Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Back to all articles & webinars

Regulation of UK Cryptoasset Firms – the Financial Conduct Authority’s Registration System


Regulation of UK Cryptoasset Firms – the Financial Conduct Authority’s Registration System by Andrew Maguire

Please click here to view a PDF version of the article.


The Regulatory Framework

In the UK, the Regulator of investment business is the Financial Conduct Authority (“FCA”).

The primary legislation underlying regulation of financial investment business is:

  • The Financial Services and Markets Act 2000 (“FSMA”); and
  • The Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (SI 2001/544) (“RAO”).

The Bank of England and the Financial Conduct Authority have recently issued warnings in respect of investments into cryptoassets; however, there is no blanket prohibition on their sale. The FCA have plainly set out the risks in January 2021 by stating in the starkest terms:

“The FCA is aware that some firms are offering investments in cryptoassets, or lending or investments linked to cryptoassets, that promise high returns. Investing in cryptoassets, or investments and lending linked to them, generally involves taking very high risks with investors’ money. If consumers invest in these types of product, they should be prepared to lose all their money.” 

The FCA’s concerns are plainly articulated in its Research Note: “Cryptoasset Consumer Research 2021” published on 21 June 2021:

“Overall, public awareness and our estimate for ownership is up to around 2.3 million, up from around 1.9 million in 2020 – and 78% of adults have now heard of cryptocurrencies. 

The level of understanding of cryptocurrencies is declining, suggesting that some crypto users may not fully understand what they are buying. Median holdings have risen (up from £260 to £300) in a strong period of price increases, but the profile of cryptocurrency owners has not changed substantially – the population remains skewed towards men who are over 35 and are from the AB social grade.

However, we find that attitudes have shifted, as cryptocurrencies appear to have become more normalised – fewer crypto users regard them as a gamble (38%, down from 47%) and more see them as an alternative or complement to mainstream investments, with half of crypto users saying they intend to invest more.”

The relevant law is to be found in sections 19, 22, 23 and 26 & 27 of FSMA and part II and III of the RAO, which creates the Regulatory Perimeter – it ring-fences regulated financial services activities, which are undertaken in the course of a business.

Breaches of the General Prohibition, which is found in s.19, which separates regulated and unregulated financial services activities, such as providing advice in relation to a specified investment, result in the commission of a crime with up to 2 years’ imprisonment or an unlimited fine (s.23) or the agreement made by an unauthorised person may be unenforceable (s.26) i.e. voidable by the innocent party.

Agreements made by authorised persons in the course of their authorised business may also be unenforceable if the agreement is entered into as a result of a third party’s unauthorised regulated activities: see s.27 FSMA.

Guidance as to the correct approach was recently provided by the CA in Financial Conduct Authority v Avacade Ltd (In Liquidation) [2021] EWCA Civ 1206;  See also: Adams v Options UK Personal Pensions LLP [2021] EWCA Civ 474.

Investment Activities

Activities that are referred to collectively as “investment activities”, include:

  • arranging deals in investments;
  • advising on investments;
  • dealing in investments as principal or agent;
  • safeguarding and administering investments;
  • managing investments;
  • operating a multilateral trading facility (“MTF”); and
  • establishing, operating or winding up a collective investment scheme (“CIS”).

The FCA’s Policy Statement PS19/22 sets out where tokens are likely to be:

  • specified investments under the Regulated Activities Order;
  • e-money under the E-Money Regulations;
  • captured under the Payment Services Regulations;
  • outside of regulation.

Who this applies to:

  • firms issuing or creating cryptoassets;
  • firms marketing cryptoasset products and services;
  • firms buying or selling cryptoassets;
  • firms holding or storing cryptoassets;
  • financial advisers;
  • professional advisers;
  • investment managers;
  • recognised investment exchanges;
  • consumers and consumer organisations.

Prohibition on Cryptocurrency Derivatives

The FCA had previously issued a statement on Cryptocurrency Derivatives, which stated that firms offering cryptocurrency derivatives were required to be authorised:

Cryptocurrency derivatives are, however, capable of being financial instruments under the Markets in Financial Instruments Directive II (MIFID II), although we do not consider cryptocurrencies to be currencies or commodities for regulatory purposes under MiFID II. Firms conducting regulated activities in cryptocurrency derivatives must, therefore, comply with all applicable rules in the FCA’s Handbook and any relevant provisions in directly applicable European Union regulations.

