A&O Shearman | FinTech | UK Financial Conduct Authority Sets out Good Practice for Handling Financial Crime Risks from Crypto-Assets
FinTech Foundry
This links to the home page
FinTech Blog
  • UK Financial Conduct Authority Sets out Good Practice for Handling Financial Crime Risks from Crypto-Assets

    The U.K. Financial Conduct Authority has published a "Dear CEO" letter to U.K. authorized banks, setting out its views on best practice that banks should adopt for handling the financial crime risks that may be posed by so-called crypto-assets. The FCA uses this term to refer to any publicly available electronic medium of exchange that features a distributed ledger and a decentralized system for exchange. Crypto-assets include crypto-currencies, a well-known example of which is Bitcoin. The FCA acknowledges that crypto-assets can be used without any criminal motives. However, the fact that crypto-assets can be held relatively anonymously and can be readily transferred between countries can make them attractive for criminal purposes.Banks should adopt proportionate measures to mitigate the risk that they are used to facilitate financial crimes involving crypto-assets.

    The FCA recommends that banks conduct enhanced scrutiny of clients and those clients' activities in cases where the bank provides banking services in the following circumstances:
    • banking services are provided to a client that is a crypto-asset exchange, effecting conversions between crypto-currency and fiat currency or between different crypto-currencies;
    • the bank has a trading relationship with a client or counterparty whose source of wealth arises or is derived from crypto-assets; or
    • the bank is arranging or advising on an initial coin offering.
    In the above circumstances, the FCA recommends various steps that banks may take, including ensuring that the bank's internal financial crime framework adequately reflects risks from crypto-asset-related activity, engaging with clients to understand the nature and risks of their business and conducting appropriate staff training. Due diligence should be undertaken on key individuals and on clients involved in ICOs. Where a client is offering crypto-asset exchange services, the adequacy of the client's own due diligence procedures should also be assessed.

    Banks should assess the risks posed by customers whose wealth may have resulted from holding, selling or trading crypto-assets, by applying, in a risk-sensitive way, the existing criteria for checking the source of wealth or funds. The FCA is clear that the fact that the evidence trail for transactions involving crypto-assets may be weaker does not justify banks using a different evidential test for checking the source of wealth or funds. The FCA also considers that, where a client or customer is using a state-sponsored crypto-asset which is designed to evade international financial sanctions, this should be viewed as a high-risk factor.

    The FCA refers banks to the Financial Services Authority's 2012 findings following a thematic review of the way banks handled investment fraud risk, as the discussion of good and poor practice outlined in those findings is also relevant to the risks retail customers may face when contributing sums to ICOs.

    View the "Dear CEO" letter.

    View the FSA's thematic review findings on investment fraud.