Fintech 2024

Last Updated March 21, 2024

UK

Law and Practice

Authors



gunnercooke llp is the fastest growing corporate law firm in the UK and has offices in the US, Germany, CEE, Scotland and England. With more than 500 professionals, gunnercooke has a specific specialism in fintech, and has developed its offerings specifically with a view to assisting firms in this sector. This has included being the first major UK law firm to officially accept payment in crypto-assets, to facilitate clients in that sector, as well as a strong cultural emphasis on providing predictable fixed fee charging models, bringing certainty to firms needing to properly budget costs. The firm’s offering extends beyond pure legal, for example by having an internal dedicated AI team, able to develop AI solutions that clients can implement, as well as an operating partners team able to help fintech clients strategise their business models to seize new opportunities and maximise their value.

The fintech market has developed at pace in the United Kingdom, which is seeking to become a hub for fintech companies. Different segments of the fintech market are, however, subject to different regulation, and depending on the state of evolution different firms are finding it harder or easier to operate. A good example of this currently is the fact that the financial promotion of certain crypto-assets has required sign-off by competent Financial Conduct Authority (FCA) authorised firms, leading to a cooling effect on the development of that sector, whereas currently AI is generally unregulated, and this is leading to an influx of start-ups entering into that sector. What will be interesting, moving forwards, will be the effect as the regulation of crypto-asset firms becomes more settled, whereas the AI sector is likely to become increasingly subject to regulatory scrutiny, increasing the cost of operating in that sector.

The size of the United Kingdom as a financial services regulatory hub has meant that the full range of fintech firms are operating in the United Kingdom. The three largest areas of focus currently being seen are:

  • blockchain and Web3;
  • AI; and
  • payment services.

In the UK there is one core regulatory regime, set out in the Financial Services and Markets Act 2000, as well specific regimes for specific types of activity. The Financial Services and Markets Act 2000 (FSMA), by reference to the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO), generally sets out which activities are regulated in the United Kingdom, as well as the powers of the Financial Conduct Authority and the Prudential Regulation Authority (the two lead regulators for financial services in the UK) in respect of their oversight of firms conducting such activities.

The main exception to this currently is the fact that certain activities in relation to crypto-assets (specifically acting as a crypto-asset exchange provider or custodian wallet provider) are specified in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). This has caused confusion, for example, as to the scope of the meaning of “making arrangements with a view to” a crypto-asset transaction. It has also caused friction in terms of the fact that the Financial Conduct Authority generally has oversight over the conduct of business by firms within its remit, whereas the MLRs are focused solely on reducing the risk of money laundering and terrorist financing, meaning a lack of clarity regarding the expectations in relation to the Financial Conduct Authority’s oversight. It is therefore helpful that in the next few years the MLRs regime for crypto-assets is likely to be superseded by a more traditional approach to requiring authorisation under FSMA.

For other business, generally, the Financial Conduct Authority’s expectations are as set out in the FCA’s Handbook of Rules and Guidance. That being said, there are still some specific regimes, the most notable of which are the Payment Services Regulations 2017 and the Electronic Money Regulations 2011, which generally set out the rules for firms in the payment services industry.

This is highly specific to the nature of the activity. However, in broad terms, there is a focus on avoiding any compensation that is likely to cause a conflict with the interests of the consumer. This is a shift from previous thinking, which was more along the lines of disclosure obligations.

Firms providing services in relation to securities are generally subject to the most onerous obligations, and, for example, financial advisers are not permitted to receive payments that may impact their advice. A recent focus has also been on inducements to invest, and it is notable that the Financial Conduct Authority has recently prohibited these when selling in-scope crypto-assets (ie, fungible and transferable unregulated crypto-assets) to the general UK retail public.

Generally, no distinction is drawn between these groups of participants, with a view to keeping a level playing field. However, there is a recognition that new technologies may achieve the same (or better) outcomes for consumers through approaches not originally anticipated by the existing rules. Where this is the case, the general approach has been “same risk same regulatory outcome”. In addition, the UK has pioneered the use of sandboxes, which enable interaction between the regulator and fintechs to assess how best to oversee new technologies.

The UK has a range of sandboxes, run by different regulators. These include the original sandbox, operated by the Financial Conduct Authority, which allows firms with a genuine innovation with a UK nexus to conduct a test under the oversight of the Financial Conduct Authority.

The Prudential Regulation Authority and Bank of England also run sandboxes, and again these are generally chances for firms to be able to interact with these regulators to test new concepts which may be of relevance to them.

The use of a sandbox should be seen as a chance to explore a concept with a regulator – it is not a means to avoid regulation. Once a sandbox is successful, firms are still expected to obtain all of the relevant authorisation and registrations that may be considered pertinent to the running of their business.

For financial services firms, the primary regulator is the Financial Conduct Authority, which is responsible for both the conduct of business and the prudential running of these businesses. However, certain businesses (in particular banks, building societies, credit unions, insurers and major investment firms) are also regulated by the Prudential Regulation Authority (PRA), alongside the Financial Conduct Authority. The general theme of these business is that they may post a systemic risk to the UK financial services sector, and so the PRA has a particular focus on matters such as the solvency of such institutions and mitigating the impact of any wind-down.

