Are you looking for the Report on the Peer review on Authorisation under PSD2 released today by the European Banking Authority?  Click here or the image above to download it in PDF format.

If you are struggling with an application for an electronic money or payments institution authorisation in Europe, contact us here and/or complete the Authorisation/Licence Enquiry Form here.

If you are looking at becoming authorised in Ireland as an emoney institution or payments institution check out Fintech Ireland's and CompliReg's authorisation guides here.

Some good supervisory practices observed during the analysis that might be of benefit for other CAs to adopt.

• publishing guidance to clarify the requirements CAs expect applicants must meet;
  
• comparing applicants’ forecasts against data from existing similar PIs/EMIs to inform the CAs’ assessment of the plausibility of the financial forecasts;
  
• making use of existing EBA and EBA/ESMA guidelines under the Capital Requirements Directive to assess independence of the internal control functions and suitability of the directors and persons responsible for the management of PIs and EMIs. The report also recommends that, as part of any future review of the Guidelines, the EBA provides more guidance on how the proportionality principle should be applied in assessing the suitability of shareholders having a qualifying holding in an applicant’s capital.

The report expands on the recommendations included in the EBA’s response to the European Commission on the review of the PSD2 (EBA/Op/2022/06) and recommends that, as part of its ongoing PSD2 review process, the European Commission:

• clarifies the delineation between the different categories of payment services as well as emoney issuance;
  
• clarifies the applicable governance arrangements for PIs and EMIs;
  
• clarifies the criteria that CAs should use in assessing the suitability of directors and persons responsible for the management of PIs and EMIs;
  
• mandates the EBA to develop a common assessment methodology for granting authorisation as a PI or as an EMI; and
  
• clarifies the requirements that applicants must meet in order to ensure sufficient local substance, leveraging on the best practices mentioned this report.

The objectives of this report are to:

• further strengthen consistency and convergence of the assessment of applications for authorisations of PIs and EMIs across the EEA; and
  
• assess whether the EBA Guidelines have achieved their aim of bringing about consistency and clarity in respect of the information that applicants have to submit as part of an application for authorisation and of contributing to harmonisation in the authorisation process and to a level playing field across the EEA. 

This report is also a partial fulfilment of the mandate conferred by the PSD2 on the EBA to review the Guidelines “on a regular basis and in any event at least every 3 years” (Article 5(5) PSD2).

The peer review was performed by a Peer Review Committee of EBA and CA staff (see Annex 1 for the composition) and covered the CAs from all EU Member States and from two EEA States, as detailed in Annex 2. One EEA CA (IS) was not reviewed because it has only recently implemented the PSD2 and did not receive any application for the authorisation of PIs and EMIs in the period analysed (2019-2021). [CompliReg - not sure if IS is a typo, and should be 'SI' for Slovenia?]

The analysis has been conducted based on the CAs’ responses to a self-assessment questionnaire (SAQ), which covered a three-year period from 1 January 2019 to 31 December 2021. Where necessary, the PRC followed up with the CAs in writing seeking further clarifications and explanations. The PRC also conducted interviews with a subset of 10 CAs (BG, DK, ES, PL, PT, MT, NL, IT, LT and SE) to gain a better understanding of their supervisory practices.

Page 51, para 171 "5. Conclusions and recommendations" sates:

​"​With regard to the timeliness of the authorisation process, the review found that, while all CAs comply with the requirement in Article 12 PSD2 to take a decision on an application within 3 months from receiving a complete application, the average duration of the authorisation process varies significantly across MS, ranging from 4-6 months to +20 months. The main reason for this is the quality of applications and applicants’ timeliness in addressing the issues identified with the application. The PRC also identified a number of other reasons for these variations in duration across CAs, which include different timelines set out in national law and different procedural approaches adopted by CAs in the acceptance and assessment of applications."

[CompliReg - no doubt, and there is merit here, many firms will struggle with the EBA's finding that "all CAs comply with the requirement in Article 12 PSD2 to take a decision on an application within 3 months from receiving a complete application".]

The Peer reviews were carried out by ad hoc peer review committees composed of staff from the EBA and members of competent authorities, and chaired by the EBA staff.

