Although financial promotion rules are nothing new for the UK’s financial services industry, when it comes to crypto, there appears to be confusion over what is and what isn’t allowed, and who the new rules actually apply to. Our Global Head of Crypto and FinTech, Jason Tucker-Feltham explains all.
Within just 24 hours of the Financial Conduct Authority (FCA) releasing its financial promotions regime for the crypto industry, it had issued 146 alerts of unregulated crypto firms illegally promoting crypto assets in the UK.
While these startling high numbers could be interpreted as a reflection of the FCA’s commitment to safeguarding consumers and fostering a responsible crypto industry amidst ongoing regulatory developments, it also showcases how unprepared the UK’s crypto industry is. Or, at the very least, how difficult the FCA registration process for crypto firms can be.
What is a financial promotion?
According to Section 21 of the Financial Services and Markets Act 2000, a financial promotion refers to “an invitation or inducement to engage in investment activity, communicated by a person in the course of business.”
In other words, financial promotions are advertisements or other promotional materials used by financial firms to market their products to consumers. Financial promotions can be disseminated via newspapers, mailings, product brochures, social media platforms (remember the Kim Kardashian scandal for touting crypto in 2022?), websites, in fact, any medium if they include an invitation or incentive targeting consumer credit activity.
The FCA regulates the conduct of nearly 50,000 firms to ensure the fairness, honesty, and competitiveness of the UK’s financial markets. According to the FCA Handbook, all financial promotions must be clearly identifiable, accurate, balanced, and not misleading. Promotions must explicitly mention prominent risk warnings and must not contain inappropriate incentives. Since financial promotions by firms can influence a consumer’s decision when choosing a financial product or service, they must comply with specific FCA rules. Firms must also, of course, be registered with the FCA.
The fact that the FCA had to issue so many alerts on the first day of the new regime emphasizes its vigilant approach to crypto asset promotions.
Of course, it’s not only the UK that has measures in place to protect consumers from unregulated entities. The Securities and Exchange Commission (SEC) regulates financial promotions in the US, while in Canada, the Financial Consumer Agency of Canada protects the rights of consumers of financial products and services.
Financial promotion punishments.
So, what punishment awaits the 146 companies that broke the rules on the very first day of the regime? Well, as per the FCA Handbook, anyone committing a financial promotion criminal offense may face up to two years of imprisonment and an unlimited fine. The FCA will assess the severity of the breach to determine the appropriate penalty level, which ranges from Level 1 to Level 5.
Crypto firms in the UK have been aware of the upcoming rules, and the potential repercussions of sending out financial promotions for quite a while. In 2022, there were 1,882 warnings issued, marking a 34% increase from the previous year. As a result, 8,582 financial promotions were amended or withdrawn, which was 14x more than observed in 2021. Financial promotion rules are nothing new for the UK financial services industry.
Riding the wave of crypto.
The rise of crypto and extreme market cycles have resulted in many wondering if they too could benefit financially from investing in crypto assets. Recent reports suggest there are as many as 88,200 crypto millionaires, including some fairytale stories of people amassing their wealth by investing very small amounts. However, the sheer number of cryptocurrencies that have ceased to exist is less highlighted, and as a result, many people’s investments have just been completely wiped out. As such, the financial promotions regulation seeks to protect the most vulnerable, especially from influential celebrity endorsements.
In March 2023, the SEC charged eight celebrities, with some of the most notable examples including Lindsay Lohan and Jake Paul, for failing to mention that they were partaking in a paid promotion.
UK’s proposed crypto regime.
The addition of crypto to the UK’s financial promotion regime marks a step toward a full crypto regulatory framework. Much like its European equivalent, MiCA (Markets in Crypto Assets), a core aim of the UK’s proposed crypto regime will be to protect retail investors.
The UK’s proposed crypto regime is expected to take effect in 2024, and crypto firms wishing to operate in the UK must register with the FCA and adhere to its regulations.
The government’s proposed changes for crypto firms include the following:
Establishing a world-first system for crypto lending
Introducing new regulations to safeguard consumers from market manipulation
Enforcing a market abuse system for cryptocurrency trading
Requiring crypto exchanges to have clear and detailed requirements for admission criteria
Mandating disclosures for new crypto assets
Offering a 24-hour cooling-off period for new investors
Banning referral bonuses
The FCA will regulate crypto firms under the current promotions law, which is expected to protect consumers from misleading or inappropriate crypto promotions. The FCA’s rules for marketing crypto assets include the following:
Advertisements must be transparent, fair, not misleading
Crypto asset firms must ensure consumers have the necessary understanding and expertise to invest in crypto
Crypto promotions must establish clear risk warnings
Weighing the benefits and drawbacks of the new regulations.
