All You Need to Know About UK Crypto Regulations – 2023 Guide 

UK crypto companies have to follow a substantial number of regulations to stay compliant and avoid penalties. At the same time, the UK government is working towards making these regulations clearer. For example, on February 1, 2023, the UK HM Treasury released a consultation on the Future Financial Services Regime for Crypto Assets following the collapse of FTX, in a bid to improve the regulatory framework and sector engagement. 

In general, the UK is seeking to move towards a more regulated crypto industry within the next 12 months. To keep you up to date, we at Sumsub prepared this guide explaining UK regulations and how to follow them. 

Highlights

1. Who is the regulator?
2. What are the regulations?
3. Who is affected?
4. Who needs to register with the FCA
5. How to register with the FCA
6. AML requirements
7. Travel Rule
8. The future of crypto regulation in the UK
9. FAQ

Who is the regulator?

The Financial Conduct Authority (FCA) is the main financial regulator in the UK. It regulates crypto asset providers to ensure that they implement effective Anti-Money Laundering and Countering Terrorism Financing (AML/CFT) policies and procedures.

The FCA maintains a register of crypto asset providers that fall under UK money laundering regulations (MLR 2017 with amendments) and issues guidelines. When it comes to assets, security tokens are the only ones regulated by the FCA.

Other UK institutions that regulate crypto include:

• HM Treasury
• The Bank of England

What are the main regulations?

Crypto companies in the UK have comply with the following to meet AML/CFT requirements:

• The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, or simply MLR, which is the main regulation that outlines all the AML requirements and registration requirements. It has been amended several times since its original publication to implement the EU’s AMLD5 in 2019 and the Travel Rule in 2022.

Depending on the nature and type of assets a crypto firm deals with, the following laws and regulations can also apply:

• The Financial Services and Markets Act 2000 (“FSMA”) and the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (“RAO”)
• Electronic Money Regulations 2011 (“EMRs”) or the Payment Services Regulations 2017 (“PSRs”)

Who is affected?

Affected companies can be separated into two types, according to the MLR 2017 and its amendments. The first are “crypto asset service providers,” which include companies that conduct either of the following: 

• “Exchanging, or arranging or making arrangements with a view to the exchange of, crypto assets for money or money for crypto assets,
• Exchanging, or arranging or making arrangements with a view to the exchange of, one crypto asset for another, or
• Operating a machine which utilizes automated processes to exchange crypto assets for money or money for crypto assets.”

The second are “custodian wallet providers,” which provide services to safeguard and/or administer crypto assets—or private cryptographic keys for holding, storing, or transferring crypto assets—on behalf of customers. 

Who needs to register with the FCA? 

Companies that deal with security tokens must register with the FCA because they are considered “regulated tokens”. Meanwhile, companies that deal with exchange and utility tokens do not have to register. 

How to register with the FCA

Before registering with the FCA, companies should answer the following questions: 

• Does the company advertise or act in a way that suggests it’s providing crypto asset services by way of business? 
• Does the company receive direct or indirect benefit from this service?
• How significant is the activity to the business’ other activities (crypto asset activities may be only part of the business)?
• Does the frequency of the activity suggest that it is being carried on as a business?
• Does the company have a registered or head office in the UK* and does the company carry on day-to-day management of these activities from this office, irrespective of where, geographically, the crypto asset activity is conducted?
• Does the company operate one or more ATMs in the UK?
• Does the company have any UK presence that is engaged in or facilitates crypto asset activities?

*If there is no UK office or other activity in the UK, beyond having a client in the UK, the FCA is likely to consider that the company is not conducting UK business.

If a company answers positively to some of these questions, then registration with the FCA is likely to be required. 

The full requirements for registration can be found on the FCA website. 

AML requirements

Companies should take AML requirements very seriously, as failure to comply may lead to severe penalties. 

To stay compliant with the AML requirements introduced in the MLRs in 2017, companies have to implement a clear set of procedures. This includes at least the following:

• Appointing a Money Laundering Reporting Officer (MLRO)
• Staff training
• Risk assessment
• Conducting Customer Due Diligence (CDD), Simplified Due Diligence (SDD) and Enhanced Due Diligence (EDD) 
• Screening for persons on sanction lists, Politically Exposed Persons (PEPs) lists
• Transaction monitoring
• Ongoing monitoring of customer behavior and transactions
• Recordkeeping for at least five years from the date of the end of a business relationship or final transaction
• Reporting suspicious activity to the National Crime Agency

At the onboarding stage (KYC), at least the following information should be collected from users for verification:

• Full name
• Birth date
• Address

As a rule, such data is collected from government-issued documents. Proof of address documents can include current bank statements or credit/debit card statements issued by a regulated financial sector firm in the UK, in addition to utility bills. 

Travel Rule

The UK recently has adopted the Travel Rule requirement to its regulation of crypto asset service providers. The Travel Rule requires crypto companies to obtain information from the sender and receiver of crypto assets and share it with counterparty crypto asset service providers. The requirement comes into force on September 1, 2023.

Suggested read: What is the FATF Travel Rule? The Ultimate Guide to Compliance (2023)

The future of crypto regulations in the UK

For the last several years, the UK has been working towards a more regulated crypto industry. The country’s latest plans were announced in February 2023, including:

• Strengthening rules for crypto trading platforms
• Creating a world-first regime for crypto lending
• Implementing new rules to protect customers from market manipulation (e.g., pump and dump schemes)

According to the “Future Financial Services Regime for Crypto Assets” Consultation document, the UK plans to widen the scope of regulated crypto activities, including activities with stablecoins. This includes: 

• Issuance 
• Payment 
• Exchange 
• Investment and risk management 
• Lending, borrowing, and leverage 
• Safeguarding and/or administration 
• Validation and governance 

The proposed regulatory regimes will be divided into phases. To learn more, you can read pages 27-28 here. 

The “Future Financial Services Regime for Crypto Assets” also specifies a primary aim to expand “specified investment”.

Moreover, the HM Treasury now proposes to monitor crypto asset activities in the United Kingdom. This would monitor activities provided by UK firms to persons based in the UK or overseas (natural and legal), as well as those provided by overseas firms to UK persons (natural or legal). 

FAQ

• Is cryptocurrency legal in the UK?

  Cryptocurrency is legal in the UK, but it is not legal tender. Anyone can buy crypto assets from crypto asset providers and store them in digital wallets.

• Is cryptocurrency regulated in the UK?

  Yes, it is regulated. In accordance with the MLR, some companies working with crypto assets must register with the FCA and comply with AML requirements.

• What is the new UK crypto regulation?

  The UK is currently working to introduce more comprehensive crypto regulations. This includes:

  • Introducing robust regulation of crypto asset activities
  • Strengthening rules for crypto trading platforms
  • Creating a world-first regime for crypto lending
  • Implementing new rules to protect customers from market manipulation (e.g., pump and dump schemes)
  • Providing a comprehensive regulatory framework for stablecoins
  • Widening the list of regulated activities

• How to use identity verification in business

  Identity verification is necessary for businesses to comply with regulations. At the same time, businesses can lose customers during the onboarding process, if applicants are overwhelmed by the number of documents they have to submit. That’s why it’s essential to build a user journey that spreads out the verification process across multiple stages and doesn’t request everything at once.