This peer review was carried out by:

• Co-chairs: Jonathan Overett Somnier Head of Legal and Compliance Unit, EBA and Larisa Tugui Senior Policy Expert, Consumer, Payments and Conduct Unit, EBA
• Members: Adrienne Coleton Legal Expert, Legal and Compliance Unit, EBA; Antonio Barzachki Senior Policy Expert, Consumer, Payments and Conduct Unit, EBA; Gabriel Bosch Senior Expert Specialised institutions and procedures, Autorité de contrôle prudentiel et de resolution; Carolin Kopyto Senior Advisor, Directorate ZK (Supervision of Payment Institutions and Crypto Custody Business), BaFin; and Reinout Temmerman Payments Advisor, Surveillance of financial market infrastructures, payment services and cyber risks, National Bank of Belgium 

Further to my post on Linkedin, here is access to a better quality image of the group structure of FTX.  The image above should be of high quality.  Otherwise see page 30 in the DECLARATION OF JOHN J. RAY III in support of Chapter 11 Petitions and First Day Pleadings.

The Guardian leads with "New FTX boss, who worked on Enron bankruptcy, condemns ‘unprecedented failure’"

• In a stinging court filing posted on Thursday, John Ray III, the new boss of the bankrupt crypto exchange FTX, said the company had suffered an “unprecedented and complete failure of corporate controls”.
• Cryptocurrency FTX’s logo reflected in an image of former chief executive Samuel Bankman-Fried.
• Ray has overseen some of the biggest bankruptcies ever, including the collapse of the energy giant Enron, and has 40 years of experience in restructuring companies. He said he had never seen anything as bad as FTX.
• He wrote in a filing with the Delaware bankruptcy court: “Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here.

Posted by: Peter Oakes, Founder of CompliReg a leading specialist governance, regulatory and compliance strategy firm.  Peter established and led the Enforcement and AML/Supervision Directorate of the Central Bank of Ireland as its inaugural Assistant-Director General, then later Director of Enforcement and AML/CFT Supervision. ​

Following the Permanent Representatives’ Committee meeting of 5 October 2022 which endorsed the final compromise text with a view to agreement, the Chair of the Committee (Edita Hrd) has written a letter and Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto-assets, and amending Directive (EU) 2019/1937 (MiCA) to the Chair of the Committee on Economic and Monetary Affairs (Irene TINAGLI) saying:

"that, should the European Parliament adopt its position at first reading, in accordance with Article 294 paragraph 3 of the Treaty, in the form set out in the compromise package contained in the Annex to this letter (subject to revision by the legal linguists of both institutions), the Council would, in accordance with Article 294. paragraph 4 of the Treaty, approve the European Parliament's position and the act shall be adopted in the wording which corresponds to the European Parliament's position."

The full legal text of the landmark legislation known as the Markets in Crypto Assets Regulation (MiCA), alongside a further law to reveal the identity of those making crypto payments.
At a Wednesday meeting (5th October 2022), diplomats representing the bloc's member governments in the EU's Council signed off on the text of laws (see link above) which were the subject of political deals struck in June.

MiCA introduces the first-ever licensing regime for crypto wallets and exchanges to operate across the bloc and imposes reserve requirements on stablecoins that are intended to avoid Terra-style collapses. A separate law on funds transfers requires wallet providers to check their customer's identity, in a bid to cut money laundering.
​
See also CoinDesk Article here

​Fintech UK is looking to partner with registered / regulated (or soon to be) cryptoasset firms on building out a cryptoasset section on our website.  If you are senior executive at a UK registered cryptoasset firm, please contact us here to discuss the proposed project.  Also happy to hear from senior executives at businesses which support crypto firms to support the project. See our CRYPTO page for more information

If you are are crypto firm seeking regulatory advice or director services, please contact CompliReg for assistance at the details appearing here and check out its VASP registration and other authorisation services here.

Hope you like the Map (Version 5.0)!

Welcome to the version 5.0 of Fintech UK's and CompliReg's (a leading provider of fintech consulting services to crypto asset firms) UK FCA registered Cryptoasset Firms Map.

