The fintech market has developed at pace in the United Kingdom, which is seeking to become a hub for fintech companies. Different segments of the fintech market are, however, subject to different regulation, and depending on the state of evolution different firms are finding it harder or easier to operate. A good example of this currently is the fact that the financial promotion of certain crypto-assets has required sign-off by competent Financial Conduct Authority (FCA) authorised firms, leading to a cooling effect on the development of that sector, whereas currently AI is generally unregulated, and this is leading to an influx of start-ups entering into that sector. What will be interesting, moving forwards, will be the effect as the regulation of crypto-asset firms becomes more settled, whereas the AI sector is likely to become increasingly subject to regulatory scrutiny, increasing the cost of operating in that sector.

The size of the United Kingdom as a financial services regulatory hub has meant that the full range of fintech firms are operating in the United Kingdom. The three largest areas of focus currently being seen are:

• blockchain and Web3;
• AI; and
• payment services.

In the UK there is one core regulatory regime, set out in the Financial Services and Markets Act 2000, as well specific regimes for specific types of activity. The Financial Services and Markets Act 2000 (FSMA), by reference to the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO), generally sets out which activities are regulated in the United Kingdom, as well as the powers of the Financial Conduct Authority and the Prudential Regulation Authority (the two lead regulators for financial services in the UK) in respect of their oversight of firms conducting such activities.

The main exception to this currently is the fact that certain activities in relation to crypto-assets (specifically acting as a crypto-asset exchange provider or custodian wallet provider) are specified in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). This has caused confusion, for example, as to the scope of the meaning of “making arrangements with a view to” a crypto-asset transaction. It has also caused friction in terms of the fact that the Financial Conduct Authority generally has oversight over the conduct of business by firms within its remit, whereas the MLRs are focused solely on reducing the risk of money laundering and terrorist financing, meaning a lack of clarity regarding the expectations in relation to the Financial Conduct Authority’s oversight. It is therefore helpful that in the next few years the MLRs regime for crypto-assets is likely to be superseded by a more traditional approach to requiring authorisation under FSMA.

For other business, generally, the Financial Conduct Authority’s expectations are as set out in the FCA’s Handbook of Rules and Guidance. That being said, there are still some specific regimes, the most notable of which are the Payment Services Regulations 2017 and the Electronic Money Regulations 2011, which generally set out the rules for firms in the payment services industry.

This is highly specific to the nature of the activity. However, in broad terms, there is a focus on avoiding any compensation that is likely to cause a conflict with the interests of the consumer. This is a shift from previous thinking, which was more along the lines of disclosure obligations.

Firms providing services in relation to securities are generally subject to the most onerous obligations, and, for example, financial advisers are not permitted to receive payments that may impact their advice. A recent focus has also been on inducements to invest, and it is notable that the Financial Conduct Authority has recently prohibited these when selling in-scope crypto-assets (ie, fungible and transferable unregulated crypto-assets) to the general UK retail public.

Generally, no distinction is drawn between these groups of participants, with a view to keeping a level playing field. However, there is a recognition that new technologies may achieve the same (or better) outcomes for consumers through approaches not originally anticipated by the existing rules. Where this is the case, the general approach has been “same risk same regulatory outcome”. In addition, the UK has pioneered the use of sandboxes, which enable interaction between the regulator and fintechs to assess how best to oversee new technologies.

The UK has a range of sandboxes, run by different regulators. These include the original sandbox, operated by the Financial Conduct Authority, which allows firms with a genuine innovation with a UK nexus to conduct a test under the oversight of the Financial Conduct Authority.

The Prudential Regulation Authority and Bank of England also run sandboxes, and again these are generally chances for firms to be able to interact with these regulators to test new concepts which may be of relevance to them.

The use of a sandbox should be seen as a chance to explore a concept with a regulator – it is not a means to avoid regulation. Once a sandbox is successful, firms are still expected to obtain all of the relevant authorisation and registrations that may be considered pertinent to the running of their business.

