The fintech market has developed at pace in the United Kingdom, which is seeking to become a hub for fintech companies. A particular area of focus has been on the use of AI, and in this respect it is interesting that the UK has taken a relatively slower approach to seeking to regulate AI, which can be seen in part as the UK taking a wait-and-see approach to how the sector develops. This has given the sector space in which to grow, and it is expected that a rise in AI firms will be seen in the next year.

The size of the United Kingdom as a financial services regulatory hub has meant that the full range of fintech firms are operating in the United Kingdom. The three largest areas of focus currently seen are:

• blockchain and Web3;
• artificial intelligence (AI); and
• payment services.

In the UK there is one core regulatory regime, set out in the Financial Services and Markets Act 2000 (FSMA), as well specific regimes for specific types of activity. 

The FSMA, by reference to the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO), generally sets out which activities are regulated in the United Kingdom, as well as the powers of the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) (the two lead regulators for financial services in the UK) in respect of their oversight of firms conducting such activities.

The main exception to this currently is the fact that certain activities in relation to crypto-assets (specifically acting as a crypto-asset exchange provider or custodian wallet provider) are specified in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). This has caused confusion as, for example, to the scope of the meaning of “making arrangements with a view to” a crypto-asset transaction. It has also caused friction in terms of the fact that the FCA generally has oversight over the conduct of business of firms within its remit, whereas the MLRs are focussed solely on reducing the risk of money laundering and terrorist financing, meaning a lack of clarity regarding the expectations in relation to the FCA’s oversight. It is therefore helpful that in the next few years the MLRs regime for crypto-assets is likely to be superseded by a more traditional approach to requiring authorisation under FSMA.

For other business, generally, the Financial Conduct Authority’s expectations are as set out in the FCA’s Handbook of Rules and Guidance. That being said there are still some specific regimes, the most notable of which are the Payment Services Regulations 2017 and the Electronic Money Regulations 2011, which generally set out the rules for firms in the payment services industry.

Compensation models and associated disclosures are highly specific to the nature of the activity in question, however in broad terms there is a focus on avoiding any compensation which is likely to cause a conflict with the interests of the consumer, which is a shift from previous thinking, which was more along the lines of disclosure obligations.

Firms which provide services in relation to securities are generally subject to the most onerous obligations, for example financial advisers are not permitted to receive payments which may impact their advice. A recent focus has also been on inducements to invest, and it is notable that the FCA has recently prohibited these when selling in-scope crypto-assets (ie, fungible and transferable unregulated crypto-assets) to the general UK retail public.

Generally, there is no distinction drawn between these fintech industry participants and legacy players, with a view to keeping a level playing field.

However, there is a recognition that new technologies may achieve the same (or better) outcomes for consumers through approaches not originally anticipated by the existing rules. Where this is the case, the general approach has been “same risk same regulatory outcome”. In addition, the UK has pioneered the use of sandboxes, which enable interaction between the regulator and fintechs to assess how best to oversee new technologies.

The UK has a range of sandboxes, run by different regulators. These include the original sandbox, operated by the FCA, which allows firms with a genuine innovation with a UK nexus to conduct a test under its oversight.

The PRA and Bank of England also run sandboxes, and again these are generally chances for firms to be able to interact with these regulators to test new concepts which may be of relevance to them.

The use of a sandbox should be seen as a chance to explore a concept with a regulator – it is a not a means to avoid regulation. Once a sandbox is successful, firms are still expected to obtain all of the relevant authorisation and registrations which may be considered pertinent to the running of their business.

For financial services firms, the primary regulator is the FCA, which is responsible for both the conduct of business and prudential running of these businesses.

However, certain business (in particular banks, building societies, credit unions, insurers and major investment firms) are also regulated by the PRA, alongside the FCA. The general theme of these businesses is that they may pose a systemic risk to the UK financial services sector, so the PRA has a particular focus on matters such as the solvency of such institutions and mitigating the impact of any wind-down.

Another regulator that UK businesses generally have to deal with is the Information Commissioner’s Office, which is responsible for ensuring that businesses comply with their obligations with respect to protecting personal data.