There are now 38 registered Cryptoasset firms appearing on the Financial Conduct Authority's (FCA) website as at Tuesday 16th August 2022.  Welcome to Revolut.    The FCA register records Revolut Ltd  registration effective 26th September 2022.  Did you know that Martin Gilbert is Chairman of Revolut Ltd.  He is the Chairman of AssetCo plc which is authorised by the FCA and former Chairman of Aberdeen Standard Investments.  Revolut has quite a lot of firepower on its board generally speaking.

Revolut has had quite a journey to be come a FCA registered cryptoasset firm.  As far as we can tell, while other smaller and less resourced crypto firms were getting through the FCA process, Revolut Ltd sat on the Temporary Permission list since at least from December 2021.  But all is well that ends well, right?

As we continue to Map registered Cryptoasset firms, expect to see certain logos appear more than once as several brands will be registering several Cryptoasset firms for different purposes, such as - for example - services for (1) trading and (2) custody. An example of this is in fact Zodia.  While Zodia Markets (UK) Limited was registered on 27 July 2022, its affiliate Zodia Custody Limited was registered effective 15 July 2021.

At the time we released Version 1, there were 218 (thereabouts) unregistered cryptoasset business listed on the UK FCA's website that appear, to the FCA, to be carrying on cryptoasset activity, that are not registered with the FCA for anti-money laundering purposes.  As of today (26 September 2022), that number is steady at 246.  

The firms thus far registered by the FCA include:

2020: Archax Ltd, Gemini Europe Ltd, Gemini Europe Services Ltd, Ziglu Limited, Digivault Limited, 

2021: Fibermode Limited, Zodia Custody Limited, Ramp Swaps Limited, Solidi Ltd, Coinpass Limited, CoinJar UK Limited, Trustology Limited, Commercial Rapid Payment Technologies Limited, Iconomi Ltd, Skrill Limited, Paysafe Financial Services Limited, Crypto Facilities Ltd, Fidelity Digital Assets LTD, Payward Limited, Galaxy Digital UK Limited, BABB Platform Ltd, BCP Technologies Limited, Zumo Financial Services Limited, Baanx.com Ltd, Bottlepay Ltd, Genesis Custody Limited, Altalix Ltd, 

2022: X Capital Group Limited, Enigma Securities Ltd, Light Technology Limited, eToro (UK) Ltd, Uphold Europe Limited, Wintermute Trading LTD, Rubicon Digital UK Limited, DRW Global Markets Ltd,  Zodia Markets (UK) Limited, Foris DAX UK Ltd (aka Crypto.com) and Revolut Ltd.

And of course the Revolut group is still pursing its much talked about bank authorisation in the UK.  ​

We are looking forward to seeing how many more will be registered before the end of the year.

See Peter Oakes Linkedin blog - https://www.linkedin.com/posts/peteroakes_cryptoasset-fca-cryptoasset-activity-6980821130584412160-_63O?utm_source=share&utm_medium=member_desktop

See Fintech UK blog - https://fintechuk.com/fintech-news/revolut-finally-joins-the-uk-registered-cryptoasset-map-version-50-monday-26th-september-2022​


Further Reading:

Version 1 of the Map and the Blog of 20 December 2021 - located here

Version 2 of the Map and the Blog of 18 July 2022 - located here 

Version 3 of the Map and the Blog of 28 July 2022 - located here

Version 4 of the Map and the Blog of 20 September 2022 - located here

List of ​Unregistered Cryptoasset Businesses as at 20 September 2022 - located here

Danske Bank A/S fined €1,820,000 and reprimanded by the Central Bank of Ireland for transaction monitoring failures in respect of anti-money laundering and terrorist financing systems.

The fine would have been €2,600,000, but reduced by 30% to €1,820,000.

So what you might think? Another bank, another AML/CTF sanction. But in this case it isn't an Irish incorporated bank but for the first time a penalty has been imposed on a financial institution which is incorporated and supervised outside of Ireland (i.e. in Denmark). It operated in Ireland on a passported branch  basis. The same outcome could happen to any other firm which operate on a passport's branch basis. 

The action will make the directors, both executive and non-executive at the relevant time of a prescribed contravention, of foreign incorporated financial services firms which operate in Ireland on a branch passported basis sit up and pay attention. Such a regulatory action will need to be disclosed by them to regulators elsewhere. A regulatory enforcement action on a company where the directors may not be resident could damage their standing in, and income derived from, an overseas jurisdiction.

