Cryptocurrency and the NCA’s National Strategic Assessment of Serious Organised Crime for 2021

Syed Rahman considers the existing response to cryptocurrency crime

This week, the National Crime Agency (NCA) published its annual National Strategic Assessment of Serious Organised Crime for 2021, assessing the current threats to the UK in the areas of serious and organised crime. One key theme arising out of the analysis of the report is NCA’s views upon the increasing criminal exploitation of technology and cryptoassets, which has been fast-tracked by the pandemic. 

Covid-19 and Crypto

According to the report, £12 billion in criminal cash is generated in the UK each year and money laundering in the UK is likely to be increasing. Due to the pandemic restrictions, it has been more difficult for criminals to move their cash using the usual practices. Offenders and money launderers have therefore had to adapt their methods. This has accelerated the use of cryptocurrencies, such as Bitcoin, to facilitate the filtering of these illicit monies. 

Consequently, banks and law enforcement adjust to this new approach. A renewed and dedicated focus on the illicit use of cryptocurrency in these ways is essential. In our experience, law enforcement agencies such as the NCA and police forces are acting far too slowly and cautiously when it comes to crypto. 

What we have seen is a growing trend for cryptoasset-related fraud and law enforcement being unwilling and/or unable to adapt to deal with the threat, through lack of funding and a general lack of crypto expertise and/or suitable technological capabilities. 

Crypto and UK AML Measures

Another key takeaway from the report is that the NCA says that the wider implementation of cryptoasset technology by conventional financial services is likely to provide a larger market for criminal exploitation and movement of criminal funds. But the NCA claims that existing anti-money laundering (AML) measures are likely to alleviate this risk. 

Since 10 January 2020, existing cryptoasset businesses in the UK have had to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, as amended (MLRs). These include the requirement for such companies to be registered with the Financial Conduct Authority (FCA) in order to continue to carry on their business.

Businesses carrying on the following cryptoasset activities in the UK will need to be registered with the FCA, as defined in the MLRs:

1. Cryptoasset exchange providers
   This includes cryptoasset ATMs, peer-to-peer providers and those issuing new cryptoassets (including by way of Initial Coin Offerings (ICO) and Initial Exchange Offerings). The definition covers business services exchanging, arranging or making arrangements with a view to the exchange of cryptoassets for money or money for cryptoassets or the exchange of one cryptoasset for another, or operating a machine which utilises automated processes to exchange cryptoassets for money or money for cryptoassets.
2. Custodian Wallet Providers
   This includes business services that safeguard or safeguard and administer cryptoassets on behalf of customers, or private cryptographic keys on behalf of customers in order to hold, store and transfer cryptoassets when providing such services.

To date, only five firms have fully registered with the FCA¹, although there are firms awaiting approval under temporary registration.² The effect so far of the UK’s AML measures in relation to crypto firms has, therefore, been minimal and restricted principally to this small number of companies. When the vast number of crypto-related businesses falling outside of the scope of the FCA and/or the MLRs is considered, it is clear that users of unregistered cryptoasset firms are exposed to a high degree of risk. It should also to be noted that most cryptoassets are not specified investments under Financial Services and Markets Act 2000 (FSMA). As a consequence, it is unlikely that investors will be protected by the Financial Ombudsman Service or the Financial Services Compensation Scheme, if their investments fail.

This is a particularly potent issue when it is considered that there have been no cryptocurrency fraud-related prosecutions in the UK up to now, despite it being such a pervasive concern. It is clear that the major reason for that is that law enforcement simply does not have a handle on the crypto-arena – both in terms of resources and the legislation and regulation not catching up.

The UK’s failure to hit the ground running in terms of crypto regulation and enforcement is not a stance reflected in the US. The FCA’s US counterpart, the Securities & Exchange Commission (SEC), has been seen to be the more proactive agency in this area over the past few years. One such example is the ongoing and highly-publicised SEC lawsuit against Ripple Labs Inc. and two of its executives, alleging that they raised over $1.3 billion through an unregistered, ongoing digital asset securities offering. With the correct focus, the crypto space is one that can be confronted head-on, as the US has shown. 

Conclusion 

Although the UK’s AML measures applicable to crypto firms are in place, the uptake of cryptoasset technology is rising exponentially -and disproportionately when compared with the scope of the UK’s current AML protections. 

As pointed out in the NCA’s National Strategic Assessment of Serious Organised Crime for 2021, crypto is a fast-moving area that is evolving constantly. Financial institutions and law enforcement have long been struggling to keep up with the stark threat it poses. But crypto isn’t going anywhere anytime soon – resources need to be invested immediately into tackling of the criminal use of technology/crypto before the issue snowballs beyond control.

References:

1. https://register.fca.org.uk/s/search?predefined=CA
2. https://register.fca.org.uk/servlet/servlet.FileDownload?file=0154G0000062BtF