UK crypto promotions are regulated under the FCA’s rules for Direct Offer Financial Promotions (DOFP). Firms must follow a strict communication and assessment flow before a consumer can invest in high-risk crypto assets.
This page describes how Sumsub supports each step of that flow.

Definitions

The following is a list of definitions used in this article:

• Registered person. A person who is a crypto asset exchange provider or a custodian wallet provider, included on the register maintained by the FCA, and is not an authorized person.
• Authorized person. A person who is authorized and has permission to carry on one or more regulated activities.
• Financial promotion. An invitation or inducement to engage in investment activity. It can take many forms, including adverts placed in print, broadcast, or online media, marketing brochures, emails, websites, apps, or social media posts. Invitations or inducements to engage in the following activities in relation to crypto assets are within the scope of the financial promotions regime:
  • dealing in securities and contractually based investments;
  • arranging deals in investments;
  • managing investments;
  • advising on investments;
  • agreeing to carry on specified kinds of activity.
• Crypto asset. Any cryptographically secured digital representation of value or contractual rights that can be transferred, stored, or traded electronically and uses the technology supporting the recording or storage of data (which may include distributed ledger technology). A crypto asset does not fall within the "qualifying crypto asset" if it is a controlled investment such as:
  • electronic money;
  • fiat currency;
  • digitally issued fiat currency or a crypto asset that cannot be transferred or sold in exchange for money or other crypto assets except by way of redemption with the issuer and can only be used in a limited way and meets one of the following conditions—it allows the holder to acquire goods or services only from the issuer;
  • a professional issuer issues it and allows the holder to acquire goods or services only within a limited network of service providers that have direct commercial agreements with the issuer, or it may be used only to acquire a very limited range of goods or services.

Regulatory requirements

The central requirement of the financial promotion rules is that financial promotions must be fair, transparent, and not misleading.

To comply with the existing requirements of the financial promotion regime, firms will need to conduct due diligence on both the crypto asset or crypto asset service they are promoting (or about which they are approving promotions) and any claims made in the promotion.

In conducting due diligence for a particular crypto asset, a firm needs to consider (amongst other things):

• The authenticity and accuracy of the proposition in the relevant promotion.
• The steps necessary to ensure the cryptoasset is not linked to fraudulent activity, scams, money laundering, or other financial crimes.
• The operational or technological risks.
• Understanding the environmental, social, and governance risks associated with the crypto asset.
• Conducting relevant legal and compliance checks.

When working with financial promotions, a firm may need the tools that offer the following:

• Clear risk warnings. Standard risk warnings should be included on all financial promotions for Restricted Mass Market Investments and Non-Mass Market Investments.
• Banning incentives to invest. FCA proposed banning financial promotions for high-risk investments from offering monetary or non-monetary benefits that incentivize investment activity, such as ‘refer a friend’ or new joiner bonuses.
• Cooling-off period. FCA proposed a minimum 24-hour cooling-off period for first-time investors with a firm. Personalized risk warning pop-up. FCA proposed introducing a personalized risk warning pop-up (or equivalent) for first-time investors with a firm.
• **Client categorization. Before a DOFP can be made concerning an RMMI, the consumer must be categorized as a Restricted, High Net Worth, or Certified Sophisticated investor.
• Appropriateness assessments. Before an application or order for an RMMI can be processed in response to a DOFP, the firm must assess the specific RMMI that is appropriate for the consumer.
• Records keeping. FCA proposed that firms should record various metrics throughout the consumer journey.

The scheme below provides an example of how a firm can apply DOFP rules.

When and where UK crypto regulations apply

From 8 October 2023, all firms marketing crypto assets to UK consumers, including overseas firms, must comply with the financial promotion regime.

📘

Note

The financial promotions do not need to be specifically directed at UK consumers to be capable of having an effect in the UK.

Suppose a UK consumer can access and respond to cryptoasset promotions to engage in cryptoasset activities through websites, apps, and/or social media. In that case, those promotions will likely have an effect in the UK. So, the regulation applies regardless of the firm's location, the promotion, or who it was primarily aimed at.

Who is affected by UK crypto regulations

The regime applies to all firms (registered and authorized persons) marketing cryptoassets to UK consumers, including firms based overseas.

Why UK crypto regulations matter

As many crypto asset firms operate internationally, the regime can challenge UK firms to ensure that associated entities in a global group structure do not inadvertently breach UK regulations by promoting to UK consumers.

How to address with Sumsub

Sumsub provides technical solutions that help its clients' compliance teams comply with the regime, including:

• A fully customizable questionnaire can be used to collect the data or documents on the customers' employment or source of wealth or to determine the customers' professional experience or knowledge.
• KYC, AML, and sanctions screening tools, and so on.
• A personalized pop-up as required by regulation.
• A customizable list of countries a client does not accept for verification by the Sumsub solution (for the companies that are not ready to work with UK residents yet).

How Sumsub ensures compliance with UK crypto regulations

The following is a sequence of verification steps:

1. The applicant registers for your service. The 24-hour countdown timer should be activated on your website to provide for the Cooling-off period.
2. Registration triggers the standard KYC flow involving the questionnaire required by your regulator. Usually, such a questionnaire collects data related to the applicant’s income and investment abilities, including their annual income and the amount to be spent on what is defined as high-risk investments during the year.
3. After the applicant completes standard KYC checks, the system shows them a personalized risk warning. With Sumsub, this can be done either via a risk-warning questionnaire embedded inside the main KYC level or triggered as a separate applicant action after KYC approval.
4. Sumsub automatically approves the applicant and sends a webhook notification to you.
5. The remaining KYC and AML checks are performed.
6. The applicant initiates a crypto transaction, which triggers one more questionnaire.
7. The applicant categorizes themselves into one of the FCA-defined investor types:
   • Restricted investor
   • High net worth investor
   • Certified sophisticated investor
   • Self-certified sophisticated investor (not applicable to cryptoassets)
8. The applicant completes an Appropriateness Assessment. It evaluates whether they understand the nature and risks of the specific crypto asset or product.
9. Sumsub calculates its risk score based on the number of mistakes in the questionnaire. Any score different from 0 means the applicant made at least one mistake.
10. The applicant has 3 attempts to complete the questionnaire. If the applicant succeeds, they are allowed to buy crypto assets. So, the standard transaction monitoring flow is triggered. If the applicant fails, the next attempt is only possible after the 24-hour cooling period.

📘

Note

A separate questionnaire must be created for each product/coin/project you offer.

The scheme below illustrates the process.

What is needed to implement the Sumsub UK crypto compliance solution?

The table below shows what features are provided by Sumsub, and what needs to be done on your side to set up the monitoring flow.

If you have any questions about setting up your flow, contact us at [email protected] or reach out to your Customer Success Manager for seamless solution integration.