In a little bit chest-beating, the Central Bank also announced that this 150th enforcement outcome takes the total fines it has imposed to just under €300 million.  Which although is less than the total of the Ireland’s Data Protection Commissioner for a fraction of the number of its enforcement outcomes – not that it is a competition nor would anyone want it to be!

In probably a fairly well known rumour circulating this past while, on 13 September 2022, the Central Bank of Ireland (the Central Bank) reprimanded and fined Danske Bank A/S, trading in Ireland as Danske Bank, €1,820,000 pursuant to its Administrative Sanctions Procedure for three breaches of the Criminal Justice (Money Laundering & Terrorist Financing) Act 2010, as amended (the CJA) for three failures by Danske to ensure that its automated transaction monitoring system monitored the transactions of certain categories of customers of its Irish branch, for a period of almost nine years, between 2010 and 2019.  [This included a range of customers, including those categorised by Danske as banks, insurance, stockbrokers and specialised lending customers.]

The three breaches, all admitted by Danske,  comprised of failures by under the CJA relating to:

1. Transaction Monitoring: Danske failed to ensure that its automated transaction monitoring system monitored the transactions of certain categories of customer for money laundering and terrorist financing risk at its Irish branch for a period of almost nine years.
   
2. Enhanced Customer Due Diligence: In failing to conduct automated transaction monitoring in respect of certain categories of customers, Danske’s Irish branch did not take into consideration an important part of due diligence i.e. transaction monitoring data, which is necessary to identify and assess money laundering/terrorist financing risks specific to those customers and identify where any consequential additional measures might be required.
   
3. Anti-money laundering / Countering the Financing of Terrorism policies, procedures and controls: The policies, procedures and controls put in place by Danske did not operate to identify the erroneous exclusion of certain categories of customers from automated transaction monitoring.

What led to the failures?

• Root cause of failure was historic data filters that were applied within Danske’s automated transaction monitoring system, first implemented in 2005 and rolled out to the Irish branch in 2006. 
  
• Danske failed to consider the appropriateness of these historic data filters within the system or make any adjustments to the system to take account of the specific requirements of the CJA when it came into force in Ireland in 2010. 
  
• This led to the erroneous exclusion of certain categories of customers from transaction monitoring, including some customers rated by Danske as high and medium risk, which caused the three breaches of the CJA in this case.
  
• In May 2015, Danske became aware, as a result of an internal audit report, of the inadequacies in its transaction monitoring system and the nature of the risks they posed, yet it failed to notify the Irish branch of these issues and to take adequate action for almost four years. 
  
• Estimated that between 31 August 2015 and 31 March 2019, 348,321 transactions, equating to approximately one in forty or 2.43% of all transactions processed through the Irish branch were not monitored for money laundering and terrorist financing risk.

Below is a copy and paste from the remainder of the Central Bank of Ireland statement

The Central Bank’s Director of Enforcement and Anti-Money Laundering, Seana Cunningham, said: “The importance of transaction monitoring in the global fight against money laundering and terrorist financing cannot be overstated. It is imperative that firms implement robust transaction monitoring controls which are appropriate to the money laundering risks present and the size, activities, and complexity of their business. These controls must be applied to all customers, irrespective of their risk rating, as they enable firms to detect unusual transactions or patterns of transactions and where required apply enhanced customer due diligence to determine whether the transactions are suspicious.

The Central Bank recognises that while firms may rely on automated solutions for transaction monitoring, they must ensure that systems employed for this purpose are appropriately monitored, and calibrated correctly to take account of the actual money laundering or terrorist financing risk to which the firm is exposed. In this case, the transaction monitoring system used by the Irish branch was a Danske group wide automated system that had applied historic data filters which operated to erroneously exclude certain categories of customers from being monitored for a period of almost nine years. This led to the serious breaches in this case.

This case highlights the requirement for firms, including those operating in Ireland on a branch basis, to ensure that group systems, controls, policies and procedures are compatible with Irish legal requirements and to ensure that their governance framework and risk management measures operate effectively. These should be risk-based and proportionate, informed by firms’ business risk assessment of their money laundering and terrorist financing risk exposure.

