The Upper Tribunal has recently published its second judgment concerning the application of the Money Laundering Regulations (2017) (MLRs) to a cryptoasset exchange provider (the first being Gidiplus v FCA). The commentary of the Upper Tribunal in these cases sheds light on the factors that the Financial Conduct Authority (FCA) and Upper Tribunal will focus on when deciding whether cryptoasset businesses’ applications for registration under the MLRs should be granted.
In this article we will explore the extended scope of the MLRs to cryptoasset businesses; look at the commentary of the Upper Tribunal in the cases of Vladimir Consulting Limited v FCA and Gidiplus v FCA; and comment on what businesses can do to facilitate successful registration with the FCA.
On 10 January 2020, the MLRs were amended to require cryptoasset exchange providers and other cryptoasset businesses to be registered with the FCA, specifically for AML supervision, before undertaking a relevant cryptoasset business. This is so even if that business was already authorised by the FCA. Initially, the registration deadline was 10 January 2021 but this was extended twice until it ended on 31 March 2022.
A temporary registration regime was introduced in 2021 to allow cryptocurrency businesses to continue trading while they were in the process of applying for registration with the FCA for AML supervision. This allowed businesses that had applied for registration to continue trading as their applications were considered.
Following expiration of the temporary registration regime, all unregistered cryptoasset businesses (except for one which still has temporary registration) that continue to trade in the UK are now doing so in breach of the MLRs and expose themselves to criminal and civil penalties.
The requirement for cryptoasset businesses to register for AML supervision is distinct from the FCA authorisations regime. Registration under the MLRs is neither a licence nor a recommendation or endorsement from the FCA of a business. It remains the case that the FCA does not regulate most cryptoassets (see our recent article for more information).
At the time of writing, 36 cryptoasset businesses have successfully registered with the FCA under the MLRs. Only one firm remains under the temporary registration regime and 248 firms are currently listed on the FCA’s list of unregistered cryptoasset businesses as businesses that appear to be carrying on cryptoasset activity but are not registered with the FCA for AML purposes.
Some businesses have had their applications declined by the FCA. In some cases, where those businesses disagree with the FCA’s decision to refuse their application, they have made a reference to the Upper Tribunal. We explore two cases below which were referred to the Upper Tribunal and analyse the lessons that can be learnt from the Upper Tribunal’s commentary in these cases.
This is only the second FCA decision in relation to a cryptoasset firm to be referred to the Upper Tribunal, the first being Gidiplus v FCA which we will also comment on briefly below.
Vladimir Consulting Limited (VCL) had applied to be registered with the FCA as a cryptoasset exchange provider pursuant to the MLRs. The FCA rejected the application and VCL referred the FCA’s decision to the Upper Tribunal by way of appeal. VCL also applied for a direction from the Upper Tribunal that the effect of the FCA’s decision be suspended pending the determination of the reference to the Upper Tribunal.
The Upper Tribunal’s judgment is not a final decision on the merits of VCL’s application, rather it is a decision by the Upper Tribunal to refuse VCL’s suspension application. Nonetheless, it includes commentary of interest to cryptoasset businesses about applications for registration.
In this case, VCL traded in cryptocurrencies such as bitcoin on peer-to-peer exchanges. An individual (S) was VCL’s sole shareholder, director and employee and was also put forward as the senior manager responsible for VCL's compliance with the MLRs and its nominated officer.
The MLRs require the FCA to refuse to register an applicant as a cryptoasset exchange provider if it is not a fit and proper person to carry on that business or if any officer, manager or beneficial owner of the applicant was not a fit and proper person. In making a determination, the FCA must have regard to certain factors including whether the applicant has consistently failed to comply with the MLRs.
In the case of VCL, the FCA considered that VCL had consistently failed to comply with certain requirements of the MLRs. The FCA also decided that, as S did not have 'adequate skills and experience', he was not 'a fit and proper person to carry on the business of a cryptoasset exchange provider' and that, as the only director and employee of VCL, the company also did not have adequate skills and experience.
Commentary of the Upper Tribunal
A particular issue which was considered by the Upper Tribunal was the disagreement between VCL and the FCA on whether VCL has a business relationship with its customers. The FCA's position was that VCL had at least some business relationships.
VCL's view, however, was that it had none, claiming that each transaction could be treated as an occasional transaction in circumstances where VCL sought to build customer loyalty and had repeat business from individual customers. Having considered the issue, the Upper Tribunal rejected VCL’s argument.