For financial services firms, the primary regulator is the Financial Conduct Authority, which is responsible for both the conduct of business and the prudential running of these businesses. However, certain businesses (in particular banks, building societies, credit unions, insurers and major investment firms) are also regulated by the Prudential Regulation Authority (PRA), alongside the Financial Conduct Authority. The general theme of these business is that they may post a systemic risk to the UK financial services sector, and so the PRA has a particular focus on matters such as the solvency of such institutions and mitigating the impact of any wind-down.

Another regulator that UK businesses generally have to deal with is the Information Commissioner’s Office, which is responsible for ensuring that businesses comply with their obligations with respect to protecting personal data.

Firms may also have to comply with the requirements of the Advertising Standards Authority (ASA) if marketing in the United Kingdom. However, if they are regulated by the FCA/PRA that tends to be more onerous than, and supersede, the requirements of the ASA.

Regulated firms are not able to outsource responsibility for their regulated activities. There are specific requirements for such firms to have a business continuity policy and planning in place. Further, institutions such as banks, which pose a market integrity risk, must ensure that they have provisions to keep key operations functioning in the event of, eg, a solvency risk.

Generally, for any product there will be a person considered to be “doing” the relevant activity. Therefore, this person will have to take responsibility for the activity, regardless of whether a fintech provider is leveraged in order to provide the product. As such, they will subject the fintech provider to appropriate due diligence.

Furthermore, for certain activities (eg, in relation to payments and certain activities in connection with securities), it may be possible for a fintech to leverage the licence of an existing FCA authorised firm. Where this is the case, the FCA authorised firm will be responsible for, and have oversight of, the fintech provider.

The FCA has taken a variety of enforcements actions in relation to firms that have breached its expectations. A particular focus of the FCA has been in respect of firms that have been selling crypto-assets into the UK without the appropriate licence/approval, and in this respect over 40 firms have been listed as in breach of the FCA’s requirements.

Another core focus by the FCA has been as regards firms that provide regulatory umbrellas for funds and firms conducting activities in relation to securities. The FCA has conducted a sector-wide investigation into such firms for not complying with their oversight obligations to the full extent, and this has resulted in a variety of firms having to impose limits on the number of firms they can support.

Generally, the biggest area of focus is as regards the protection of personal data. In this respect, a complication in respect of personal data has been how this should be regulated post-Brexit, as there is a belief that the existing requirements are relatively onerous in a way which may not be achieving the intended outcome. However, this needs to be balanced against the requirement to continue equivalence with the EU.

Banks have been seen taking an increasingly interventionist approach towards regulating firms, in particular in terms of not providing banking support to those firms that the bank deems high risk. This behaviour has been controversial, as it is open to accusations that banks may be acting in an anti-competitive manner – particularly where a fintech concept may be considered a potential alternative to traditional banking.

Generally, firms offering unregulated products and services in conjunction with regulated products and services are required to be very clear with consumers as regards which products are/are not regulated. Furthermore, the FCA may seek to exercise oversight with respect to the unregulated aspects of the business, both in terms of (i) any risk the unregulated activities could pose to regulated activities and (ii) the FCA’s expectation that regulated firms uphold a certain standard of conduct, with respect to unregulated business.

Generally, AML and Sanctions Rules are well settled for most fintechs. However, there are two areas worthy of particular consideration. Firstly, the AML and Sanctions Rules applied to crypto-asset firms are considered some of the most onerous internationally, and historically this has meant that such firms have tended to locate outside the United Kingdom and thereby fall outside the regime. On the other hand, further regulation of the financial promotion of certain crypto-assets may impact this trend as they make it harder to operate with the UK market generally without obtaining an FCA registration and complying with the full AML and Sanctions Rules.

