On 24 March 2022, the FCA published a statement regarding the existing obligation that all FCA regulated firms have when interacting with or exposed to cryptoassets. Some areas of risks that need to be considered are:

  • Being clear with customers – firms are responsible for identifying and managing risks relating to cryptoassets and firms must ensure that consumers understand the extent of business that is regulated and clearly distinguish those elements which are unregulated.
  • Financial crime and registration of cryptoassets business – providing cryptoasset business in the UK without registration is a criminal offence thus, firms should be reviewing whether cryptoasset businesses they interact with are listed on the FCA’s Unregistered Cryptoasset Businesses page. Firms must ensure they have sufficient due diligence and money laundering controls in place to manage the risks posed by their customers. Firms should assess the risks posed by a customer whose wealth or funds derive from the sale of cryptoassets, or other cryptoasset related activities, using the same criteria that would be applied to other sources of wealth or funds.
  • Prudential considerations – firms subject to the FCA’s new investment firm prudential regime, have obligations to assess and mitigate the potential for harm to clients, to the markets in which the firm operates and to itself, that could arise from all of their business.
  • Custody considerations – the FCA’s Client Assets Sourcebook (CASS) sets out rules for firms to follow when holding regulated assets in custody. Where cryptoassets are specified investments, firms carrying out regulated activities involving custody of these assets are likely to be subject to the CASS regime.
  • Domestic and international engagement – the FCA will continue working with the International Organization of Securities Commissions, the Financial Stability Board and the Financial Action Task Force. They will also work closely with the Government and other parties through the Cryptoassets Taskforce.