It is likely that dealing in, arranging transactions in, advising on or providing other services that amount to regulated activities in relation to derivatives that reference either cryptocurrencies or tokens issued through an initial coin offering (ICO), will require authorisation by the FCA. This includes:

  • cryptocurrency futures– a derivative contract in which each party agrees to exchange cryptocurrency at a future date and at a price agreed by both parties
  • cryptocurrency contracts for differences (CFDs)– a cash-settled derivative contract in which the parties to the contract seek to secure a profit or avoid a loss by agreeing to exchange the difference in price between the value of the cryptocurrency CFD contract at its outset and at its termination
  • cryptocurrency options – a contract which grants the beneficiary the right to acquire or dispose of cryptocurrencies

Thereafter, the FCA prohibited the sale of crypto derivatives to retail customers with effect from 6 January 2021: see FCA Policy Statement 20/10. Its conclusion is illuminating:

“We remain of the view that the price of cryptoassets is determined by sentiment and speculative behaviour. As a result, future valuations are highly subjective.”

FCA’s concerns as to the level of risk

In January 2021, the FCA issued a warning to retail investors of the risks associated with other cryptoasset-related investments, stating that those who choose to invest should be prepared to lose the full amount of their investment.

Furthermore, the FCA issued a consumer warning and a Supervisory Notice in June 2021 about Binance Markets Ltd, a cryptoasset exchange, reminding consumers that Binance is not permitted to undertake any regulated activities in the UK and warning consumers more generally about online and social media adverts promising high returns on investments in cryptoassets or cryptoasset-related products.

In the 12 months up to 30 June 2020, the FCA launched 52 enquiries into unauthorised cryptoasset businesses (slightly down from the same period in the preceding year (59), but dramatically up from the sum total of 2 during the two-year period 1 July 2015 to 30 June 2017): details supplied by the FCA pursuant to a FOI Request, dated 4 November 2020.

Importantly, For cryptoasset-related investments, consumers are unlikely to have access to the Financial Ombudsman Service (“FOS”) or the Financial Services Compensation Scheme (“FSCS”), if something goes wrong.


As from 10 January 2021, Cryptoasset Exchange Providers (“CEP’s”) and Custodian Wallet Providers (“CWP’s”) operating within the United Kingdom have been required to register with, and be supervised for, (i) anti-money laundering (“AML”) and (ii) counter terrorist financing (“CTF”) purposes by the Financial Conduct Authority (“FCA”).

For cryptoasset firms, which do not carry on any advisory, investment, payment services, e-money or any other UK regulated business, this restricted regime is the sole means currently available to the FCA as the financial services regulators in this budding sector.

In order to allow firms to continue trading while their applications are being assessed, the FCA introduced a Temporary Registration Regime (“TRR”) for existing cryptoasset businesses. The TRR expires on 31 March 2022.

The FCA have declared that many temporarily registered crypto firms submitted deficient applications and it had asked some firms to withdraw their applications. The FCA has also publicly named and shamed crypto firms that have failed to register under the MLR.

What type of crypto business is registrable?

The FCA have repeatedly warned that carrying out a registrable crypto business in the UK without MLR registration can constitute a criminal offence. The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLRs”), which were updated in 2019 to capture crypto exchanges and custodian wallet providers, apply to firms that:

  • exchange (or arrange for the exchange of) cryptoassets for fiat currency and/or other cryptoassets;
  • operate a machine which utilises automated processes to exchange cryptoassets for money or money for cryptoassets; and/or
  • safeguard cryptoassets or private cryptographic keys on behalf of customers.

The definition of ‘cryptoassets’ used in the MLRs is intentionally broad and will likely capture most kinds of tokens based on distributed ledger technology (“DLT”), such as, stablecoins, security tokens, utility tokens and other types of cryptoassets.