Also, whilst the AML and Sanctions Rules for payment services firms are well established, there have been suggestions that there may be better ways of obtaining the outcomes of such rules, with less inconvenience to the customer, through the use of new innovations. As such, particularly as the UK has greater freedom to amend its AML and Sanctions Rules post-Brexit, it may be that there are changes to these rules in the future as part of making the UK financial services sector more competitive.

There is a single regulated activity of giving investment advice, which applies to certain asset classes such as securities. All in-scope assets are regulated under the same set of rules and requirements.

Generally, legacy players are seeking to use the brand of new robo-advisers to further their own businesses. This may be by making products available to robo-advisers so that customers are advised to participate in them, or by making a robo-advice platform (which may be under a different brand) with a remit to sell products sold by the legacy player. In the second case, care needs to be taken to ensure that consumers are not misled into thinking that the advice they receive takes into account a broader range of products than that actually considered – and there is specific regulation to ensure that this is the case.

The United Kingdom has implemented MiFID II, and as such has generally the same best execution obligations as applicable to investment firms in the EU generally. Firms are required to deliver best execution taking into account factors such as the following:

• price;
• costs;
• speed;
• likelihood of execution and settlement;
• size;
• nature; or
• any other consideration relevant to the execution of an order.

There are substantial differences. For example, where a loan falls within the definition of “credit agreement”, being defined as the provision of credit to:

• individuals;
• partnerships consisting of two or three persons not all of whom are bodies corporate; or
• an unincorporated body of persons which does not consist entirely of bodies corporate and is not a partnership,

this is highly regulated, and there are prescribed obligations regarding matters such as the terms on which such agreement can be entered into, and as regards protecting vulnerable persons.

Other loans which are not with consumers/retail may be completely unregulated, and so there are no such considerations.

Where lending involves providing consumer credit, then the lender will need to be regulated by the FCA for this purpose and to comply with the FCA’s requirements for lenders.

There is no such obligation in relation to unregulated lending.

There is no specific regulation regarding what the source of funds should be for a loan. However, depending on how the loan is financed, this may trigger regulation. In this respect, it is noted that if money is borrowed from one person and then on-lent to another person, this may well constitute the activities of running a collective investment scheme (if there is a look through to how the funds are on-lent) or deposit taking (if there is no look through to how the funds are on-lent). The issues therefore depend on the nature of the activity: for example, for a collective investment scheme there is emphasis on ensuring that the funds are properly managed and that the fund management activity is properly overseen. On the other hand, the focus on deposit taking tends to be as regards ensuring that the solvency of the institution is properly risk managed.

Syndication of loans does take place. Outside the scenarios set out in 4.3 Sources of Funds for Loans, this is generally unregulated and, as such, there is no specific legal practice. However, there are usually commercial norms: for example, there tends to be a lead lender who organises the syndicate and is the primary entity performing due diligence.

Generally, payment processes need to use a payment rail in order to operate.

The provision of cross-border payments and remittances from abroad are generally unregulated, if there is no UK establishment.

The provision of cross-border payments and remittances from the UK to other countries is generally regulated in the same manner as payment services generally. However, there are some differences in terms of operational aspects, such as the permitted settlement time for payments.

There is no specific regulated activity of “fund administration”, and so whether fund administrators are regulated depends on their activities. In this respect, it is noted that the nature of the activities of the fund administrator means that it is likely that they will engage in the activity of “establishing, operating or winding up a collective investment scheme”.

Generally, fund managers are observed providing non-negotiable terms on which they operate. These terms are established by industry norm, which itself is based on what is expected would satisfy the requirements of the FCA.

The nature of the regulation of a marketplace is dependent on the way in which it is set up and the nature of the asset traded. With respect to the trading of regulated financial instruments (which does not include crypto-assets), the most regulated markets are regulated markets, followed by multilateral trading facilities, organised trading facilities and firms “making arrangements with a view to” transactions.

Regulated markets include entities such as the London Stock Exchange, with onerous specific listing rules for firms wishing to trade on those exchanges.