Another regulator that UK businesses generally have to deal with is the Information Commissioner’s Office, which is responsible for ensuring that businesses comply with their obligations with respect to protecting personal data.

Firms may also have to comply with the requirements of the Advertising Standards Authority (ASA) if marketing in the United Kingdom. However, if they are regulated by the FCA/PRA that tends to be more onerous than, and supersede, the requirements of the ASA.

Regulated firms are not able to outsource responsibility for their regulated activities. There are specific requirements for such firms to have a business continuity policy and planning in place. Further, institutions such as banks, which pose a market integrity risk, must ensure that they have provisions to keep key operations functioning in the event of, eg, a solvency risk.

Generally, for any product there will be a person considered to be “doing” the relevant activity. Therefore, this person will have to take responsibility for the activity, regardless of whether a fintech provider is leveraged in order to provide the product. As such, they will subject the fintech provider to appropriate due diligence.

Furthermore, for certain activities (eg, in relation to payments and certain activities in connection with securities), it may be possible for a fintech to leverage the licence of an existing FCA authorised firm. Where this is the case, the FCA authorised firm will be responsible for, and have oversight of, the fintech provider.

The FCA has taken a variety of enforcements actions in relation to firms that have breached its expectations. A particular focus of the FCA has been in respect of firms that have been selling crypto-assets into the UK without the appropriate licence/approval, and in this respect over 40 firms have been listed as in breach of the FCA’s requirements.

Another core focus by the FCA has been as regards firms that provide regulatory umbrellas for funds and firms conducting activities in relation to securities. The FCA has conducted a sector-wide investigation into such firms for not complying with their oversight obligations to the full extent, and this has resulted in a variety of firms having to impose limits on the number of firms they can support.

Generally, the biggest area of focus is as regards the protection of personal data. In this respect, a complication in respect of personal data has been how this should be regulated post-Brexit, as there is a belief that the existing requirements are relatively onerous in a way which may not be achieving the intended outcome. However, this needs to be balanced against the requirement to continue equivalence with the EU.

Banks have been seen taking an increasingly interventionist approach towards regulating firms, in particular in terms of not providing banking support to those firms that the bank deems high risk. This behaviour has been controversial, as it is open to accusations that banks may be acting in an anti-competitive manner – particularly where a fintech concept may be considered a potential alternative to traditional banking.

Generally, firms offering unregulated products and services in conjunction with regulated products and services are required to be very clear with consumers as regards which products are/are not regulated. Furthermore, the FCA may seek to exercise oversight with respect to the unregulated aspects of the business, both in terms of (i) any risk the unregulated activities could pose to regulated activities and (ii) the FCA’s expectation that regulated firms uphold a certain standard of conduct, with respect to unregulated business.

Generally, AML and Sanctions Rules are well settled for most fintechs. However, there are two areas worthy of particular consideration. Firstly, the AML and Sanctions Rules applied to crypto-asset firms are considered some of the most onerous internationally, and historically this has meant that such firms have tended to locate outside the United Kingdom and thereby fall outside the regime. On the other hand, further regulation of the financial promotion of certain crypto-assets may impact this trend as they make it harder to operate with the UK market generally without obtaining an FCA registration and complying with the full AML and Sanctions Rules.

Also, whilst the AML and Sanctions Rules for payment services firms are well established, there have been suggestions that there may be better ways of obtaining the outcomes of such rules, with less inconvenience to the customer, through the use of new innovations. As such, particularly as the UK has greater freedom to amend its AML and Sanctions Rules post-Brexit, it may be that there are changes to these rules in the future as part of making the UK financial services sector more competitive.

There is a single regulated activity of giving investment advice, which applies to certain asset classes such as securities. All in-scope assets are regulated under the same set of rules and requirements.

Generally, legacy players are seeking to use the brand of new robo-advisers to further their own businesses. This may be by making products available to robo-advisers so that customers are advised to participate in them, or by making a robo-advice platform (which may be under a different brand) with a remit to sell products sold by the legacy player. In the second case, care needs to be taken to ensure that consumers are not misled into thinking that the advice they receive takes into account a broader range of products than that actually considered – and there is specific regulation to ensure that this is the case.

The United Kingdom has implemented MiFID II, and as such has generally the same best execution obligations as applicable to investment firms in the EU generally. Firms are required to deliver best execution taking into account factors such as the following:

  • price;
  • costs;
  • speed;
  • likelihood of execution and settlement;
  • size;
  • nature; or
  • any other consideration relevant to the execution of an order.

There are substantial differences. For example, where a loan falls within the definition of “credit agreement”, being defined as the provision of credit to:

  • individuals;
  • partnerships consisting of two or three persons not all of whom are bodies corporate; or
  • an unincorporated body of persons which does not consist entirely of bodies corporate and is not a partnership,

this is highly regulated, and there are prescribed obligations regarding matters such as the terms on which such agreement can be entered into, and as regards protecting vulnerable persons.

Other loans which are not with consumers/retail may be completely unregulated, and so there are no such considerations.

