In June 2023, the FCA set new rules for the promotion of qualifying cryptoassets to retail clients in its Policy Statement PS23/6 – Financial promotions rules for cryptoassets and related Non-handbook Guidance (Finalised Guidance FG23/3). These rules, referred to by the FCA as ‘back end’ rules, are intended to prevent harm to UK consumers and improve standards in the crypto industry. The financial promotions requirements include the following:
- A 24-hour cooling-off period when onboarding clients
- General and personalised risk warnings
- Client categorisation
- Appropriateness assessments
The FCA has been working closely with the cryptoasset industry to ensure compliance with the rules by helping firms to understand its expectations. As part of that work, and following the implementation of financial promotions rules in October 2023, the FCA reviewed a sample of UK registered cryptoasset services providers’ compliance frameworks and have identified a series of good and poor practices within the sector which have been included in a report published by the regulator this week. The report findings cover the following areas:
1. Cooling-off period
The rules require firms to allow a cooling-off period for new consumers who request a Direct Offer Financial Promotion (DOFP). This must be a minimum of 24 hours from the point that a consumer requests to see the DOFP and it being shown. The cooling-off period allows consumers time to reflect on the investment and decide whether to proceed to purchase the assets. At the end of the cooling-off period, consumers must be given the option to either proceed with or leave the journey at that point, with each of these options being given equal prominence.
What firms SHOULD do?
- Provide consumers with clear information that there is a cooling-off period and explaining that it is there to ensure they take the necessary time to consider if the product is right for them.
- Provide consumers with clear information once the cooling-off period has ended.
- Display information that factually indicates the time remaining before the cooling-off period ends, but does not pressurise or otherwise unduly influence consumers.
- Provide consumers the express option to proceed or leave the investment journey at the end of the cooling-off period.
What firms should NOT do?
- Provide limited or no information about the reason for the cooling-off period.
2. Personalised risk warnings
The FCA’s rules require firms to provide a personalised risk warning to new consumers before they receive a DOFP. This must be tailored to include the client’s name, and include both a risk warning and link to a risk summary. Consumers must be given the option to proceed with or leave the investment journey, with each option given equal prominence.
What firms SHOULD do?
- Position the risk warning message on its own page with no other information, making the warning the sole focus for the consumer.
- Improve the prominence and engagement of the options to proceed with or leave the journey by making them the sole focus of the screen.
- Include clear processes for consumers who wish to leave the investment journey.
What firms should NOT do?
- Include frictions/obstacles for consumers who wish to leave the journey.
- Use language in the personalised risk warning that downplays the risks of the assets or encourages consumers to proceed with the journey.
3. Client categorisation
The financial promotion rules for cryptoassets require firms to take reasonable steps to establish that a consumer is correctly categorised as either a Restricted, High Net Worth (HNW) or certified sophisticated investor before communicating a DOFP. This requires consumers to sign a declaration stating that they meet the relevant criteria to be categorised as such, as well as stating the reasons. The client categorisation is only valid for a 12-month period, meaning firms will need to re-categorise consumers after the 12-month period expires if the firms require to make further DOFPs.
What firms SHOULD do?
- Give the consumer an option to leave the journey if the consumer does not meet the criteria of the available categories.
- Consider whether it is appropriate to offer consumers the option to identify themselves as the certified sophisticated investors.
- Verify the information submitted by all consumers who categorise themselves as certified sophisticated and rejecting any submissions which do not meet the requirements.
- Take steps to check that the information provided in the categorisation statements aligns with the criteria for that particular category. For example, checking that the consumer has given the name of a genuine FCA authorised firm when being categorised as a certified sophisticated investor.
What firms should NOT do?
- Push or lead consumers through the categorisation process by suggesting responses that meet the criteria of the category, instead of allowing the consumer to volunteer the information.
- Re-name the categories or describe the categories in a way that downplays the risks of investing.
- Change the wording of the investor statements from the prescribed language in the FCA Handbook.
- Offer a self-certified investor category or any other category not specified in COBS 4.12A.21 of the Handbook.
4. Appropriateness
According to the financial promotion rules, firms must assess whether the qualifying cryptoasset is appropriate for the consumer before they process an application or order in response to a DOFP. This effectively requires firms to assess that the consumer has the necessary experience and knowledge to understand the risks involved in relation to the specific cryptoasset.
What firms SHOULD do?
- Approach the design of the assessment holistically with its overall purpose in mind, ensuring the assessment robustly assesses the consumers understanding of the risks associated with the specific cryptoassets being offered.
- Ensure assessments cover all appropriate topics outlined in COBS 10 Annex 4G, and specific risks of each cryptoasset type offered.
- Questions must have at least 3 plausible answers, follow a similar format and encourage engagement from the consumer.
- Group questions into specific topics and ensuring every iteration of the assessment covers all topics.
- Include ‘key’ questions in the assessment which the consumer must answer correctly to pass.
- Require consumers to pass an assessment for each type of cryptoasset offered, so the consumer is only able to purchase a cryptoasset once they have passed the relevant assessment.
- Give consumers access to relevant resources to be able to research and understand the products and risks.
- Provide information on the general topics a consumer answered incorrectly to allow them to research before retaking the assessment.
- Have a limit on the number of times a consumer can attempt the assessment before being told that cryptoassets are unlikely to be appropriate for them.