Multilateral trading facilities have to operate in accordance with non-discretionary rules, whereas order execution must be carried out on an organised trading facility (OTF) on a discretionary basis.

The activity of “making arrangements with a view to” transactions is the most light-touch, and generally applies to firms that connect buyers and sellers of in-scope assets. This is therefore the activity most relevant to fintechs, and there is a focus in the regime on how the firm conducts its business with users to ensure that they are appropriately protected, and receive appropriate disclosures in respect of potential investments.

In particular, crypto-asset exchanges are generally subject to a different regime to that set out above.

The regulation of crypto-assets has traditionally been handled differently to other asset classes, in particular by requiring registration with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. The focus of this requirement has been on prevention of money laundering, rather than, eg, conduct of business and solvency. As such, it has been a slight anomaly with the general approach in the UK. Furthermore, the MLRs being a separate regulatory regime to that which applies to securities, firms seeking to trade both securities and crypto-assets need both licences, which is very rare and so has hindered the development of this industry.

In the future, this is likely to change as the MLRs are phased out and it is likely that the regulation of crypto-asset exchanges will become broader than their money-laundering risk.

This very much depends on the nature of the exchange. There may be a requirement for a prospectus when selling certain securities – and, at the other end of the spectrum, listing on a regulated market requires compliance with a detailed rulebook of requirements.

In broad and general terms, firms that are authorised to execute orders on behalf of clients must implement procedures and arrangements which provide for the prompt, fair and expeditious execution of client orders, relative to other orders or the trading interests of the firm. These procedures or arrangements must allow for the execution of otherwise comparable orders in accordance with the time of their reception by the firm.

The requirements for a UCITS management company providing collective portfolio management services are slightly different, as it must establish and implement procedures and arrangements in respect of all client orders it carries out which provide for the prompt, fair and expeditious execution of portfolio transactions on behalf of the UCITS scheme it manages.

Peer-to-peer trading platforms are common in the United Kingdom and are generally regulated (as they will involve an activity such as “making arrangements with a view to” a regulated transaction). The regulatory challenge has been to ensure that such platforms treat customers fairly, and, for example, do not hold themselves out as having done more due diligence on the products they make available than is actually the case.

In relation to securities, firms that execute orders on behalf of clients are required to have best execution policies and procedures in place to obtain the best possible results for clients, taking into account the following execution factors:

• price;
• costs;
• speed;
• likelihood of execution and settlement;
• size;
• nature; or
• any other consideration relevant to the execution of an order.

There is no such best execution obligation in relation to exchanges for unregulated crypto-assets. However, there are obligations in relation to monitoring transactions from a money-laundering risk perspective. This may change in the future as new requirements are coming into force in relation to crypto-asset exchanges generally.

In relation to securities, whilst not necessarily prohibited outright per se, the FCA considers that payment for order flow is generally incompatible with the FCA’s rules on conflicts of interest and inducements, and risks compromising firms’ compliance with best execution. As such, the general position is that this is effectively not permitted in the UK.

There is no prohibition in relation to exchanges for unregulated crypto-assets; however, this may change in the future as new requirements are coming into force in relation to crypto-asset exchanges generally.

The UK position on market abuse and market integrity in relation to securities generally follows a similar position to that in the EU, as the Market Abuse Regulation has been onshored to the UK post-Brexit. Preventing, detecting and punishing market abuse is a high priority for the FCA.

The FCA has powers and responsibilities for preventing and detecting market abuse, including insider dealing, unlawful disclosure, market manipulation and attempted manipulation civil offences. Furthermore, insider dealing and market manipulation are also criminal offences.

Currently, unregulated crypto-assets fall outside the UK market abuse and market integrity rules; however, this is likely to change in the near future as new requirements are being considered in relation to crypto-asset exchanges. It is worth noting that offences such as fraud exist independently of the market abuse rules, and so firms should in any event be careful as behaviour which may technically fall outside the market abuse rules on the basis that the assets are not securities may still be considered illegal.