Where lending involves providing consumer credit, then the lender will need to be regulated by the FCA for this purpose and to comply with the FCA’s requirements for lenders.

There is no such obligation in relation to unregulated lending.

There is no specific regulation regarding what the source of funds should be for a loan. However, depending on how the loan is financed, this may trigger regulation. In this respect, it is noted that if money is borrowed from one person and then on-lent to another person, this may well constitute the activities of running a collective investment scheme (if there is a look through to how the funds are on-lent) or deposit taking (if there is no look through to how the funds are on-lent). The issues therefore depend on the nature of the activity: for example, for a collective investment scheme there is emphasis on ensuring that the funds are properly managed and that the fund management activity is properly overseen. On the other hand, the focus on deposit taking tends to be as regards ensuring that the solvency of the institution is properly risk managed.

Syndication of loans does take place. Outside the scenarios set out in 4.3 Sources of Funds for Loans, this is generally unregulated and, as such, there is no specific legal practice. However, there are usually commercial norms: for example, there tends to be a lead lender who organises the syndicate and is the primary entity performing due diligence.

Generally, payment processes need to use a payment rail in order to operate.

The provision of cross-border payments and remittances from abroad are generally unregulated, if there is no UK establishment.

The provision of cross-border payments and remittances from the UK to other countries is generally regulated in the same manner as payment services generally. However, there are some differences in terms of operational aspects, such as the permitted settlement time for payments.

There is no specific regulated activity of “fund administration”, and so whether fund administrators are regulated depends on their activities. In this respect, it is noted that the nature of the activities of the fund administrator means that it is likely that they will engage in the activity of “establishing, operating or winding up a collective investment scheme”.

Generally, fund managers are observed providing non-negotiable terms on which they operate. These terms are established by industry norm, which itself is based on what is expected would satisfy the requirements of the FCA.

The nature of the regulation of a marketplace is dependent on the way in which it is set up and the nature of the asset traded. With respect to the trading of regulated financial instruments (which does not include crypto-assets), the most regulated markets are regulated markets, followed by multilateral trading facilities, organised trading facilities and firms “making arrangements with a view to” transactions.

Regulated markets include entities such as the London Stock Exchange, with onerous specific listing rules for firms wishing to trade on those exchanges.

Multilateral trading facilities have to operate in accordance with non-discretionary rules, whereas order execution must be carried out on an organised trading facility (OTF) on a discretionary basis.

The activity of “making arrangements with a view to” transactions is the most light-touch, and generally applies to firms that connect buyers and sellers of in-scope assets. This is therefore the activity most relevant to fintechs, and there is a focus in the regime on how the firm conducts its business with users to ensure that they are appropriately protected, and receive appropriate disclosures in respect of potential investments.

In particular, crypto-asset exchanges are generally subject to a different regime to that set out above.

The regulation of crypto-assets has traditionally been handled differently to other asset classes, in particular by requiring registration with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. The focus of this requirement has been on prevention of money laundering, rather than, eg, conduct of business and solvency. As such, it has been a slight anomaly with the general approach in the UK. Furthermore, the MLRs being a separate regulatory regime to that which applies to securities, firms seeking to trade both securities and crypto-assets need both licences, which is very rare and so has hindered the development of this industry.

In the future, this is likely to change as the MLRs are phased out and it is likely that the regulation of crypto-asset exchanges will become broader than their money-laundering risk.

This very much depends on the nature of the exchange. There may be a requirement for a prospectus when selling certain securities – and, at the other end of the spectrum, listing on a regulated market requires compliance with a detailed rulebook of requirements.

In broad and general terms, firms that are authorised to execute orders on behalf of clients must implement procedures and arrangements which provide for the prompt, fair and expeditious execution of client orders, relative to other orders or the trading interests of the firm. These procedures or arrangements must allow for the execution of otherwise comparable orders in accordance with the time of their reception by the firm.

The requirements for a UCITS management company providing collective portfolio management services are slightly different, as it must establish and implement procedures and arrangements in respect of all client orders it carries out which provide for the prompt, fair and expeditious execution of portfolio transactions on behalf of the UCITS scheme it manages.

Peer-to-peer trading platforms are common in the United Kingdom and are generally regulated (as they will involve an activity such as “making arrangements with a view to” a regulated transaction). The regulatory challenge has been to ensure that such platforms treat customers fairly, and, for example, do not hold themselves out as having done more due diligence on the products they make available than is actually the case.

In relation to securities, firms that execute orders on behalf of clients are required to have best execution policies and procedures in place to obtain the best possible results for clients, taking into account the following execution factors:

  • price;
  • costs;
  • speed;
  • likelihood of execution and settlement;
  • size;
  • nature; or
  • any other consideration relevant to the execution of an order.

There is no such best execution obligation in relation to exchanges for unregulated crypto-assets. However, there are obligations in relation to monitoring transactions from a money-laundering risk perspective. This may change in the future as new requirements are coming into force in relation to crypto-asset exchanges generally.

In relation to securities, whilst not necessarily prohibited outright per se, the FCA considers that payment for order flow is generally incompatible with the FCA’s rules on conflicts of interest and inducements, and risks compromising firms’ compliance with best execution. As such, the general position is that this is effectively not permitted in the UK.

