On 11 June, the UK’s financial services regulator, the Financial Conduct Authority (FCA), published a “Dear CEO letter” providing guidance on how banks should handle the financial crime risks associated with cryptoassets.

The FCA is concerned that cryptoassets are being used in criminal activities such as money laundering or terrorist financing. The regulator expects banks to take reasonable and proportionate measures to lessen the risk of facilitating such crimes.

The FCA notes that where banks offer services to clients who derive significant business activities or revenue from crypto-related activities, enhanced scrutiny may be necessary. The FCA recommends certain steps that may required, depending on the circumstances:

  • developing staff knowledge on cryptoassets to increase their ability to identify high risk activities;
  • ensuring that the firm’s financial crime frameworks adequately reflect cryptorelated activities;
  • engaging with clients to understand the nature of their business and associated risks;
  • increased due diligence and consideration of any adverse intelligence;
  • for clients offering crypto-exchange services, assessing the adequacy of clients’ due diligence; and
  • for clients involved in ICOs, considering the investor-base, organisers, functionality of tokens and jurisdiction.

The FCA doesn’t expect banks to approach all clients in the same way. Instead, banks should evaluate the risk associated with each business relationship and manage those risks appropriately.

In addition, the FCA makes clear that it expects firms to assess the risks posed by a client whose wealth or funds derive from the sale of cryptoassets, or other cryptoasset-related activities, using the same criteria that would be applied to other sources of wealth or funds.

The letter also highlights that consumers investing in ICOs may be at a heightened risk of falling victim to investment fraud (as noted in the FCA’s consumer warning on ICOs published in September 2017). The FCA points to the 2012 investment fraud review (carried out by its predecessor the Financial Services Authority) which includes details of good and bad practice as being relevant to ICOs.

It’s clear that, whilst no cryptocurrency regulation or detailed guidance has yet been introduced by the FCA, the regulator is continuing to monitor the market closely and will issue warnings and guidance statements where it considers appropriate.  The risk for companies engaging in cryptoasset activities is that the UK banks, already reluctant to provide bank accounts to cryptoasset businesses (as identified by the FCA in October 2017), take this statement as justification for their reluctance.


Sue McLean is a partner in the IT/Commercial Practice Group in Baker McKenzie's London office. Sue advises clients on technology, sourcing and digital media business models and deals, as well as the legal issues relating to the implementation of new technologies. Sue advises clients (both customers and suppliers) on a wide range of technology matters including outsourcing, digital transformation, technology procurement, development and licensing, m/e-commerce, cloud computing, AI, FinTech, blockchain/DLT, social media, data privacy and cybersecurity. Sue also advises on commercial agreements and the commercial, technology and intellectual property aspects of M&A transactions and joint ventures. Sue has experience across various business sectors, including the financial services, consumer, TMT, travel and life sciences industries. She regularly speaks and writes about the impact of disruptive technologies and has a regular blog for Computerworld.


Dan Relton is an Associate in the London office of Baker McKenzie.