Meeting the FCA Cryptoasset Provider Criteria: A Guide

A recent judgement could prove useful guidance to those making an application to the Financial Conduct Authority (FCA) to become a registered cryptoasset provider.

Vladmir Consulting Limited (VCL) had applied to the FCA on 23 September 2020 to be a registered provider, pursuant to Regulation 57 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. It was placed into a temporary registration regime while its application was considered. The FCA subsequently gave a Decision Notice to refuse the application on 9 March 2022, which was appealed by VCL on 6 April 2022.  The FCA’s Upper Tribunal found against VCL. VCL’s temporary registration, which had allowed it to operate as a cryptoasset exchange provider, then ceased to have effect.

The reasons why the FCA rejected VCL’s application are worth examination by others thinking of making an application.

The judgement against VCL was based on Regulation 58A, with the FCA refusing the application in the first instance due to the company not being a ‘fit and proper person’ to carry out the business as a cryptoasset provider.

The FCA was also of the view that VCL had consistently failed to comply with its obligations in relation to anti-money laundering (AML) regulations. In assessing VCL’s AML checks, the FCA learned that VCL operated on a Finnish exchange platform LocalBitcoins and relied on the exchange’s own AML due diligence when it came to meeting its obligations.

Before VCL entered transactions with a customer, it was required to request a copy of their passport, see a driving licence or other government-issued document and proof of residence. There were also enhanced due diligence checks in place. But VCL was only conducting all the checks required when large and/or regular transactions were carried out in specific circumstances.

Ample consideration was also given as to whether VCL had a “business relationship” with its customers pursuant to Regulation 4(1). This was significant as, under Regulation 27, an applicant must apply customer due diligence measures if they have established a business relationship with the other party. The FCA took the view that VCL had a business relationship with at least some of its customers.

In assessing VCL’s use of the customer’s banks and the exchange to carry out AML checks, the FCA Upper Tribunal stated that “VCL was placing considerable weight on its belief that the banks and the exchange were both regulated, and viewed this as reducing its own money laundering risks. This is not an approach permitted by the [anti-money laundering regulations].”

In the Wild West of cryptoasset regulation (or lack thereof), there have been regular  calls for a body to provide a regulatory framework in relation to cryptoassets. Yet with the FCA having approved just 34 of the 100 applications to become a registered cryptoasset provider, not everyone has been so enthusiastic about the approach that has been taken so far

Many cryptoasset providers have felt unclear about what needs to be done to ensure a successful application. This judgement shows that much emphasis is placed on the provider’s anti-money laundering checks and due diligence procedures. It is simply not enough to have a guidebook which sets out what a company’s policies are - as the FCA will take a thorough look at what procedures are actually being carried out rather than just being written down.

It is noteworthy that VCL acted as a trader on peer-to-peer crypto trading platforms and said it did not have a business relationship with its customers and so only needed to carry out basic customer due diligence on occasional transactions. Yet this was rejected by the FCA, which was unhappy with the reliance on third-party AML checks. The regulator’s response should be heeded by future applicants.