There is no prohibition in relation to exchanges for unregulated crypto-assets; however, this may change in the future as new requirements are coming into force in relation to crypto-asset exchanges generally.

The UK position on market abuse and market integrity in relation to securities generally follows a similar position to that in the EU, as the Market Abuse Regulation has been onshored to the UK post-Brexit. Preventing, detecting and punishing market abuse is a high priority for the FCA.

The FCA has powers and responsibilities for preventing and detecting market abuse, including insider dealing, unlawful disclosure, market manipulation and attempted manipulation civil offences. Furthermore, insider dealing and market manipulation are also criminal offences.

Currently, unregulated crypto-assets fall outside the UK market abuse and market integrity rules; however, this is likely to change in the near future as new requirements are being considered in relation to crypto-asset exchanges. It is worth noting that offences such as fraud exist independently of the market abuse rules, and so firms should in any event be careful as behaviour which may technically fall outside the market abuse rules on the basis that the assets are not securities may still be considered illegal.

There is no specific regulation of such technologies. However, they cannot be used in a way that breaches the more general requirements that all firms are subject to – for example, in relation to securities they need to comply with the rules on market abuse and market manipulation.

Dealing as principal is a regulated activity in the UK, and such firms need to comply with the FCA’s requirements generally. An area of particular note here is as regards capital requirements. Firms that deal as principal have a permanent minimum capital requirement of £750,000. This reflects the fact that such firms have a higher solvency contagion risk.

Funds and dealers are subject to very different regulatory regimes, reflecting the different nature of the activities undertaken. The activities of fund managers involve exercising discretion on behalf of investors, and so there are specific requirements in terms of ensuring that that discretion is properly defined and monitored, for example by fund administrators, custodians, accountants, etc.

Dealers do not exercise discretion – they simply execute – and so the risks here are different. Considerations are more limited and focused on matters such as disclosure, best execution and avoiding conflicts of interest.

Programmers who develop and create trading algorithms and other electronic trading tools are not regulated. However, those that use such in connection with undertaking a regulated activity will be regulated, and will therefore have responsibilities in monitoring and overseeing the trading algorithms and other electronic trading tools they use.

Globally, DeFi is currently focused on unregulated crypto-assets. In the United Kingdom, if performed by a UK establishment such activity is likely to trigger the requirement to register with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. However, this requires a specific entity to register, and often the rationale behind DeFi is to avoid having any specific entity claim to do the activity, meaning it is practically impossible for such set-ups to register with the FCA. The result has been that DeFi firms have broadly avoided setting up in the UK, and instead have sold products into the UK on a cross-border basis.

Such firms are not subject to any registration obligation unless their activities constitute the provision of regulated investment advice.

Firms that are otherwise unregulated are considered to be giving investment advice when that advice is given to a person in their capacity as a (potential) investor, or in their capacity as agent for such and the advice is on the merits of either (i) buying, selling, subscribing for, exchanging, redeeming, holding or underwriting investments such as securities and structured deposits or (ii) exercising or not exercising any right conferred by such an investment to buy, sell, subscribe for, exchange or redeem such an investment.

Firms that are otherwise regulated are considered to be giving investment advice when they give a personal recommendation.

The writers’ experience is that research platforms are generally structured so as to deliberately fall outside giving investment advice, and thereby stay unregulated.

This is generally subject to the rules on market abuse and market integrity, as discussed at 7.9 Market Integrity Principles.

This is generally subject to the rules on market abuse and market integrity, as discussed at 7.9 Market Integrity Principles. In these rules, the emphasis is generally on those engaging in the conversation, rather than the operator of the platform. However, the criminal nature of the activities means that the inchoate offences (such as attempt or conspiracy) may apply if the operator of a platform deliberately assists such behaviour.

The insurance industry in the UK is highly regulated, and those advising on contracts of insurance, including the underwriting thereof, need to be regulated. As such, there are specific requirements that they need to satisfy in order to comply with their regulatory obligations.

Insurance is regulated differently depending on the nature and function of the insurance contract: for example, the FCA differentiates between investment and non-investment insurance contracts. The regulation of each depends on its specific characteristics and risks.

Regtech providers are not regulated unless they are also undertaking a regulated activity in conjunction with their business. In the writers’ experience, regtech providers are generally set up as an adjunct to a regulated business, meaning that the provider is not regulated, however its clientele is.

This often depends on the nature of the regtech provider and the solution being provided. For example, in fund management there are regtech providers that facilitate fund distribution, and in such a case there are often stringent obligations to ensure performance and accuracy, as well as sample testing to ensure that all the requirements are being met. On the other hand, some AI prediction tools only have a percentage accuracy and are used for helping firms model products, and in this case the limitations are recognised and accepted. The overall picture is that clients have an obligation to meet their regulatory obligations, and so the contractual terms will depend on the latitude the clients have in this respect.

With the acceptance of the Bitcoin ETF by the SEC, a steady increase has been observed in both the acceptance of blockchain by traditional players and interest regarding its utility for such businesses. This has grown beyond simply considering crypto-assets as an investable asset class to increasing discussion as to how to deliver traditional products in a cheaper and more efficient way using blockchain technology.

