On 11 June 2018, the FCA published a dear CEO letter (Letter) to banks regarding the FCA’s expectations in relation to financial crime for firms who provide services to clients who conduct business in or related to cryptoassets, or whose source of wealth derives from such assets or activities relating to such assets.

The anonymity of cryptoassets has long troubled regulators because of their potential use in financial crime. The Letter recognises that although there are legitimate uses for cryptoassets, firms need to take “reasonable and proportionate” measures to reduce the risk of facilitating financial crime. The Letter outlines what the FCA considers such steps might entail.

The Letter, broadly, targets firms providing banking services to clients who conduct significant business activities or derive significant revenues from crypto-related activities. The three examples identified in the Letter are:

  • firms offering services to cryptoasset exchanges;
  • firms offering trading activities where the client’s or counterparty’s source of wealth is derived from cryptoassets; and
  • where the firm wishes to arrange, advise or take part in an initial coin offering (ICOs).

The types of “appropriate steps or actions” that may be considered include staff training; updating the firm’s existing financial crime frameworks; engaging with clients to understand their businesses better; carrying out due diligence on key individuals; assessing the adequacy of a cryptoasset exchange’s CDD; and considering the ICO issuance’s investor base, organisers, the functionality of the tokens and the jurisdiction. The Letter notes that this should be applied on a risk-based approach.

The Letter also states that firms should assess the risks posed by a customer whose wealth or funds derive from the sale of cryptoassets or cryptoasset-related activities using the same criteria as for other sources of wealth or funds. Whilst the FCA acknowledges that the evidential trail behind cryptoasset transactions may be weaker, this does not, in their view, justify the application of a weaker or different evidential test – and the Letter advises that firms should exercise particular care in these cases. The FCA explicitly identifies use of state-sponsored cryptoassets which are designed to evade international sanctions as a high risk indicator.

The Letter concludes by considering investment fraud, and specifically endorses the good and bad practice guidance contained in the FSA’s 2012 paper on investment fraud as being relevant to ICOs.

It is, perhaps, noteworthy that the FCA’s working definition of ‘cryptoassets’ builds on its definition of ‘digital’ or ‘cryptocurrencies’ adopted in its discussion paper on distributed ledger technology published in 2017. The FCA defines ‘cryptoassets’ in the Letter as “any publicly available electronic medium of exchange that features a distributed ledger and a decentralised system for exchanging value”. This therefore includes both permissioned and permissionless distributed ledgers, which is broader than the definition for ‘digital currencies’ or ‘cryptocurrencies’ used in the feedback statement, which only included permissionless distributed ledgers.

The Dear CEO Letter comes in the context of the FCA and Bank of England submissions to HM Treasury’s inquiry on digital currencies. We have considered this further here.