Territorial scope

The UK MLR registration requirement is territorially limited. It only applies to a firm that is regarded, under English law, as ‘carrying on business in the UK’. This can be a notoriously difficult issue to determine conclusively: factors such as (i) whether day-to-day management takes place in the UK or whether the activity is carried on from an establishment in the UK, (ii) the determination of where a firm operates on a decentralised basis with staff or has a corporate presence across different countries, through branches, subsidiaries or staff working remotely; (iii) whether firms have outsourced various activities to other group companies or third parties, whether based in the UK or not?

Fit & proper assessments

In line with the standard FCA requirements for firms and individuals who are subject to the FCA licensing regime, crypto firms are also subject to fit and proper requirements under the MLRs.  Various key individuals must also be assessed (by the FCA) as fit and proper for the role, including officers, managers and beneficial owners (i.e. those who own or control more than 25% of the shares or voting rights) in the business. These individuals will need to pass the “fit and proper person” test before the business can be fully registered or remain registered. Applications must disclose any issues as to why the business or person may not be fit and proper; the FCA treats non-disclosure very seriously.

Effect of breaches of the FCA rules and regulations

As well as criminal liability arising, the civil law remedy that is usually sought is that of unenforceability of the contract on the grounds of the regulatory breaches.

An agreement made by an unauthorised person carrying on a regulated activity in breach of the general prohibition is unenforceable against the other contracting party: see s.26 FSMA 2000. Agreements made by authorised persons in the course of their authorised business may also be unenforceable if the agreement is entered into as a result of a third party’s unauthorised regulated activities: see s.27 FSMA 2000.

An unenforceable agreement is voidable by the innocent party who has the right to recover any money or other property transferred by them under the agreement and to be compensated for any resulting loss suffered by them.

Where the innocent party elects not to perform the agreement or recovers money paid or other property transferred under the agreement, they must also repay money and return property received under the agreement.

A court has the power, pursuant to s.28(3) FSMA 2000, to uphold an otherwise unenforceable agreement or order money and property paid or transferred to be retained where it is just and equitable to do so: see Helden v Strathmore Ltd [2011] EWCA Civ 542.

New Digital Dispute Resolution Rules for Cryptoasset Disputes

On 22 April 2021, the UK Jurisdiction Taskforce (“UKJT”) chaired by the Master of the Rolls, Sir Geoffrey Vos Q.C., published new Digital Dispute Resolution Rules (“DDR Rules”) designed to be incorporated into blockchain digital relationships and smart contracts.

  • Disputes arising from the use of blockchain and cryptoassets will be resolved principally by arbitration subject to the English Arbitration Act 1996.
  • The stated purpose of the DDR Rules is to:

facilitate the rapid and cost-effective resolution of commercial disputes, particularly those involving novel digital technology such as cryptoassets, cryptocurrency, smart contracts, distributed ledger technology, and fintech applications.

The Rules

  • The DDR Rules specify the means of their incorporation such that they may be incorporated into a contract, digital asset or digital asset system by including the following text, which may be included in electronic or encoded form:
  • Any dispute shall be resolved in accordance with UKJT Digital Dispute Resolution Rules
  • If adopted, the DDR Rules themselves can be modified by the parties; thus, it is possible for the parties to specify expert determination of any issue or dispute instead of arbitration. In particular, provision can be made for individual preferences as to the procedure to be adopted for the resolution of a dispute, including as to form and timing of any decision or arbitral award, recoverable costs and anonymity.
  • The Society for Computers and Law is the appointment body for the arbitral tribunal under the Rules. Once appointed, the tribunal has discretion as to the form in which parties submit evidence and argument.
  • Crucially, the DDR Rules provide that no party shall have the right to an oral hearing, and the tribunal may, if it considers it appropriate, determine the dispute on the basis of written submissions only.
  • The DDR Rules provide for the tribunal to have the power at any time to operate, modify, sign or cancel any digital asset relevant to the dispute using any digital signature, cryptographic key, password or other digital access or control mechanism available to it. In so providing, the tribunal also have the power to direct any “interested party” to do any of those things.
  • Notably, the DDR Rules define an “interested party” broadly, in relation to a digital asset, as a person who has digitally signed that asset or who claims to own or control it through possession or knowledge of a digital key.



Related Members
Andrew Maguire
Shortlist Updated