Navigating the Global Crypto Landscape with PwC: 2024 Outlook
PwC’s Crypto Regulatory Report 2024 edition. The report summarises global regulatory developments globally.
The FCA published the findings of a review of crypto firms’ compliance with financial promotion rules on 8 August 2024.
The FCA focused on how firms are implementing ‘back end rules’, such as personalised risk warnings, a 24-hour cooling-off period, client categorisation, and appropriateness assessments. The review outlines good and poor practices, which the regulator expects the wider sector to consider, and to make any necessary changes as a result.
The FCA uncovered multiple instances across all review areas where firms did not meet the required standards, including the expected level of consumer protection. The regulator warns firms against relying on industry comparisons to benchmark what is acceptable, given the prevalent poor practices in the market.
In this article
What does this mean?
The regime for crypto financial promotions was introduced in October 2023 and was incorporated into existing rules for Restricted Mass Market Investments (RMMIs). The FCA issued final guidance in November 2023.
The FCA has now reviewed a sample of crypto firms’ ‘back end rule’ compliance, recognising that firms had to implement the regime alongside other regulatory changes, such as the Travel Rule.
Cooling-off period
The rules require firms to provide a cooling-off period for new consumers who request a Direct Offer Financial Promotion (DOFP). This must be a minimum of 24 hours from the point a consumer requests to see the DOFP and it being shown. The period allows consumers time to reflect on the investment and decide whether to proceed with purchasing the assets.
While all firms had implemented a minimum 24-hour cooling-off period, multiple firms either had not included an explicit option to proceed with or exit the investment journey at the end of the period, or the options to exit or proceed were not given equal prominence. Some firms also did not clearly explain the purpose of the cooling-off period, leading to frustration and confusion among customers.
Personalised risk warning
Firms must provide a personalised risk warning to new consumers before they receive a DOFP. This warning must be tailored to include the client’s name and must include both a risk warning and a link to a risk summary.
In some instances, the personalised risk warning did not meet the prominence requirements or did not present the options to proceed with or exit the investment journey with equal prominence. Additionally, some firms inappropriately used language that encouraged consumers to proceed.
Client categorisation
Firms must take reasonable steps to establish that a consumer is certified as either a Restricted, High Net Worth, or Certified Sophisticated investor before communicating a DOFP.
Most firms had implemented a process for ensuring consumers were able to self-categorise appropriately and provided correctly-worded categorisation statements.
However, the FCA noted poor practices, such as firms guiding consumers through the process by instructing them on what they need to enter to proceed. In some instances, if a consumer entered a value that did not meet the requirements of their selected category, a warning message would encourage the consumer to change their response to fit the permitted range. Additionally, some firms did not take reasonable steps to establish that the consumer met the criteria for a Certified Sophisticated Investor.
Appropriateness
Firms must assess whether the qualifying cryptoasset is appropriate for the consumer before processing an application or order in response to a DOFP.
Poor practices included firms using the assessments as educational tools rather than evaluations of the consumer's knowledge. Some firms had features that guided consumers to the ‘correct’ answers, while others included questions that asked consumers to self-assess their own level of knowledge or experience. Additionally, most firms had assessments that allowed consumers to answer one or more questions incorrectly, without considering whether incorrect answers to specific questions or combinations of questions indicated a fundamental misunderstanding of a key risk associated with the product.
Record keeping
The FCA rules require firms to record specific information captured during the customer journey, and all firms reviewed were doing so. According to the FCA, the best firms had a clear and defined plan of how they intended to use the data captured.
Due diligence on cryptoassets
Due diligence is a key component of the financial promotions regime. The FCA reviewed firms’ approaches to due diligence for the cryptoassets and services they promoted, how they utilised the due diligence, and how firms used due diligence specific to cryptoassets claiming a form of stability.
