Global menu

Our global pages


FCA "Dear CEO" letter to banks on cryptocurrencies and financial crime

  • United Kingdom
  • Litigation and dispute management
  • Privacy, data protection and cybersecurity


The Financial Conduct Authority (“FCA”) recently published a "Dear CEO" letter addressing the financial crime risks posed by cryptocurrencies.

The FCA advises that, due to the anonymity of cryptocurrencies and their facilitation in the movement of money between countries, it may be necessary for banks to enhance their scrutiny of current, or prospective clients, who derive significant business activities or revenues from cryptocurrency-related activities.

Which cryptocurrency-related activities are targeted?

The FCA identified services such as:

  • crypto-asset exchanges which effect conversions between fiat currency and cryptocurrencies and/or between different cryptocurrencies;
  • trading activities where the source of wealth arises or is derived from cryptocurrencies; and,
  • instances where the firm wishes to arrange, advise on, or take part in an ‘initial coin offering’.

Reasonable and proportionate measures

CEOs are advised to take reasonable and appropriate measures to lessen the risk of their firms facilitating financial crimes. Such measures, amongst others, are identified as:

  • developing staff knowledge and expertise on cryptocurrencies to help them identify the clients or activities that pose a high risk of financial crime;
  • ensuring that existing financial crime frameworks adequately reflect the crypto-related activities that the firm is involved in, and that they are capable of keeping pace with fast-moving developments;
  • carrying out due diligence on key individuals in the client business including consideration of any adverse intelligence; and,
  • in relation to clients offering forms of crypto-exchange services, assessing the adequacy of those clients' own due diligence arrangements.

One size does not ‘fit all’

The FCA makes clear that a risk-based approach does not mean that banks should approach all clients operating in these activities in the same way. The FCA expects banks to recognise that the risks can vary from business to business and should, therefore, manage those risks accordingly.

Heightened risks

The letter concludes by addressing two factors that the FCA consider to be high risk.

  1. Where a firm identifies that a customer or client is using a state-sponsored crypto-asset or cryptocurrency which is designed to evade international financial sanctions.
  2. Where retail customers contributing large sums to ICOs may be at a heightened risk of falling victim to investment fraud. In relation to this, CEOs are instructed to consider the 2012 the Financial Services Authority review on how banks then handled the risk of investment frauds of this nature.

Why now?

2018 has seen an increased focus on cryptocurrencies by regulators and this is part of that thread.

The Financial Times reported that the FCA is probing the activities of 24 unauthorised businesses involved in cryptocurrencies and has opened seven whistleblowing reports relating to cryptocurrencies in 2018.

It has recently been made public that the US Department of Justice have begun criminal investigations into the potential price manipulation of several cryptocurrencies.

What next?

Cryptocurrencies are an area of significant focus for regulators at present, with the EU’s Fifth Money Laundering Directive proposing to bring cryptocurrency exchanges and custodian wallet providers into scope of anti-money laundering legislation. we expect further guidance and commentary from the FCA in due course.

For more information contact

< Go back

Print Friendly and PDF
Subscribe to e-briefings