Firms may also have to comply with the requirements of the Advertising Standards Authority (ASA) if marketing in the United Kingdom, however if they are regulated by the FCA/PRA, that tends to be more onerous than, and supersede, the requirements of the ASA.

Regulators in the UK do not issue “no-action” letters. However, there may be cases where they issue guidance as to the approach they will take in relation to certain business models.

Regulated firms are not able to outsource responsibility for their regulated activities. As such, there are specific requirements for such firms to have a business continuity policy and planning in place. Further, institutions such as banks which pose a market integrity risk, must ensure that they have provisions to keep key operations functioning in the event of – eg, a solvency risk.

Generally, for any product there will be a person considered to be “doing” the relevant activity. This person will have to therefore take responsibility for the activity, regardless of whether a fintech provider is leveraged in order to provide the product. As such, they will subject the fintech provider to appropriate due diligence.

Furthermore, for certain activities (for example in relation to payments and certain activities in connection with securities), it may be possible for a fintech to leverage the licence of an existing FCA authorised firm. Where this is the case, the FCA authorised firm will be responsible for, and have oversight of, the fintech provider.

The FCA has taken a variety of enforcements actions in relation to firms that have breached its expectations. Whilst the FCA has taken steps to enforce all aspects of its rules, a particular focus has been on financial crime as a high priority. 

A particular area of contention has been the FCA’s use of “name and shame” in respect of publishing the identities of the entities which it investigates. This has caused concern amongst regulated firms in terms of the damage that such an approach causes on the company under investigation. In light of this, the FCA is considering watering down its approach, and for example considering the impact of naming firms (both on the firm and on public confidence in the financial system) before doing so.

Generally, the biggest area of focus is as regards the protection of personal data, with a particular implication in respect of how it should regulated post-Brexit. There is a belief that the existing requirements are relatively onerous in a way which may not be achieving the intended outcome. However, this needs to be balanced against the requirement to continue equivalence with the EU.

Banks have been taking an increasingly interventionist approach towards regulating firms, in particular in terms of not providing banking support to those firms which the bank deems high risk. This has been controversial, as it is open to accusations that banks may act in a way which is anti-competitive – particularly where a fintech concept may be considered a potential alternative to traditional banking. 

Generally, firms offering unregulated products and services in conjunction with regulated products and services are required to be very clear with consumers which products are/are not regulated. Furthermore, the FCA may seek to exercise oversight in respect of the unregulated aspects of the business, both in terms of:

• any risk the unregulated activities could pose to regulated activities; and
• the FCA’s expectation that regulated firms uphold a certain standard of conduct, even in respect of unregulated business.

Generally, AML and Sanctions Rules are well settled for more most fintechs. However, there are two areas worthy of particular consideration.

Firstly, the AML and Sanctions Rules which apply to crypto-asset firms are considered some of the most onerous internationally, and historically this has meant that such firms have tended to locate outside of the United Kingdom and thereby fall outside the regime. On the other hand, further regulation of the financial promotion of certain crypto-assets may impact this trend as they make it harder to operate with the UK market generally without obtaining an FCA registration and complying with the full AML and Sanctions Rules.

Also, whilst the AML and Sanctions Rules for payment services firms are well established, it is suggested that there may be better ways of obtaining the outcomes of such rules, with less inconvenience to the customer, through the use of new innovations. As such, particularly as the UK has greater freedom to amend its AML and Sanctions Rules post Brexit, it may be that there are changes to these rules in the future as part of making the UK financial services sector more competitive.

Anti-money laundering and sanctions rules follow the standards imposed by the Financial Action Task Force.

Whilst the position is complex, in practice, reverse solicitation does not practically exist in the United Kingdom, and reverse solicitation certainly cannot be used as a way of marketing regulated products into the United Kingdom. 

The restrictions on financial promotions apply to any communication that is capable of having an effect in the United Kingdom. Whilst there is an exemption to the financial promotion restriction, the exemption is very narrowly defined, and for example it can only be of relevance to corporate customers or others who are acting in the course of business. Furthermore, there is a fundamental concern regarding how the customer knows to ask about the relevant product if there had been no prior promotion of it – which practically means that it is difficult to get comfortable that this exemption can be of real use. The use of reverse solicitation is therefore generally avoided.