These new crypto regulations will prevent users from being exposed to unregulated platforms and crypto scams like the FTX scandal, which involved the collapse of a crypto exchange, in November 2022. The collapse was due to a liquidity crisis that revealed an US$8 billion hole in company accounts.
Of course, a potential drawback of the financial promotions regime is that only firms registered with the FCA or partnered with someone registered by the FCA will be able to operate in the UK, which may pose a barrier to entry for firms. This is because becoming FCA-registered in order to comply with the financial promotions regime could prove costly, not to mention time-consuming. Registering as a crypto asset firm falls into Category 6 of the FCA’s pricing categories, meaning that firms currently have to pay at least £10,000 to register. The FCA also imposes an annual fee following authorization.
Promoting crypto in the UK?
The recent publication of the UK’s revised ‘Future financial services regulatory regime for crypto assets’ marks a crucial advancement in the nation’s journey towards cryptocurrency regulation. The document, released by HM Treasury, outlines the present regulatory framework for crypto assets, definitions of different kinds of crypto assets, and a proposed policy approach to introducing crypto asset activities under the UK’s regulatory boundaries. As of April 2023, the FCA had registered just 41 crypto asset firms under its AML regime.
Balanced regulation that ensures consumer safety while maintaining an attractive marketplace for crypto firms is crucial, especially to fully realize the UK government’s aims to become a major crypto hub.
Putting the KYC into crypto.
WhileKYC processes are an integral part in ensuring crypto exchanges can protect themselves and their customers from fraud and money laundering, they are also a requirement to be able to comply with FCA requirements. Having these controls in place will protect investors from financial losses and add stability to a notoriously volatile market.
IDnow’s highly configurable identity verification solutions work across multiple regulations, industries and use cases, including crypto. Whether automated or expert-assisted, our online identity-proofing methods have been optimized to meet the strictest security standards and regulatory requirements without compromising on customer conversion or consumer experience.
We sit down with the financial crime trainer and apprenticeship coach to discuss why he left the police force, how criminal investigations have changed over time, the importance of education and accountability in an anti-fraud strategy, and why he would never become a KYC specialist.
Paul Stratton has always wanted to be a police officer. In fact, during a recent house clean-up, his wife discovered a childhood picture of Paul and his brother dressed up as characters from ‘Chips’ (an 80’s TV show about two motorcycle officers from the California Highway Patrol).
However, after 22 years of working for Merseyside Police, including almost four years in the Fraud Unit, Paul knew he had to leave.
“It got to the point where I was struggling with the lack of team ethos and internal politics. Before moving to the Fraud Unit, I was investigating domestic abuse, violent crimes, and sexual offences, and was starting to feel like an Uber driver, where the next job would just pop up in my inbox. I just didn’t have time to follow up as much as I wanted to with the people I had helped and that always bothered me.
“Victim care is something that the police talk a lot about and I think it’s just become a soundbite. I don’t think we are doing as well as we could with victim care in certain areas of policing, and it frustrated me to just follow up with phone calls.”
Little wonder then, that Paul left the police to pursue a career in fraud and financial crime training and raising awareness of the harm of fraud.
The importance of education, accountability, and tangible messaging in the battle against fraud was a recurring theme in our discussion, as Paul believes a lack of consistent education – to the public, to the police, and the wider public sector – is a significant issue in the UK’s fight against fraud attacks. These rates, Paul believes, will not go down until that education gap is filled.
You can create the best strategy in the world, but it’ll just collect cyber dust unless there’s tangible messaging that is shared with the public. There’s no real messaging, and that’s where I fear it’ll fail.
Paul Stratton, financial crime trainer and apprenticeship coach.
“We can’t hold departments accountable because, besides the general aim to reduce fraud by 10% by 2025, there are no specific figures [that they wish to hit] or how they’re going to do it, and no one knows what they’re tangibly supposed to be doing. British Prime Minister Rishi Sunak set out his five priorities for 2023, and, like them or not, they are clear, so why aren’t we doing something similar with the UK’s fraud strategy?”
In this interview, we discuss everything from Paul’s skepticism regarding the strategy’s 400 promised new fraud officers, why he hates words like ‘scams’, ‘white collar crime’, and ‘money mules’, and why we’re still probably one or two generations away from fully recognizing the impact of social media and acting upon the dangers of online crime.
