On March 30th, 2022, the Directions issued by the UK Financial Conduct Authority (FCA) will come into force, clarifying the crime reporting obligations for cryptoasset businesses. According to the Directions, cryptoasset businesses will be required to submit their first Annual Financial Crime Report within 60 business days of their account referencing date.
Who is affected?
After the FCA extended Annual Financial Crime reporting obligations in March 2021, the number of businesses needing to report has increased to approximately 7,000. The affected companies include, among others:
- cryptoasset exchange providers;
- custodian wallet providers.
These types of businesses are now obliged to provide annual reports regardless of their total annual revenue. The report should be provided with 60 business days after March 30th, 2022.
What is the Annual Financial Crime reporting obligation?
The FCA introduced the Annual Financial Crime reporting obligation (REP-CRIM) in 2016 to collect information on potential financial crime risks faced by firms. The reporting obligations for cryptoasset businesses are set out in the FCA’s Handbook.
The REP-CRIM provides key information to help the FCA assess the nature of financial crime risks, including:
- exposure to politically exposed persons (PEPs);
- sanction screening controls;
- jurisdictional risks;
- suspicious activity reports;
- resources to fight financial crime and an insight into fraud risks.
What should be reported?
The FCA has published special Directions setting out the REP-CRIM return requirements for cryptoasset businesses, which consist of exchange providers and custodian wallet providers.
The Directions contain a form that cryptoasset businesses must fill out when submitting the return. The form requires information on the following: 1) operating jurisdictions, 2) customer information, and 3) compliance information.
Operation jurisdictions include jurisdictions within which the company operates at the end of the reporting period, as well as those jurisdictions considered ‘high-risk’ in which the company operates.
Customer information includes but is not limited to:
- the total number of relationships with politically exposed persons and other high-risk customers;
- the number of customer relationships in particular geographical areas;
- the number of customer relationships refused for financial crime reasons during the reporting period.
Compliance information includes:
- the number of Suspicious Activity Reports (SARs) submitted internally to the Money Laundering Reporting Officer (MLRO) and disclosed to the National Crime Agency (NCA) ;
- the number of investigative court orders received;
- the number of relationships which have been terminated for financial crime reasons;
- the total full-time equivalent of UK staff with financial crime roles.
Companies can also fill in “sanction-specific information” and “fraud” but are not required to do so. They are also not required to fill in information regarding non-EEA correspondent banks in the Customer Information section of the form.
Sanctions-specific information includes:
- information about the automated system(s) the company uses to conduct screening across relevant sanctions lists;
- information about actual sanction matches detected during the reporting period;
- information about repeat customer sanctions screening.
Companies can also express their opinions regarding the three most prevalent frauds—indicating fraud typology, suspected perpetrators and primarily victims—and whether they increased, decreased or remained the same.
The Directions also clarify that a single REP-CRIM return may be submitted for a group of companies. However, companies should note that this option is only available when each company within the group is subject to the same requirements.
The REP-CRIM return must be submitted using appropriate online systems accessible from the FCA’s website, such as RegData.
There’s not much time left until March 30, 2022, when all cryptoasset businesses operating in the UK will need to be ready to provide all the required information.