5MLD for crypto assets – The scope of UK gold-plating
New regulation 14A of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
30 January 2020
From 10 January 2020 the rules implementing the Fifth Money Laundering Directive (5MLD) have come into force in the UK. This includes registration requirements for firms carrying on certain activities in relation to cryptoassets. We have already discussed in "Crypto exchange providers and 'custodian wallet providers' become subject to the UK money laundering laws" (See related items) what the implications of the registration requirements are. However, on 23 January 2020 HM Treasury published its consultation response giving some guidance on what these new activities are meant to cover. In this post, we focus on the scope of the new cryptoassets-related activities and the uncertainties that remain.
The new cryptoassets-related activities are set out in a new regulation 14A of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692) (MLR 2017) and include:
Additionally, the new regulation introduces a new definition of 'cryptoasset'.
While the creation of these new activities and concepts is primarily aimed at implementing 5MLD, as expected from the Consultation, the UK has expanded the scope of the cryptoassets regime to implement the Financial Action Task Force (FATF) standards on Virtual Asset Service Providers (VASPs) (see paragraphs 2.12 to 2.15 of the Response).
Cryptoasset or virtual currency?
5MLD focuses on virtual currencies. The definition of virtual currency has three elements: a virtual currency is:
(i) a digital representation of value that is not issued or guaranteed by a central bank or a public authority and which is not necessarily attached to a legally established currency and does not possess a legal status of currency or money; (ii) that is accepted as a means of exchange, and (iii) which can be transferred, stored and traded electronically. Although still very broad, the second element of the test is arguably what limits the scope of the definition to currencies, this is because in order to qualify as a virtual currency a virtual asset must be accepted as a means of exchange.
Contrast this from the definition of cryptoassets which also has three elements: the asset:
(i) is a cryptographically secured digital representation of value or contractual rights; (ii) that uses a form of distributed ledger technology (DLT) and (iii) can be transferred, stored or traded electronically.
This definition appears to be much broader, and consequently it is difficult to envisage tokens or assets on a DLT blockchain that would not meet this definition. The wide definition resonates with the policy intention set out in both the Consultation and the Response of including within the new regime exchange, security and utility tokens. However, a token or other asset that operates on blockchain without a distributed ledger would not fall within the definition of cryptoassets. Arguably, this would exclude centralised ledger blockchain tokens and any new, non-DLT-centric technologies.
Who is considered a Cryptoasset Exchange Provider?
Under new regulation 14A(1) MLR 2017 "Cryptoasset Exchange Provider" means "a firm or sole practitioner who by way of business provides one or more of the following services, including where the firm or sole practitioner does so as creator or issuer of any of the cryptoassets involved, when providing such services:
- exchanging, or arranging or making arrangements with a view to the exchange of, cryptoassets for money or money for cryptoassets,
- exchanging, or arranging or making arrangements with a view to the exchange of, one cryptoasset for another, or
- operating a machine which utilises automated processes to exchange cryptoassets for money or money for cryptoassets".
Subparagraph (c) of the regulation is in line with the Consultation to bring within the scope of the regime cryptoasset ATMs. In this respect the Response at paragraph 2.18 confirms that there is no value threshold for conducting CDD checks on customers who use cryptoassets. It was generally anticipated that this activity would be created.
Conversely, the language of "arranging" and "making arrangements with a view to the exchange of" cryptoassets in subparagraphs (a) and (b) of the new regulation is more interesting. The Response at paragraph 2.20 suggests that the intention of this language is to bring within the scope of the regime firms facilitating peer-to-peer exchange services or that are completing, matching or authorising a transaction between two people.
However, the wording arguably creates a much broader regime. "Arranging" and "making arrangements with a view" is also language used in Article 25(2) of the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001. In this context, the FCA takes the view that "making arrangements with a view to transactions in investments" has a very wide scope and is not limited to arrangements that are participated in by investors. It appears from the FCA's guidance that a person may come within the scope of the arranging activity by taking any steps to issue investments. This would include entities that facilitate or assist in the issuance. Additionally, persons may be carrying on this regulated activity even if they are only providing part of the facilities for bringing about a transaction (see PERG 2.7.7BG and PERG 2.7.7BAG). The effect of this is that providers will be required to carefully assess their activities to determine whether they fall within the scope of this activity.
Who is a Custodian Wallet Provider?
Under the new Regulation "Custodian Wallet Provider" is defined as "a firm or sole practitioner who by way of business provides services to safeguard, or to safeguard and administer:
- cryptoassets on behalf of its customers, or
- private cryptographic keys on behalf of its customers in order to hold, store and transfer cryptoassets, when providing such services".
We understand that as technology stands, DLT tokens or assets are part of the blockchain in the sense that the amount of assets or tokens that correspond to a particular blockchain user identifier (account) is stored as 'data' on the blockchain. In this context, there are varying uses for the term 'wallet' but generally speaking it is used to mean the medium (whether physical or electronic) that stores the necessary keypairs to sign for/authenticate transactions on the blockchain.
As such, a service provider offering to store a user's private cryptographic keys is generally regarded as the wallet provider. This is consistent with the wording in subparagraph (b) of the definition of Custodian Wallet Provider in the new regulation. It is also in line with the position under 5MLD which envisages custodians of private cryptographic keys falling within the regime.
An outstanding question is what is covered under subparagraph (a) of the new regulation, i.e. when would a service provider "safeguard" (or "safeguard and administer") cryptoassets for its customers. We note that paragraph 2.38 of the Consultation considers bringing within the scope of the new regulations "the publication of open-source software (which includes, but is not limited to, non-custodian wallet software and other types of cryptoassets-related software)". However, with the publication of the Response it is clear that publishers of open-source software and, by extension, non-Custodian Wallet Providers do not fall within the scope of the MLRs (see paragraph 2.22).
Hence, it remains unclear what activity was intended to be covered by subparagraph (a) of the new regulation. This is particularly so in light of the fact that as we understand the operation of DLT blockchains and the way cryptoassets operate, it is currently not possible to hold cryptoassets for another person without holding the private cryptographic key.
Something to look forward to?
It is possible that regulators will shed some light into when a service provider would be deemed to "safeguard" (or "safeguard and administer") cryptoassets for its customers. At paragraph 2.25 of the Response HM Treasury states that the Joint-Money Laundering Steering Group (JMLSG) has developed guidance for the cryptoasset sector to support market participants in complying with the MLR 2017. When published, this guidance will be aimed at providing examples and clear interpretation of how the MLR 2017 should be implemented in practice in order to effectively combat money laundering and terrorist financing.