Clifford Chance

On 10 January 2020, 'crypto exchange providers' and 'custodian wallet providers' became subject to the UK money laundering regime through UK implementation of the Fifth Money Laundering Directive (5MLD) through the Money Laundering and Terrorist Financing (Amendment) Regulations 2019.

Hopefully, businesses that fall into these categories will already know that they do, but by way of quick reminder:

• 'cryptoasset exchange providers' are, firms which exchange, arrange or make arrangements (whether automated or otherwise) for the exchange of money (i.e. fiat currency) and cryptoassets; or of one cryptoasset for another; and
• 'custodian wallet providers' are firms that provide services to safeguard, or to safeguard and administer: cryptoassets or private cryptographic keys on behalf of its customers, or which hold, store and transfer cryptoassets.

Key points for crypto businesses meeting those definitions now the 10 January 2020 deadline has passed:

• You are now obliged to become a 'firm' in regulatory speak by registering with the FCA during 2020.
• If you are a new cryptoasset businesses that intends to carry on a cryptoasset activity, you must be registered before you can carry on that activity.
• If you are an existing cryptoasset businesses which was already carrying out cryptoasset activity before 10 January 2020, you may continue their business, in compliance with the UK AML regime, but must register by 10 January 2021 or stop all cryptoasset activity.
• Authorisation: You can submit applications now using the FCA's Connect system. The FCA says you must be fully prepared when applying and, if at any point you are not, "should withdraw [your] application": "If firms are given feedback [on their application] they must go away and do the work. Not simply submit a new application."
• Timing: To process and authorise firms by 10 January 2021, the FCA cut-off date is 10 October 2020 - your application must be submitted by 10 June 2020.
• Firm visits: The FCA will make onsite visits to most firms seeking authorisation in the next 2 years, giving you written notification one week before a visit. The depth will reflect the firm and its complexity, but could last between half a day and two days. If you do not meet the required standards you will be required to put things right "very quickly" or cease trading - there is no remedial phase.
• Interviews: Your Nominated Officer and other key staff (senior managers/compliance) will be interviewed. The FCA envisages interviewing 1-5 people for small firms and 5-10 for large firms.
• All of this means that you will need to comply not only with the UK money laundering regime, but also the requirements of the FCA as your regulator more generally.

If you are one of these new firms, this means that you are obliged take steps to carry out a raft of requirements, including:

• assessing the money laundering and terrorist financing risks you face;
• putting in place adequate policies, controls and procedures to deal with these risks;
• fulfilling customer and transaction due diligence obligations, including enhanced due diligence for high risk customers and transactions;
• checking the AML compliance of suppliers and other third parties with whom you engage;
• reporting any suspicious activity you detect under the suspicious activity reporting (SAR) obligations in the Proceeds of Crime Act (POCA) 2002 and the Terrorism Act 2000;
• training your employees, and any agents used for the purposes of your business, on their obligations;
• keeping appropriate records of your AML compliance and other compliance with other regulatory requirements as an FCA-regulated firm;
• complying with the FCA's Principles for Business, the FCA Handbook and other regulatory rules guidance applicable as an FCA-regulated firm.

Unfortunately, at the time of writing no specific guidance has been given for new crypto firms to follow in respect of AML compliance. Notwithstanding the lack of specific guidance, the FCA is clear that firms which now fall within the scope of the regime must ensure they have systems and controls in place for compliance with AML requirements, stating: "We expect firms to comply with the new, amended regulations from 10 January 2020. In assessing our approach to firms that may not be compliant on that date, we will take into account evidence that they have taken sufficient steps before that date to comply with these new obligations."

It is expected that the existing guidance on the UK AML regime will be updated to reflect the changes made by the MLRs 2019 in due course (the Government not yet formally having issued a response to its consultation on transposition of 5MLD which closed in June 2019). Firms must therefore consider the existing framework and guidance, including the relevant sections of the FCA Handbook, the JMLSG Guidance and the FCA's existing guidance (e.g. the Financial Crime Guide) and publications on the subject. The FCA has said that it has no plan to put out separate guidance on the application of the AML framework to cryptoassets at present, and firms are referred to the existing Financial Crime Guide for (non-crypto specific) examples.

We understand that the JMLSG does intend to finalise and publish new guidance, although we have not seen this at the time of writing. In the meantime, on its dedicated Money Laundering Regulations site the FCA highlights some specific new areas that firms need to comply with and industry publications (such as Global Digital Finance's Code of Conduct for KYC/AML/CTF) may also be of some assistance.