The FCA has generally been supportive of the use of blockchain, and indeed a common use of the FCA sandbox has been to test new innovations using blockchain technology. More recently, the FCA has been involved in fund industry initiatives to discuss the use of blockchain by that industry.

In terms of actual regulation, the FCA has generally adopted an approach of applying existing regulation to blockchain solutions – on the basis that blockchain solutions should manage the risks covered by existing regulation, and there should be a level playing field between traditional and blockchain-based methods of operating. However, in providing the sandbox the FCA is recognising that in certain cases assumptions regarding how risks may be mitigated may prove false for blockchain solutions – and so this gives firms the ability to show the FCA where existing FCA rules may be properly adapted to take advantages of the new technology.

Whether a blockchain asset is considered a form of regulated financial instrument depends on the features of the asset, as an asset having the features of a regulated financial instrument shall be regulated as such.

Broadly, this means that the classification of crypto-assets splits into three categories.

  • Security tokens – these are tokens, other than e-money tokens, with specific characteristics that mean they meet the definition of a “Specified Investment” under the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001, and which are therefore within the FCA’s perimeter. This means that firms that deal in these tokens generally need to be authorised by the FCA under the Financial Services and Markets Act 2000 (FSMA) to do so.
  • E-money tokens – these are tokens that meet the definition of e-money, in which case certain activities in relation to them, particularly those linked to payments, may be within the FCA’s perimeter.
  • Unregulated tokens – these consist of tokens that are not e-money tokens and are not security tokens. Dealing in these tokens does not require FCA authorisation.

Regardless of the classification of crypto-assets, UK firms need to register with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 if they engage in any of the following activities:

  • exchange, or arrange or make arrangements with a view to exchange crypto-assets for money or vice versa, or one crypto-asset for another crypto-asset;
  • operate a machine which uses automated processes to exchange money for crypto-assets or vice versa (eg, an ATM); or
  • provide custodian services for (i) crypto-assets on behalf of customers and/or (ii) private cryptographic keys to hold, store and transfer crypto-assets.

Furthermore, any invitation or inducement to invest in some crypto-assets (a “financial promotion”) is subject to the “General Prohibition” set out in Section 21 of the Financial Services and Markets Act 2000, meaning that such activity must either be approved by an FCA authorised firm with the requisite competence to do so, or fall within an exemption. Generally, this is most relevant to consider for (i) security tokens and (ii) unregulated tokens that are fungible and transferable – and the exemptions are slightly broader for security tokens. It is worth noting that a firm registered with the FCA for its crypto-asset business will fall within an exemption and therefore is able to approve its own financial promotions. It is also worth noting that the requirements of the financial promotion rules are onerous – for example, they incorporate the need for an appropriateness assessment and a 24-hour cooling-off period for first-time buyers, and so firms operating under this regime need to dedicate appropriate resources in order to comply with it.

This “issuer” of a blockchain asset is not regulated per se. However, generally, issuance is often linked to a sale, in which case that activity is subject to the potential requirement (i) to register with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and (ii) to comply with the financial promotion restrictions outlined above.

Again, if conducted by a UK business, this is likely to trigger the requirement to register with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. It is worth noting that the focus of this regime is on preventing money laundering, and it is likely to be replaced in the near future with a broader regime that will also set out obligations in respect of matters such as conduct of business requirements and stopping market abuse and manipulation.

For crypto-assets which are not NFTs, such firms will also likely need to comply with the financial promotion restrictions outlined above.

Funds that invest in blockchain assets are regulated the same way as funds generally. However, note that currently crypto-assets are not an eligible investment for retail funds, and as such crypto funds are generally restricted to professional investors. Also note that, while the regulation of crypto funds is not distinct from funds generally, existing service providers may not feel competent to operate with crypto funds. The writers have observed the resulting growth of new service providers specifically targeting the crypto funds industry to fill this gap in the market.

There is no specific regulation of virtual currencies other than as set out in 12.3 Classification of Blockchain Assets. In the future, however, there is likely to be a move to regulate stablecoins used for payment services. A core focus here is that companies using stablecoins for payments may be providing a service analogous to traditional payment services without being subject to regulation. Given that this is the case, the proposed new regime will very likely be heavily influenced by the existing approach to regulating payment services. However, there will be differences: for example, for stablecoins there will likely be provisions regarding ensuring that they have suitable liquidity and that issuers are able to clearly articulate how the stability of the crypto-asset’s value is ensured.

There is no specific definition of DeFi in the UK. If DeFi is performed by a UK establishment, such activity is likely to trigger the requirement to register with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. However, this requires a specific entity to register, and often the rationale behind DeFi is to avoid having any specific entity claim to do the activity, meaning it is practically impossible for such set-ups to register with the FCA. The result has been that DeFi firms have broadly avoided setting up in the UK, and instead have sold products into the UK on a cross-border basis.

