On 11 June 2018, the FCA published a Dear CEO letter concerning crypto-assets and financial crime. In particular, the Dear CEO letter covers good practice for how banks handle the financial crime risks posed by these products.
The FCA states that where a firm offers banking services to current or prospective clients who derive significant business activities or revenues from crypto-related activities, it may be necessary to enhance scrutiny of the client and their activities. Services may include:
- where the firm offers services to crypto-asset exchanges which effect conversions between fiat currency and crypto-assets and/or between different crypto-assets;
- trading activities where the clients’ or counterparties’ source of wealth arises or is derived from crypto-assets; and
- where the firm wishes to arrange, advise on, or take part in an initial coin offering.
The FCA adds that appropriate steps or actions a firm may consider include:
- developing staff knowledge and expertise on crypto-assets to help them identify the clients or activities which pose a high risk of financial crime;
- ensuring that existing financial crime frameworks adequately reflect the crypto-related activities which the firm is involved in, and that they are capable of keeping pace with fast-moving developments;
- engaging with clients to understand the nature of their businesses and the risks they pose;
- carrying out due diligence on key individuals in the client business including consideration of any adverse intelligence;
- in relation to clients offering forms of crypto-exchange services, assessing the adequacy of those clients’ own due diligence arrangements; and
- for clients which are involved in initial coin offerings, considering the issuance’s investor-base, organisers, the functionality of tokens (including intended use) and the jurisdiction.
The FCA states that following a risk-based approach does not mean banks should approach all clients operating these activities in the same way. Instead, the FCA expects banks to recognise that the risk associated with different business relationships in a single broad category can vary, and to manage those risks appropriately.
The FCA states that where a firm identifies that a client is using a state-sponsored crypto-asset which is designed to evade international financial sanctions, it would see this as a high-risk indicator.