Danske became aware that its automated transaction monitoring system erroneously excluded certain categories of customers in May 2015 but failed to rectify it or notify the Irish branch or the Central Bank of this issue. It was only in October 2018 when the Irish branch identified the issue that steps were taken to rectify it, which were completed in March 2019. However, the Central Bank was not informed of the issue until February 2019. The failures to rectify the issue and to notify the Central Bank promptly are aggravating factors in this case. The Central Bank expects firms to bring failures to its attention at the earliest opportunity and to act expediently to address identified errors. The Central Bank will hold firms, including those operating in Ireland on a passporting basis, fully accountable where they fail to take such actions.

Anti-money laundering and countering the financing of terrorism compliance is, and will remain, a key priority for the Central Bank. This case demonstrates our willingness to pursue enforcement actions and impose sanctions where firms fail in their anti-money laundering/countering the financing of terrorism compliance.”

Background
Danske is a credit institution incorporated in Denmark and authorised there by the Danish Financial Supervisory Authority (the Danish FSA). It is the largest bank in Denmark serving personal, business, corporate and institutional clients and operates in a number of other countries via a branch network.
Danske’s Irish branch operates on a ‘freedom of establishment’ basis i.e. because Danske is established and authorised in Denmark, it is entitled to ‘passport’ in to Ireland and establish a branch here. The Irish branch is not a separate legal entity to Danske, and it is for this reason that Danske is the named party in the enforcement action. Supervision of the Irish branch sits predominantly with the Danish FSA (as home regulator) but the Central Bank (as host country) regulates it for conduct of business rules and is responsible for supervision of compliance by Danske’s branch operations in Ireland with AML/CFT obligations under the CJA.

Danske’s Irish branch predominantly provides banking services to large corporate and institutional customers including the public sector in Ireland. Consequently, transaction volumes through the Irish branch, including cross-border funds transfers, are substantial. The Irish branch utilises a group wide automated transaction monitoring system that is implemented and managed by Danske from Denmark.

The Legislative Framework
The CJA requires a credit and financial institution to monitor any business relationship that it has with a customer to the extent reasonably warranted by the risk of money laundering/terrorist financing (ML/TF). ‘Transaction Monitoring’ forms part of a broader system of interconnected elements that comprise a firm’s defence against ML/TF and is an important method which assists firms in identifying high risk situations which may require enhanced due diligence on a customer.
Firms are also required to adopt and maintain a system of policies, procedures and controls in relation to AML/CFT, and to monitor compliance with those policies, procedures and controls. Such policies, procedures and controls include, inter alia, those dealing with the monitoring of transactions for the identification and scrutiny of any complex, large or unusual patterns of transactions.

The Investigation
The Central Bank’s investigation confirmed serious inadequacies within Danske’s automated transaction monitoring system. Historic filters were applied to Danske’s automated transaction monitoring system which erroneously excluded certain categories of customers from transaction monitoring. This led to Danske being in breach of certain obligations under the CJA which gave rise to the three breaches in this case (see below under Prescribed Contraventions for further detail).
The investigation found that the exclusion of certain categories of customers from transaction monitoring was first identified in a May 2015 internal audit report. The May 2015 internal audit report also identified inadequacies with Danske’s transaction monitoring policies for certain categories of customers. However, these internal audit findings were not communicated by Danske to either its Irish branch or the Central Bank. Steps were only taken to monitor the transactions of these customers in October 2018 when the Irish branch became aware of the issue, which were completed by the end of March 2019. The Central Bank was not informed of this issue until February 2019.

To illustrate the scale of the failure to monitor, it is estimated that, during the period from 2015 to 2019 when Danske was aware of the issue, 348,321 transactions, equating to approximately one in every forty or 2.43% of all transactions processed through the Irish branch were not monitored.

Danske has confirmed to the Central Bank that by the end of March 2019 it had fully deactivated the erroneous historic filters which gave rise to the breaches in this case. Danske has also confirmed that by April 2020, it completed a third party review exercise for the period 2016 to 2019. Danske has advised that the outcome of the review showed that the risk of suspicious transactions amongst those examined was very low.

