First published on Thomson Reuters Regulatory Intelligence on 15 July 2019.

This third article of a series on cryptoassets focuses on personal account dealing (PAD) policies and procedures. This topic is important not only for firms themselves but also for individual staff who have entered into or are considering entering into cryptoasset transactions on their own behalf.

Recap: what is personal account dealing and how is it controlled?


Broadly, PAD involves dealing in specified investments (e.g. selling, purchasing, exercising options in relation to, etc., specified investments (e.g. shares)) by an individual engaged by or on behalf of an FCA-regulated firm that carries out Markets in Financial Instruments Directive (MiFID) and/or designated investment business where the individual deals for their own account; i.e. not acting in their professional capacity. This also includes advising or procuring others to enter into a trade which, if the individual entered into it, would be personal account dealing.

Firms conducting MiFID and/or designated investment business are required to establish adequate arrangements to prevent individuals from entering into personal account transactions which would involve :

  • committing market abuse;
  • improperly using confidential information; and/or
  • behaving in a way which creates a conflict with the duty the firm owes to its clients.

Generally firms maintain a PAD policy setting out what individual dealing by staff is permissible and what is prohibited; any necessary processes which may apply to dealings by staff (e.g. consent prior to dealing); and sanctions for breaches.

The UK PAD rules are to be found in the FCA's Conduct of Business Sourcebook (COBS) (in particular COBS 11.7 and 11.7A), which incorporates various requirements from EU legislation.

Will cryptoassets be within scope of existing PAD policies?

Cryptoassets that have the characteristics of specified investments as set out in the Financial Services and Markets Act 2000 (FSMA) Regulated Activities Order 2001 (RAO) should be treated in the same way as more traditional investments i.e. within scope of the firm's PAD policy.

Determining the characteristics and consequent categorisation of cryptoassets is not, however, straightforward. Some cryptoassets may change in nature during their existence. While a detailed analysis of this assessment is outside the scope of this article, it is broadly accepted (e.g. by the UK Cryptoassets Taskforce, the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA) – albeit with minor variations in labelling) that there are three categories of cryptoassets:

  • Security tokens: these confer rights such as ownership or entitlement to a share in future profits. These will meet the criteria of a "specified investment" under the RAO.
  • Utility tokens: these may be redeemed for access to a specific product or service. These will likely be outside the regulatory perimeter unless they are structured in such a way as to constitute e-money.
  • Exchange tokens (more popularly known as cryptocurrency e.g. bitcoin): these are usually a decentralised tool for buying and selling goods and services without traditional intermediaries; they will usually fall outside the perimeter unless they are structured in such a way as to constitute e-money.

It should be noted that the regulatory treatment of such assets is subject to change: in the UK, HM Treasury will be consulting later this year on cryptoassets currently outside the perimeter.

Should PAD policies be extended to cover cryptoassets currently outside the perimeter?

In assessing whether to extend PAD policies, firms will wish to consider the following factors:

  • the benefits of simplicity in preventing accidental breaches by staff who may not have considered whether particular cryptoassets might come within PAD scope, or of greater clarity for those who may have misunderstood the nature of particular cryptoassets;
  • enhanced protection against reputational risk by preventing undesirable behaviours that would otherwise not technically breach the PAD policy, but could fall below the expectations of clients or the markets;
  • future-proofing against potential expansion of the regulatory perimeter in relation to cryptoassets.

In early 2018 several banks reportedly introduced controls on staff transactions in cryptoassets and cryptoasset-related activities. These ranged from outright bans, to controls aligned to those in place for PAD in more traditional financial instruments. The nature and scope of a firm's business, considered in the context of the behaviours targeted by the PAD rules, will be relevant in considering whether their PAD policy should cover cryptoassets currently outside the regulatory perimeter.

Firm-specific considerations


Oversight of PAD restrictions by compliance/line managers

Banks that choose to extend the scope of their PAD policies will need staff responsible for reviewing requests to deal in cryptoassets to have sufficient knowledge to assess the nature of the assets and apply the relevant policy.

They will also wish to consider whether there is a need for refresher training for staff on PAD policies with a particular focus on cryptoassets.

Just assessment of potential PAD breaches in an unclear regulatory environment

Banks will wish to give careful thought to assessing past and future PAD in cryptoassets in the context of their existing PAD policies. Some staff, for whom cryptoasset trading may be particularly attractive and accessible, may not appreciate that the PAD policy might apply to such activity. In making such an assessment, the regulatory guidance available at the time of trading, together with any internal training or guidance provided by the bank, will be of relevance.

Individuals within banks who are subject to the PAD policy will also be subject to the FCA's Code of Conduct. A deliberate or careless failure to disclose dealings where disclosure is required by a PAD policy may constitute a breach of the Code and suggest a lack of integrity, due care or proper standards of market conduct (see COCON 4.1.1(11) and COCON 2.1). The application of provisions concerning proper standards of market conduct will be considered more fully in the final article in this series on cryptoassets.

Investment firms

Oversight of PAD restrictions

The considerations described above in relation to banks are also relevant to investment firms.

Assessment of PAD breaches

Some investment firms are already within scope of the SMCR; the remainder will be subject to the SMCR from December 2019. To the extent the SMCR is applicable, the considerations concerning the Code of Conduct will be similar to those described above, however the Code applies more narrowly in relation to investment firms (COCON 1.1.7AR). Careful consideration will need to be given to the specific circumstances of any dealing that is in question.

For investment firms that are still under the Approved Persons Regime, approved persons must act with integrity, due care and skill, and must observe proper standards of market conduct in carrying out their accountable functions (FCA APER Statements of Principle 1 and 3). FCA guidance indicates that an approved person must be personally culpable for breach of a statement of principle to be established; this may be the case where the conduct was deliberate or the standard of conduct was below that which would be reasonable in all the circumstances (APER 3.1.4G).

While investment firms are likely to have a number of approved persons, particularly individuals holding the customer dealing function (CF30), the coverage of the Approved Persons Regime is limited, unlike the Code of Conduct of the SMCR.

In preparing for the SMCR, investment firms will wish to consider the potentially broader application of PAD restrictions.

Cryptoasset exchanges

Exchanges which do not offer facilities to trade in "security tokens" are unlikely to fall within the regulatory perimeter currently, albeit that could change in future. So should operators of cryptoasset exchanges consider introducing a PAD policy?

Both traditional stock exchanges and cryptoasset exchanges make money from dealing fees – essentially accruing small amounts across high volumes of transactions. Transaction volume through an exchange – whether a traditional exchange or a cryptoasset exchange – is in large part dependent on participants' confidence in the trading venue.

While cryptoasset exchanges and more traditional trading venues share many of the same risks, there are some significant differences. Most cryptoasset exchanges perform asset custody functions (sometimes holding the private key to participants' assets that the exchange holds in wallets) and many offer end to end services, therefore undertaking a range of roles which in traditional trading venues are performed by independent parties. This may give rise to some unique risks and conflicts of interest which need to be, and to be seen to be, managed for trust in the cryptoasset exchange to be maintained.

On May 21, 2019, the FCA announced that reports about cryptoasset and forex related scams had more than tripled from the year before, with more than £27 million reported lost. It particularly pointed to fake online trading platforms. Fraudulent activity can have an impact on the public's perceptions of legitimate operators.

Modelling some of the regulated sector's controls may help to reassure clients that they can place their trust in the exchange – a PAD policy could be one element which cryptoasset exchanges might want to consider.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.