There is no specific regulation of such technologies. However, they cannot be used in a way that breaches the more general requirements that all firms are subject to – for example, in relation to securities they need to comply with the rules on market abuse and market manipulation.

Dealing as principal is a regulated activity in the UK, and such firms need to comply with the FCA’s requirements generally. An area of particular note here is as regards capital requirements. Firms that deal as principal have a permanent minimum capital requirement of £750,000. This reflects the fact that such firms have a higher solvency contagion risk.

Funds and dealers are subject to very different regulatory regimes, reflecting the different nature of the activities undertaken. The activities of fund managers involve exercising discretion on behalf of investors, and so there are specific requirements in terms of ensuring that that discretion is properly defined and monitored, for example by fund administrators, custodians, accountants, etc.

Dealers do not exercise discretion – they simply execute – and so the risks here are different. Considerations are more limited and focused on matters such as disclosure, best execution and avoiding conflicts of interest.

Programmers who develop and create trading algorithms and other electronic trading tools are not regulated. However, those that use such in connection with undertaking a regulated activity will be regulated, and will therefore have responsibilities in monitoring and overseeing the trading algorithms and other electronic trading tools they use.

Globally, DeFi is currently focused on unregulated crypto-assets. In the United Kingdom, if performed by a UK establishment such activity is likely to trigger the requirement to register with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. However, this requires a specific entity to register, and often the rationale behind DeFi is to avoid having any specific entity claim to do the activity, meaning it is practically impossible for such set-ups to register with the FCA. The result has been that DeFi firms have broadly avoided setting up in the UK, and instead have sold products into the UK on a cross-border basis.

Such firms are not subject to any registration obligation unless their activities constitute the provision of regulated investment advice.

Firms that are otherwise unregulated are considered to be giving investment advice when that advice is given to a person in their capacity as a (potential) investor, or in their capacity as agent for such and the advice is on the merits of either (i) buying, selling, subscribing for, exchanging, redeeming, holding or underwriting investments such as securities and structured deposits or (ii) exercising or not exercising any right conferred by such an investment to buy, sell, subscribe for, exchange or redeem such an investment.

Firms that are otherwise regulated are considered to be giving investment advice when they give a personal recommendation.

The writers’ experience is that research platforms are generally structured so as to deliberately fall outside giving investment advice, and thereby stay unregulated.

This is generally subject to the rules on market abuse and market integrity, as discussed at 7.9 Market Integrity Principles.

This is generally subject to the rules on market abuse and market integrity, as discussed at 7.9 Market Integrity Principles. In these rules, the emphasis is generally on those engaging in the conversation, rather than the operator of the platform. However, the criminal nature of the activities means that the inchoate offences (such as attempt or conspiracy) may apply if the operator of a platform deliberately assists such behaviour.

The insurance industry in the UK is highly regulated, and those advising on contracts of insurance, including the underwriting thereof, need to be regulated. As such, there are specific requirements that they need to satisfy in order to comply with their regulatory obligations.

Insurance is regulated differently depending on the nature and function of the insurance contract: for example, the FCA differentiates between investment and non-investment insurance contracts. The regulation of each depends on its specific characteristics and risks.

Regtech providers are not regulated unless they are also undertaking a regulated activity in conjunction with their business. In the writers’ experience, regtech providers are generally set up as an adjunct to a regulated business, meaning that the provider is not regulated, however its clientele is.

This often depends on the nature of the regtech provider and the solution being provided. For example, in fund management there are regtech providers that facilitate fund distribution, and in such a case there are often stringent obligations to ensure performance and accuracy, as well as sample testing to ensure that all the requirements are being met. On the other hand, some AI prediction tools only have a percentage accuracy and are used for helping firms model products, and in this case the limitations are recognised and accepted. The overall picture is that clients have an obligation to meet their regulatory obligations, and so the contractual terms will depend on the latitude the clients have in this respect.

