HMT clarifies its position regarding low-risk firms and introduces key changes for cryptoassets activities in the UK

Share this post

HM Treasury (HMT) has published a response to its previous consultation on amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, the ‘MLRs’ (we previously published a series of articles on the original consultation that can be accessed here). The consultation response clarifies HMT’s position regarding low-risk payment firms and art market participants under the MLRs and confirms its intention to change the legislation to comply with the expansion of the application of Financial Action Task Force (FATF) Recommendation 16, regarding information sharing requirements for crypto wire transfers (commonly known as the ‘Travel Rule’).

Low risk firms and changes in scope to reflect latest risk assessments

Low risk payment services firms

In line with the feedback received during the consultation period, HMT has decided to remove Account Information Services Providers (AISPs) from the scope of regulated firms in the MLRs. This is because there is currently not much evidence of criminals using AISPs for any money laundering (ML) or terrorist financing (TF) activity and these firms could be negatively impacted by disproportionate compliance costs derived from their inclusion in the scope of the legislation.

However, HMT has confirmed that it will keep Payment Information Services Providers (PISPs) within scope of the MLRs for the time being. This is due to concerns that PISPs, unlike AISPs, are involved in the payment chain which may represent a higher risk of being used as a tool for economic crime such as fraud. We previously gave our views on the applicability of the MLRs to both in a previous article.

With regards to Bill Payment Service Providers (BPSPs) and Telecoms, Digital and IT Payment Service Providers (TDITPSPs), HMT believes they should remain in scope of the MLRs. Although it seems sensible to exclude both BPSPs and TDITPSPs from the regulated sector as they are only involved in the transfer of small sums, there could be unintended consequences of removing them from scope, with a higher risk of fraud. In this respect, HMT has confirmed that further research is needed to confirm whether these activities in the UK are linked to any cases  of ML, TF and proliferation financing (PF).

Art Market Participants

Based on consultation feedback, HMT has amended the definition of an Art Market Participant (AMP) in Regulation 14(1)(d) to explicitly exclude artists who sell their own works or art over the EUR 10,000 threshold. This exemption will apply for those cases when an artist sells their works of art as an individual, or when they sell their work through a company or partnership where they are a shareholder or partner.

Although responses to the consultation noted that the definition of AMP could be expanded to include digital art, Non-Fungible Tokens (NFTs), antiques and antiquities, HMT currently does not have any plans to cover these, but it has confirmed that it will take the feedback into consideration and potentially make changes to the definition in the future.

Cryptoassets and the Travel Rule

HMT has confirmed that it will move ahead with the implementation of the long awaited ‘Travel Rule’ for cryptoasset wire transfers in the UK. The government has acknowledged that this requirement will increase the cost of compliance, but it believes that this is outweighed by the benefits to both the sector and economy from the reduction of the associated risks of ML and TF with cryptoassets transactions.

Whilst acknowledging the concerns regarding data security and privacy, HMT has decided to maintain the information sharing requirements as set out in the consultation, as the data reflects FATF requirements and cannot be changed unilaterally whilst remaining compliant with FATF standards.

In terms of the applicability of the requirements to “intermediary” cryptoasset service providers, HMT has clarified that the rules will only apply to intermediaries that are either cryptoasset exchange providers or custodian wallet providers and will not capture others such as software or hardware providers.

In general, HMT is implementing most of the proposed changes that were previously consulted on, but it has taken into account initial concerns raised by the industry during the consultation stage and has amended part of its original proposals as per the below:

  • HMT has modified its proposal so that the de minimis threshold for cryptoassets transactions under the Travel Rules aligns with the FATF’s recommended threshold of EUR 1,000. It will, however, consider changing the Euro thresholds in the MLRs to Sterling in the future. Also, given that the evidence suggests that there are relatively few businesses offering both fiat and cryptoassets, HMT will no longer require that both fiat currency and cryptoasset transfers are considered for the calculation of the de minimis threshold. However, transfers of fiat currency will remain subject to a de minimis threshold under the Fund Transfers Regulations.
  • Regarding the requirement that cryptoasset businesses collect but not verify beneficiary and originator information regarding unhosted wallets, HMT has considered the feedback received and modified its proposals. Instead of requiring the collection of beneficiary and originator information for all unhosted wallet transfers, cryptoasset businesses will only be expected to collect this information for transactions that are identified as posing an elevated risk of illicit finance. HMT has not provided clarity regarding what this would specifically involve, but it has indicated that the minimum factors that firms should consider when assessing this risk will be set out in the revised legislation.
  • In terms of verification of the information of unhosted wallets, in line with FATF expectations, HMT has decided not to require verification of the information given the potential practical difficulties for both the users of cryptoassets and cryptoassets businesses to do this. These changes are based on the fact that these types of wallets provide a potential security advantage to users, so they should not be automatically considered as a higher risk. Obviously, unhosted wallets cannot be completely exempted from the Travel Rule requirements as that could create an incentive for them to be used for illicit purposes.
Changes in control of registered cryptoasset firms

HMT is also amending Regulation 57 of the MLRs and adding a new Regulation 68B to the legislation so that changes in control of a registered cryptoasset firm are notified to the FCA, ahead of such changes taking place. This will allow the FCA to undertake a ‘fit and proper’ assessment of any individuals or entities acquiring a cryptoasset firm, providing powers to the regulator to object to any changes in the ownership of the firm before they take place and cancel the registration of the firm being acquired if it’s necessary to do so. The change will also capture the ‘Change in Control’ offences under the MLRs in the new schedule 6B.

This measure allows HMT to close the gap that currently exists in the MLRs that allows firms to bypass the MLRs’ registration gateway, by acquiring already registered cryptoasset firms and potentially enabling the acquiring entity to undertake activities before the FCA can assess the change of ownership and take action.

Notices of refusal to register cryptoasset firms

Currently, Regulations 59 and 60 of the MLRs only provide the FCA and HMRC with the power to publish notices relating to the cancellation and suspension of MLR registrations but not to publish notices of refusal to register.

In this sense, HMT is amending Regulation 59 of the MLRs to allow both the FCA and HM Revenues and Customs (HMRC) the discretion to publish information about decisions not to register an applicant firm. This measure will also allow the FCA to publish notices where it has objected to the acquisition of an already registered cryptoasset firm.

These changes will enable regulators to publish detailed findings of registration and acquisition assessments, allowing these notices to include a level of detail which may help other applicant firms to understand the regulatory requirements and expectations of the regulator, and improve their AML/CTF arrangements and controls where necessary. This measure will certainly help both applicant cryptoasset firms and the FCA to save time and costs during the application process.

Next steps

The changes to the MLRs set out in HMT’s response document have now been made into a draft secondary legislation entitled ‘The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022’ that will come into force on 1 September 2022, subject to Parliamentary approval.

In terms of the specific implementation of the Travel Rule for cryptoassets transactions, HMT has decided to allow a 12-month grace period to run from the point at which the MLR will take effect until 1 September 2023, during which time cryptoassets businesses will be expected to comply with the requirements.

The changes made by HMT in the legislation will certainly help to incentivise sustainable growth and innovation in specific areas of the financial services sector such as Open Banking and the cryptoassets services sector.

Article by Compliancy Services

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?