Syedur Rahman, of award-winning business crime solicitors Rahman Ravelli, considers the FCA’s latest guidance on cryptocurrency – and offers a little advice himself.
With cryptocurrency attracting ever more attention, the Financial Conduct Authority (FCA) has decided it is time to outline its position.
In official guidance, which is headed “Dear CEO, Cryptoassets and Financial Crime’’, the FCA has issued a letter that offers guidance to financial institutions on how to handle the growing risks associated with what it calls cryptoassets. The FCA defines “cryptoassets” as “any publicly available electronic medium of exchange that features a distributed ledger and a decentralised system for exchanging value.” The letter’s tone is not designed to spread alarm – it actually emphasises that there are “many non-criminal motives” for using cryptoassets. But it does make the point that such assets can be used for criminality as they provide “potential anonymity and the ability to move money between countries.”
For this reason, the letter explains what good practice is when managing the financial crime risks associated with cryptocurrencies. Perhaps the main piece of advice that should be heeded is the importance of developing a risk-based approach to clients working with cryptoassets. This, the guidance states, is important because “the risk associated with different business relationships in a single broad category can vary”.
The FCA also emphasises the need for each company to:
* Ensure staff have the knowledge and expertise regarding cryptocurrency so that they can recognise the clients or the behaviour that represent a financial crime risk.
* Make sure they stay abreast of cryptocurrency developments.
* Fully understand the nature of clients’ business – and the cryptocurrency risks they pose;
* Carry out due diligence on key individuals in any business that is a client.
* Evaluate the quality of clients’ own due diligence arrangements.
* Examine carefully – when clients are involved in initial coin offerings – the investor base, the organisers and the functionality of the tokens.
The FCA makes it clear that where a firm recognises that a client is using a state-sponsored cryptoasset which is designed to evade international financial sanctions, it must treat this as a high-risk indicator. The letter also notes that retail customers who pay large amounts for ICO’s could well fall foul of investment fraud.
In brief, it is a letter that hardly offers encouragement to those looking to invest in cryptocurrencies; whether they be banks, companies or individuals. If anything, it is a stance that emphasises the need for financial institutions to stand on their own two feet – and seek legal expertise, if necessary, to introduce the FCA’s recommendations.
This basically means that they have to police themselves in order to prevent the risk. For that reason, if something is suspected, an internal investigation should be started immediately. There may be some who have suspicions but feel unable to investigate as they lack the necessary skills. This is understandable. But there are legal experts who will do this for companies.
Access to such expertise is important as any investigator needs to be able to identify possible wrongdoing and gather and follow evidence. Any rushed investigation or one that is not objective, is carried out by someone not up to the task or is carried out at the wrong time can not only fail to spot the crime that has been committed. It can also damage workplace relationships and even alert the person who committed the offence that they need to hide what has happened.
And an investigation cannot function in a vacuum. It must be prompted by something. Which is why companies need a whistle blowing procedure: one that encourages staff to report any suspicions in the knowledge that these will be properly investigated.
Such a procedure can be of huge value in encouraging staff to volunteer concerns about – or even evidence of – workplace crime. Without such a procedure, it could be argued that the FCA’s call to ensure staff have knowledge and expertise of cryptocurrency would be of little or no value.
Recent years have witnessed a roll call of financial institutions that have had huge fines imposed on them for a variety of reasons. Rather than having the crime perpetrated against them, they have been the perpetrators – because one or more of their staff have (either knowingly or unwittingly) not followed the law. Cryptocurrency will certainly pose similar risks; especially with regard to fraud or money laundering.
The FCA guidance may help identify problems. But financial institutions need to recognise the importance of a workplace crime prevention culture that is more comprehensive than the points being made by the FCA if they are to tackle any problems presented by cryptocurrency.
Syed Rahman – www.rahmanravelli.co.uk