On 11 June, the UK’s financial services regulator, the Financial Conduct Authority (FCA), published a “Dear CEO letter” providing guidance on how banks should handle the financial crime risks associated with cryptoassets.
The FCA is concerned that cryptoassets are being used in criminal activities such as money laundering or terrorist financing. The regulator expects banks to take reasonable and proportionate measures to lessen the risk of facilitating such crimes.
The FCA notes that where banks offer services to clients who derive significant business activities or revenue from crypto-related activities, enhanced scrutiny may be necessary. The FCA recommends certain steps that may required, depending on the circumstances:
- developing staff knowledge on cryptoassets to increase their ability to identify high risk activities;
- ensuring that the firm’s financial crime frameworks adequately reflect cryptorelated activities;
- engaging with clients to understand the nature of their business and associated risks;
- increased due diligence and consideration of any adverse intelligence;
- for clients offering crypto-exchange services, assessing the adequacy of clients’ due diligence; and
- for clients involved in ICOs, considering the investor-base, organisers, functionality of tokens and jurisdiction.
The FCA doesn’t expect banks to approach all clients in the same way. Instead, banks should evaluate the risk associated with each business relationship and manage those risks appropriately.
In addition, the FCA makes clear that it expects firms to assess the risks posed by a client whose wealth or funds derive from the sale of cryptoassets, or other cryptoasset-related activities, using the same criteria that would be applied to other sources of wealth or funds.
The letter also highlights that consumers investing in ICOs may be at a heightened risk of falling victim to investment fraud (as noted in the FCA’s consumer warning on ICOs published in September 2017). The FCA points to the 2012 investment fraud review (carried out by its predecessor the Financial Services Authority) which includes details of good and bad practice as being relevant to ICOs.
It’s clear that, whilst no cryptocurrency regulation or detailed guidance has yet been introduced by the FCA, the regulator is continuing to monitor the market closely and will issue warnings and guidance statements where it considers appropriate. The risk for companies engaging in cryptoasset activities is that the UK banks, already reluctant to provide bank accounts to cryptoasset businesses (as identified by the FCA in October 2017), take this statement as justification for their reluctance.