There is a single regulated activity of giving investment advice, which applies to certain asset classes such as securities. All in-scope assets are regulated under the same set of rules and requirements.

Giving advice in relation to unregulated crypto-assets is not regulated – only advice in relation to a security token is regulated.

Generally, legacy players are seeking to use the brand of new robo-advisers to further their own businesses. This may be by making products available to robo-advisers so that customers are advised to participate in them, or it may be by making a robo-advice platform (which may be under a different brand) with a remit to sell products sold by the legacy player. In the second case, care needs to be taken to ensure that consumers are not misled into thinking that the advice they receive takes into account a broader range of products than that actually considered – and there is specific regulation to ensure that this is the case.

The United Kingdom has implemented MiFID II, and as such has generally the same best execution obligations as applicable to investment firms in the EU generally. Firms are required to deliver best execution taking into account factors such as price, costs, speed, likelihood of execution and settlement, size, nature or any other consideration relevant to the execution of an order.

There are substantial differences between loans to individuals and loans to corporate entities.

Where a loan falls within the definition, for example, of “credit agreement”, being defined as the provision of credit to:

• individuals;
• partnerships consisting of two or three persons not all of whom are bodies corporate; or
• an unincorporated body of persons which does not consist entirely of bodies corporate and is not a partnership,

this is highly regulated, and there are prescribed obligations regarding matters such as the terms on which such agreement can be entered into, and as regards protecting vulnerable persons.

Other loans which are not with consumers/retail may be completely unregulated, and so there are no such considerations. As such, if an agreement is not a regulated credit agreement, then it is unregulated regardless of the size of the borrower.

Where lending involves providing consumer credit, then the lender will need to be regulated by the FCA for this purpose and to comply with the FCA’s requirements for lenders.

There is no such obligation in relation to unregulated lending.

There is no specific regulation regarding what the source of funds should be for a loan, however depending on how the loan in financed, this may trigger regulation. In this respect, it is noted that if money is borrowed from one person and then on-lent to another person, this may well constitute the activities of running a collective investment scheme (if there is a look-through to how the funds are on-lent) or deposit-taking (if there is no look-through to how the funds are on-lent). The issues therefore depend on the nature of the activity; for example for a collective investment scheme there is an emphasis on ensuring that the funds are properly managed and that the fund management activity is properly overseen. On the other hand, the focus on deposit-taking tends to be as regards ensuring that the risk of solvency of the institution is properly managed.

Syndication of loans does take place. Outside of the scenarios set out in 4.3 Sources of Funds for Fiat Currency Loans, this is generally unregulated and as such there is no specific legal practice. However, there are usually commercial norms, for example there tends to be a lead lender who organises the syndicate and is the primary entity performing due diligence.

Generally, payment processes need to use a payment rail in order to operate.

The provision of cross-border payments and remittances from abroad are generally unregulated, if there is no UK establishment.

The provision of cross-border payments and remittances from the UK to other countries is generally regulated the same way as payment services generally – however there are some differences in terms of operational aspects, such as the allowed settlement time for payments.

The nature of the regulation of a marketplace is dependent on the way in which it is set up and the nature of the asset traded.

With respect to the trading of regulated financial instruments (which does not include crypto-assets), the most regulated markets are regulated markets, followed by multilateral trading facilities, organised trading facilities and firms “making arrangements with a view to” transactions.

Regulated markets include entities such as the London Stock Exchange, with onerous specific listing rules for firms wishing to trade on those exchanges.

Multilateral trading facilities have to operate in accordance with non-discretionary rules, whereas order execution must be carried out on an organised trading facility (OTF) on a discretionary basis.

The activity of “making arrangements with a view to” a transaction is the most light-touch, and generally applies to firms that connect buyers and sellers of in-scope assets. This is therefore the activity most relevant to most fintechs, and there is a focus on how the firm conducts its business with users to ensure that they are appropriately protected, and receive appropriate disclosures in respect of potential investments.

