On the 11th June 2018, the Financial Conduct Authority (FCA) published a ‘Dear CEO’ letter on crypto assets and financial crime. The letter provides good practice for how banks should handle the financial crime risks posed by crypto assets.
“Cryptocurrencies (or Crypto assets) combine new payments systems with new currencies that are not issued by a central bank. Examples of privately issued digital currencies include Bitcoin, LiteCoin, Ether (Ethereum) and Ripple” (Bank of England)
There are multiple legitimate reasons for using crypto assets such as high-risk speculative investments or funding innovative technological development. However, the nature of crypto assets allows customers to become anonymous and move funds overseas. There is a risk of crypto assets being abused by customers for criminal purposes.
The FCA promotes a message that firms should take a reasonable and proportionate measures to mitigate the financial crime risk.
The FCA explained that it might be necessary to enhance scrutiny on customers and their activities where banking services are offered to customers who obtain revenue from crypto-related activities. The FCA highlighted three areas where firms may offer services:
1. Crypto asset exchanges
Where services are provided to convert fiat currency and crypto assets. Firms need to be aware of the customer’s source of wealth or funds when holding or trading crypto assets. For example, customer due diligence on the source of funds from customers who make large transactions with crypto asset exchanges.
2. Trading activities
Firms should understand the source of wealth derived from the crypto asset. Crypto assets are challenging in comparison to other sources of wealth because the evidence trail behind the transactions may be weaker. The FCA explains that this would not justify a different evidential test on the source of wealth and the FCA expects firms to take particular care in these cases. Another key risk is state-sponsored crypto assets designed to evade internal financial sanctions would be considered a high-risk indicator.
3. Initial Coin Offering (ICO)
Firms that wish to advise or deal with ICOs. The FCA explained that retail customers who contribute large sums to ICOs are at a higher risk of investment fraud. In 2012 the Financial Services Authority (FSA) reviewed how banks handled the risk of investment fraud, which relates to ICOs and points firms to review the findings for a discussion of good and poor practice.
Considerations for firms
The FCA provides some appropriate steps and considerations for firms to mitigate the risk of financial crime and crypto assets.
- Training - Developing staff knowledge and expertise on crypto assets to help them identify the clients or activities which pose a high risk of financial crime.
- Financial crime framework – Ensure that systems and controls reflect crypto-related activities and are adaptable to constant change.
- Risk assessment - Understand your customers and the nature of their business to assess the risks adequately.
- Customer Due Diligence – Ensure that a risk-based approach of customer due diligence is carried out on the client that includes any adverse intelligence and any use of crypto exchange activities.
The FCA highlights that a risk-based approach does not mean banks should apply a single approach to customers involved in crypto assets. The FCA expects banks to recognise the varying risk associated with different business relationships and manage those risks appropriately.