Blockchain and Digital Assets

Asim Arshad
October 2024

Senior Associate Asim Arshad examines the FCA’s first criminal prosecution over the unlawful operation of crypto ATMs, and discusses the wider implication of this crackdown for both lawyers and crypto businesses in the UK.

Asim’s article was published in Law360, 11 October 2024, and can be found here.

On Sept. 10, the U.K.’s Financial Conduct Authority launched a criminal prosecution against Olumide Osunkoya, the first of an owner of a firm enabling crypto asset trading, who pled guilty to the charges. The regulator announced that it had secured its first conviction on Sept. 30 for two offenses relating to the unlawful operation of multiple crypto automated teller machines that were not registered with the FCA.[1]

This article will examine the wider implications for lawyers of that decision.

The FCA alleges that, between December 2021 and September 2023, machines operated by Osunkoya across multiple locations processed crypto transactions with a combined value of £2.6 million ($3.4 million).

It is clear that the regulator is starting to clamp down on crypto activities associated with money laundering.

The FCA confirmed that this is its first criminal prosecution relating to unregistered crypto asset activity under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

Over the past two years, the regulator has inspected dozens of locations suspected of hosting crypto ATMs, and last month stated that there are no legal crypto ATM operators in the U.K. Therese Chambers, the FCA’s joint executive director of enforcement and market oversight, said: “If you’re using a crypto ATM, you are handing your money directly to criminals.”[2]

Overly Aggressive

The FCA’s position is clear: Crypto ATMs are inherently problematic. As a result, legitimate operators who value regulatory compliance are being actively deterred from considering the U.K. as a potential jurisdiction in which to locate them.

The prosecution of Osunkoya demonstrates the FCA’s commitment to taking enforcement action against unregistered crypto asset businesses. It is an unambiguous signal to those operating within the sector that the regulator will actively pursue transgressors via criminal charges, civil proceedings, or both.

This is not unprecedented. Through previous enforcement action, the FCA has shown itself willing to act, not least because firms operating in this sector are perceived to be a greater risk in terms of money laundering and potential misuse by bad actors.

In its inaugural crypto-related enforcement action in July, the FCA imposed a £3.5 million fine on CB Payments Ltd., part of the Coinbase Group, for breaching requirements imposed under the Electronic Money Regulations 2011.[3]

Crypto ATMs

In their simplest form, crypto ATMs enable users to deposit cash that is converted into crypto-assets. The machine records the deposit, either generating a wallet for the user or requesting the user’s public wallet address to which the crypto can be sent. Operators typically earn fees from these transactions.

Crypto ATMs are often fitted with a camera that records the user making the deposit; some also require the user’s ID documents to be scanned, allowing their details to be recorded.

This functionality enables easy, almost immediate conversion of cash to crypto. Some ATMs offer bidirectional functionality, enabling both the purchase of crypto and the sale of crypto for cash. Some ATMs require little or no personal information, providing the user with the additional benefit of privacy, or even complete anonymity.

Although crypto ATMs are not inherently illegal, to operate one requires registration with the FCA. As noted, currently, there are no registered crypto ATM operators in the U.K.

It is important to note that the same requirements do not apply to crypto purchases made via more traditional methods, such as a centralized exchange.

Illicit Use of Crypto ATMs

The privacy afforded by crypto is attractive to criminals, particularly those who seek to launder illicit money and obfuscate any audit trail. Globally, authorities in multiple jurisdictions have moved to shut the machines down because they provide an ideal conduit for laundering money, with limited traceability on where funds originate and where they are sent.

Although this regulatory approach is becoming more common, it should not be automatically assumed that everyone who uses a crypto ATM is party to a criminal transaction.

Impediment to Thriving U.K. Crypto Industry

It can be argued that the FCA should narrow its focus toward enhanced monitoring and regulatory compliance. It may also be said that its objective should be to ensure that crypto ATMs and, therefore, those operating and profiting from them, require customer identification and appropriate know-your-customer steps before customers can transact.

Another means of regulating the marketplace would be to create a customized set of KYC rules for crypto ATMs that would potentially mitigate their use for criminal activity.

Technology might play a part in making this work. For example, fingerprint or facial recognition technology could be used to validate an individual’s identity and enhance KYC checks. This could be undertaken in conjunction with the scanning of a passport, where a live camera scans an individual’s face and matches it to the passport photo, while background checks are simultaneously undertaken on the passport itself.

Regulatory authorities in some other jurisdictions take a different view. Crypto ATMs can be found in multiple countries, with more than 1,000 located in various European Union member states, for example.

Worldwide, users seeking to access crypto and bypass the traditional banking system can access more than 37,500 crypto ATMs, according to data provider AltIndex.[4]

Therefore, those who do wish to use them have perfectly legal options in diverse global locations.

The FCA’s excessively antagonistic language may deter crypto users who do value regulatory compliance from considering the U.K. as a potential jurisdiction to be located. Manifestly, choosing the U.K. in the current climate would be an unlikely option for any crypto ATM operator.

As current regulations stand, crypto companies wanting to operate in the U.K. must first register with the FCA, which assesses them under anti-money laundering and other regulations.

In its latest annual report published in September, [5] the FCA noted that it had rejected 87% of the applications received from crypto-asset companies seeking clearance for their money laundering defenses.

The regulator also issued 450 consumer alerts against crypto-asset promoters — only three months after rules against misleading marketing were tightened.

The charges brought against Osunkoya highlight the importance of compliance in the crypto sector, serving as a stark reminder for crypto asset businesses about the risks of noncompliance.

Conclusion

Given that the FCA is monitoring the crypto ATM sector through active policing, enforcement and prosecution, organizations in the U.K. need to take a similarly proactive approach to KYC and related protocols through constant monitoring and adaption. This means complying with the spirit of what the FCA wants, rather than just the bare minimum.

Read more here.