Different asset classes have different regulatory regimes. Currently, crypto-asset exchanges are generally subject to a different regime to that set out above, being one focussed on stopping money laundering rather than a full conduct of business regime. Over the next year, this is expected to change as a new regime for crypto-asset businesses is being developed. Whilst the specifics are currently to be determined, it is clear that the new regime for crypto-asset exchanges will be heavily influenced by the traditional approach to securities regulation, with some differences reflecting the specifics of the crypto industry (for example, the nature and source of insider information in relation to a crypto-asset may be different to that which exists in relation to equity).

The regulation of crypto-assets has traditionally been handled differently to other asset classes, in particular by requiring registration with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. The focus of this requirement has been on prevention of money laundering, rather than – eg, conduct of business and solvency. As such, it has been a slight anomaly with the general approach in the UK. Furthermore, given the MLRs set out a separate regulatory regime to that which applies to securities, firms seeking to trade both securities and crypto-assets need both licences, which is very rare and has hindered the development of this industry.

In the future, this is going to change as the MLRs are phased out, and the regulation of crypto-asset exchanges will deal with issues that are broader than money laundering risk, for example, there will be a focus on disclosure requirements, conduct of business and preventing market abuse.

The requirement for listing standards very much depends on the nature of the securities exchange. There may be a requirement for a prospectus when selling certain securities – and at the other end of the spectrum, listing on a regulated market requires compliance with a detailed rulebook of requirements.

In the context of crypto-assets, the FCA has published a discussion paper (DP24/4) setting out proposed requirements for disclosures when seeking to admit crypto-assets to exchanges so that they can be sold into the UK. These are currently high level, however further detail is expected as the rules come into effect during the next year.

In relation to securities, order handling rules already exist. In broad and general terms, firms which are authorised to execute orders on behalf of clients must implement procedures and arrangements which provide for the prompt, fair and expeditious execution of client orders, relative to other orders or the trading interests of the firm. These procedures or arrangements must allow for the execution of otherwise comparable orders in accordance with the time of their reception by the firm.

The requirements for an undertaking for a collective investment in transferable securities (UCITS) management company providing collective portfolio management services are slightly different, as they must establish and implement procedures and arrangements in respect of all client orders they carry out which provide for the prompt, fair and expeditious execution of portfolio transactions on behalf of the UCITS scheme it manages.

In relation to crypto-assets, whilst the rules do not yet exist, the direction of regulatory travel is that they should be formulated in the next year.

Peer-to-peer trading platforms are common in the United Kingdom, and are generally regulated (as they will involve an activity such as “making arrangements with a view to” a regulated transaction).

The regulatory challenge has been to ensure that such platforms treat customers fairly, and for example do not hold themselves out as having done more due diligence on the products they make available than is actually the case.

In relation to securities, whilst not necessarily prohibited outright per se, the FCA considers that payment for order flow is generally incompatible with the FCA’s rules on conflicts of interest and inducements, and risks compromising firms’ compliance with best execution. As such, the general position is that this is effectively not permitted in the UK.

There is no prohibition in relation to exchanges for unregulated crypto-assets, however this may change in the future as new requirements are coming into force in relation to crypto-asset exchanges generally.

The UK position on market abuse and market integrity in relation to securities generally follows a similar position to that in the EU, as the Market Abuse Regulation has been onshored to the UK post-Brexit. Preventing, detecting and punishing market abuse is a high priority for the FCA.

The FCA has powers and responsibilities for preventing and detecting market abuse, including insider dealing, unlawful disclosure, market manipulation and attempted manipulation civil offences. Furthermore, insider dealing and market manipulation are also criminal offences.

Currently, unregulated crypto-assets fall outside of the UK market abuse and market integrity rules, however this is going to change in the near future as new requirements are being considered in relation to crypto-asset exchanges. It is worth noting that offences such as fraud exist independently of the market abuse rules, and firms should in any event be careful as behaviour which may technically fall outside of the market abuse rules on the basis that the assets are not securities may still be considered illegal.

There is no specific regulation of high frequency and algorithmic trading technologies, however they cannot be used in a way which breaches the more general requirements that all firms are subject to – for example in relation to securities, they need to comply with the rules on market abuse and market manipulation.

