Welcome to Part 2 of our series. Having explored the regulatory foundations in our first article, we now turn to the nuts and bolts of achieving FCA compliance. We’ll look at the practical requirements for AML registration under the MLRs, how to align your operations with FCA expectations, and what we can learn from firms that’ve already succeeded.

1. FCA Registration Requirements Under the MLRs

1. Who Needs to Register?
   
   • Firms offering crypto exchange services (fiat-to-crypto or crypto-to-crypto).
   • Businesses providing custodian wallet services or holding private keys on behalf of clients.
   • Any entity facilitating or arranging crypto transactions for UK consumers.
2. AML/CTF Obligations:
   
   • Conduct customer due diligence (KYC) and ongoing transaction monitoring.
   • Implement robust systems to detect and report suspicious activities (e.g. blockchain analytics tools, enhanced verification for high-risk customers).
   • Maintain up-to-date policies on data retention, staff training, and record-keeping.
3. The Registration Process:
   
   • Submit a detailed application covering your business model, governance framework, and risk assessment.
   • Clearly identify money laundering risks and show how you’ll mitigate them.
   • Expect the FCA to scrutinise key personnel, especially the appointed Money Laundering Reporting Officer (MLRO).

2. Consumer Protection and Conduct Expectations

• Financial Promotions Rules:
  Since late 2023, all crypto adverts directed at UK consumers must include mandated risk warnings, refrain from misleading statements, and in some cases offer a cooling-off period.
• Treating Customers Fairly (TCF):
  While crypto activities might not be fully regulated for consumer protection, the FCA expects firms to act ethically—disclosing risks clearly and handling customer issues responsibly.
• Operational Resilience:
  Frequent hacks and cyber threats mean you should demonstrate rigorous IT security and business continuity planning. The FCA may look closely at your operational setup to ensure you won’t jeopardise client assets.

3. Best Practices and Common Pitfalls

1. Compliance-First Culture:
   
   • Integrate compliance into all departments, rather than treating it as a last-minute requirement.
   • Hire or train staff specifically for AML and regulatory oversight.
2. Robust Governance:
   
   • Outline clear responsibilities: the board, senior managers, and the MLRO should have well-defined roles.
   • Document internal controls and perform regular audits or self-assessments.
3. Detailed Record-Keeping:
   
   • Keep thorough logs of transaction monitoring, KYC checks, and policy changes.
   • Be prepared to present evidence of compliance if the FCA requests it.
4. Pitfall to Avoid — Generic Risk Assessments:
   
   • Many failed applicants provided only boilerplate documents without addressing their unique exposure to financial crime. Tailor everything to your specific business model.

4. Success Stories: FCA-Registered Crypto Firms

• Zumo Financial Services:
  Gained FCA registration by demonstrating a “compliance-first” approach as a non-custodial wallet provider. Detailed AML controls and transparent governance led to regulatory approval.
• Revolut:
  Despite being a “fintech unicorn,” Revolut’s crypto authorisation took months under FCA scrutiny. They persevered by expanding their compliance team and strengthening their AML systems.
• Coinbase UK:
  Operates as an FCA-registered e-money institution and cryptoasset business. Their willingness to engage transparently with the regulator—providing comprehensive risk documentation and cooperating on audits—was key to success.

Conclusion

Compliance is both essential and achievable for UK crypto firms with the right mix of robust controls, honest risk assessments, and strong governance. In the final part of our series, we’ll explore upcoming regulatory changes—such as stablecoin legislation and the broader expansion of the UK’s crypto regulatory perimeter—and how you can stay ahead.

MEMA’s Tip: Struggling to craft your AML policies, or not sure how best to structure your compliance team? MEMA can guide you step by step, from initial risk assessments through to final FCA submissions.

‍