Ian Taylor is the Executive Director of CryptoUK, a self-regulatory trade association for the UK cryptoasset industry that aims to promote higher standards of conduct. Having spent more than 20 years in investment banking Ian, has held many senior roles across trading, treasury and risk management.
As Executive Director of CryptoUK, Ian has built a community of more than 80 of the most influential industry participants with whom he campaigns for fit-for-purpose regulatory frameworks around cryptoassets in the UK, Europe, and beyond. He advocates for the digital assets sector and its ability to facilitate greater access to better financial products and services globally.
In 2021 the FCA estimated that close to 2.3 million UK adults held digital assets, a 73% increase from the year prior.
But the utility of cryptoassets as both a medium of exchange and a vehicle for decentralised financial activity has made them an attractive resource for criminals since their inception.
In 2021 the CIA proved it could unravel hackers' identities after the Colonial Pipeline breach, but doing so remains extremely difficult. and this is why cryptocurrencies provide an attractive means of transferring value covertly and are often used in the trafficking of illegal goods, money laundering, and terrorist financing.
This anonymity is partially facilitated by discrepancies in global regulation which mean not all cryptocurrency exchanges are required to apply ‘know your customer’ (KYC) policies or protocols to their customers.
This patchy customer verification creates vulnerabilities in the global network,where most illicit digital transactions take place. If a criminal can 'on ramp' (by exchanging fiat to crypto) or off-ramp (the reverse) in a market without any controls, then they evade detection. So, while disparities in customer verification protocols exist, these controls are circumnavigable.
What are UK regulators doing to reduce financial crime among digital assets?
For KYC requirements for cryptoasset services businesses, the FCA’s incorporation of 5AMLD into the UK’s regulatory framework at the beginning of 2020 was a turning point. This brought with it the requirement for all cryptoasset services businesses (CSBs) to begin conducting customer due diligence, much like their traditional banking counterparts.
Mandating KYC checks within the digital asset sphere enables firms to identify customers before any transactions are carried out and assess their inherent risk based on their financial history.
Introducing such legislation was intended to improve security and, in turn, help to prevent money laundering and other nefarious activities. However, friction between industry participants, regulators, and supervisors has left the FCA with an uphill struggle in its efforts to approve CSB applications.
The Temporary Registration Regime
The FCA requires CSBs operating in the UK to comply fully with all relevant anti-money laundering (AML) and KYC regulations. New businesses are also required to obtain a full FCA registration prior to commencing trade.
Failure to do so would normally see such firms be immediately required to cease trading. However, a Temporary Registration Regime gives existing unregistered CSBs the ability to continue trade while their applications are under review.
The original proposed deadline for the temporary regime was January 10th, 2021and unfortunately left the financial watchdog with limited time to assess and register all the firms who have applied, largely as a result of the complexity and standard of applications received. The issue was further exacerbated by the pandemic, which limited the FCA’s ability to visit firms for inspections.
The deadline for registration was initially extended to July 9th, 2021 and was later revised again to March 31st, 2022. However, as we approach the third (and seemingly final) deadline for applicants, the FCA remains on the backfoot.
Shortage of crypto expertise at the FCA
Effective digital-asset oversight requires extensive knowledge of new business models and underlying blockchain technology. The FCA has faced battles to retain key talent alongside their ‘voluntary resignation program’ which has seen a number of crypto advocates leave the regulator to join the private sector.
Challenges for industry participants
Introducing regulation presents challenges for firms that haven’t had to consider legislative requirements before.
Many UK CSBs consist of small teams with limited resources, so as new regulations mandate these organisations to introduce, for example, customer due diligence processes or screen certain high-risk individuals, they sometimes lack the time and resources needed to meet the regulator’s demands.
Moreover, these firms must also be able to locate users’ sources of funds and understand how to trigger suspicious activity reports (SARs). Such requirements have caught CSBs off-guard and many have struggled to implement changes within the mandated time frame.
What happens if firms fail to gain FCA registration before the deadline?
Data provided by The Block shows that, as of February 2022, 96 crypto firms were yet to be registered with the FCA. Of these, 27 were existing CSBs who remain ‘in limbo’ on the temporary register. This list included Britain’s most highly valued private company, Revolut. The remaining 69 firms were new applicants awaiting confirmation in order to commence business in the UK.
Existing firms who fail to obtain a licence before the March 2023 deadline will be forced to cease trading and reapply at a later date, and new entrants - who were hopeful of commencing business - will continue to accrue costs with no ability to generate revenue.
CryptoUK has continued to stress the negative implications of such an outcome, which includes the risk of losing talent and tax revenue as these CSBs potentially re-locate overseas to sell services into the UK.
KYC isn’t the only challenge in crypto regulation
The travel rule and data sharing
Last year, HM Treasury held a public consultation outlining its plans to implement FATF’s Travel Rule for cryptocurrency transactions. This followed hot on the heels of the European Commission’s announcement that its revised AML draft would also adopt the Travel Rule into EU-wide legislation.
The Travel Rule requires providers of virtual assets to collect and share customer data from transactions over a certain threshold to prevent illegal activity.
Aside from typical data privacy concerns regarding the exchange of personal data, a lack of global, unified KYC legislation for CSBs exposes users of compliant exchanges to the risks of less-advanced competitors.
For example, less mature exchanges may have fewer security protocols in place and may be yet to achieve full KYC compliance. This will leave them at a much greater risk of falling victim to cybercriminals, raising an issue for CSBs, whose users may be inadvertently exposed to a greater risk of data loss.
The FCA is considered to be relatively advanced in its approach to crypto regulation when compared with other regulators around Europe, and while all market participants face the same hurdles, and the UK has made great strides in protecting investors and deterring financial crime, it is clear that there is still a way to go.
How can technology support regulators and crypto providers to fight financial crime?
Technology provides another layer of assurance for CSBs, both in combating financial crime and demonstrating compliance to regulators. As cryptoasset adoption snowballs, CSBs are implementing RegTech solutions for a number of use cases.
KYC solutions have been widely adopted across the financial services sector. Automating KYC workflows provides clients with a seamless experience by eliminating the need for human interaction in the document collection and identity verification process, and CSBs are also able to enjoy an easier and faster accreditation and identification experience.
Elsewhere, transaction monitoring also presents a challenge due to the decentralised nature of digital-asset technology. However, more solutions providers are emerging in this space such as the likes of Chainalysis, that leverage blockchain-based analytics to monitor cryptoasset transactions.
These solutions monitor the addresses controlled by entities to provide intelligence on the source and destination of each users’ funds. Much like transaction monitoring solutions for fiat currency transfers, this technology reduces manual workflows while better identifying suspicious transactions, thus enabling firms to stay compliant with local and global regulations.
Cryptoassets need global regulation
Digital assets and blockchain infrastructure offer an opportunity for radical innovation across the global financial services ecosystem. Regulating such novel technology is fraught with theoretical and practical challenges, and the implementation of new rules carries risk.
In the UK, the FCA has made great strides in regulating this market, and with the introduction of new compliance technologies, firms can more effectively bridge the gap from unregulated to regulated, making life more difficult for cyber-criminals in the process.
Discover Napier’s AI-powered approach to financial crime compliance