- Ensure communications sent to the consumer are balanced, fair and do not to encourage the consumer to take the assessment again.
What firms should NOT do?
- (In the case of assessments where not all questions are required to be answered correctly) Allow consumers to pass assessments when they answer questions, that fundamentally show that cryptoassets are not appropriate for them, incorrectly.
- Ask leading or simplistic questions in the assessment that direct the consumer to the correct answer.
- Include questions in the assessment that ask the consumer to assess their own level of knowledge and experience.
- Condense the topics of COBS 10 Annex 4G into groups, where individual questions from this group do not cover all the grouped topics.
- Allow consumers to invest in types of cryptoassets where the consumer has not been assessed on whether the cryptoasset is appropriate for them.
- Rely on information provided elsewhere to replace the need to determine a consumer’s knowledge by assessing their understanding.
- Where the assessment questions are selected randomly from a bank of questions, not ensuring that all relevant topics in COBS 10 Annex 4G are covered in every iteration of the assessment.
- Treat the assessment as an educational tool for the consumer, instead of assessing if the consumer has relevant knowledge or experience of the products.
- Allow consumers to retake the assessment indefinitely or not having consistent processes for determining that the products are not appropriate for a consumer.
5. Record keeping
The FCA’s rules require firms to record specific information captured during the customer journey, to allow them to further understand how consumers interact with their platform.
What firms SHOULD do?
- Capture real-time data of frictions during onboarding and use this to improve the journey and ensure the frictions are working effectively.
- Incorporate data analysis into reporting at various levels, including Board level, to enable continuing monitoring and improvements.
- Take reasonable steps to verify the accuracy of data provided.
What firms should NOT do?
- Have an undefined path of how to use data recorded.
- Be unable to identify or produce recorded information quickly and reliably.
6. Due diligence
The application of due diligence ahead of communicating a financial promotion is certainly a key element of the financial promotions regime for cryptoassets. This covers due diligence on both the cryptoasset or cryptoasset service being promoted, and claims made in the promotion.
What firms SHOULD do?
- Carefully consider the topics covered in FG23/3 and also consider additional topics relevant to the specific cryptoassets being promoted.
- Have clear criteria for when a cryptoasset would fail the due diligence process.
- Have thorough processes for considering operational and technology risks, such as reviewing smart contract code and network stability.
- Consider information from a wide range of sources, combining on-chain and off-chain information with information from specialist third parties.
- Use information gained in the due diligence process to inform consumers about the specific cryptoasset being promoted.
- Have systems to automatically flag events that might impact the fairness of promotions and the specific promotions that may be affected.
- Consider the due diligence required specifically for cryptoassets that claim a form of stability.
- Conduct thorough due diligence to assess any claims of stability. For example, conducting due diligence on the nature of the stabilisation mechanism, the quality of backing assets, how any backing assets are custodied, the regulated status of the issuer and the issuer’s redemption policy.
- Consider how to conduct due diligence on an ongoing basis. For example, not considering what systems and controls would be required to monitor cryptoassets for market events that would materially impact the fairness and accuracy of promotions or the risk profile of the cryptoasset.
- Consider the full range of decisions that due diligence can help inform.
- Consider how omissions of information may lead to non-complaint promotions with the FCA's rules.
- Actively monitor the stability of these cryptoassets or consider specialist reports by third parties on the weaknesses in the stability mechanism of the cryptoassets being promoted.
What firms should NOT do?
- Believe that due diligence on cryptoassets is not required, or failing to consider Environmental Social Governance (ESG) factors as part of the due diligence, as outlined in FG23/3.
- Focus unduly on whether the cryptoasset amounts to a security in certain jurisdictions, rather than being tailored to UK regulatory requirements.
- Be unable to explain how and when a cryptoasset would fail their due diligence requirements and unable to explain their risk appetite for promoting cryptoassets.
- Be unable to show how information from the issuer or foundation behind the cryptoasset had been independently verified.
- Promote cryptoassets as stable, despite them not maintaining a stable value.
- Promote cryptoassets whose stability mechanism primarily relies on an algorithm or reserves of other cryptoassets.
What’s next?
The FCA expects all firms offering qualifying cryptoassets and related services to retail individuals in the UK to consider its examples of good and poor practice and make any necessary changes, with the aim of improving standards and consumer outcomes. It is also expected that firms that wish to apply for registration with the FCA under Money Laundering Terrorist Financing and Transfer of Funds (information on the Payer) Regulations 2017 (‘MLRs’), will consider these findings when designing and implementing their own systems and controls to comply with the rules.
At Cosegic, we have been working with a number of cryptoasset service providers to prepare their applications for registration under the MLRs and we can offer a range of services to assist firms to navigate through all the relevant regulatory requirements in the UK and create appropriate frameworks to enable compliance with them. If you would like to find out more about how we could support your application, or help you maintain your compliance, you can contact us below.
Contact us
Related resources
All resourcesIdentifying the weaknesses in firms’ transaction reporting governance and control frameworks
Bitesize webinar: Establishing a robust prudential monitoring framework
Operational Resilience: regulatory guidelines for critical third parties aim to avoid systemic disruption
Multi-firm findings for the payments industry – is Consumer Duty a cause for concern?