The Upper Tribunal agreed with the FCA that VCL had misapplied the MLRs and considered that this indicated a lack of adequate skills and experience. On that basis, the Upper Tribunal was not satisfied that VCL would carry on its business in a broadly compliant manner if the FCA’s decision notice was suspended. VCL’s application was dismissed.
The judgment touches on a number of other aspects of the MLRs including the extent to which it was acceptable to rely on third parties as part of customer due diligence procedures where no contract was in place with those third parties; and the FCA’s position on ID procedures and PEP screening.
VCL’s reference to the Upper Tribunal on the merits of the FCA’s decision is yet to be heard, although it remains to be seen whether VCL will pursue that in light of the Upper Tribunal’s decision on suspension or whether VCL might withdraw the reference.
The first cryptoasset case before the Upper Tribunal was Gidiplus v FCA.
Gidiplus operated ‘crypto ATMs’ which allow people to feed in bank notes to be converted into bitcoin. Gidiplus, therefore, applied to be registered with the FCA as a cryptoasset exchange provider pursuant to the MLRs.
The FCA refused the application on the basis that it considered Gidiplus had not met the conditions for registration as a cryptoasset business contained in the MLRs. Gidiplus appealed the FCA’s decision to the Upper Tribunal and applied for a direction that the effect of the FCA’s decision be suspended pending determination of the appeal (in the same way that VCL requested a suspension).
Commentary of the Upper Tribunal
The Upper Tribunal decided Gidiplus’s application to suspend the effect of the FCA’s decision in February 2022 and a copy of the judgment can be found here.
The Upper Tribunal considered that Gidiplus has a case to answer about its director having misled banks as to the nature of its business and the risks of money laundering via the business.
The conclusion of the Upper Tribunal was that, in light of serious concerns identified by the FCA and the lack of evidence provided by Gidiplus as to how it would undertake its business in a broadly compliant fashion, it could not be satisfied that allowing Gidiplus to continue to carry on its activities pending determination of the appeal would not prejudice those who are intended to be protected by the FCA’s decision to refuse Gidiplus’ application for registration under the MLRs. Consequently, the Upper Tribunal dismissed Gidiplus’s application to suspend the effect of the FCA’s decision until the appeal is determined.
These cases serve to emphasise that a key obligation of the UK’s AML regime is the requirement to conduct ‘know your customer’ (KYC) and customer due diligence checks. In addition, firms must understand the various further obligations which the MLRs impose on them. These include the requirement to have policies in place to mitigate money laundering and terrorist financing risks; the requirement to conduct enhanced due diligence checks in higher risk situations; and to monitor and keep records of customer transactions.
The FCA has signalled financial crime prevention as the major factor in its assessment of cryptoasset businesses. These cases demonstrate the need for firms to prepare for a thorough assessment of their applications and to factor in the possibility of follow-up questions from the FCA.
The information about the business required by the FCA as part of the application process includes:
The above cases emphasise that the onus is on applicants to disclose all necessary information relevant to their application for registration and that they risk being refused permission to trade within the MLRs as a cryptoasset business, or otherwise, if the FCA deems the business to be non-compliant in other regulated areas.
For many cryptoasset businesses, it will be worth seeking specialist advice before submitting an application for registration to help ensure that its systems and controls are fit for purpose and likely to meet with the FCA’s expectations.
Where an applicant has received a decision from the FCA which refuses their application for registration, the applicant can refer the FCA’s decision to the Upper Tribunal. Alternatively, in light of the Upper Tribunal’s judgments in Vladimir v FCA and Gidiplus v FCA, an applicant might wish to consider seeking specialist advice at that stage to review its procedures and approach instead of making a reference to the Upper Tribunal. A fresh application for registration could then be made after improvements to its systems, controls and procedures have been implemented.
We can help cryptoasset businesses with the process for registration and/or references to the Upper Tribunal. Please get in touch with Charlotte Hill or Lauren Cormack if you wish to discuss your obligations under the MLRs and/or if you are considering applying for registration with the FCA.
 The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017/692.
 Gidiplus Limited v Financial Conduct Authority  UKUT 00043 (TCC)
 The FCA considers such businesses to be amongst the most vulnerable to being used for money laundering and terrorist financing purposes.
+44 (0)20 7457 3107
+44 (0)20 7753 7743