FCA tells crypto firms to comply with financial promotions regime

But regulator is struggling to tackle unauthorised businesses targeting Brits

|

The Financial Conduct Authority (FCA) has warned all cryptoasset firms marketing to UK consumers, including firms based overseas, they will soon need to comply with the UK financial promotions regime.

It said: “Firms must start preparing now for this regime. We will take robust action against firms breaching these requirements.”

In January 2022, the UK government published a consultation response setting out its intention to legislate to bring the promotions of certain cryptoassets within the FCA’s remit. This regime will apply to all firms marketing cryptoassets to UK consumers regardless of whether the firm is based overseas or what technology is used to make the promotion.

Just over a year later, the UK government published a policy statement on its approach to cryptoasset financial promotions regulation. The policy statement sets out the government’s intention to introduce a bespoke exemption in the Financial Promotion Order for cryptoasset businesses registered with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs).

This exemption will enable cryptoasset businesses which are registered with the FCA under the MLRs, but who are not otherwise authorised persons, to communicate their own cryptoasset financial promotions to UK consumers. The policy statement also set out the government’s intention to reduce the implementation period for the regime to four months from six months.

Subject to parliamentary approval, when the regime comes into force there will be four routes to communicating cryptoasset promotions to UK consumers:

  • The promotion is communicated by an FCA authorised person;
  • The promotion is made by an unauthorised person but approved by an FCA authorised person. Legislation is currently making its way through parliament which, if made, would introduce a regulatory gateway that authorised firms will need to pass through in order to approve financial promotions for unauthorised persons;
  • The promotion is communicated by a cryptoasset business registered under the MLRs with the FCA; and/or
  • The promotion otherwise complies with the conditions of an exemption in the Financial Promotion Order.

For these purposes, a firm only authorised under the Electronic Money Regulations or the Payment Services Regulations is not considered an ‘authorised person’ and so cannot communicate or approve financial promotions. This is set in legislation and cannot be modified by FCA rules.

Promotions that are not made using one of these routes will be in breach of section 21 of the Financial Services and Markets Act 2000 (FSMA), which is a criminal offence punishable by up to two years’ imprisonment.

Final rules incoming

The UK regulator said: “We will publish our final rules for cryptoasset promotions once the relevant legislation has been made. Subject to any changes in circumstances, we expect to take a consistent approach to cryptoassets to that taken in our new rules, in place from 1 February 2023, for other high-risk investments.

“This would mean firms being required to use specific risk warnings and positive frictions, such as a 24-hour cooling off period, in their consumer journeys, in addition to the overarching requirement that their promotions are clear, fair and not misleading.

“Cryptoassets remain high risk. We have repeatedly warned that consumers should be prepared to lose all of their money if they buy cryptoassets. Recent events such as the high-profile failure of several cryptoasset firms further highlight the riskiness of these products. There is unlikely to be any compensation under the Financial Services Compensation Scheme (FSCS) for consumers who lose money.

“Cryptoasset businesses marketing to UK consumers, including firms based overseas, must get ready for this regime. Acting now will help ensure they can continue to legally promote to UK consumers. We encourage firms to take all necessary advice as part of their preparations.

“The government intends to grant the FCA supervision and enforcement powers over MLR registered cryptoasset businesses relying on the new bespoke exemption. We will take robust action where we see firms promoting cryptoassets to UK consumers in breach of the requirements of the financial promotions regime. This may include, but it is not limited to, take downs of websites that are in breach, issuing public warnings and enforcement action.”

Consumer Duty

In other regulatory news, the FCA is supporting firms to get ready for the implementation of the Consumer Duty with a programme of engagement.

This includes setting out in letters the expectations of the duty and arranging a series of regional in-person events for specific groups of small and medium-sized firms.

Sheldon Mills, executive director of consumers and competition at the FCA, said: “We want to thank firms for the hard work they’re putting into embedding the Duty. We were encouraged to see many examples of good practice in our review of implementation plans and found that many firms are embracing the shift that the Consumer Duty brings.

“Putting good outcomes for customers at the heart of firms’ strategies and business objectives will build trust and modernise how we regulate financial services.

“Leaders have a key role to play here. We have a world-leading financial services industry which serves its customers, colleagues and shareholders well through competition, innovation and leveraging talent. We want to see boards and senior management further embed the interests of customers into their firms’ culture and purpose.”

Unauthorised businesses

The UK watchdog may be looking to clamp down on the best practice of regulated firms, however, it faces an issue with unauthorised businesses that continue to target Brits.

Research by tech firm NordVPN revealed that the websites of one-in-six businesses added to the regulator’s blacklist of unauthorised firms last year remain online and accessible to UK consumers.

Any company carrying out a regulated financial activity in the UK must be authorised or registered by the FCA, but the Financial Services and Markets Act 2000 does not give the FCA special powers to prosecute fraud.

Of 1,717 firms added by 7 December 2022, the websites of 292 (17%) of them remained visible to UK consumers when visited by NordVPN’s researchers. The oldest 2022 listing still visible was added to the register on 6 January 2022.

Incredibly, some financial websites are still operating despite being added to the FCA’s unauthorised register as far back as 17 years ago.

The FCA does have ways of taking websites down with the help of Nominet. Unfortunately Nominet, the UK’s domain registration authority, can only take down sites with UK domains. NordVPN is today calling for greater international cooperation to make these kinds of takedowns a straightforward process no matter what domain is being used.

Marijus Briedis, chief technology officer at NordVPN, said: “Scammers routinely exploit this simple loophole because it’s so easy to use the web and social media to target consumers in any country from afar. It’s high time domain registries worldwide joined forces to defeat those committing fraud and financial crime online. The main vehicle for these offences is a cheap but effective website, but this can also be their downfall if countries work together.

“The longer a company providing regulated advice and products, or defrauding consumers, remains online, the more victims are tricked into parting with their money. Every one of these companies can see that they feature on the FCA register of unauthorised firms. The fact they are happy for this to remain the case should ring alarm bells. Always check the FCA register before depositing cash with any financial services provider.”

Address the problem

Mark Steward, outgoing FCA executive director of enforcement and market oversight, addressed this problem in a speech in 2021: “Unfortunately, most scam sites do not have UK domains which makes takedowns for non-UK domains more difficult.

“In the register of unauthorised firms, the health warning above each business states: “We believe this firm may be providing financial services or products in the UK without our authorisation. Find out why you should be wary of dealing with this unauthorised firm and how to protect yourself.

“Almost all firms and individuals offering, promoting or selling financial services or products in the UK have to be authorised or registered by us.

“This firm is not authorised by us and is targeting people in the UK. You will not have access to the Financial Ombudsman Service or be protected by the Financial Services Compensation Scheme (FSCS), so you are unlikely to get your money back if things go wrong.”

MORE ARTICLES ON