From detective at Merseyside Police to fraud specialist at Liverpool City Council, and currently, a full-time fraud apprenticeship coach and fraud and financial crime trainer, why the career change, and what are the main differences and similarities in roles, if any?
I spent 22 years with Merseyside Police, and never wanted to leave, in fact I still consider myself police, but I had to leave as I knew there had to be something better out there. Somewhere where a work/life balance is achievable.
I brought the same principles and work ethic into my role at Liverpool City Council. In fact, it was working at the Council where I learned the most about fraud, corruption, bribery, conflicts of interest, gifts and hospitality, social media, KYC, and all the other typical red flags you look out for in police investigations.
What did a typical day look like at Liverpool County Council?
I oversaw the Whistle Blowing process, reviewing, and allocating cases, and I was the lead investigator for all allegations of internal fraud and potential criminal activity. I was also part of the council’s effective Due Diligence Group and developed the council’s new Fighting Fraud & Corruption Together strategy.
In 2020-2021, Liverpool City Council received a lot of bad press due to claims of widespread corruption, which led to numerous police investigations and government intervention.
I started my role just after the controversy started, so a lot of my work was focused on trying to bring Liverpool City Council to a point where there was that awareness of fraud and best practices. So, I would work virtually every day on building and delivering educational and engaging training sessions.
We talk a lot about anti-fraud culture, and counter-fraud culture – that’s a phrase that’s bandied around. But anti-fraud culture is a difficult thing to achieve, as that would mean everybody knows about fraud, and how to prevent it and protect themselves from it.
What led you to leave the Council and launch your fraud and financial crime training and consultancy business?
It’s something I’ve always wanted to do. I am committed to providing quality training to delegates. Long gone are the days when trainers could just sit in front of a PowerPoint and talk for an hour. It must be immersive, with tasks, real-life examples, and problem-solving sessions. People want, need, and deserve more. This is especially true in the public sector, where there’s very little money to train people, so when a trainer does come in, it’s vital they deliver the best learning they can.
How have criminal investigations and intelligence operations changed in the two-plus decades since you began?
Since I started, back in 1998, it’s changed dramatically. For example, when I joined there was very little education on evidence-gathering at a scene, but now, with technology, recruits are even receiving Open-Source Intelligence (OSINT) and social media training.
Whether it’s over Facebook (which it inevitably is), or Instagram or Twitter, investigators need to know and understand how to secure digital evidence. That’s where a lot of the crime exists now. It’s not in person anymore – it’s online.
Would you say the perception of fraud has changed over the years?
Yes and no. When I started in the police, the Fraud Unit, which was called the Cheque and Fraud Wing, would only deal with cases of a certain amount; it had to be of high value for them to even become involved.
Some police forces, like Merseyside Police, have now shifted to harm-based assessments, where they look at the harm caused by fraud. Yes, the monetary amount is important, but it’s not everything.
Paul Stratton, financial crime trainer and apprenticeship coach.
For example, £1 million in losses to a huge organization is a speed bump in relation to a single parent losing £500 in a month and being unable to pay the rent. You see this with romance frauds, where people lose everything.
I think the perception of fraud can be too rarefied; we think ‘fraud’, we think “white collar crime,” and it’s a phrase I can’t stand, because many equate “white collar crime” with a business crime.
The last suspect I ever interviewed before I left the police was a young lad involved in a gang that were dealing drugs and other types of criminal activities like selling fake Liverpool and Everton tickets. And they were doing all that through a bank account they’d created with the name of a vulnerable neighbor, and had done it horrifically easily at the time. There are increasing numbers of gangs moving into fraud and money laundering now.
What are your thoughts on the UK’s recently-released fraud strategy? Do you think it goes far enough, and is dedicating resources in the right place?
I think anything that looks at reducing fraud is a good thing. However, [in the strategy] there are a lot of new names for old teams, and reinventing the wheel somewhat, but that’s often law enforcement’s way. We go from priority to priority. You won’t have a burglary team for two years, but then you have a huge burglary problem, so you assemble a burglary squad and solve that problem, then move onto something else. Such is the lack of resources to specialize in everything at once.
One of the things that I’m skeptical about is the government’s pledge to get 400 new specialist investigators. I don’t think these can be existing police officers, as no police force has enough staff to do what they need to do right now. So, I’m not sure where any new fraud specialists are going to come from, and whether they’re going to be trained or not.
