On 27 July 2020, the Joint Money Laundering Steering Group (JMLSG), which comprises UK financial services industry trade bodies, published new sectoral guidance for cryptoasset exchange providers and custodian wallet providers regarding compliance with money laundering obligations. The Guidance provides an outline of the money laundering risks posed by cryptoassets and how cryptoasset firms can mitigate such risks.

Money-Laundering Risks of Cryptoassets

A 2020 study by the UK’s National Crime Agency reported that UK based criminals are identifying new ways of using virtual assets such as cryptocurrencies for money laundering purposes. Paragraph 22.33 of the Guidance outlines specific money-laundering risk factors posed by cryptoassets that include:

  • increased privacy – certain cryptoasset systems provide the ability for transactors to carry out transactions without being fully identified (although the Guidance notes that this is less likely to apply to public blockchains);
  • the cross-border nature of cryptoasset transactions – cryptoasset transactions can cross several jurisdictions, which can reduce the ability for regulators to oversee and supervise the application of anti-money laundering controls;
  • decentralisation – this means there is no central server or service provider that has overall responsibility for identifying users, monitoring transactions, reporting suspicious activity or acting as a contact point for law enforcement; and
  • innovation – cryptoasset innovations can give rise to new types of financial crime not posed by traditional payment and financial services products.

Legislative Background

The Financial Action Task Force (FATF) has called on its members to regulate cryptoassets to reduce the risk this new medium may be used for financial crime. Additionally, the EU’s Fifth Money Laundering Directive, which has been implemented in the UK via amendments to the Money Laundering Regulations 2017 (MLRs), requires Member States to act. The Guidance is designed to reflect changes introduced by the MLRs, which go further than the Directive by bringing cryptoasset exchange providers and custodian wallet providers within the scope of the UK’s money laundering regime. Businesses carrying on cryptoasset activity need to have been compliant with the MLRs from 10 January 2020. The Guidance is designed to assist cryptoasset exchange providers and custodian wallet providers comply with such compliance by taking a risk-based approach to cryptoassets.

Mitigating the Risks

In order to mitigate these risks, the Guidance explains that firms should carry out a thorough risk assessment, which includes, for example, considering:

  • customer risk – firms should take a holistic view of the information obtained from their customer due diligence checks in order to prepare a customer risk profile (paragraph 22.36);
  • product risk – the risk assessment should consider the features of the actual cryptoasset that customers may use during the transaction and the risks associated with that product (paragraph 22.37); and
  • transaction risk – the blockchain on which the transaction is taking place should be analysed to ascertain its risk profile (paragraph 22.38).

Once all relevant risks have been assessed, the Guidance identifies a number of measures to mitigate these risks:

  • the introduction of transaction limits, including limits on the total value of privacy coins that may be held, stored, transferred or exchanged (paragraph 22.41);
  • the use of time delays before certain automated and manual transactions can be carried out with a view to restrict the rapid movement of funds (paragraph 22.41);
  • the prohibition of transfers to third parties where details relating to the transaction, such as names involved, do not match (paragraph 22.41); and
  • carrying out customer due diligence, know-your-client checks, blockchain analysis, properly evidencing the source and destination of the funds and complying with ongoing monitoring obligations (paragraphs 22.42 – 22.60).

Impact on Cryptoasset Businesses

Although the JMLSG’s Guidance is not legally binding, once approved by the UK Treasury, UK courts will take into account a firm’s compliance with the Guidance when determining if it has committed a money laundering offence. Moreover, for businesses regulated by the Financial Conduct Authority, the regulator will take the Guidance into account when investigating breaches of its rules. For example, the requirement to have systems and controls to identify, assess, monitor and manage money laundering risks. Therefore, compliance provides firms with some legal protection over their anti-money laundering arrangements. As such, we recommend that cryptoasset businesses should review the Guidance and assess if they are compliant. If they are not, they would be wise to update their policies, procedures and staff-training regimes as necessary.


Sue McLean is a partner in the IT/Commercial Practice Group in Baker McKenzie's London office. Sue advises clients on technology, sourcing and digital media business models and deals, as well as the legal issues relating to the implementation of new technologies. Sue advises clients (both customers and suppliers) on a wide range of technology matters including outsourcing, digital transformation, technology procurement, development and licensing, m/e-commerce, cloud computing, AI, FinTech, blockchain/DLT, social media, data privacy and cybersecurity. Sue also advises on commercial agreements and the commercial, technology and intellectual property aspects of M&A transactions and joint ventures. Sue has experience across various business sectors, including the financial services, consumer, TMT, travel and life sciences industries. She regularly speaks and writes about the impact of disruptive technologies and has a regular blog for Computerworld.


Mark Simpson is a partner in the Financial Services & Regulatory Group in the London office where he practices in the areas of financial regulation, financial crime, and regulatory investigations. He is a member of the Firm's EMEA Financial Services & Insurance Steering Committee, as well as its Global Funds and FinTech Groups. He participates actively in industry bodies including the Alternative Investment Managers Association. He has authored a number of articles and other publications, most notably acting as a general editor of and contributor to the International Guide to Money Laundering Law and Practice, and A Practitioner's Guide to the Law and Regulation of Financial Crime.


Richard Powell is a knowledge lawyer within Baker McKenzie's global financial services regulatory group where he is responsible for supporting and developing the group's legal and technical knowledge. Previously he was a member of the UK Financial Conduct Authority's Enforcement Division where he advised on regulatory cases. He has also been an editor of Bloomberg Law's UK Financial Services Law Journal.


Ben Thatcher is an associate in the Financial Services Regulatory Team in Baker McKenzie’s London office.