At present, most cryptoassets are not regulated by the Financial Conduct Authority (FCA) - the UK’s main financial regulatory body - as they do not fall under the definition of a ‘specified investment’ in the Financial Services and Markets Act 2000 (FSMA). Security tokens, which have specific characteristics that provide certain rights and obligations akin to specified investments, are the only regulated cryptoasset.
The latest amendments to the Financial Services and Markets Bill, if passed, may yet bring all forms of cryptoassets within the full regulatory landscape. The UK government is keen on increasing regulation to provide stability and consumer confidence, as part of their ambition to make the UK a global cryptoasset technology hub.
However, since 10 January 2020, UK cryptoasset businesses are required to register with the FCA for the purposes of anti-money laundering and counter-terrorist financing supervision, under the UK Money Laundering Regulations (MLRs). Although firms do not need to be fully authorised by the FCA, registration means they must comply with anti-money laundering (AML) regulations. The FCA have published a flow chart to help firms decide whether they are required to register.
The FCA’s Change in Control Regime (Part 12 of FSMA) requires individuals or companies that want to acquire or increase control (direct or indirect) in a firm regulated by the FCA to seek prior approval from the FCA. It is a criminal offence to proceed with acquiring or increasing control before receiving approval.
As of 11 August 2022, the MLRs were updated to extend this regime to FCA-registered cryptoasset exchange providers and/or custodian wallet providers, or their parent undertakings. Whilst cryptoassets remain outside of the full FSMA regulation, elements of the Change in Control Regime have been brought within the scope of the MLRs. Other changes will increase compliance requirements and regulatory due diligence for would-be acquirers (ie controllers). These changes were introduced because of government concerns that non FCA-registered firms can access the UK cryptoasset market by acquiring already-registered businesses, thereby bypassing the MLRs.
Under the MLRs, ‘control’ means any person who acquires 25% or more of the shares in, or otherwise controls the business of, an FCA-registered cryptoasset firm. This follows the definition of a beneficial owner under the MLRs - referring to the number of shares/voting rights, or otherwise significant influence or control. The FCA takes a case-by-case approach and a decision to acquire or increase control may be inferred from a number of factors. The FCA have the power to object to any existing or proposed controller if they do not consider them suitable. Proceeding without approval means you are liable to a fine or up to two years’ imprisonment. However, someone who ceases to control or reduces the extent of their control is not required to notify the FCA.
Firms should be aware that there could be multiple controllers, each of whom must be disclosed. There are also ‘fit and proper’ requirements at all times under the MLRs, including for key individuals.
Under FCA regulations, proposed controllers of firms are required to submit a change in control notification (section 178 notice) to the FCA. There is a separate form for each relevant controller (ie corporate, partnership, individual or trust), all of which are available to download on the FCA website. Typically, these applications will be made by the buyer’s lawyers.
The form itself contains various information required by the FCA, which includes the target firm, the controller, makeup of the group (if relevant), the transaction, and the level of control being obtained. These forms can be submitted by the controller, or jointly by the controller and the target firm. Any supporting documentation/disclosure must accompany the form and it is imperative that the application is as detailed as possible in the first instance so as to avoid any delays in approval.
On the introduction of the August 2022 update, the FCA released a separate form specifically for cryptoasset firm transactions. The cryptoasset form is similar to the non-cryptoasset forms, save for the referencing of different legal authorities.
The FCA has an initial assessment period for any applications of up to 60 business days. This can be extended by up to 30 working days if further information or documentation is requested. In December 2022 the FCA provided an update that there were delays in allocating notifications to its officers and this was usually taking between two and four weeks.
The regulations have a number of implications for M&A transactions.
The primary issue is that the requirement to notify and obtain approval from the FCA can cause long delays to transaction timetables. Given a possible 90 days to process and up to 28 days to allocate application, the approval process could take four months and so parties should factor the notifications into their transaction timetables (and usually include FCA approval as a condition precedent for completion).
In addition, given the nature of cryptoasset businesses, their corporate structures can sometimes be relatively opaque in terms of ownership and control. In transactions it may be difficult to establish/identify true ownership of the target, which would may cause delays to completion.
Furthermore, issues could be identified within complex group structures where any changes to the beneficial ownership of a holding company would indirectly cause a change for a subsidiary. If the subsidiary is FCA-registered but its holding company is not, then it is possible that the notification requirements are missed, resulting in a breach of the regulations.
Finally, on transactions with non-simultaneous exchange and completion (and in which approval from the FCA is being sought in the interim period), you must ensure that control doesn’t change in between exchange and completion (ie the transfer of any voting rights or directorships), as this could unintentionally trigger a breach of the change of control regulations.
Currently, cryptoasset firms are only registered with the FCA for MLR purposes and therefore only need to comply with a narrow set of rules in order to be compliant. This makes regulation procedures for these types of firms relatively straight forward to manage.
However, the government is currently considering bringing cryptoassets fully under wider financial services regulation, and making them subject to FCA oversight through the Financial Services and Markets Bill. The bill has been passed in the House of Commons and is now going through the examination process in the House of Lords. If the bill passes, which appears very likely, then this would require significant changes for cryptoasset businesses in terms of how they operate to ensure compliance with FCA regulations.
In order to ensure compliance, affected firms should keep a close eye on the changing regulatory landscape in this sector and ensure appropriate procedures are put in place if required well in advance of regulatory changes taking effect.