It is worth noting that the UK Law Commission is assessing whether Decentralised Autonomous Organisations (DAOs) should be recognised in the UK. If they are, this would mean that there is a legal wrapper for DeFi organisations and a greater potential for such to be able to register with the FCA for crypto-asset activities. This work is currently still in conception, and as such untested.

Please see 12.3 Classification of Blockchain Assets regarding the regulation of crypto-assets generally. In the writers’ experience, NFT projects are generally structured so as not to involve the selling of an unregulated token. As such, if they are sold into the UK from a jurisdiction outside the UK, they are generally outside the financial promotion restriction as well as the other parts of the UK regulatory framework. It is therefore relatively uncommon for such platforms to be set up in the UK, as it is generally cheaper to sell into the UK on a cross-border basis.

Whilst the United Kingdom is outside the EU, PSD2 has been implemented in the UK. UK banks have been instructed to support open banking, and this has led to a plethora of new payment service firms operating in the UK. In this respect, it is worth noting that in the wake of PSD2 there has been a focus on attracting new account information service providers (AISPs), payment initiation service providers (PISPs) and card-based payment instrument issuers (CBPIIs) to the UK.

There are clear rules and requirements governing the protection of data privacy and data security in the UK, and these are complied with by participants in the ecosystem. This has facilitated banks and technology providers in enabling open banking, as they are clear as to their obligations.

The concept of fraud is broader than just financial services and fintech, and is a general offence in the UK. The Fraud Act 2006 sets out the definition of fraud and defines it broadly in the following terms.

  • Fraud by false representation– a person commits this offence if they:
    1. dishonestly make a false representation; and
    2. intend, by making the representation (i) to make a gain for themself or another, or (ii) to cause loss to another or to expose another to a risk of loss.
  • Fraud by failing to disclose information– a person commits this offence if they:
    1. dishonestly fail to disclose to another person information which they are under a legal duty to disclose; and
    2. intend, by failing to disclose the information (i) to make a gain for themself or another, or (ii) to cause loss to another or to expose another to a risk of loss.
  • Fraud by abuse of position– a person commits this offence if they (by act or omission):
    1. occupy a position in which they are expected to safeguard, or not to act against, the financial interests of another person;
    2. dishonestly abuse that position; and
    3. intend, by means of the abuse of that position (i) to make a gain for themself or another, or (ii) to cause loss to another or to expose another to a risk of loss.

The regulators in the UK are focused on any type of fraud, particularly where it may affect the UK retail market. Fraud is a particular issue that has arisen in respect of firms misrepresenting the nature of the products that they sell/make available to clients, as well as where they make a secret profit at the expense of their consumers.

gunnercooke llp

1 Cornhill
London
EC3V 3ND
England

+44 7557 371480

James.Burnie@gunnercooke.com www.gunnercooke.com
Author Business Card

Trends and Developments


Authors



gunnercooke llp is the fastest growing corporate law firm in the UK and has offices in the US, Germany, CEE, Scotland and England. With more than 500 professionals, gunnercooke has a specific specialism in fintech, and has developed its offerings specifically with a view to assisting firms in this sector. This has included being the first major UK law firm to officially accept payment in crypto-assets, to facilitate clients in that sector, as well as a strong cultural emphasis on providing predictable fixed fee charging models, bringing certainty to firms needing to properly budget costs. The firm’s offering extends beyond pure legal, for example by having an internal dedicated AI team, able to develop AI solutions that clients can implement, as well as an operating partners team able to help fintech clients strategise their business models to seize new opportunities and maximise their value.

With Great Power Comes Great Responsibility: The Great UK Fintech Mid-life Crisis

The question

In the UK, the nature of the fintech industry has meant that it has historically been closely aligned with the financial services sector, and this has always resulted in somewhat of a regulatory conundrum. On the one hand, there is the desire to ensure that consumers and market integrity are protected – resulting in greater regulation. On the other hand, there is the recognition that, left unchecked, too onerous regulation can be counter-productive as it acts as a financial barrier to entry for new market participants, reducing customer choice and reducing competition in the market to the detriment of consumers.

The answer

There is no “right answer” to how to balance these objectives. However, traditionally, in the UK the issue of balancing them has not been an issue that regulators have had to contend with. Whilst the UK was part of the EU, as a general rule most financial services regulation was set at a pan-EU level. As such, whilst like other EU members the UK could issue variations on the core theme of EU regulation, there was in fact relatively little scope to strike a different path.

The mid-life crisis

Now that the UK has left the EU, there is a clear desire to use this as an opportunity to “improve” the UK legal and regulatory framework for fintech firms as it matures. What is less clear is what this actually means in practice, and again a competing tension arises: should the UK continue to broadly follow EU regulation, attempting to maintain access to the EU market whilst risking becoming a second-class jurisdiction in terms of setting its own regulatory agenda? Or should the UK leave the EU entirely, and strike out on its own to set up a regulatory framework entirely distinct from that in the EU, risking becoming an unattractive anomaly in the global regulatory ecosystem?

Plan A: avoiding the question

Regulation moves slowly compared to commerce, and so it is likely to be some time until these questions are answered. The general approach so far in the UK, given the vast nature of financial services regulation, has been to onshore EU regulation. In broad terms, this has meant replicating existing EU financial services regulation in the UK as a stop-gap measure to ensure the continued predictable operation of the UK financial services regime whilst decisions can be made as to how best to move forwards.

