Crypto-crime: The new risks of financial crime in the time of cryptoassets

The UK Financial Conduct Authority (the FCA) has turned its attention to the prospective criminal dangers of cryptoassets in a letter addressed to the CEOs of the banking industry. This letter follows the FCA’s response to a freedom of information request in May that revealed the financial regulator is investigating 24 businesses that deal with cryptoassets.

There’s risk, and then there’s risk

It is not news that cryptoassets are high-risk investments, but in the FCA’s latest ‘Dear CEO’ letter, the financial regulator has emphasised that cryptoassets are high-risk in a different sense.

Noting that cryptoassets can be abused because they offer potential anonymity and the ability to move money between countries, the FCA’s letter says that firms should take ‘reasonable and proportionate measures’ to lessen the risk of facilitating financial crimes which are enabled by cryptoassets.

Enhancing scrutiny of crypto-clients

Firms that offer certain banking services may need to enhance scrutiny of clients that derive significant business activities or revenues from crypto-related activities. The FCA's letter mentions possible services which may require such enhanced scrutiny include:

• where a firm offers services to cryptoasset exchanges which effect conversions between fiat currency and cryptoassets and/or between different cryptoassets;

• trading activities where the clients’ or counterparties’ source of wealth arises or is derived from cryptoassets; and

• where a firm wishes to arrange, advise on, or take part in an ‘initial coin offering’ (ICO).

The FCA says that banks are expected to recognise that the risk associated with different business relationships in a single broad category  an vary, and to manage those risks appropriately, but hat appropriate steps or actions to consider may include:

• developing staff knowledge and expertise on cryptoassets to help them identify the clients or activities which pose a high risk of financial crime;

• ensuring that existing financial crime frameworks adequately reflect the crypto-related activities which the firm is involved in, and that they are capable of keeping pace with fast-moving developments;

• engaging with clients to understand the nature of their businesses and the risks they pose;

• carrying out due diligence on key individuals in the client business including consideration of any adverse intelligence;

• in relation to clients offering forms of crypto-exchange services, assessing the adequacy of those clients’ own due diligence arrangements; and

• for clients which are involved in ICOs, considering the issuance’s investor-base, organisers, the functionality of tokens (including intended use) and the jurisdiction.

Specific crypto-risks

The FCA’s letter says that firms should ‘assess the risks posed by a customer whose wealth or funds derive from the sale of cryptoassets, or other cryptoasset-related activities, using the same criteria that would be applied to other sources of wealth or funds’. However, the letter goes on to say that one way in which cryptoassets differ is that the evidence trail behind transactions may be weaker, but that this ‘does not justify applying a different evidential test on the source of wealth’ and the FCA expects firms to exercise particular care in these cases.

The letter also states that the use of a ‘state-sponsored cryptoasset’ which is designed to evade international financial sanctions by a client is viewed as a high-risk indicator by the FCA. Although the letter does not provide an example, it is likely that one such cryptoasset is the Venezuelan petro (the first state-sponsored cryptoasset) which the Venezuelan government has described as a means to circumvent US sanctions. Use of the petro by Americans has already been banned in the US by an executive order.

The letter also emphasises that retail consumers contributing large sums to ICOs may be at a heightened risk of investment fraud. The Financial Services Authority (the FSA) has previously reviewed how banks have handled the risk of investment fraud which included this context.

Further reading

The Hong Kong Securities and Futures Commission (the SFC) also issued a statement earlier this year on regulatory concerns relating to cryptocurrencies and ICOs. Please click here to read our post on the SFC’s statement.

Additionally, for a high-level overview of how the cryptocurrency sector interacts with anti-money laundering and counter terrorist financing regimes, and the relevant risk considerations for regulated financial institutions, please click here.