Dealing as principal is a regulated activity in the UK requiring FCA authorisation, and such firms need to comply with the FCA’s requirements generally. An area of particular note here is as regards capital requirements. Firms which deal as principal have a permanent minimum capital requirement of GBP750,000. This reflects the fact that such firms have a higher solvency contagion risk.

Funds and dealers are subject to very different regulatory regimes, reflecting the different nature of the activities undertaken. The activities of fund managers involve exercising discretion on behalf of investors, and so there are specific requirements in terms of ensuring that that discretion is properly defined and monitored, for example by fund administrators, custodians, accountants, etc.

Dealers do not exercise discretion – they simply execute – and the risks here are different. Considerations are more limited and focussed on matters such as disclosure, best execution and avoiding conflicts of interest.

Programmers who develop and create trading algorithms and other electronic trading tools are not regulated. However, those that use such in connection with undertaking a regulated activity will be regulated, and will therefore have responsibilities in monitoring and overseeing the trading algorithms and other electronic trading tools they use.

The insurance industry in the UK is highly regulated, and those advising on contracts of insurance, including the underwriting thereof, need to be regulated. As such, there are specific requirements that they need to satisfy in order to comply with their regulatory obligations.

Insurance is regulated differently depending on the nature and function of the insurance contract, for example the FCA differentiates between investment and non-investment insurance contracts. The regulation of each depends on its specific characteristics and risks.

Regtech providers are not regulated unless they are also undertaking a regulated activity in conjunction with their business. In the experience of the authors, regtech providers are generally set up as an adjunct to a regulated business, meaning that the provider is not regulated, but its clientele is.

This often depends on the nature of the regtech provider and the solution being provided. For example, in fund management, there are regtech providers which facilitate fund distribution, and in such a case there are often stringent obligations to ensure performance and accuracy, as well as sample testing to ensure that all the requirements are being met. On the other hand, there are some AI prediction tools which only have a percentage accuracy and are used for helping firms model products. In this case the limitations are recognised and accepted. The overall picture is that clients have an obligation to meet their regulatory obligations, and the contractual terms will depend on the latitude the clients have in this respect.

The authors are seeing a steady increase in both the acceptance of blockchain by traditional players and increasing interest regarding its utilities for such businesses. This has grown beyond simply considering crypto-assets as an investable asset class to increasing discussion as to how to deliver traditional products in a cheaper and more efficient way using blockchain technology.

The FCA has generally been supportive of the use of blockchain, and indeed a common use of the FCA sandbox has been to test new innovations using blockchain technology. More recently, the FCA has been involved in the fund industry and real-world asset initiatives to encourage the use of blockchain.

In terms of actual regulation, the FCA has generally adopted an approach of applying existing regulation to blockchain solutions – on the basis that blockchain solutions should manage the risks covered by existing regulation, and there should be a level playing field between traditional and blockchain-based methods of operating. However, in providing the sandbox, the FCA is recognising that in certain cases assumptions regarding how risks may be mitigated may prove false for blockchain solutions – and so this gives firms the ability to show the FCA where existing FCA rules may be properly adapted to take advantage of the new technology.

Whether a blockchain asset is considered a form of regulated financial instrument depends on the features of the asset – as an asset having the features of a regulated financial instrument shall be regulated as such.

Broadly, this means that the classification of crypto-assets splits into three categories.

• Security tokens – these are tokens, other than e-money tokens, with specific characteristics which mean they meet the definition of a “Specified Investment” under the RAO, and which are therefore within the FCA’s perimeter. This means that firms that deal in these tokens generally need to be authorised by the FCA under the FSMA to do so.
• E-money tokens – these are tokens which meet the definition of e-money, in which case certain activities in relation to them, particularly those linked to payments, may be within the FCA’s perimeter.
• Unregulated tokens – these consist of tokens that are not e-money tokens and are not security tokens. Dealing in these tokens does not require FCA authorisation.

Regardless of the classification of crypto-assets, UK firms need to register with the FCA under the MLRs if they engage in any of the following activities.

• Exchange, or arrange or make arrangements with a view to exchange crypto-assets for money or vice versa, or one crypto-asset for another crypto-asset.
• Operate a machine which uses automated processes to exchange money for crypto-assets or vice versa (eg, an ATM).
• Provide custodian services for:
1. crypto-assets on behalf of customers; and/or
2. private cryptographic keys to hold, store and transfer crypto-assets.

