Tectonic shifts have taken place in the United Kingdom's crypto-regulation landscape in the last 12 months. What are the most significant pieces of legislation of which private banks should be aware?
Compliance Matters was invited to a 'lockdown webinar' last week. Claire Cummings (pictured), the managing partner of Cummings Pepperdine and a frequent contributor to our web-pages, was on the panel, along with Nathan Catania, a partner at XReg Consulting (whose founding team are all ex-regulators, especially from Gibraltar, which was one of the first jurisdictions to regulate crypto-currencies and crypto-businesses), Ian Taylor of CryptoUK, the 60-member trade body, and Tom Luo, a director at Merkle Science. Natalie Hall of CryptoUK was the moderator.
Cummings Pepperdine is a regulatory consultancy that specialises (among other things) in crypto-regulation, structuring custody and related issues. Tom Low's firm, Merkel Science, is a compliance company that helps crypto-blockchain companies, banks, other financial institutions and law-enforcement organisations.
The object of the panel was to share some 'insider' insights with the regulated community about the ever-changing crypto-regulatory landscape in the UK. It looked at HM Government's fight against crypto-crime, developments in other jurisdictions and the path to compliance for British crypto-businesses.
Money laundering, derivatives and ETNs
Claire Cummings was the first to look at recent developments.
"I think what I would focus my attention on here is action coming out of the Financial Conduct Authority, the regulator in the UK. I think the two main things that come about are the requirement for people who are involved with crypto-assets to register under the [European Union's] fifth Money Laundering Directive. It applies wider but it has been taken by the FCA.
"I think it might be worth as we go on talking about the speed at which that registration...is happening within the UK. Post-Brexit, there's also been a temporary transition permission as well and I think that what the FCA is trying to say there is that we will apply anti-money-laundering, we want to be a good regulator, but we do want to have everybody in here.
"Now as part of that I think I'll also bring into the picture on a more day-to-day basis the issue of the FCA banning the marketing of crypto-derivatives to the retail market. I'd make the point that these are just the derivatives they're talking about and they do extend to exchange-traded notes, but I think that's an important first step. I think there's a lot of lobbying going on to see where we can go with that and it reminds me the early days of hedge funds and fear of derivatives there. It's very much watch this space and see how it develops."
Burning regulatory issues for cryptos
When asked to delineate the things that his members had been thinking about the most in the last 12 months, Ian Taylor of CryptoUK mentioned the money laundering regime which sprang up at the beginning of 2020, noting that companies were still waiting to have their applications authorised, with three out of 200 having been completed successfully so far. The second most important issue in the eyes of his members was that of financial promotions.
"The Government closed the consultation at the end of last year. It hasn't released the results of this open consultation yet. We expect this in the second half of 2021 but the expectation is that all crypto-promotions would need to be signed off by a regulated entity and then each promotion would have to be signed by the FCA, so one would assume there's quite a lot of resource requirement there at the FCA on top of what they're involved in already."
He expressed some frustration at this "logjam" and said that he had written an open letter to the Chancellor of the Exchequer on the matter, but declined to give any details about Rishi Sunak's response. He promised to do so in future, however.
The third burning issue for Taylor's members – a fairly recent development – was a governmental consultative exercise (now closed to comments) about stablecoins having to move inside the UK's "regulatory perimeter."
He noted: "These are systemic stable tokens – the terminology that the Government uses – that would potentially be used in the UK economy for purchasing goods and services, so this is really to future-proof the likes of Facebook's DM [direct message] or we've just recently seen the stable[coin] called USDC partner with Visa, so that's the clarity we have."
The view from abroad
XReg has a very international purview. Nathan Catania was therefore in a good position to draw comparisons between regulators in the UK and elsewhere.
"The majority of the activity in crypto-regulation really is very much focused on anti-money-laundering, terrorist financing, proliferation financing. This is really coming from the Financial Action Task Force or the FATF for short, a very a big inter-governmental body where countries group together and set these global standards. It was back in June '19 when they issued guidance - I think it was October '18 – when they formally announced that the virtual assets and virtual asset service providers needed to be regulated for AML/CFT and then they issued some follow-up guidance the following year in June.
