Cryptoasset Regulation: FCA Final Guidance Published

The FCA has now published its Final Guidance on Cryptoassets (PS19/22), setting out the FCA’s position on how cryptoassets fit within the current regulatory perimeter. The Guidance does not change the scope of regulation of cryptoassets by the FCA, but does provide useful and practical insight into how the regime applies in the cryptoasset sphere which should assist market participants in determining the extent of their regulatory obligations where different cryptoassets are concerned.


The Guidance has been finalised following a consultation on draft guidance issued at the start of the year. We discussed the draft guidance in a previous blog post. The Guidance now published is in broadly the same terms, with a few amendments following the responses to the consultation.


Categories of Crypto-Assets

The Guidance issued by the FCA represents a slight refinement the taxonomy of cryptoasset categories that we have become used to seeing, that of exchange tokens, utility tokens and security tokens. Feedback received by the FCA suggests that one of the difficulties with the draft guidance was in identifying where tokens on the borderline between regulation and non-regulation fell, which has been taken on board in this Guidance. It has led to a categorisation in the final Guidance of the following broad categories:


  1. Unregulated tokens – These are (unsurprisingly) outside the regulatory perimeter and include anything that does not fall within either of the categories of regulated token. Principally these will be:
  • Exchange tokens – Types of cryptoassets which are usually decentralised and used primarily as a means of exchange. These include assets frequently referred to as cryptocurrencies. Tokens in this category “are designed to provide limited or no rights for token holders, and there is usually not a single issuer to enforce rights against”.
  • Utility tokens – Cryptoassets which provide holders with access to (or future access to) products and/or services, except where they also fulfil the definition of e-money. The Guidance provides a number of examples of the types of token that will fall within and outside this category.


  1. Regulated tokens – namely:
  • E-money tokens – These tokens were previously included within the scope of utility tokens in the draft guidance, unless they satisfied the definition of security token, but have now been moved to their own category to clear any confusion as to where the line of regulation lies. This will be any token (even where its other characteristics might place it in a different category) where the definition of e-money under the E-money Regulations 2011 is met.
  • Security tokens – Security tokens provide rights and obligations akin to specified investments (except where they satisfy the e-money definition). Whilst a security token could conceivably take the form of many different kinds of specified investment, the most likely will be tokens akin to shares, debt instruments, warrants, certificates representing certain securities or units in collective investment schemes.

Which category a given token falls into remains a factual assessment, which needs to be undertaken on a case-by-case basis. The FCA’s response to the consultation noted two types of cryptoasset in particular, stablecoins and Airdrops, both of which are addressed specifically in the Guidance but will still need to be considered based on the particular asset in question. Tokens can also move between categories as they evolve so firms’ regulatory analysis will need to be kept under review.


Possible future developments?

The Guidance noted that the FCA did receive views through the consultation process that currently unregulated tokens should fall within the regulatory perimeter, at least in some capacity. Whilst the FCA noted that such discussions were outside the scope of the Guidance, responses will inform the UK Treasury’s work on cryptoassets and whether change to the scope of regulation is needed.

The responses to the draft guidance also appear to have highlighted the need for harmonising the framework across jurisdictions. Whilst this Guidance only addresses the FCA’s position, the FCA did note the importance of consistent frameworks as far as possible, to reduce the risk of regulatory arbitrage and the creation of problems for firms operating internationally.

Certainly, we should continue to expect further developments in the sphere of cryptoasset regulation and legal treatment. For example, the result of the LawTech Delivery Panel’s consultation on the legal status of cryptoassets, DLT and smart contracts, is awaited soon. Legislative developments may also follow. Whether, and if so how, cryptoassets fall inside the regulatory perimeter may therefore be subject to change. For now though, the FCA’s Guidance is a helpful tool for firms trying to assess whether their cryptoasset activities fall within the regulation.


Senior compliance officer and trader imprisoned for insider dealing following FCA investigation


At the end of last month a senior compliance officer at UBS AG (“UBS“) and her financial securities trader associate were each sentenced to three years imprisonment for five offences of insider dealing, following successful criminal proceedings brought by the Financial Conduct Authority (“FCA“). Confiscation proceeding are also being pursued against both defendants.

Continue Reading

Outsourcing Failures leave Raphaels Bank with £1.89m Fine

Raphael & Sons plc (the “Bank“) has been hit by separate fines from the Financial Conduct Authority and the Prudential Regulation Authority (together, the “Regulators“) of £775,100 and £1,112,152 respectively.

An IT issue with one of the Bank’s third party card processor’s left over 3,300 customers unable to use their prepaid cards on Christmas Eve in 2015.

This event crystallised the risks that the Bank had failed to manage, but the Bank’s failings went deeper than that. The Regulators found that the Bank, “failed to have adequate processes to enable it to understand and assess the business continuity and disaster recovery arrangements of its outsourced service providers” but the management failings and oversights came from “Board level down“.

There was an absence of processes, flaws in the Bank’s due diligence (both initial and ongoing) and an overall lack of consideration of the risks of outsourcing. The Bank’s systems and controls were inadequate and exposed its customers to a serious risk of harm.

These failings continued from April 2014 through to the end of 2016. The Regulators’ investigation found that there was a previous incident in 2014, which should have led to the Bank resolving the issues then. The Regulators have stated that the repeat failings of the Bank were an aggravating factor in this case, which led to an increased penalty.

Nevertheless, the Bank’s co-operation with the Regulators resulted in a 30% reduction of the fines imposed, which would have otherwise totalled over £2.7m.


This regulatory investigation highlights the level of internal governance and controls required for any outsourcing arrangements, and the serious risks involved if these are insufficient.

Regulators are becoming more and more concerned with the “operational resilience” of firms, particularly after some recent high profile failures (the chaos caused by TSB’s IT upgrade issues last year, to name just one). Both Regulators have identified this topic as one of their priorities this year, which they state should be “viewed as no less important than financial resilience“.

FCA found partially liable for loss caused by errors in Financial Services Register

The Financial Regulators Complaints Commissioner has recommended that the Financial Conduct Authority makes an ex gratia payment of £6,500 to an individual complainant. The recommended payment represents 50% of the total loss suffered by the Complainant as a result of errors in the Financial Services Register.

The Complaints Commissioner acknowledged that the FCA should not be deemed to generally warrant the accuracy of the Register. However, this was “not an ordinary case”, as the Register inaccuracies stemmed from “two serious errors” made by the FCA. The Complaints Commissioner also recommended that the FCA should undertake “a review of its processes to reduce the risks”. Continue Reading

Doubling down? FCA contemplates more criminal AML investigations

When FCA Director of Enforcement and Market Oversight Mark Steward spoke in London last month, his comments could hardly have been more timely. Hot on the heels of his remarks on dual-track (civil and criminal) AML investigations came a significant fine arising out of a firm’s AML systems and controls. It also came as the countdown to entry into force of the fifth AML directive continues; and his observations on escalation protocols highlight the continuing importance of the senior managers’ and certification regime (SMCR). Continue Reading