Furthermore, any invitation or inducement to invest in some crypto-assets (a “financial promotion”) is subject to the “General Prohibition” set out in Section 21 of the FSMA, meaning that such activity must either be approved by an FCA authorised firm with the requisite competence to do so, or fall within an exemption. Generally, this is most relevant to consider for:

• security tokens; and
• unregulated tokens that are fungible and transferrable – and the exemptions are slightly broader for security tokens. It is worth noting that a firm registered with the FCA for its crypto-asset business will fall within an exemption and therefore is able to approve its own financial promotions. It is also worth noting that the requirements of the financial promotions rules are onerous – for example they incorporate the need for an appropriateness assessment and a 24-hour cooling-off period for first-time buyers. Firms complying with this regime need to dedicate appropriate resources to complying with it.

Moving forwards, so-called “unregulated” tokens will in fact become increasing regulated, and the new legislation is likely to be highly influenced by the existing securities regime, which may well narrow the difference between unregulated tokens and security tokens.

This “issuer” of a blockchain asset is not regulated per se, however, issuance is generally often linked to a sale, in which case that activity is subject to the potential requirement to:

• register with the FCA under the MLRs; and
• comply with the financial promotion restrictions outlined above. 

In the future, as assets are listed on an exchange, even if the asset is considered an “unregulated” crypto-asset, disclosure and market abuse rules will likely apply.

If trading of blockchain assets is conducted by a UK business, this is likely to trigger the requirement to register with the FCA under the MLRs. It is worth noting that the focus of this regime is on preventing money laundering, and it is going to be replaced in the near future with a broader regime that will also set out obligations in respect of matters such as conduct of business requirements and stopping market abuse and manipulation. 

For crypto-assets which are not NTFs, such firms will also likely need to comply with the financial promotion restrictions outlined in 10.3 Classification of Blockchain Assets.

Staking is not per-se regulated in the United Kingdom, however care does need to be taken to determine whether a particular set-up would constitute a “collective investment scheme” (i.e. a fund). A particular issue in this respect has been for example in relation to staking models that pool crypto-assets, or where (for example in the context of delegated or liquid staking) a particular entity is responsible for optimising the smart contracts that perform staking, in order to improve yield.

There is a move in the UK to narrow the definition of a collective investment scheme, such that staking falls outside of scope of the definition, and instead to have a specific regime in place in relation to staking, that deals with the specific nuances of that activity.  It is hoped that having staking as a separately regulated activity will encourage sensible and particular regulation of the activity in order to promote the UK as a hub for staking providers.

Lending activities in relation to unregulated crypto-assets are not regulated, as they do not meet the definition of being a regulated “credit agreement”. However, this is likely to change over the next year as the FCA has indicated that a regulatory regime for lending in crypto-assets will be implemented.

Cryptocurrency derivates are regulated in the United Kingdom, falling within the general securities framework. As such, there are subject to the usual requirements to obtain FCA authorisation when performing regulated activities in relation to them, as well as the overall financial promotions restrictions.

Furthermore, the sale of derivates in relation to certain crypto-assets, in particular unregulated crypto-assets such as bitcoin, are banned to the UK retail market, being considered too high risk. 

There is no specific regulation of DeFi in the United Kingdom. However, “making arrangements with a view to” the exchange of one crypto-asset for another (or for fiat) is a regulated activity under the MLRs that is given a wide interpretation, and as such it is likely that operating a DeFi protocol would trigger a requirement to become FCA registered under the MLRs. This is, however, tricky conceptually given that the core of DeFi is that there is no centralised entity, and therefore no entity to register with the FCA. As such, there is generally no substantive DeFi offering provided from a UK-based company (however there are many UK companies that provide the intellectual property to offshore DeFi protocols).

