FCA crypto asset registration – a guide for firms

Who needs to be registered?

The FCA started supervising UK firms cryptoassets activity in January 2020. In response existing and new cryptoassets firms became required to register with the FCA.  

Firms are required to be registered if their cryptoasset activities are:

  1. in scope of the Money Laundering Regulations (MLRs); and

  2. carry out the crypotasset activity “by way of business” in the UK as set out in the MLRs.

The FCA has set out four tests which firms should consider when deciding whether they carry out their crypotasset activity “by way of business” covering: Commercial element; Commercial benefit; Relevance to other business; and Regularity/frequency. 

How to submit a successful registration application

The level of detail provided needs to be sufficient to enable the FCA to make a decision whether your business, its leadership and owners is credible and not a threat to consumers or market integrity.

“A significantly high number of businesses are not meeting the required standards under the Money Laundering Regulations resulting in an unprecedented number of businesses withdrawing their applications.” FCA November 2021

In our experience of helping firms, there are common parts of the process which firms can struggle to get right:

Programme of Operations, Business Plan and Marketing Plan

This section is central to enable the case officer(s) to understand the business, how it works, who is involved and that it is viable.

  • When explaining the basis for your business and how it will work, get a second opinion to ensure the nuances of your model can be understood by someone who hasn’t been involved in building the business

  • The marketing plan needs to be credible and based on actual research rather than assumptions and be based on the cryptoasset activity you are committed to offering. It must be clear how customer numbers / growth figures in the financials will be achieved to demonstrate the business is viable not only in the short, but also, medium to long term

  • Use diagrams to clearly display financial flows and the customer journey. Make sure to detail which parties and systems are involved at each stage

  • Demonstrate how you will factor in your customers interests at each stage of your product lifecycle

Structural organisation and IT systems and controls

The FCA wants to understand how your business will run day-to-day and be sure the way you set up will enable you to deliver good customer outcomes and be compliant with the MLRs.

  • Provide a detailed organisation chart showing spans of responsibility for all parts of your business – this should include any parts of the business which are outsourced

  • If you are planning to grow in the near term and this is reflected in your business plan you will need to explain how the structure and organisation of your business will grow accordingly

  • Where core functions are outsourced, written agreements need to be in place and copies available as the case officer may ask for it

  • If your IT controls are provided on an outsourced basis by a currently regulated firm, detail how the firm will be able to cope with the increased demands

Individuals, Beneficial Owners and Close Links

Given the perceived high-risk nature of cryptoassets activity, the FCA wants to understand a firm’s ownership and leadership do not pose a threat to the financial system or consumers. Unclear or incomplete information in this section (whether intentional or not) will bring the application process to a standstill.

  • Multi-layer ownership charts can be confusing. Provide context on company ownership charts to guide the case officer through the diagrams

  • Where your firm is already authorised and is now seeking registration to add a new cryptoassets service, it is important to make sure the company ownership structure presented matches that of other already authorised Group entities. If there is a material update to ownership the FCA should be notified of the change to the already authorised entity

  • As part of the registration your firm must appoint a member of staff to be responsible for Compliance with the MLRs. If the person being proposed hasn’t held a similar role before but has transferable skills – explain how they will upskill for their new role to enable the firm to be compliant with the MLRs and be “suitably competent

Governance

Governance remains at the forefront of the FCA’s mind. The FCA need to be persuaded that a firm is going to be well run and not disrupt the market or adversely impact on consumers.

  • Where staff are being proposed in roles with key Governance accountability, be honest about their credentials. If they haven’t done this before but have transferable skills – explain how they will upskill for their new role

  • Demonstrate your risk-based approach when setting out the level of detail staff responsible for governing the firm will be able to see at committee level to maintain proper oversight of risk

  • Is the governance framework scalable – if the plan is for rapid growth can the framework be effective, if not firms should set out plans for changes to their framework as the business grows and resource demands shift

Financial crime risk

The case officer needs to understand the how and why you brought together the component parts of your financial crime framework.

  • The risks identified in the financial crime risk assessment need to be relevant your firm, they shouldn’t be generic and should link back to your business plan – think about “real” risks and not just the regulatory risk of the firm being censured

  • When setting out how your framework operates - be clear on how and why each control will mitigate the risks you have identified in the risk assessment. Resist the temptation to overstate a control’s effectiveness, for instance a procedure can only ever be a directive control (one which tells people what to do) rather than preventative (one which actually stops something happening)

  • The policies and procedures which need to be submitted must be final and enable the case officer to understand how the processes (TM, CDD / EDD) work and not leave anything open to interpretation

  • If a group entity is going to be responsible for executing your financial crime controls, ensure there are no on-going supervisory issues with that entity which will undermine your position. Additionally ensure you demonstrate how the entity will be able to cope with the additional demand

Your registration process is important, and it can also be complex. We pride ourselves on helping you complete the process quickly and comprehensively.   

Previous
Previous

Russian sanctions – what can you do to respond and prepare for more?

Next
Next

Suisse Secrets: interesting, but is it useful?