Expert Insights

Expert Insights

Tackling the risks of the FinTech boom - AML considerations

While FinTech services like cryptoassets can create significant opportunities, they also pose considerable regulatory challenges. Cryptoassets are digital assets recorded on a distributed ledger such as cryptocurrencies (e.g. bitcoin) and tokens issued through the Initial Coin Offering (ICO) process.

The National Risk Assessment of Money Laundering and Terrorist Financing noted the role that cryptoassets can play in laundering the proceeds of cyber-dependent crime (ie. crime conducted through computer technology). The Cryptoassets Taskforce (made up of HM Treasury, the FCA and the Bank of England) also recently published its final report which sets out how it plans to implement anti-money laundering (AML) rules for cryptoassets. As a result, bankers and FinTech companies need to work together to develop strategies to manage financial crime risks such as money laundering and terrorist financing so they can focus instead on the value, revenue, and growth opportunities in today’s market.


From a regulatory perspective, there are many risks such as untested business models, potential for abuse and fraud, and the anonymity afforded by cryptoasset ATMs and peer to peer exchange facilities. Evolving technology in the FinTech sector means that trafficking of illicit goods, hacking and identity theft (by way of virtual wallets), sanctions evasion and market manipulation may be difficult to detect for law enforcement. 

UK government response

To address these risks, the UK government is developing a robust regulatory response which will implement the requirements of the Fifth Anti-Money Laundering Directive (5MLD) and broaden its requirements. The government will legislate during 2019 after a consultation period on the following:  

  • bringing cryptoasset exchanges (which effect conversions between fiat currency and cryptoassets) and custodian wallet providers within the scope of AML/counter terrorist financing regulation, as required by 5MLD
  • exchange services between different cryptoassets, to prevent anonymous layering of funds to mask their source
  • cryptoasset ATMs, which could be used anonymously to purchase cryptoassets
  • non-custodian wallet providers which may facilitate the anonymous storage and transfer of cryptoassets, and
  • whether to require overseas firms to comply with these regulations when providing services to UK consumers.

The UK is also engaging in international discussions to ensure a global response to these risks and the Financial Action Task Force has agreed to update its standards to apply to cryptoassets.

Regulated firms who interact with cryptoassets

The FCA issued a letter to CEOs of all banks in June 2018, setting out appropriate practice for the handling of the financial crime risks associated with cryptoassets.   It highlights the steps that banks should consider when clients derive significant business activities from crypto-related activities such as:

  • training staff to identify clients/activities which pose a high risk of financial crime
  • ensuring existing financial crime frameworks reflect the crypto-related activities which the firm is involved in
  • engaging with clients to understand the nature of their businesses and risks they pose
  • carrying out due diligence on key individuals in the client business
  • assessing the adequacy of those clients’ own due diligence arrangements, and
  • for clients involved in ICOs, considering the issuance’s investor base, organisers and the jurisdiction.

How can FinTech firms prepare for this?

Fintech firms can begin to prepare for the incoming AML rules by developing their own AML strategies including:

AML Risk Assessment

Undertaking an AML risk assessment of the FinTech business setting out its business operations, transaction types and customer activities. This should also identify the firm’s AML risks and the control environment it has deployed to mitigate these specific risks.

AML Policy

Regardless of whether the FinTech company is regulated or not, it is useful to draw up a detailed AML policy to implement a system of AML controls and processes. This may give banks comfort and help satisfy the banks’ due diligence requirements and the considerations set out in the “Dear CEO” letter from the FCA to banks as discussed above.

This article was written by Alicia Griffin. For more information please contact Alicia on +44 (0)20 7438 2234 or at

Our thinking

Share this Page