Prescribed Contraventions
The Central Bank's investigation identified three breaches of the CJA, as set out below.

Breach by failure to conduct transaction monitoring
Between 15 July 2010 and 31 March 2019 Danske breached sections 30B(1)(a), 35(3) and 36A(1) (as applicable) of the CJA by failing to monitor the transactions of certain categories of customers for money laundering and terrorist financing risk. The failure meant that the Irish branch was not in a position to:

• Scrutinise these customers’ transactions to the extent reasonably warranted by the risk of ML/TF;
• Determine whether any of the unmonitored transactions were complex, unusually large, of an unusual pattern or whether they had an apparent economic or lawful purpose; or
• Identify and assess the risk of ML/TF having regard to the relevant business risk assessment for the purposes of determining the extent of measures to be taken under section 35(3) of the CJA in relation to these customers.

Breach in relation to enhanced customer due diligence measures
Between 14 June 2013 and 31 March 2019 Danske breached section 39 of the CJA on the basis that by failing to conduct transaction monitoring on certain categories of customers, it did not take into consideration an important part of due diligence i.e. transaction monitoring data, which is necessary to identify and assess ML/TF risks specific to those customers and identify whether additional measures were required on these certain categories of customers.

Breach in adopting ML/TF policies and procedures
Between 15 July 2010 and 31 March 2019, Danske breached sections 54(1), 54(2) and 54(4) of the CJA on the basis that the policies, procedures and controls that were in place did not operate to identify the erroneous exclusion of certain categories of customers from transaction monitoring as set out above. The May 2015 internal audit report identified inadequacies with Danske’s transaction monitoring policies for certain categories of customers and Danske took some steps in 2015 to address this by introducing a new AML/CFT policy. Nonetheless, certain categories of customers continued to be excluded from transaction monitoring in the Irish branch.

Penalty Decision Factors
In deciding the appropriate penalty to impose, the Central Bank had regard to the Outline of the Administrative Sanctions Procedure, dated 2018 and the ASP Sanctions Guidance, dated November 2019. It considered the need to impose a level of penalty proportionate to the nature, seriousness and impact of the contraventions.

The following particular factors are highlighted in this case:

The Nature, Seriousness and Impact of the Contraventions
Two of the breaches were ongoing for almost nine years, and the other was ongoing for almost six years. The breaches represent serious weaknesses in Danske’s internal AML/CFT controls. Monitoring transactions, ensuring that an important part of due diligence is taken into consideration to identify where additional measures are required, and having effective policies, procedure and controls are critical parts of a firm’s internal AML/CFT framework. Danske’s failures in this regard in respect of certain categories of customers that transacted through its Irish branch reveal serious weaknesses in these controls.

From its May 2015 internal audit report, Danske became aware of the inadequacies in its transaction monitoring system, the nature of the ML/TF risks that they posed and that it was at risk of non-compliance with legal requirements. Despite this, Danske failed to take adequate action for almost four years or to inform the Irish branch of these internal audit findings. The breaches of the CJA after this point were reckless.

The Central Bank considers that the breaches in this case represent a serious departure from the required standard.

Two Aggravating Factors
Failure to Report and Failure to Remediate promptly
Danske was on notice of the inadequacies in its transaction monitoring system which erroneously excluded certain categories of customer from the time that they were uncovered in the May 2015 internal audit report but it did not report the matter to the Central Bank until February 2019, almost four years later. Furthermore, Danske continued to exclude certain categories of customers from transaction monitoring until March 2019.

The Central Bank views both of these failures as particularly aggravating given the context of increased supervisory engagement it initiated in July 2018 with Danske following media reports of AML/CFT concerns in other jurisdictions in relation to Danske.

Both of these failings are serious aggravating factors in this case.

Other Considerations
The following were also taken into consideration when determining the appropriate sanction:

• The Irish branch’s financial position and the need to impose a proportionate level of penalty. The Central Bank notes Danske’s cooperation in this investigation and this enforcement action against Danske is now concluded.
• The need to have an appropriate deterrent impact on Danske and the regulated financial services sector in general.

CompliReg, your first choice for regualtory authorisations, licences and registrations is proud to support Fintech UK and its endeavours to Map the FCA registered cryptoasset market in the UK.

