19 Feb 19.02.2020 New U.K. Anti-Money Laundering Requirements for Cryptoasset Businesses
19.02.2020 New U.K. Anti-Money Laundering Requirements for Cryptoasset Businesses
On 10 January 2020 the EU’s 5th Anti Money Laundering Directive came into effect (the “Directive”).
The Directive (“5AMLD”) subjects certain participants in the crypto-asset sector to regulation for anti-money laundering (AML) and counter-terrorism financing (CTF) compliance purposes.
The Money Laundering, Terrorist Financing, Transfer of Funds (Information on the Sender) Regulations 2017 (the “MLRs”) have been amended to bring certain crypto-related business within scope. These businesses need to comply with the range of regulatory obligations other regulated entities such as banks and money service businesses.
Crypto businesses have operated outside of the regulatory perimeter for a long time. Applying these AML/CTF requirements is a first step towards bringing cryptoassets within the ambit of regulation.
What’s changing and why?
According to a statement from the European Commission on adoption by the European Parliament of the 5th Anti-Money Laundering Directive , 5AMLD is being introduced as part of an action plan to counteract the financing of terror plots and ensure more is done to prevent illegal financial dealings like those revealed in the Panama papers.
Previously, digital wallet providers and both virtual and fiat currency exchanges were under no obligation by the EU to identify suspicious activity, this was despite the anonymity of crypto-assets making them vulnerable to misuse.
As of 10 January 2020, the Financial Conduct Authority (FCA) has been appointed as the supervisor of UK cryptoasset businesses under the MLRs, and all cryptoasset business, which fall within the scope of the MLRs, must register with the FCA. The new Regulations give the FCA additional powers to supervise those cryptoasset businesses including the power to give directions and impose reporting requirements.
Therefore, from 10 January 2020, digital wallet providers, crypto-asset/cryptocurrency exchanges or any cryptoasset businesses are subject to registration and supervision for AML compliance. They must apply to the FCA for registration and the FCA is entitled to refuse registration to those applicants it does not regard as fit and proper (including those businesses without the necessary skills and experience).
Some consider this a vital measure, particularly given that because it becomes harder to hide criminal activity via traditional forms of banking, it becomes more important for fintechs and other providers of financial services to take responsibility for preventing terrorist financing, money laundering, tax evasion and other financial crime.
Digital wallet providers and crypto-asset exchanges are now regulated and supervised to ensure they have a variety of AML, CTF and other checks in place to verify clients are operating legally and are reporting suspicious activity. This includes the need to have:
– Proper KYC onboarding
– Adequate checks on company ownership
– Sufficient checks that they are not dealing with sanctioned countries
– Transaction and money flows checks
– Regular periodic client outreach
Each crypto exchange provider and custodian wallet provider must provide to the FCA such information as the FCA may direct about compliance by the business with AML/CTF regulations. This is to allow the FCA to calculate supervision charges and so that the FCA can effectively carry out its supervisory and enforcement functions.
Customer Disclosure Obligations
Crypto exchange providers and custodian wallet providers are required to disclose to customers whether or not their activities are covered by the jurisdiction of the Financial Ombudsman Service (“FOS”) and/or subject to the protection under the Financial Services Compensation Scheme (“FSCS”).
Software and intelligent automation platforms can help crypto-asset businesses to start putting 5AMLD into practice.
For example, there is software available that can automatically background check an organisation to see if its ownership structure has changed, how long it has been established and where the company is registered. Furthermore, robotic and digital process automation (RPA and DPA) can be used to trigger an action such as an email asking banks for financial information to show source of income, check for originating payments and even discrepancies in costs and profit to check for employees secretly siphoning off funds.
Businesses, which are already operating as of 10 January 2020, have a transitional period in which to become compliant and register. New start-ups, however, need to complete the registration process with the FCA prior to commencing business
The implementation of 5MLD in the U.K. brings a new source of regulations to cryptoasset businesses, which previously went unregulated. It provides these firms with regulatory obligations relating to AML/CTF akin to other firms the FCA supervises, including the need to seek registration and make clear customer disclosures such as whether or not the FSCS applies. Cryptoasset businesses are now within the purview of the FCA and should be prepared for scrutiny over their AML policies and procedures. More regulation or enforcement action in this cryptoasset area could follow.
This update to the directive is especially important to cryptoasset businesses operating in England and Wales as it brings the majority of those businesses within its scope and therefore subject to the MLRs.