As cryptocurrency continues to gain traction in the UK retail and leisure sectors, businesses are increasingly exploring digital assets as a means of payment and customer engagement. From fashion and hospitality to e-commerce and entertainment, crypto is no longer a fringe concept. However, with this innovation comes a growing web of regulatory obligations that retailers must understand and address – particularly in relation to anti-money laundering (“AML”) compliance and the Financial Conduct Authority’s (“FCA”) implementation of the Travel Rule.
The FCA has made it clear that crypto is firmly within its regulatory parameter. Since October 2023, promotions of qualifying cryptoassets have been subject to the financial promotions regime. This means that any marketing must be fair, clear, and not misleading, with standardised risk warnings. But beyond marketing, retailers must also consider how they handle crypto transactions from a compliance perspective.
AML regulations are designed to prevent the misuse of financial systems for money laundering, terrorist financing, and other illegal activities. For retailers, this means implementing systems and controls to verify customer identities, monitor transactions for suspicious activity, and maintain accurate records. These obligations apply whether a retailer handles crypto payments directly or through a third-party provider. Importantly, using a crypto payment processor does not absolve a retailer of responsibility. Businesses must ensure that their partners are FCA-registered and compliant with AML standards.
Technology plays a vital role in meeting these obligations. Many retailers are turning to regulatory technology (“RegTech”) solutions that automate identity verification, transaction monitoring, and risk assessments. These tools help businesses comply with AML requirements efficiently while also reducing the risk of fraud and reputational damage.
A significant recent development is the FCA’s implementation of the Travel Rule, which came into force on 1 September 2023. This rule requires UK-based cryptoasset businesses to collect, verify, and share specific information about the sender and recipient of crypto transactions. The aim is to bring crypto in line with traditional financial systems, where such information has long been required for wire transfers.
For retailers, the Travel Rule applies when sending or receiving crypto payments across borders or involving third parties. The required information includes the name and wallet address of both the sender and recipient. For transactions above €1,000, additional details such as the customer’s address, date of birth, or national ID number must also be collected and shared.
If a transaction involves a jurisdiction that has not yet implemented the Travel Rule, UK businesses are still expected to collect and store the necessary information and assess the risk before proceeding. This ensures that UK firms remain compliant, even when dealing with international partners who may not yet be subject to the same standards.
The consequences of non-compliance are significant. Retailers that fail to meet AML or Travel Rule obligations may face FCA enforcement action, financial penalties, and reputational harm. In some cases, there may also be criminal liability. To mitigate these risks, businesses should conduct regular reviews of their compliance frameworks, ensure staff are trained on AML procedures, and maintain clear policies for handling crypto transactions.
In summary, the integration of crypto into retail offers exciting opportunities, but it also demands a proactive approach to compliance. By understanding and implementing AML and Travel Rule requirements, retailers can protect their businesses, reassure customers, and stay ahead of regulatory developments. With the right legal guidance and technology in place, crypto can become a strategic advantage rather than a regulatory risk.
Written by Matthew Burgess, paralegal in our Commercial and Private Client Litigation team.