The urgency and opportunity of cryptoasset compliance
31 January 2020
Cryptoasset businesses can bring a great many benefits to the wider financial services market. But this opportunity also brings a pressing need for action on compliance.
Governments and regulators are working to ensure markets adapt to take advantage of the benefits cryptoassets provide, while also looking to protect consumers, businesses and the economy from excessive levels of risk.
A key financial crime focus for cryptoasset businesses in the UK has been the transposition of the 5th EU Money Laundering Directive into national legislation through the Money Laundering and Terrorist Financing (Amendment) Regulations 2019. This updates the Money Laundering Regulations 2017 (MLRs), under which cryptoasset businesses are now deemed to be obliged entities. As a result of these updates, we have recently seen the FCA become the anti-money laundering and counter-terrorist financing (AML/CTF) supervisor of UK cryptoasset businesses.
As such, it is crucial for cryptoasset businesses to act now and dedicate resource and expertise to building a robust risk management framework. This will help demonstrate to regulators and investors their ability to identify and mitigate financial crime risk within their business, which will be critical to ongoing commercial success.
The implications of cryptoasset businesses being brought within the scope of the MLRs are far-reaching. Newly-obliged entities will be required to comply with all relevant aspects of the regulations, from assessing and controlling the money laundering and terrorist financing (ML/TF) risk facing their business, to carrying out customer due diligence and ongoing monitoring. Other requirements include providing anti-money laundering training to employees, providing a mechanism for making Suspicious Activity Reports and establishing an independent audit function to review the effectiveness of the AML framework.
The deadline for cessation of trading for non-registered businesses is 10 January 2021. However, the FCA has had powers to supervise cryptoasset businesses and enforce the MLRs as of 10 January 2020. Cryptoasset businesses in scope of the MLRs should therefore already be taking steps to ensure they are compliant. They should be asking themselves whether they have:
- The right culture, resources and expertise in place to combat financial crime
- Articulated their risk appetite and devised a framework for assessing ML/TF risk, in line with current industry guidance
- Assessed the impact of conducting due diligence on new and existing customers, in line with the MLRs
- Adopted a continuous improvement approach, including the ongoing monitoring of customers and the effectiveness of controls
- Set out a framework for the reporting of suspicious activity, both internally and externally
Achieving compliance will require investment. Cryptoasset businesses have the opportunity to design and implement efficient, cost effective systems and controls tailored to their specific business risks.
They can build bespoke compliance frameworks, ensuring controls are seamlessly integrated into core technology platforms, thereby enhancing the customer experience.
If approached proactively, with the same innovative mindset which makes these businesses exciting and dynamic, financial crime compliance has the potential to be a differentiator in its own right.