Fintech UK is looking to partner with registered / regulated (or soon to be) cryptoasset firms on building out a cryptoasset section on our website.  If you are senior executive at a UK registered cryptoasset firm, please contact us here to discuss the proposed project.  Also happy to hear from senior executives at businesses which support crypto firms to support the project. See our CRYPTO page for more information

If you are are crypto firm seeking regulatory advice or director services, please contact CompliReg for assistance at the details appearing here and check out its VASP registration and other authorisation services here.

Hope you like the Map (Version 2.0)!

Don't forget to sign up to our Newsletter (we don't spam) by clicking here.  We use MailChimp, which means you can unsubscribe whenever you like.
Welcome to the second edition (version 2.0) of Fintech UK's and CompliReg's (a leading provider of fintech consulting services to crypto asset firms) UK FCA registered Cryptoasset Firms Map.

There are now 35 registered Cryptoasset firms appearing on the Financial Conduct Authority's (FCA) website as at Monday 18th July 2022.

The first 5 of these firms were registered in 2020. According to the FCA's records, the first registered Cryptoasset firm was Archax on 18 August 2020.  Then in 2021, the FCA registered 22 crypto firms.  Thus far in 2022, the FCA has registered 8 crypto firms.  The most recent to be registered is DRW (7 June 2021).

As we pointed out when we released Version 1.0 of the Map, 2021 saw a flurry of activity and especially in the last quarter of 2021 when 16 firms received their Cryptoasset registration from the FCA - that was a  whopping 60% of the total pool of registered firms at that time. At the current rate, the number of firms registered in 2022 may be less than that in 2021, unless the FCA registers a large pile of crypto firms in the second half of 2022.

As we continue to Map registered Cryptoasset firms, expect to see certain logos appear more than once as several brands will be registering several Cryptoasset firms for different purposes, such as - for example - services for (1) trading and (2) custody. 

At the time we released Version 1, there were 218 (thereabouts) unregistered cryptoasset business listed on the UK FCA's website that appear, to the FCA, to be carrying on cryptoasset activity, that are not registered with the FCA for anti-money laundering purposes.  As of today, that number has increased to 248.

The firms thus far registered by the FCA include:

2020: Archax Ltd, Gemini Europe Ltd, Gemini Europe Services Ltd, Ziglu Limited, Digivault Limited, 

2021: Fibermode Limited, Zodia Custody Limited, Ramp Swaps Limited, Solidi Ltd, Coinpass Limited, CoinJar UK Limited, Trustology Limited, Commercial Rapid Payment Technologies Limited, Iconomi Ltd, Skrill Limited, Paysafe Financial Services Limited, Crypto Facilities Ltd, Fidelity Digital Assets LTD, Payward Limited, Galaxy Digital UK Limited, BABB Platform Ltd, BCP Technologies Limited, Zumo Financial Services Limited, Baanx.com Ltd, Bottlepay Ltd, Genesis Custody Limited, Altalix Ltd, 

2022: X Capital Group Limited, Enigma Securities Ltd, Light Technology Limited, eToro (UK) Ltd, Uphold Europe Limited, Wintermute Trading LTD, Rubicon Digital UK Limited and  DRW Global Markets Ltd

When we released Version 1 we noted that there were 37 firms Cryptoasset firms with Temporary Registration.  You will see 39 on the previous list, but two of those firms were in fact registered - thus there seemed to be a timing issue of the records at the FCA. Regardless, some of the 37 achieved FCA registration in 2022 and others have dropped of the current list.  Revolut Ltd, as of today, is the only firm listed on the Temporary Registration list and it was listed on December 2021 list too.  Interestingly, in addition to a cryptoasset registration, the Revolut group hasn't achieved the obtaining of its much talked about bank authorisation in the UK either.  ​

We are looking forward to seeing how many more will be registered before the end of the year.
This post also appears at:

• Fintech UK: https://fintechuk.com/fintech-uk-news/uk-registered-cryptoasset-map-version-20-monday-18th-july-2021 
• LinkedIN: https://www.linkedin.com/posts/peteroakes_fintechuk-crypto-digitalasset-activity-6954800838179491840-lCjM?utm_source=linkedin_share&utm_medium=member_desktop_web