Separately, various reviews have been commissioned to assess how best the UK should move forwards post-Brexit. This has included the high-profile Kalifa review, which sets out a series of recommendations to encourage the growth of the UK fintech sector. These recommendations include:

  • making the UK a more attractive location for initial public offerings by changing the UK listing rules;
  • attracting global talent by making improvements to tech visas;
  • building on the Financial Conduct Authority’s concept of a sandbox to encourage innovation with the concept of a “scalebox” designed to provide additional support to growth stage fintechs; and
  • strengthening co-ordination across the fintech sector with the development of a Centre for Finance, Innovation and Technology.

These developments are, of course, to be welcomed. However, in each case it involves tweaking a theme rather than a firm statement as to how the UK will position itself post-Brexit with respect to the EU. In this respect, the real test has been crypto-assets.

When plan A fails: making a call

The crypto-asset industry is unique in three ways. Firstly, it is entirely new. A such, in comparison with other fintech industries where there is already an existing regulatory framework well understood by participants, it is a blank slate for legislatures and regulators. This means that any crypto-asset framework in the UK goes beyond merely looking for inefficiencies within well-established rules, which is the general approach in fintech, towards a clear statement as to how the UK wishes to position itself globally.

Secondly, the crypto-asset industry is notoriously fluid and difficult to regulate. Generally, if a firm wishes to substantially serve the UK market, it is generally accepted that it will need to set up a local presence that can be regulated. This has not been the case in crypto-assets, where the intrinsically digital nature of the sector has meant that it is possible for firms to have a large UK customer base, whilst not having a UK geographical presence. Furthermore, it is relatively easy for firms both to relocate themselves and to move target market into new geographies. This means that it is no longer the case that smaller firms cannot build regulatory arbitrage into their decision making, putting pressure on how best to oversee an industry that can and will assess the different approaches by legislators and regulators. A pressure made all the more intense by the stated desire by the government to make the UK a global hub for crypto-asset technology and investment.

The carrot

Traditionally, the United Kingdom has been seen as a centre for financial services regulation excellence, and as a pace setter for financial services regulation globally. In this vein, the starting point in the UK has been to seek to implement a gold standard for the regulation of crypto-assets. The initial focus of regulation was to reduce the potential for money laundering and terrorist financing – driven by a preconception internationally that this was the largest risk posed by the industry.

This risk was addressed through an amendment to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) to introduce two new activities registrable with the Financial Conduct Authority (FCA) as the selected primary regulator for crypto-assets.

  • Acting as a crypto-asset exchange provider – this is an entity that either:
    1. exchanges, or arranges or makes arrangements with a view to exchange of, crypto-assets for money or vice versa, or one crypto-asset for another crypto-asset; or
    2. operates a machine which uses automated processes to exchange money for crypto-assets or vice versa (eg, an ATM).
  • Acting as a custodian wallet provider – this is an entity that provides custodian services for:
    1. crypto-assets on behalf of customers; and/or
    2. private cryptographic keys to hold, store and transfer crypto-assets.

The nature of this regime was unusual, in particular in that it was a registration regime under the MLRs, rather than an authorisation regime falling under the scope of the Financial Services and Markets Act 2000 (FSMA 2000). As such, the FCA’s remit in relation to such activities is limited to assessing money laundering risk rather than the usual approach of assessing the business as a whole, for example in terms of conduct of business requirements.

The nature of the regime led to the misconception that the MLRs would be a relatively “light touch” regime, and so applicants generally underestimated the FCA’s expectations in applying for registration. This led to a relatively high percentage – over 90% – of firms who applied for registration under the MLRs not successfully registering with the FCA.

Whilst some would argue that the FCA’s approach to regulating business under the MLRs is a gold standard – and so a marker of quality in a successfully registered business – a failed registration for a business is an expense without a corresponding benefit. This is particularly an issue for firms with limited budget. The fact, therefore, that the UK set a relatively high bar to registration caused firms to look for other options in terms of jurisdictions in which to set up. In fact, the nature of the MLRs effectively encouraged jurisdiction shopping, as any firm selling into the UK from outside the UK did not need to register with the FCA under the MLRs, saving this expense.

The movement of firms outside the UK clearly undermined the viability of the UK in positioning itself as a crypto hub. Something needed to be done.

Time to get the stick

The first priority in the UK was to plug the regulatory gap – ie, the ability to sell crypto-assets into the UK from overseas and thereby side-step UK regulation. This was done by extending the scope of the so-called general prohibition set out at Section 21 of FSMA 2000. This prohibits an invitation or inducement to engage in investment activity (a “financial promotion”) in relation to controlled investments unless:

  • such financial promotion has been approved by an FCA authorised firm with the competence to sign off the financial promotion; or
  • the financial promotion is made in accordance with one or more of the clearly defined exemptions from the general prohibition. The exemptions (as well as those assets which are deemed to be controlled investments) are set out in the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005.

