Europe: Pressure Grows on UK Regulated Firms to Manage Cryptoasset-Related Risk

By: Kai Zhang

On 24 March 2022, the FCA issued a notice reminding firms with cryptoassets exposures of its expectations on certain risks.  The key themes are:

• Avoiding consumer confusion: As cryptoassets are generally not regulated, the FCA expects firms involved in cryptoassets to ensure that consumers understand the distinction between their regulated business and unregulated business (i.e. relating to cryptoassets).

• Tackling financial crime: Firms are expected to have appropriate internal systems and controls to counter financial crime risks from cryptoassets, and they should also refer to the list of unregistered cryptoassets businesses maintained by the FCA. The FCA refers to its 2018 Dear CEO letter which set out guidance on assessing AML risks of cryptoasset-related business (e.g. firms should use the same criteria when checking a cryptoassets client’s source of wealth but should exercise particular care where evidence trails are weak).

• Considering prudential risks: Given the current lack of specific requirements, the FCA reminds firms of the general obligations to manage the risks and exposures from cryptoassets. For MIFIDPRU investment firms, the FCA specifically refers to the general requirements on governance and risk management in MIFIDPRU 7. The FCA may also consider whether any additional steps are needed to ensure that firms are holding sufficient financial resources to address potential harms from cryptoassets business.   

• Assessing custody concerns: Cryptoassets that are regulated (e.g. security tokens) will be subject to the CASS rules. The FCA notes that it will continue monitoring of cryptoasset-related custody arrangements with a view to supporting responsible innovation, whilst also protecting consumers and ensuring market integrity.