The FCA has written a "Dear CEO" letter to banks about good practice for how banks handle the financial crime risks posed by cryptoassets. The letter covers banks offering services to clients which offer services related to cryptoassets and also banks dealing with clients using cryptoassets.
For the purposes of the letter, the FCA uses the term "cryptoassets" to refer to any publicly available electronic medium of exchange that features a distributed ledger and a decentralised system for exchanging value (such as Bitcoin or Ether, although the FCA did not mention cryptokitties).
In short, the FCA advises banks that offer banking services to clients with significant business activities or revenues from crypto-related activities that they may need to enhance their scrutiny of these businesses due to the risk of financial crime.
The FCA also sets out that banks should assess the risks posed by a customer that derives significant wealth from cryptoasset activity, in the same way as would be applied in relation to other sources of wealth (e.g., inheritance, gifts, valuable artwork). The existing requirements for checking the source of wealth and funds are risk-sensitive - that is, firms are given the flexibility to adapt their actions to the perceived risks. The FCA indicates that the risks may be higher here if the evidence trail behind transactions may be weaker.
Where a firm identifies that a customer or client is using a state-sponsored cryptoasset which is designed to evade international financial sanctions, the FCA would see this as a high-risk indicator.
The FCA also briefly mentions the risk to consumers in connection with ICOs: retail customers contributing large sums to ICOs may be at a heightened risk of falling victim to investment fraud. Again, the FCA draws parallels with its existing guidance by referring to the findings of a review carried out by its predecessor, the FSA, setting out good and poor practices in how banks handle investment fraud. The FCA explicitly states that the review's findings are also relevant to ICOs.
Perhaps most interestingly, the FCA does not say that banking services should not be provided to these clients at all. Rather, the FCA sets out the additional steps or actions that banks should consider taking (for example, developing expertise on cryptoassets to help staff identify the clients or activities which pose a high risk of financial crime and ensuring that existing financial crime frameworks adequately reflect the cryptorelated activities which the firm is involved in).
