial Conduct Authority (FCA) was made responsible for the regulation of cryptocurrency service providers (CSPs) for the purposes of AML/CTF. As part of taking on such responsibility, and brining CSPs into the AML/CTF regulatory perimeter, the FCA required applicable CSPs to register with them by 9th January 2021, or cease operations. At the time of writing there are only four entries on the FCA’s register (FCA, 2021b), and 104 firms awaiting registration, which raises questions as to the proactivity of the FCA in fulfilling its responsibilities. This paper will set out the intended regulation of CSPs, and consider the reasons behind the FCA’s lacklustre performance so far.
AML/CTF regulation of cryptocurrencies in the UK is to exceed the requirements of the latest EU Directive, by applying AML/CTF measures to transactions involving exchanges between cryptocurrencies as well as exchanges between cryptocurrencies and fiat currencies. The CSPs which will be regulated are those that provide exchange services or are custodian wallet providers. Regulation 14A(1) defines a “cryptoasset exchange provider” (MLR 2017) as any individual or firm which provides services for “exchanging, or arranging or making arrangements” (MLR 2017) to exchange cryptocurrency for either money or another cryptocurrency, including any activities which are automated (MLR 2017, Regulation 14A(1)). As well as exchanges, custodian wallet providers are also included in the regulation. A custodian wallet provider is defined as any individual or firm that “provides services to safeguard, or to safeguard and administer” (MLR 2017, Regulation 14B(2)) cryptocurrency on behalf of customers, or provides “private cryptographic keys” (MLR 2017, Regulation 14B(2)(b)) for customers to manage their cryptocurrency with. Cryptocurrency transactions are protected using public-key cryptography, which allows a user to receive cryptocurrency that has been sent to their public key, much like an address, using their private key, akin to a door key (Miles, Computerphile, YouTube, 2014). Not all cryptocurrency users use custodian wallets. A custodian wallet as described in the regulations is comparable to an online bank account, and so may be the most appealing to cryptocurrency beginners as the security is managed by their service provider. More experienced cryptocurrency users may utilise alternative types of wallets, which will not be regulated.
The amendment to the Money Laundering and Terrorist Financing Regulations 2017, means any business carrying out newly regulated activity must register with the FCA, and comply with the Regulations. AML/CTF regulation can be divided into two broad elements; data collection in the form of record keeping and completing customer due diligence requirements, and reporting requirements, principally suspicious activity reports. The measures are intended to increase financial intelligence.
Bringing CSPs into the regulatory perimeter shows the intent of the government to address a clear gap in its approach to AML/CTF, but the amended legislation is only valuable if it is utilised by the FCA. The initial steps by the FCA appeared to be positive, with the announcement of a year-long registration period, but this time looks to have been wasted as only four entries appear on the register as of January 2021. A mitigating factor for the FCAs performance so far could be the ongoing coronavirus pandemic, and that they are working through the 104 applicants on their temporary registration list, but neither of these arguments hold up to scrutiny. Firstly, the entries on the register so far were all added between 18th August and 1st September 2020, which illustrates firms could be vetted within the restrictions in place over the summer and autumn of 2020. Secondly, the temporary register appears to have a very low bar for inclusion, yet bestows included firms with “temporary registration” (FCA, 2021a) to carry out regulated activities. The FCA state that the firms on the temporary list have not been assessed by them as “fit and proper,” (FCA, 2021a) and the information appears to simply be an alphabetical list of firms which have applied to the FCA. The 104 temporary registered firms appear with their name, their address, and any other trading names used, however, this data is inputted in an inconsistent manner. There are entries which are in full capitals and other which lack capitals where required, the address formats vary, and there are two near identical entries; such errors and inconsistencies suggest the temporary register is simply pasted data from the firms applications. Questions might also be raised as to the integrity of the approved register too, as three of the four entries are registered at the same address and two of those entries lack a registered telephone number. Based on the state of both the register and the temporary register, the commitment of the FCA to regulating CSPs can be questioned. While disappointing, the performance of the FCA in implementing AML/CTF regulation of cryptocurrency activity, is consistent with their approach to cryptocurrencies to date.
The FCA has repeatedly stated that it does not regulate cryptocurrencies. The leading lines of advice on the FCA website state that cryptocurrencies are “considered very high risk, speculative investments” (FCA, 2019a) and those buying them should be “prepared to lose all your money.” (FCA, 2019a) Since the extension of the AML/CTF regulation, the FCA has caveated its advice, to state that cryptocurrencies are “only regulated in the UK for money laundering purposes.” (FCA, 2019a) The FCA appears reluctant to be proactive with regards to cryptocurrencies, it could have interpreted the broad definition of a ‘money services business’ in Regulation 3 of the Money Laundering Regulations (MLR 2017) to allow it to regulate cryptocurrencies three years before being explicitly handed the role by government. A money services business includes “an undertaking which by way of business operates a currency exchange office, transmits money (or any representations of monetary value) by any means,” (MLR 2017, Regulation 3(1)(d)) which can clearly include cryptocurrencies, given their monetary value.
The FCA has commissioned research to ascertain the level of consumer engagement with cryptocurrencies. The research by Revealing Reality for the FCA identified three main factors fuelling cryptocurrency investment; a weakened trust in mainstream media, looking for the next ‘shortcut’, and acting on recommendations (FCA 2019b). These are worrying trends in behaviour, which will lead to individuals making losses as they invest in spurious products in an unregulated market. Such findings should be the catalyst for an intervention, but no such response has materialised. The justifications for the FCA’s approach are not clear, but may be explained by their understanding of the demographic of cryptocurrency investors. In December 2019 the FCA claimed that 80% of cryptocurrency holdings in the UK were held by 1% of the population, (FCA 2019c) suggesting the industry is not popular enough to be of concern. 50% of those who had invested held less than £260, which further suggests a low risk in terms of potential losses. The information from the FCA also suggested investors were well informed as 89% knew they were not protected, and 92% could identify a definition of a ‘cryptoasset’. It appears that although research shows poor investment practices from consumers, the levels of money involved means the FCA does not see the need to regulate.
In conclusion, it appears as though cryptocurrencies and CSPs will remain largely unregulated, unless the FCA’s approach changes drastically. The legislation is in place to cover a degree of cryptocurrency activity, but this legislation does not appear to be being enforced. The FCA has only processed four entries onto its register of approved firms, out of 108 applicants, which is a poor performance. It appears as though the FCA does not hold cryptocurrencies in high regard and does not view the issue as affecting a large proportion of the population. The approach of the FCA has been lacklustre, which raises a number of questions as to the reasoning; a lack of understanding, a lack of available resources, or simply a low priority?
Dr Henry Hillman is a senior lecturer at the University of the West of England in Bristol, leading the Commercial Law and Law of Financial Crime and Regulation modules. He has recently completed his PhD, researching the money laundering risks posed by cryptocurrencies, and continues to research the regulatory issues surrounding cryptocurrencies. Henry’s research interests are financial crime, cryptocurrencies, banking regulation and financial crises.