"Before this happened, anyone that's been in crypto for some time will understand that it was very much the Wild West. There was no regulation and people could do whatever they wanted, but that was really a key turning point, where countries now have to bring in these regimes or they face the risk of being grey-listed or blacklisted.
"As a result of that, we've seen jurisdictions implement these types of regulatory regimes, the UK being one of them. In terms of the UK, they were pretty good [because] the crypto asset framework...goes over and above the scope of AMLD, so they've they brought in certain activities in terms of what a virtual asset service provider should be before Europe. There's still quite a lot of countries that need to catch up to bring in this type of crypto-asset registration. There's still a lot of work to be done. There's new guidance that's been brought out [and] there's the Travel Rule as well."
According to Coinfirm, the FATF Travel Rule requires Virtual Asset Service Providers (VASPs) such as cryptocurrency exchanges, digital wallet providers, and even some financial institutions including banks that deal with crypto-assets, to ensure that certain data about their customers is disclosed and transferred between counterparties as a part of each crypto-currency transaction. This is an update to the existing FATF Recommendation 16, which imposes the same stipulations on cross-border and domestic wire transfers.
The moderator thought that a "perfect storm" was causing the FCA, the FATF and others to issue guidelines on the subject of crypto-finance. She cited the British regulator's desire to protect consumers from sharp practice, the steep increase in the adoption of cryptos by financial institutions recently, the general bull market in cryptos, volatility in prices and crypto-crime.
The naughty corner
Crypto-criminals have become more sophisticated and successful in the UK during 'lockdown.' Tom Low of Merkel Science had a few facts and figures to hand.
"Reports of scams relating to crypto-currency investments have risen by about 57% to, I think, about 5,581 in the last 12 months, up until December 2020, and that's data from Action Fraud itself.
In January there were 720 crypto-currency fraud reports in the UK alone, which was double the number basically the same month last year. Victims lost an estimated £113 million last year to criminals and cold callers promoting crypto-currency investment scams. As you can imagine with the bull market as it is at the moment, a lot of people are interested in moving into crypto and so these scams are just becoming more and more prevalent."
Ian Taylor said that the FCA website had a lot of good information about cloning websites, along with a page that covered crypto-asset investment scams. He blamed increases in the prices of crypto-assets for much of the recent massive uptick in complaints from defrauded investors. His concern was to protect vulnerable customers who, like everybody else, might want to diversify their portfolios increase their exposure to Bitcoin and other currencies.
"A lot of the times it's not crypto that is really the issue, it's generally somebody hiding behind cryptos. It's just a pyramid scheme or a Ponzi scheme or multi-level marketing that are used to confuse consumers. The level of concern at an institutional and a retail level is growing and the reports of crimes have increased."
The moderator was keen to know the moment when the UK was going to start following FATF guidance. She suggested that the virtual asset service providers or VASPs were not yet ready to do so, but Tom Low thought otherwise.
"What percentage of VASPs have been making progress in this direction in order to get ready to comply with FATF when it is put into place? That's a great question and certainly what we've seen in the UK, based on the data, there is [sic] 23 of the exchanges that are headquartered in the UK, 14 of them or so (effectively 60%) have strict compliance in place and do not allow customers to transact on their platforms without KYC, for example. Seven of them, which is about 30%, do have optional KYC and AML and two of them are actually inactive exchanges."
Ian Taylor, who spends a great deal of time talking to regulators, especially about FATF implementation, noted that the FATF provides guidelines and recommendations, not binding nationally-imposed rules, although he thought that no advanced economy could choose not to implement such things. He was convinced that the FATF's famous 40 Recommendations were for the greater good of society.
Tossing around such odd phrases as "a bunch of work" and "the folks in emerging risks," Taylor made some observations from anecdotal evidence.
"Most of the players in the UK that are in scope have not solved for the Travel Rule at this stage. There's a number of reasons for that. We don't think the UK Government is going to do in the near future...that time horizon, I would suggest, will be at least six months, hopefully longer...provide any requests to the UK VASPs to implement anything. The UK has said in its recent consultation for stablecoins and other aspects of crypto that it's going to use this approach to wait and see what some of these intergovernmental agencies are going to do in regards to crypto regulations. So it's a wait-and-see approach.
