Background
Under section 21 of the Financial Services and Markets Act 2000 (“FSMA”), a person must not, in the course of business, communicate an invitation or inducement to engage in investment activity—this is otherwise known as the financial promotions restriction. From 8 October 2023, the scope of the FCA’s financial promotions regime was expanded to cover qualifying cryptoassets. This means that cryptoasset firms which are not registered with the FCA pursuant to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLRs”) (aka "unregistered firms") are prohibited from making communications that amount to “financial promotions” regarding qualifying cryptoassets which may be received by UK consumers, unless such promotions have been approved by an authorised person or an appropriate exemption applies—see our previous article outlining the regime here.
The FCA has previously reminded “regulated/registered firms” (i.e. cryptoasset firms registered under the MLRs, and other firms authorised or registered under the Payment Services Regulations 2017 (“PSRs”), Electronic Money Regulations 2011 (“EMRs”), or FSMA of their obligations under the Proceeds of Crime Act 2002 (“POCA”) when engaging with unregistered cryptoasset firms via a letter to industry—please see our previous article here for more details.
What has happened?
On 26 November 2024, the FCA published a further communication on its expectations on registered/ regulated firms partnering with unregistered cryptoasset firms—for example, MLR registered firms providing on/off ramp services to unregistered cryptoasset firms (e.g. non-custodial wallet providers)—which may be making promotions to UK consumers in breach of the financial promotions rules.
The FCA’s statement should be considered not only by regulated/registered firms engaging with unregistered firms, but also by the unregistered firms—this includes unregistered firms operating in the cryptoasset space, who are not eligible to register with the FCA under the MLRs (for example due to the nature, or location, of their business activities) and may be relying on the on/off ramp services or payment services of an authorised/registered UK firm, in order to better understand the requirements of the FCA and the expectations that are being placed on their business partners.
In particular, the FCA discusses:
- the harms to consumers and markets that may arise out of such partnerships;
- common business models where regulated/registered firms partner with unregistered firms, and the risks posed to regulated/registered firms; and
- examples of measures taken by regulated/registered firms to mitigate the relevant risks.
Harms to consumers and markets
The FCA highlights the following harms that may be caused by regulated/registered firms providing services to unregistered firms who appear to be illegally promoting to UK consumers:
- Consumer harm: Consumers may be persuaded to invest in cryptoassets without understanding the relevant risks, based on misleading, unfair and unclear communications, and may suffer loss as a result;
- Financial harm: Such on/off ramp services may be supporting firms that are not in compliance with FCA standards on anti-money laundering or countering terrorist financing (“AML/CTF”). As such, regulated/registered firms may be at risk of facilitating financial crime; and
- Unfair competition and undermining UK competitiveness: Enabling firms which are in breach of UK regulatory requirements to access the UK market undermines the competitiveness of “legitimate” UK firms.
Business models and risks to regulated/registered firms
The FCA’s communication draws out three business models commonly witnessed by the FCA:
- where MLR registered firms offer on/off ramp (i.e. exchange of crypto and fiat) services to unregistered firms (e.g. a non-custodial wallet provider), such as where an API or widget is embedded in the unregistered firm’s website or mobile application, allowing customers to access the on/off ramp services provided by the MLR registered firm);
- where authorised or registered payment services and e-money firms provide payment solutions to, or otherwise partner with, unregistered cryptoasset firms, such as by facilitating the transfer of customer funds to a cryptoasset exchange; and
- where FSMA authorised firms may be providing services to unregistered firms, such as banks providing payment accounts to unregistered firms.
A key risk to regulated/registered firms is that of directly or indirectly benefiting from any illegal financial promotions being made by the unregistered partner firms in breach of section 21 of FSMA—the FCA warns that such benefits may be criminal property (and reminds firms of their obligations under POCA as per the FCA’s warning letter from 21 September 2023). Moreover, maintaining relationships with unregistered firms who are potentially making illegal financial promotions may call into question the probity of the regulated/registered firm.
It is worth noting that the risks highlighted by the FCA are in the context of unregistered cryptoasset firms which are potentially communicating financial promotions in breach of the financial promotions regime—the FCA’s communication does not explicitly discuss circumstances involving unregistered cryptoasset firms which are appraised of the financial promotions regime, and have taken steps to ensure compliance with the relevant restrictions.
Mitigating steps
The FCA observes that cryptoasset firms registered under the MLRs, and payment services and e-money firms authorised or registered under the PSRs/EMRs, have implemented a number of measures to mitigate the aforementioned risks of partnering with unregistered cryptoasset firms, including:
- seeking legal advice to understand the requirements under the financial promotions regime;
- assisting partner firms (i.e. unregistered cryptoasset firms) with their understanding of the financial promotions regime;
- conducting thorough reviews of partner firms’ communications and determining whether such firms are compliant with section 21 of FSMA (rather than relying solely on whether the partner firm is listed on the FCA’s warning list);
- engaging with a section 21 approver which can review, amend and approve the financial promotions of the unregistered firm; and
- implementing control frameworks—for instance, some firms have procedures and remediation tools to promptly detect and address non-compliance in a timely manner. In terms of steps that may be taken in the event a registered/regulated firm identifies that a partner firm is in breach of section 21 of FSMA, the FCA notes the following measures by way of example:
- restricting onboarding of partner firms;
- persuading the partner firm to implement relevant controls such that its communications are not capable of having effect in the UK (e.g. geo-blocking);
- preventing UK consumers from further engaging in cryptoasset investment activities;
- preventing the onboarding of new UK consumers directed to the firm via the partner firm; and
- detecting, assessing and off-boarding non-compliant partner firms.
The FCA further observes that some FSMA authorised firms have chosen to proactively restrict services (e.g. payment services) to unregistered cryptoasset firms which are on the FCA’s warning list.