CMS Expert Guide to Crypto Regulation in United Kingdom

The Fifth Money Laundering Directive (5MLD) extended the Fourth Money Laundering Directive (4MLD) regime to “providers engaged in exchange services between virtual and fiat currencies” and to “custodian wallet providers”. 

Prior to the UK’s exit from the EU, 5MLD was transposed into UK national law via amendments to The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs).  

The MLRs framework applies to all cryptoassets and is determined by what is done with the cryptoasset and whether it creates a money laundering risk. Depending on the answer to these questions, cryptoasset firms may need to register with the Financial Conduct Authority (FCA). 

Cryptoassets are not currently subject to bespoke financial services regulation in the UK, although the government is currently consulting on amendments to existing financial regulatory frameworks to provide for this.  

In the meantime, whether or not cryptoassets are subject to financial services regulation will depend on whether they fall within the scope of existing frameworks. 

Financial services are regulated under the Financial Services and Markets Act 2000 (FSMA 2000), Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO) and other legislation, most notably the Electronic Money Regulations 2011 and the Payment Services Regulations 2017.  

In recent developments, the government introduced legislation bringing “qualifying cryptoassets” (defined below) into the scope of the existing financial promotions regime, under the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 (FPO). 

Furthermore, the new Financial Services and Market Act 2023 (FSMA 2023) provides for the establishment of a regulatory regime for fiat-backed stablecoins used for payments.  

More broadly, the government intends to create new “designated activities” tailored to cryptoassets where such activities mirror, or closely resemble, regulated activities in scope of the RAO. This new designated activities regime (DAR) has been introduced under FSMA 2023 and the government intends to use it where regulation under the RAO may not be appropriate.  

The FCA principally oversees authorisation and enforcement under FSMA 2000 and the other legislation mentioned above.  

It is notable that all of the regimes operate independently and businesses may therefore require multiple registrations and authorisations. 

The only regulation covering cryptoassets per se in the UK at present is under the MLRs, in connection with anti-money laundering (AML) and counter-terrorist financing (CTF). Under the MLRs, the FCA is the AML and CTF supervisor for certain cryptoasset service providers in the UK. 

The MLRs prohibit these cryptoasset service providers from operating in the UK unless they are registered with the FCA. The FCA then supervises their compliance with the MLRs.  

The following cryptoasset service providers are within scope of the MLRs: 

• Cryptoasset exchange providers (i.e. persons exchanging, or arranging or making arrangements with a view to the exchange of, cryptoassets for money, money for cryptoassets or one cryptoasset for another). 
• Custodian wallet providers, which is to say persons providing services to safeguard, or to safeguard and administer: 
• Crypto ATMs (i.e. persons operating a machine, which utilises automated processes to exchange cryptoassets for money or money for cryptoassets). 

Cryptoasset businesses, which fall within the above categories are required to register with the FCA (after which they are listed on its cryptoasset register) in order to operate in the UK. 

Additionally, a cryptoasset business will need to demonstrate that it has policies, controls and procedures in place to effectively manage money laundering and terrorist financing risks proportionate to the size and nature of the business’ activities. 

If a cryptoasset has the characteristics of a “specified investment” under the RAO (e.g. a share in a company, a debenture, e-money, a unit in a collective investment scheme or a derivative), then exchange and custody of that cryptoasset will likely entail regulated activities under FSMA 2000 such as dealing in investments and safeguarding investments. 

Borrowing/lending of cryptoassets is not explicitly regulated in the UK. It is arguable that the lending of cryptoassets to consumers could fall within scope of consumer credit regulation, but the FCA does not appear to have sanctioned any firms or made any public announcements in this regard. 

Yield/staking is a complicated area. Depending on the specifics of the particular business model, it is possible that the arrangements could fall within the definition of a collective investment scheme under FSMA 2000 and be subject to regulation. Again, the FCA does not appear to have sanctioned any firms or made any public announcements in this regard. However, we are aware that the FCA has challenged certain firms regarding their yield/staking products on the basis that they may be collective investment schemes. In its recent consultation on the future regulatory regime for cryptoassets, HM Treasury has also suggested that staking services could entail the operation of a collective investment scheme depending on how they are operated. In its response to the consultation, HM Treasury confirmed that it is accelerating exploratory work to develop a clear definition of cryptoasset staking on a proof-of-stake (PoS) blockchain and to establish a taxonomy of the different PoS staking business models currently on the market. 

The application fee is GBP 2,000 for forecasted first-year revenues from cryptoasset services lower than GBP 250,000; or the fee is GBP 10,000 if revenues are higher than GBP 250,000. Legal and other professional fees will be necessary. 

The application fee will depend on the particular application. 

Legal and other professional fees will be necessary. 

Some requirements are set out below. Although this list is not exhaustive, a business should:  

• take appropriate steps to identify and assess the risks of money laundering and terrorist financing; 
• assess the ML/TF risks related to any new technologies prior to launch and take appropriate measures to manage and mitigate those risks; 
• undertake customer due diligence (CDD); and 
• apply more stringent due diligence, known as enhanced due diligence (EDD), when dealing with customers who may present a higher ML/TF risk.  

The FCA has set out a more extensive, albeit non-exhaustive list.