With the acceptance of the Bitcoin ETF by the SEC, a steady increase has been observed in both the acceptance of blockchain by traditional players and interest regarding its utility for such businesses. This has grown beyond simply considering crypto-assets as an investable asset class to increasing discussion as to how to deliver traditional products in a cheaper and more efficient way using blockchain technology.

The FCA has generally been supportive of the use of blockchain, and indeed a common use of the FCA sandbox has been to test new innovations using blockchain technology. More recently, the FCA has been involved in fund industry initiatives to discuss the use of blockchain by that industry.

In terms of actual regulation, the FCA has generally adopted an approach of applying existing regulation to blockchain solutions – on the basis that blockchain solutions should manage the risks covered by existing regulation, and there should be a level playing field between traditional and blockchain-based methods of operating. However, in providing the sandbox the FCA is recognising that in certain cases assumptions regarding how risks may be mitigated may prove false for blockchain solutions – and so this gives firms the ability to show the FCA where existing FCA rules may be properly adapted to take advantages of the new technology.

Whether a blockchain asset is considered a form of regulated financial instrument depends on the features of the asset, as an asset having the features of a regulated financial instrument shall be regulated as such.

Broadly, this means that the classification of crypto-assets splits into three categories.

• Security tokens – these are tokens, other than e-money tokens, with specific characteristics that mean they meet the definition of a “Specified Investment” under the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001, and which are therefore within the FCA’s perimeter. This means that firms that deal in these tokens generally need to be authorised by the FCA under the Financial Services and Markets Act 2000 (FSMA) to do so.
• E-money tokens – these are tokens that meet the definition of e-money, in which case certain activities in relation to them, particularly those linked to payments, may be within the FCA’s perimeter.
• Unregulated tokens – these consist of tokens that are not e-money tokens and are not security tokens. Dealing in these tokens does not require FCA authorisation.

Regardless of the classification of crypto-assets, UK firms need to register with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 if they engage in any of the following activities:

• exchange, or arrange or make arrangements with a view to exchange crypto-assets for money or vice versa, or one crypto-asset for another crypto-asset;
• operate a machine which uses automated processes to exchange money for crypto-assets or vice versa (eg, an ATM); or
• provide custodian services for (i) crypto-assets on behalf of customers and/or (ii) private cryptographic keys to hold, store and transfer crypto-assets.

Furthermore, any invitation or inducement to invest in some crypto-assets (a “financial promotion”) is subject to the “General Prohibition” set out in Section 21 of the Financial Services and Markets Act 2000, meaning that such activity must either be approved by an FCA authorised firm with the requisite competence to do so, or fall within an exemption. Generally, this is most relevant to consider for (i) security tokens and (ii) unregulated tokens that are fungible and transferable – and the exemptions are slightly broader for security tokens. It is worth noting that a firm registered with the FCA for its crypto-asset business will fall within an exemption and therefore is able to approve its own financial promotions. It is also worth noting that the requirements of the financial promotion rules are onerous – for example, they incorporate the need for an appropriateness assessment and a 24-hour cooling-off period for first-time buyers, and so firms operating under this regime need to dedicate appropriate resources in order to comply with it.

This “issuer” of a blockchain asset is not regulated per se. However, generally, issuance is often linked to a sale, in which case that activity is subject to the potential requirement (i) to register with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and (ii) to comply with the financial promotion restrictions outlined above.

Again, if conducted by a UK business, this is likely to trigger the requirement to register with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. It is worth noting that the focus of this regime is on preventing money laundering, and it is likely to be replaced in the near future with a broader regime that will also set out obligations in respect of matters such as conduct of business requirements and stopping market abuse and manipulation.

For crypto-assets which are not NFTs, such firms will also likely need to comply with the financial promotion restrictions outlined above.