The best firms clearly demonstrated how and when they would reject and not promote a cryptoasset that failed to meet their due diligence requirements and their risk appetite for promoting cryptoassets. These firms also considered information from a wide range of sources, combining on-chain and off-chain information with insights from specialist third parties.
According to the FCA, the weakest aspect of most firms reviewed was their inability to clearly show how they used their due diligence to inform their decision-making. Firms displaying the poorest practice did not seem to consider that omitting information, including that gained during due diligence, can result in financial promotions being non-compliant with FCA rules.
Given their unique risk profile, the FCA specifically reviewed firms’ approaches to due diligence on cryptoassets that claim a form of stability. The best firms had considered the risks specific to this type of cryptoasset and conducted thorough due diligence to assess any claims of stability. For example, they conducted due diligence on the nature of the stabilisation mechanism, the quality of backing assets, how any backing assets are custodied, the regulated status of the issuer, and the issuer’s redemption policy.
Poor practice, on the other hand, included promoting certain cryptoassets as stable despite them not maintaining a stable value, breaching FCA rules. These firms also promoted cryptoassets with stability mechanisms primarily reliant on an algorithm or reserves of other cryptoassets as stable.
The FCA says it aims to work collaboratively with the sector to raise standards, help firms meet their obligations, prevent harm to consumers, support the integrity of the financial system, and build confidence in the UK crypto market.
What do firms need to do?
Review the full findings of good and poor practices and undertake a gap analysis against the firm’s operations.
Ensure that firms have strong systems and controls in place to comply with all aspects of the FCA’s rules.
Firms should not rely on comparisons with industry peers to benchmark what is acceptable practice, but follow the FCA’s guidance and expectations.
Firms should consider the full set of good practice examples from the FCA’s review and implement them accordingly. The examples of good practice include:
Cooling-off period
Giving consumers clear information that there is a cooling-off period, explaining that it is there to ensure consumers take the time to consider if the product is right for them, and making it clear once the period has ended, without a pressure to act.
Personalised risk warning
Ensuring the warning is clearly positioned on its own page with no other information. Improving the prominence and engagement of the options to proceed with or leave the journey by making them the sole focus of the screen. Including clear processes for consumers who wish to leave the investment journey.
Client categorisation
Giving consumers an option to leave the journey if they do not meet the criteria of the available categories. Considering whether it is appropriate to offer the certified-sophisticated category. Verifying the submissions of all consumers who categorise themselves as certified-sophisticated and rejecting any submissions which do not meet the requirements.
Appropriateness
Approaching the design of the appropriateness assessment holistically and ensuring the assessment fully considers the consumers understanding of the risks associated with the specified cryptoassets, as per the detailed specification by the FCA’s rules.
Record keeping
Capturing real-time data of frictions during onboarding and using this to improve the journey and ensure the frictions are working effectively. Incorporating data analysis into reporting at various levels, including Board, to enable continuing monitoring and improvements.
Due diligence
Considering the FCA’s guidance as well as additional topics relevant to the specified cryptoassets being promoted. Having clear criteria for when a cryptoasset would fail the due diligence process, and thorough processes for considering operational and technology risks, such as reviewing smart contract code and network stability. Considering information from a wide range of sources and having systems to automatically flag events which might impact the fairness of promotions.
Conducting thorough due diligence to assess any claims of stability. For example, conducting due diligence on the nature of the stabilisation mechanism, the quality of backing assets, how any backing assets are custodied, the regulated status of the issuer and the issuer’s redemption policy.
“Firms communicating, or approving financial promotions, must make sure they have strong systems and controls for compliance in place. We urge all firms to read our good and poor practice and work proactively with us to continue to improve standards across the sector.”
Next steps
The FCA expects firms offering qualifying cryptoassets to retail clients, and firms approving financial promotions under s21 FSMA, to consider the examples provided as well as any changes they need to make to their practices, to meet the FCA’s expectations and improve consumer outcomes.
Related content
Contacts
Follow us
