What’s that coming over the hill? Is it regulation?
by Jason Tucker-Feltham, Head of Crypto Sales, IDnow
The world of crypto was shaken to its foundations in November when FTX, one of the world’s largest crypto exchanges, dramatically filed for bankruptcy. Its boss, Sam Bankman-Fried, went from being the self-proclaimed ‘King of Crypto’ to tweeting his sorrow at the fate that had befallen his company in just eight days.
Bankman-Fried has claimed he will do whatever he can to retrieve investors’ money and regain trust in what was already a shaky industry, but there is a chance that the whole saga may be a chance for this financial market sector to rebuild from the ground up.
Just six months earlier, the then-chancellor Rishi Sunak announced plans to make the UK a global hub for crypto asset technology and investment. It was a bold proclamation; the UK’s crypto money laundering registration can be painfully prohibitive, and, on the global stage, the country’s crypto exchanges will have to juggle their own domestic regulations and those of the European Union.
But after a tumultuous summer in Downing Street, Sunak is now in the highest position in UK politics and will be determined to see his vision through. To understand the boldness of his claim and vision, we first need to look back.
In the beginning…
Initially, anonymity was one of the key attractions of users to crypto. As with any activity carried out online, though, illicit uses wormed their way in – in the guise of money laundering and financing terrorist activity – which meant that regulation and know your customer (KYC) processes were soon needed.
Nowadays, users of platforms like Binance and Coinbase are expected to use their government-issued identity documents along with selfies and other personal data to prove they are who they say they are, and to continue using the service.
There are those, though, who do not want to use KYC processes. Such individuals often have the express intention of conducting illegal activity or avoiding sanctions and screening processes and do this by buying pre-existing crypto exchange accounts on the dark web at relatively low cost.
The need for regulation
These vetted accounts can be found on trading platforms, crypto exchanges or mainstream payment services. As they are often based on genuine user data, they even come with instructions on how to use a VPN to replicate the login patterns of the ‘real’ user in the US or the EU. Fraudsters even go so far as to adapt the geolocation and transactional ways of using the platform of the original account holder to not arouse suspicion.
According to Digital Shadows, such crypto exchange accounts are just a small subset of the 24 billion credentials that could be for sale on the dark web.
Such fraudulent activities may represent a major risk for crypto platforms and service providers alike. The US Office of Foreign Assets Control (OFAC), for example, have made it clear that they take violations of accounts seriously. They have fined exchanges that, unwittingly or not, have allowed people from sanctioned locations to use them. In what may be seen as a bargaining plea, Coinbase have also voluntarily disclosed any violations on their platform before OFAC can come down on them.
Benefits of KYC
Crypto exchange and platform operators understand there is a black-market trade on verified accounts, which they can mitigate with KYC. The processes just need to be robust when they are put to the test. It is not that crypto exchanges that value KYC and AML regulations lose many customers, either. The CEO of Binance estimates that just three per cent of the users of their platform turn their backs on it owing to their insistence on using KYC.
Platform providers should remember that the processes do not negatively affect the user experience; they are instead in place to provide seamless onboarding. For the providers themselves, the processes offer risk-based security via customer due diligence and, where it is needed, enhanced due diligence.
UK-specific regulations
With no specific laws in the UK surrounding crypto, the Bank of England and Financial Conduct Authority (FCA) have issued guidelines and warnings about Anti-Money Laundering (AML) regulations, as after Brexit the country is no longer covered by the EU’s 5th Directive (AMLD5) on the subject.
Crypto firms must instead register with the FCA and comply with money laundering, terrorism-financing, and transfer of funds regulations from 2017. Such registration will require appropriate KYC processes.
Currently, the FCA regulates security tokens and e-money tokens in the world of crypto assets, while utility tokens and exchange tokens remain unregulated. The lack of clarity around crypto legislation in the UK and the lack of protection on trading outside of the jurisdiction means that a lot of traders in the UK prefer to conduct their business overseas, which the FCA holds no authority over. The FCA has had to make it clear that UK clients trading overseas have no recourse should something go wrong in their transactions.
The FCA’s strict registration process has driven many crypto firms to base themselves outside of the UK. According to a spokesperson for the FCA, more than 80 per cent of crypto firms either abandoned their registration process or had it rejected, with the most common reason for this happening being an inability to meet AML standards. This goes some way to explain why as of November 2022, there were just 38 UK-based FCA-registered crypto firms.
Taking a cue from Europe
In the same year, the foundations were laid for two new pieces of crypto regulation in the EU, which may well change the entire game. An extension of the European Transfer of Funds Regulation (TFR) to include crypto assets, meaning that the sender and beneficiary of all applicable or centralised crypto transactions will now need to be identified, is expected to come into effect as part of a greater package of updates to AMLD5 by 2023.
Secondly, the Markets in Crypto Assets (MiCA) was mooted, which is regarded as the first major regulatory framework for crypto assets and has established rules for the issuance, admission to trading, and operation of crypto assets. Although enforced by the EU, British providers will need to obtain MiCA authorisation should they wish to trade with customers from the continent.
MiCA will include AML measures including customer due diligence and the reporting of suspicious activity, complementing AMLD5. It is expected to come into effect the year after TFR, by 2024.
It has been a journey
Since Bitcoin first appeared on the scene in 2009, the crypto journey has been a rollercoaster. As regulations have been introduced, redrawn and refined as the undulating landscape changes, the introduction of KYC processes has been a significant milestone, following which there is no going back.
There appear to be many opportunities for Rishi Sunak and others to achieve their vision, but there is still work to be done. A balancing act needs to be struck between the offer of a lighter touch, crypto-friendly environment, which attracts customers from the US and EU markets, and a regulatory regime that keeps the FCA onside.
Rules and regulations will bring positive change to the UK crypto industry as the landscape becomes clearer, investors are protected from losses, and a notoriously volatile market finds some stability.
In whatever way that the Bank of England, the government and the FCA proceed with UK crypto regulation, be it a carbon copy of MiCA or a lighter or more severe equivalent, the importance of UK crypto exchanges adapting to regulatory change cannot be overstated.