Funds that invest in blockchain assets are regulated the same way as funds generally. However, note that currently crypto-assets are not an eligible investment for retail funds, and as such crypto funds are generally restricted to professional investors. Also note that, while the regulation of crypto funds is not distinct from funds generally, existing service providers may not feel competent to operate with crypto funds. The writers have observed the resulting growth of new service providers specifically targeting the crypto funds industry to fill this gap in the market.

There is no specific regulation of virtual currencies other than as set out in 12.3 Classification of Blockchain Assets. In the future, however, there is likely to be a move to regulate stablecoins used for payment services. A core focus here is that companies using stablecoins for payments may be providing a service analogous to traditional payment services without being subject to regulation. Given that this is the case, the proposed new regime will very likely be heavily influenced by the existing approach to regulating payment services. However, there will be differences: for example, for stablecoins there will likely be provisions regarding ensuring that they have suitable liquidity and that issuers are able to clearly articulate how the stability of the crypto-asset’s value is ensured.

There is no specific definition of DeFi in the UK. If DeFi is performed by a UK establishment, such activity is likely to trigger the requirement to register with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. However, this requires a specific entity to register, and often the rationale behind DeFi is to avoid having any specific entity claim to do the activity, meaning it is practically impossible for such set-ups to register with the FCA. The result has been that DeFi firms have broadly avoided setting up in the UK, and instead have sold products into the UK on a cross-border basis.

It is worth noting that the UK Law Commission is assessing whether Decentralised Autonomous Organisations (DAOs) should be recognised in the UK. If they are, this would mean that there is a legal wrapper for DeFi organisations and a greater potential for such to be able to register with the FCA for crypto-asset activities. This work is currently still in conception, and as such untested.

Please see 12.3 Classification of Blockchain Assets regarding the regulation of crypto-assets generally. In the writers’ experience, NFT projects are generally structured so as not to involve the selling of an unregulated token. As such, if they are sold into the UK from a jurisdiction outside the UK, they are generally outside the financial promotion restriction as well as the other parts of the UK regulatory framework. It is therefore relatively uncommon for such platforms to be set up in the UK, as it is generally cheaper to sell into the UK on a cross-border basis.

Whilst the United Kingdom is outside the EU, PSD2 has been implemented in the UK. UK banks have been instructed to support open banking, and this has led to a plethora of new payment service firms operating in the UK. In this respect, it is worth noting that in the wake of PSD2 there has been a focus on attracting new account information service providers (AISPs), payment initiation service providers (PISPs) and card-based payment instrument issuers (CBPIIs) to the UK.

There are clear rules and requirements governing the protection of data privacy and data security in the UK, and these are complied with by participants in the ecosystem. This has facilitated banks and technology providers in enabling open banking, as they are clear as to their obligations.

The concept of fraud is broader than just financial services and fintech, and is a general offence in the UK. The Fraud Act 2006 sets out the definition of fraud and defines it broadly in the following terms.

• Fraud by false representation– a person commits this offence if they:
1. dishonestly make a false representation; and
2. intend, by making the representation (i) to make a gain for themself or another, or (ii) to cause loss to another or to expose another to a risk of loss.
• Fraud by failing to disclose information– a person commits this offence if they:
1. dishonestly fail to disclose to another person information which they are under a legal duty to disclose; and
2. intend, by failing to disclose the information (i) to make a gain for themself or another, or (ii) to cause loss to another or to expose another to a risk of loss.
• Fraud by abuse of position– a person commits this offence if they (by act or omission):
1. occupy a position in which they are expected to safeguard, or not to act against, the financial interests of another person;
2. dishonestly abuse that position; and
3. intend, by means of the abuse of that position (i) to make a gain for themself or another, or (ii) to cause loss to another or to expose another to a risk of loss.

The regulators in the UK are focused on any type of fraud, particularly where it may affect the UK retail market. Fraud is a particular issue that has arisen in respect of firms misrepresenting the nature of the products that they sell/make available to clients, as well as where they make a secret profit at the expense of their consumers.