I also don’t think the fraud strategy factors in the educational component. The strategy may be on gov.uk, but are people seeing it in any kind of usable format?
Are we doing enough education-wise with the public? I can’t ever remember seeing an advert on fraud prevention from the government. I see adverts about giving to charity and how people can spend money, but I don’t see adverts on how people can protect their money.
In the Foreword to the strategy, Home Secretary, Suella Braverman spoke of the need for coordinated collaboration between the police, the public and private sectors, as well as allies abroad. In your opinion, what is the most important component of a successful fraud strategy? Conversely, what hinders or can negatively impact the strategy, or a fraud investigation?
Intelligence sharing between the public and private sector and international arena is nothing new. The fact that, in 2023, we’re still talking about better intelligence sharing shows how far behind we are. From an investigator’s point of view, the mechanisms already exist for effective intel sharing. We have the National Crime Agency, which does a lot for police forces when they’re investigating abroad.
For example, if I was investigating bank accounts or looking to get an IP address, we have Financial Intelligence Units that can act in the international arena. We have the Financial Action Task Force for money laundering.
We need to look at how this affects investigators, and how we can make their jobs easier.
I know they’ve assigned an MP (Member of Parliament) with the role of Anti-Fraud Champion [Anthony Browne, MP], which is fantastic, but I think it needs to be more effective than just naming someone a champion.Is giving this role to one MP enough? How is he going to do that amongst his constituency work, and other responsibilities? (Read more about the UK’s Anti-Fraud Champion, Anthony Browne here).
Fraud accounts for 40% of all crime, 80% of that fraud is cyber. If this was burglary (or firearms), I can guarantee there’d be more press, and people would understand what steps the government is taking, and people would be more educated.
Paul Stratton, financial crime trainer and apprenticeship coach.
But, for some reason, fraud is just not considered as severe. It’s almost perceived as a sort of invisible crime, where a lot of victims may report it but be too embarrassed to tell people about it.
For example, with romance fraud, many people may think the victim has brought it on themselves and should have been wiser.
I don’t like the term ‘money mules’; I call them money movers. I also don’t like the word ‘scam,’ people do not ‘fall for scams.’ They are defrauded by criminals.
People may have a lack of empathy when they hear “falling for a scam,” and think how could they send £500 pounds to someone they’ve never met? Well, that’s the way of the world now – that’s how we meet people in 2023. We’ve moved on; we’re probably one or two generations away from a full understanding of the impact of social media.
People now spend their lives online; on LinkedIn, on Instagram, everything’s done over email, if someone even rings you now, you think there’s a problem.
I think it’s the same with fraud and understanding the full effects of it. I don’t think we’re going to get over the “How could they fall for that scam” for a couple of generations because people just think, “Well, I met my partner in person or I still bank in branch,” and it doesn’t work like that. Those days are gone.
It’s for the same reason that people don’t like to be called “victims.” In the police, we call them complainants because they are complaining about a crime.
Words matter.
Apparently, just 1% of police resources are dedicated to tackling fraud, despite fraud accounting for 40% of all crime in the UK. Why do you think fraud is such a neglected area?
Action Fraud has had a lot of bad press, and I don’t think people actually understand what they do. Not to diminish their work at all, but Action Fraud is like a call center and data warehouse. People call up and make a complaint; they’re not staffed by experts, or detectives or fraud experts.
What hinders the effectiveness of Action Fraud is that we don’t tell people what Action Fraud is or manage people’s expectations enough to say that the complaint may not be investigated. So, when they get a letter a few weeks later, saying that the complaint is not being investigated, with no explanation, it’s tough. Whether it’s £50 or £5 million, you deserve a reason why the suspected crime isn’t being investigated, and you would get that if you were assaulted, for example. [Action Fraud will be replaced in Q2, 2024 with a new division. Read more about how it fits into the UK’s wider fraud revamp here.]
Paul Stratton and his little brother dressed up as characters from the hit 80’s TV show, Chips.
Apparently, just 1% of police resources are dedicated to tackling fraud, despite fraud accounting for 40% of all crime in the UK. Was that your experience when you were working in the police? Why do you think fraud was such a neglected area?
Action Fraud has had a lot of bad press, and I don’t think people actually understand what they do. Not to diminish their work at all, but Action Fraud is like a call center and data warehouse. People call up and make a complaint; they’re not staffed by experts, or detectives or fraud experts.
