Guide To Cryptoasset Business Registration

As of 8 October 2023, cryptoasset businesses that wish to market to UK customers must be registered with the Financial Conduct Authority (FCA) under the MLRs unless an authorised person approves their financial promotions or otherwise rely on an exemption in the Financial Promotion Order.

The FCA takes robust action against firms breaching this requirement. Any circumvention, intentional misclassification of clients, misleading activities, or deviations will face thorough investigation and appropriate enforcement actions.

If you want to launch a crypto exchange, offer wallet services, or engage in other crypto-related activities in the UK, you must register your business with the FCA (AML/CTF crypto Registration). The tricky question is how to do it properly and not miss any important details.

From the reasons for registration, necessary documentation, costs, and implications of non-compliance, you’ll learn how to ensure compliance of your crypto business and uphold the standards set forth by the UK’s regulatory authority.

Cryptoasset Registration Regime

Cryptoasset business registration is a regulatory framework set out in Regulation 8 and Regulation 9 of the MLRs that engages entities, such as exchanges, wallet providers, or token issuers, to register with the regulatory authorities. This process involves providing detailed information about the entity, its operations, and key personnel.

The key elements of the registration include adherence to specific compliance standards, such as anti-money laundering (AML) and know-your-customer (KYC) requirements, to prevent illicit activities and enhance financial integrity. Operational details, such as the nature of cryptoasset services, transaction processes, and risk management procedures, are other essential components of the registration process.

The cryptoasset registration regime is a necessity for businesses to be able to legally operate, access essential banking facilities, and reach a wider user base.

10 Elements of a Successful Registration

• Business plan: The applicant's business plan should include information about its business model, roles, and responsibilities of service providers, brokers, introducers, sub-custodians, and outsourcing partners. Ideally, the plan should also specify sources of liquidity and flow-of-funds charts.
• Description of products and services: An application should include information about the applicant’s products, token offerings, classification, relevant whitepapers, different services, and other functionalities.
• Risk assessment and management: Cryptoasset businesses should acknowledge the risks of their business model, market volatility, cybersecurity threats, regulatory compliance challenges, and other relevant considerations. Business-Wide Risk Assessment (BWRA) is a suggested measure to understand potential vulnerabilities better and develop effective risk mitigation strategies.
• Policies, systems & controls: The applicants are expected to have policies, systems, and controls in place. For example, controls related to reliance on external ecosystems for liquidity, evaluations of the extent of interoperability of the applicant's products, risk mitigation strategies pertaining to market-makers, native token trading, white-labeling services, unusual B2B models, sub-custodian services, or dependence on peer-to-peer platforms.
• Outsourcing: An applicant must inform the FCA about its outsourcing arrangements within and outside the UK. Third-party service providers must comply with the requirements of the MLRs.
• Transaction monitoring and blockchain analysis coverage: Continuous monitoring is a key to compliance. Crypto businesses need tools that holistically monitor all transactions, their source or destination, and configure your alerts.
• Description of a group structure: A successful application clearly demonstrates management structure. It includes details of key individuals, their responsibilities, expertise, and qualifications, accompanied by CVs providing further insights into their professional backgrounds.
• Suspicious Activity Reporting: A Suspicious Activity Reporting (SAR) policy for crypto businesses is a crucial component of their compliance framework. The employees should be trained to identify and file suspicious activities.
• Sanction-specific controls: The applicants must keep abreast of sanction list updates and promptly implement internal procedures.
• Website: The applicant's website should contain the company's products and services, regulatory compliance, security measures, and terms of use. As a primary communication channel, it should reflect any changes in the business's operations, compliance protocols, or operations.

FAQ