A further point to consider are the restrictions on financial promotion of investment activity in certain crypto-assets into the UK. These apply to whoever is making the promotion into the United Kingdom to either limit communications to those that fall within an exemption to the restriction, or require the financial promotion to be signed off by an FCA authorised firm. Getting signed off is a relatively high bar to selling into the UK, because the FCA authorised firm takes some degree of responsibility in relation to the offering as a whole, and this option can be expensive. As such, it is more common to rely on exemptions, however this does limit the persons who can be communicated to severely, in particular the most commonly used exemptions are those which enable fund managers and corporates with assets over GBP5 million to receive communications.

Funds that invest in blockchain assets are regulated the same way as funds generally. However, it should be noted that currently crypto-assets are not an eligible investment for retail funds, and as such crypto funds are generally restricted to professional investors. It should also be noted that, whilst the regulation of crypto funds is not distinct from funds generally, existing service providers may not feel competent to operate with crypto funds. Growth of new service providers specifically targeting the crypto funds industry is being seen to fill this gap in the market. 

There is no specific regulation of virtual currencies other than that as set out above in 10.3 Classification of Blockchain Assets.

In the future, however, there is likely to be a move to regulate stablecoins used for payment services. A core focus here is that companies using stablecoins for payments may be providing a service analogous to traditional payment services without being subject to regulation. Given this is the case, the proposed new regime will very likely be heavily influenced by the existing approach to regulating payment services. However, there will be differences – for example for stablecoins there will likely be provisions regarding ensuring that they have suitable liquidity and that issuers are able to clearly articulate how the stability of the crypto-asset’s value is ensured.

Please see 10.3 Classification of Blockchain Assets regarding the regulation of crypto-assets generally. It should be noted that, in the experience of the authors, NFT projects are generally structured so as not to involve the selling of an unregulated token. As such, if they are sold into the UK from a jurisdiction outside of the UK they are generally outside of the financial promotion restriction as well as the other parts of the UK regulatory framework. It is therefore relatively uncommon for such platforms to be set up in the UK, as it is generally cheaper to sell into the UK on a cross-border basis.

Whilst the United Kingdom is outside of the EU, the Payment Services Directive (PSD2) has been implemented in the UK. UK banks have been instructed to support open banking, and this has led to a plethora of new payment service firms operating in the UK. In this respect, it is worth noting that in the wake of PSD2 there has been a focus on attracting new account information service providers (AISPs), payment initiation service providers (PISPs) and card-based payment instrument issuers (CBPIIs) to the UK.

There are clear rules and requirements governing the protection of data privacy and data security in the UK, and these are complied with by participants in the ecosystem. This has facilitated banks and technology providers in enabling open banking, as they are clear as to their obligations.

The concept of fraud is broader than just financial services and fintech, and is a general offence in the UK.

The Fraud Act 2006 sets out the definition of fraud and defines it broadly in terms of the following.

• Fraud by false representation: a person commits this offence if he:
1. dishonestly makes a false representation; and
2. intends, by making the representation to make a gain for himself or another, or to cause loss to another or to expose another to a risk of loss.
• Fraud by failing to disclose information: a person commits this offence if he:
1. dishonestly fails to disclose to another person information which he is under a legal duty to disclose; and
2. intends, by failing to disclose the information to make a gain for himself or another, or to cause loss to another or to expose another to a risk of loss.
• Fraud by abuse of position: a person commits this offence if he (by act or omission):
1. occupies a position in which he is expected to safeguard, or not to act against, the financial interests of another person;
2. dishonestly abuses that position; and
3. intends, by means of the abuse of that position to:
1. make a gain for himself or another; or
2. cause loss to another or to expose another to a risk of loss.

The regulators in the UK are focussed on stopping any type of fraud, particularly where it may affect the UK retail market. Fraud is a particular issue that has arisen in respect of firms misrepresenting the nature of the products that they sell/make available to clients, as well as where they make a secret profit at the expense of their consumers. 

In relation to authorised push-payment fraud (“APP fraud”), the UK has implemented a specific regime requiring payment services providers to put in place systems and controls to combat APP fraud. These requirements also require that, if someone is the victim of APP fraud, they can claim for the loss. These rules will apply in relation to payments made via Faster Payments or CHAPS from one UK bank account to another, and will require both sending and receiving payment services firms to split the costs of reimbursement 50:50 in the event of APP fraud.

Please see 12.2 Areas of Regulatory Focus.