Skip to content

Cryptoasset businesses under regulatory scrutiny? 5 steps businesses can take now

13 October 2020

The FCA is maintaining its longstanding focus on financial crime. Cryptoasset businesses can expect to be subject to increased regulatory scrutiny and should take action now to prepare for this.

The FCA recently published its Consultation Paper CP20/17: Extension of Annual Financial Crime Reporting Obligation (CP20/17). It proposes that, among others, “cryptoasset exchange providers” and “custodian wallet providers” (broadly, businesses involved in the exchange, issuance or safeguarding of cryptoassets such as cryptocurrencies) (together, cryptoasset businesses), should become subject to the annual financial crime reporting requirements at SUP 16.23 of the FCA Handbook.


In July 2019, the FCA published long-awaited final guidance on which cryptoasset activities it considers fall within its current financial services regulatory framework. This remains essential guidance for cryptoasset businesses on the FCA’s general position.

In January 2020, regulations implementing the EU’s Fifth Anti-Money Laundering Directive (5AMLD) came into effect in the UK. Cryptoasset businesses became “obliged entities” under 5AMLD and are now required, among other things, to perform customer due diligence and submit suspicious activity reports. They also have to register with the FCA. 5AMLD was aimed at preventing the exploitation of cryptoassets by criminal groups through imposing an obligation on cryptoasset businesses, and others, to identify suspicious activity. It was one of the main drivers behind the publication of CP20/17.

Whilst the proposals in CP20/17 extend beyond cryptoasset businesses, the FCA believes that the majority of additional firms captured would be such businesses. If implemented, the proposals will require them to submit detailed reports regarding their operating jurisdictions, customers, compliance, sanctions and fraud annually and within 60 business days of their accounting reference dates. The primary driver of these reports is to assist the FCA in the identification of financial crime.

The consultation closes on 23 November 2020. Final rules and a policy statement are planned to be published in Q1 2021.

How does this affect you?

The FCA’s focus has changed from reacting to financial crime to preventing it. It is also increasingly willing to impose enforcement measures for breaches of anti-money laundering controls; fines of over £100m have been imposed in recent years. At the same time, concerns regarding financial crime have been raised in respect of cryptoassets. On 30 June 2020, the FCA released a research note on the size of the UK cryptoasset market and the potential for harm to consumers.

Companies need to have in place the necessary systems and controls to detect, deter and prevent financial crime. Cryptoasset businesses in particular can expect to be subject to increased regulatory scrutiny. In order to comply with the proposals in CP20/17, significant resources may need to be dedicated to ensuring that a business has appropriate data capture and management systems in place.

What should you do now?

If you are a cryptoasset business (such as an exchange), we recommend that you:

  1. Register with the FCA, if you have not done so already. This is a requirement for cryptoasset businesses in the UK. Registrations must be complete by 10 January 2021 in order to keep trading.1
  2. Assess your data capture and management capabilities. Can they collect sufficiently granulated data to comply with the expected reporting requirements? Test your systems as soon as possible to ensure you have sufficient time to make any necessary improvements.
  3. Review your compliance capabilities. Having good systems in place and/or appropriate expert advice is a key way in which to demonstrate compliance and avoid significant fines for breaches.
  4. Consider engaging with and responding to CP20/17. The FCA has confirmed its long-term intention to extend the annual reporting requirements to all firms it supervises under the Money Laundering Regulations. The more you know about the FCA’s expectations in respect of your business, the better.
  5. Stay on top of future developments. In CP20/17, the FCA confirms “there may be additional reporting obligations that we might require of cryptoasset businesses in the future” – and the EU’s Sixth Anti-Money Laundering Directive will come into force on 3 December 2020.

Regulation of cryptoassets is here and here to stay. Our advice to impacted cryptoasset businesses is to get ‘ahead of the pack.’

For more information, please contact the authors of this briefing:

Adam Topping
Partner, London
T +44 (0)20 7264 8087
M +44 (0)7768 553882

Rochelle Musgrove
Associate, London
T +44 (0)20 7264 8331

Research undertaken by Frazer Watt, Trainee Solicitor


Download Briefing

Download a PDF version of ‘Cryptoasset businesses under regulatory scrutiny? 5 steps businesses can take now’