The extension of the financial promotion rules to crypto-assets has been an interesting demonstration of the UK approach to regulation post-Brexit. Firstly, the approach is nuanced – for example, not all crypto-assets are subject to the general prohibition, but rather the extension of the general prohibition was limited to only unregulated crypto-assets that are both fungible and non-transferable (security tokens were already generally within the scope of the regime). This recognises the fact that it would not be appropriate to subject all crypto-assets to regulation: for example, unregulated NFTs, which may be crypto-assets that display a piece of art, may have characteristics that mean that they do not function like traditional investments at all, and so it would not be appropriate to subject them to similar regulatory hurdles.

Secondly, there is a clear statement that the UK is unafraid to take clear bold steps to protect UK consumers. The approach taken by the UK was not to follow other jurisdictions, and, for example, the new rules have come into force long before the MiCA rules in the EU take effect to govern the promotion of crypto-assets into the EU. Furthermore, the FCA has written to firms believed to be targeting the UK to warn that the FCA will take action in respect of firms not complying with the financial promotion rules, and this has including issuing public consumer warnings against firms believed to be in breach.

Thirdly, the approach in the UK maintains itself as having a gold standard yet proportionate approach to regulation. In this respect, it is worth noting that the UK did not simply apply all exemptions to crypto-assets. As it was felt that persons in the retail market could not credibly declare themselves sophisticated in trading crypto-assets, this exemption has been denied to those selling crypto-assets into the UK. Conversely, it is recognised that firms registered with the FCA under the MLRs generally have high standards of conduct, and so they have been exempted from the regime in relation to their own financial promotions.

A lesson learnt

One of the advantages for UK regulation is the ability to adapt quickly. In this respect, it is reassuring to see how the UK has responded to criticism from the crypto-asset industry, in terms of the regime under the MLRs.

Firstly, a common criticism from the industry was that the expectations of the FCA for the industry were unclear. In this respect, it is helpful that the FCA now publishes, and regularly updates, a good and poor practice guide for the industry so that participants have a much clearer view on the requirements that they need to comply with. An advantage here is that, post-Brexit, the FCA no longer has to be careful not to provide guidance on regulation which might be at variance with the interpretation of those across the EU (formerly meaning that the FCA was at risk of providing an incorrect interpretation). This has enabled the FCA to be more direct in terms of its expectations for firms.

More broadly, the regime under the MLRs was seen as in any event not fit for purpose, as it was restricted to the risks related to money laundering and terrorist financing whereas generally the FCA expects firms to act in accordance with broader requirements, for example, in terms of treating customers fairly. This caused an inherent tension for the FCA as it would generally expect firms to meet certain standards in relation to their business generally, yet the FCA did not have the legislative mandate to insist firms meet those obligations. The proposals under the Financial Services and Markets Bill to replace the registration regime under the MLRs with the more traditional approach of requiring FCA authorisation under FSMA 2000 are, therefore, to be welcomed.

A microcosm for the future

Whilst the crypto-asset industry is a useful microcosm for understanding the UK’s future approach to fintech, it is simply one vertical within the wider fintech ecosystem. And whilst the urgent need to bring in standards to an unregulated industry necessitated that crypto-assets be one of the first areas of focus for the UK legal and regulatory regime, it is clear that the UK’s ambitions are broader than that.

In this respect, it is worth noting that the changes heralded by the Financial Services and Markets Bill are wide-ranging, unlocking the powers of the UK regulators to shape and develop the UK’s approach to fintech to an extent unprecedented in living memory. Now that the UK has the power to shape its own regulatory framework, the question is how this responsibility will be exercised.

gunnercooke llp

1 Cornhill
London
EC3V 3ND
UK

+44 7557 371480

James.Burnie@gunnercooke.com www.gunnercooke.com
Author Business Card

Law and Practice

Authors



gunnercooke llp is the fastest growing corporate law firm in the UK and has offices in the US, Germany, CEE, Scotland and England. With more than 500 professionals, gunnercooke has a specific specialism in fintech, and has developed its offerings specifically with a view to assisting firms in this sector. This has included being the first major UK law firm to officially accept payment in crypto-assets, to facilitate clients in that sector, as well as a strong cultural emphasis on providing predictable fixed fee charging models, bringing certainty to firms needing to properly budget costs. The firm’s offering extends beyond pure legal, for example by having an internal dedicated AI team, able to develop AI solutions that clients can implement, as well as an operating partners team able to help fintech clients strategise their business models to seize new opportunities and maximise their value.

Trends and Developments

Authors



gunnercooke llp is the fastest growing corporate law firm in the UK and has offices in the US, Germany, CEE, Scotland and England. With more than 500 professionals, gunnercooke has a specific specialism in fintech, and has developed its offerings specifically with a view to assisting firms in this sector. This has included being the first major UK law firm to officially accept payment in crypto-assets, to facilitate clients in that sector, as well as a strong cultural emphasis on providing predictable fixed fee charging models, bringing certainty to firms needing to properly budget costs. The firm’s offering extends beyond pure legal, for example by having an internal dedicated AI team, able to develop AI solutions that clients can implement, as well as an operating partners team able to help fintech clients strategise their business models to seize new opportunities and maximise their value.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.