"It's not easy to solve for the Travel Rule, which in effect is...just as a bank would have to have send out beneficiary information provided between the two banks and in this case VASP, there's many many issues regarding the ability to do this for virtual assets."
Others thought that all countries would eventually have to obey the FATF's diktats, lest they find themselves frozen out of the world economy. Many jurisdictions still do not have AML regulatory regimes or laws for crypto-assets and a certain amount of regulatory arbitrage seems inevitable for at least a few years, but the panel thought that this was going to change over time. Nathan Catania praised the FCA for its middle-of-the-road approach.
"Even though the FCA has not placed all of these businesses on the register, the legislation is 'live.' So under the Money Laundering Regulations, as a crypto-asset business, you need to be complying with crypto-asset legislation irrespective of whether the FCA has added you to their list or not. So it's something at least in the UK that as a crypto-business you need to take very seriously and you need to be operating as if you are already registered, even if you're waiting on the FCA to conclude on the registration process.
"Going back to the Travel Rule, it's difficult from a regulator's perspective. The regulators are not usually the ones that set government policy or legislation - that's up to the politicians and the legislators to implement this stuff, so the Travel Rule will have to be legislated for in the UK. Normally there's some sort of transitional period.
"The issue with the Travel Rule is that there's not many end-to-end solutions out there that will allow crypto-companies to communicate and send each other this data. A number of providers are getting very close and I do see this happening in the next few months. That's that's the main reason why jurisdictions have held off from implementing the Travel Rule, because there's no real technical way of actually doing so – not right now anyway – so you'll be legislating for something that's not...there's not much point because you won't be able to comply anyway."
The moderator asked Catania how risky things might be for a British VASP that is not obeying the Travel Rule from the long reach of an American organisation such as the Financial Crimes Enfocement Network or FinCEN. He replied that the FATF refers to this as "the sun rays problem."
"There's going to be a situation where certain jurisdictions have legislated for the Travel Rule and you might have VASPs complying with it at their end in their home jurisdiction [while] other jurisdictions haven't legislated for the Travel Rule yet. The FATF is well aware of the issue.
"The US have quite an interesting approach because in their view crypto-companies have always been money transmitters, even before the FATF updated their recommendations in '18 to clarify that VASPs need to be regulated. So in their view they've always been considered regulated businesses and they've always had to comply with a Travel Rule effectively in their own way.
"But if you think about what's happening in the US right now, again there's VASPs operating in the US but there's no Travel Rule [software] solution as of yet, so even in the US right now it's not really happening to be blunt, I guess. Maybe a few a few months and we'll see the US ramp up. I know there's a few working groups in the US that are looking to develop some sort of solution."
Claire Cummings drew a parallel between the new rules-to-be and the time when some of the rules that now apply to trading in derivatives such as MIFID II, the European Union's second Markets in Financial Instruments Directive, came into force in 2018.
"There was additional reporting on the brokers and even the personnel. It seemed highly intrusive and it also was at odds with the GDPR [General Data Protection Regulation], though the FCA came out and said that MiFID would override the GDPR. It was implemented and it worked, including in the US, and also [there are] similarities with an another piece of derivative regulation, EMIR [the European Market Infrastructure Regulation] and then the US special Dodd-Frank Act. So I think we can draw parallels from that and just say that it has been perfectly possible in other areas of non-traditional assets, in alternatives, to be able to find some common ground on reporting, which has similarities with the Travel Rule. So I think it can be mentioned.
"I think you're absolutely right - it's a question of when. But until then, firms which are within the fifth Money Laundering Directive need to remember that they are within the FCA's perimeter, so they're already bound by a large number of rules which deal with counter-terrorism financing and anti-money laundering and that's really at the heart of this.
"So although the Travel Rule may still be under discussion, I think that the two points to remember are that the Money Laundering Directive means you're inside the perimeter, so you have to comply with a lot, and then as far as sharing information detail goes, we can see that that has happened through other existing regulation in the world of derivatives."
* Claire Cummings can be reached on 0207 585 1406 or at firstname.lastname@example.org