What hinders the effectiveness of Action Fraud is that we don’t tell people what Action Fraud is or manage people’s expectations enough to say that the complaint may not be investigated. So, when they get a letter a few weeks later, saying that the complaint is not being investigated, with no explanation, it’s tough. Whether it’s £50 or £5 million, you deserve a reason why the suspected crime isn’t being investigated, and you would get that if you were assaulted, for example. [Action Fraud will be replaced in Q2, 2024 with a new division. Read more about how it fits into the UK’s wider fraud revamp here.]
And that understandably has an impact on future reporting habits?
Of course, people just won’t bother reporting fraud. For years, victim support has been around the physical: assaults, sexual offenses, murders. But what do we do for people suffering financial and emotional loss because of romance fraud? Not enough.
What most hinders an investigation, however, are the low numbers of staff, and inadequate training. Officers, detectives, and investigators all need to be trained, whether that’s in document fraud, cybercrime, or how to find an IP address from an email. Unfortunately, this is not always the case in the public sector, with local authorities. Although this is being changed with the recent Counter Fraud Investigator Apprenticeship.
I suppose if complainants believe they are unlikely to receive any of the stolen funds back, then this would also have a knock-on effect in reporting rates?
Yes, you’re right, the ease with which Proceeds of Crime (stolen funds) can be moved around into multiple bank accounts is scary. A lot of people may think that if it’s only £100, they won’t report it, because they’re not going to get their money back, and it’s more effort than it’s worth.
Once that money is spent, even if the perpetrator is caught, it’s very difficult to get it back.
Let’s say the perpetrator resides in the UK, and you get them, the likelihood is they’re doing it for a reason: because they have no money or they’re greedy, so they’ll just spend it. It may not bother them if they get convicted, because they’re not going to get a job where they need a DBS check anyway.
Regardless of how much money has been lost, that shouldn’t necessarily factor into the decision to a) report it, and b) investigate it. We must look at harm. Unfortunately, currently, Action Fraud just does not do that.
The fraud strategy has earmarked £100 million for additional police resources. Is that enough?
No, it’s not; we lose millions of pounds every day to fraud. Again, it’s not the amount, it’s where it’s going.
Putting maybe one more detective into a fraud squad will take the pressure off, and really help get more positive outcomes, but I think there needs to be real education, and refresher courses on, for example, the blockchain. Can some of the money be used to procure external services, and bring someone in to talk about it? We just don’t know. Can we bring experts in to help the police with investigations, because we don’t know everything.
Of course, there’s a balance to strike, and you don’t want to saturate people with information on fraud and get people scared. Perhaps the best approach would be to properly publicize new fraud initiatives that show how the money is being used. Help teachers get training on fraud prevention, train doctors in how to deal with the mental health ramifications of fraud.
Education is a recurring theme, as is responsibility. Responsibility of the government to educate people, responsibility of victims to report complaints. What about companies and service providers, where does the responsibility lie there? What role will technology, and in particular KYC and identity verification services, play in the future of fraud prevention?
They bear a huge responsibility, don’t they? Having recently been onboarded by a company, it’s all completely digital now, isn’t it? One of the cases I dealt with before I left the police was with a new online bank, where a lot of criminals were using their friends’ photographs, passports and licenses to open bank accounts.
Knowing Your Customer (KYC) is everything really. And, it’s not just knowing your customer, it’s knowing your applicants, and knowing your staff. It’s having all these things in place, especially in recruitment, as document fraud is rampant, so it’s a huge responsibility.
You’ll have KYC specialists in banks, but what about the public sector and other private companies? In recruitment, for example, you’re relying on recruitment staff – are they getting the training they need? Are they all aware of the threats of fraud? Do they understand what KYC is?
I can only speak from the public sector, but the public sector and local authorities can learn a huge amount from banks and a huge amount from the private sector.
From a fraud investigator’s point of view, I think it’s going to get harder and harder, because long gone are the days where an applicant or consumer must come to a business, and if you’re opening a bank account nowadays, it’ll be online, and you don’t have to see anyone.
I don’t envy KYC staff – let’s put it that way. It’s not a job I’d like to do; there’s a lot of risk on their shoulders to develop, keep themselves regularly updated.
In this technological age, it’s also important to remember that fraud is about people as much as it’s about AI and machine learning. Someone must press that button at the start, and someone must be a victim at the end.
If you’re interested in more insights from industry insiders and thought leaders, check out one of our interviews from our Fintech Spotlight Interview series below.
