Mon, Feb 12, 2024

Balancing Innovation and Responsibility: The Customer Appropriateness Assessment and Crypto Assets

Crypto firms have experienced the evolving journey that is the UK regulatory framework this year. Most recently, back in October 2023, we saw the FCA place restrictions on how crypto assets are marketed to retail consumers.

One key element of this new regulatory landscape (at least for crypto firms) is the application of the appropriateness test to qualifying crypto assets. This is a crucial tool employed by the FCA to require firms to assess whether financial products or services are appropriate for individual investors when purchasing certain “complex” investments without advice (otherwise known as a “non-advised” transaction in this context).

In a nutshell, the assessment does this by requiring a firm to ask its customers questions about their knowledge and experience so that the firm can then decide whether proposed transactions are appropriate for each customer. In the event the assessment determines that a customer does not have the requisite knowledge and experience, the firm must warn the customer before any transaction can take place.

The FCA’s purpose here is clear, to promote consumer protection. One aspect that is interesting, and of specific note for crypto firms, is that we have been here before, with similar measures previously being applied around peer-to-peer (P2P) investments and contracts for difference (CFDs). So, this is a well-trodden path with learnings aplenty.

Indeed, many of us within the Regulatory Consulting team have firsthand experience of the regulatory development and application of the appropriateness test, putting our team in a good place to understand some of the pitfalls that can come with misinterpretation of the requirements.

We have therefore used this insight to share some of the common areas where firms can fall short of regulatory expectations when designing and applying the assessment of appropriateness.

Obstacles to an Effective Appropriateness Assessment

Customer Categorization

Before subjecting customers to the appropriateness test, crypto firms must categorize them correctly and in line with the FCA rules for categorization. The FCA distinguishes between retail customers, professional customers, and eligible counterparties.

Retail customers, typically individual investors, receive the highest level of regulatory protection. Professional customers, such as institutional investors, have a presumed higher level of financial expertise and therefore receive less protection under the UK regulatory framework.

In the past, the FCA has noted instances where firms have failed to correctly categorize customers, meaning they do not receive the benefit of regulatory assessments, such as appropriateness. We believe crypto firms can learn from this and should therefore consider their take-on process to ensure they are robust so that customers are being correctly categorized. The FCA is understandably interested in this step, because if it isn’t working properly, it undermines the down-stream processes.

Ineffective Scoring System

The heart of any assessment is the scoring that sits behind it, as this drives the pass/fail outcome.

We have seen appropriateness assessments that assign too much weighting to items that, objectively, are unlikely to be a significant aspect of a customer’s knowledge or experience, such as age or current wealth status.

What is more important is setting out questions which will assess whether the customer understands what they are buying (e.g., a crypto asset), how they are buying it (e.g., non-advised) and the risks or disadvantages each of these elements bring.

Another area where scoring can be disjointed is when seeking to understand and measure the customer’s education or professional credentials. While the rules mandate that, to the extent appropriate, information on these factors can be relevant, we think that firms should be clear on materiality, in both cases applying a healthy dose of professional scepticism.

For instance, does a customer who holds a degree in mathematics really understand the nature and risks of buying crypto assets using a non-advised service? Maybe, but without the collection of further information to validate this, we would suggest caution should be applied when scoring such an answer highly in favor of the customer’s education, suggesting knowledge and/or experience.

Responsibility for the Assessment

Another common area of misunderstanding is around who is ultimately responsible for the assessment. If we look closely at the wording of the rule, we find it is unambiguously “the firm” who is responsible2

Therefore, firms that shift the responsibility back towards the customer, unintentionally or otherwise, are likely to risk being seen as in breach of the appropriateness rules and, under Consumer Duty obligations, potentially regarded by the FCA as not acting in good faith.

Therefore, boxes that require the customer to tick to indicate they have the required knowledge and experience and that they understand all the risks (or words to this effect) are unlikely on their own to be seen as meeting the bar required by the FCA. This was a point of non-compliance, noted by the FCA when looking at how CFD firms assessed appropriateness, and from our own experience with our clients, we do still see examples of this practice.

It’s worth keeping in mind that fundamentally any “assessment,” as the name suggests, requires one party to collect relevant information and to then make a determination based on that information—the ticking of a box does not meet this generally accepted definition. Firms relying on such a customer affirmation should reconsider their responsibilities under the rules to the (potential) customer.

Implication of the Assessment

If the customer fails the assessment, the firm is required to provide a warning. It is here that we often see the most challenges for firms, both historically and now.

A common mistake is providing a warning that is not sufficiently tailored to the product and service. If a warning is to be effective, it should be capable of helping the customer to make an informed decision regarding next steps. However, the warning must not cross from providing information to giving the impression that regulated advice has been given on the suitability of the transaction. There is a careful line that must be assessed.

We also appreciate from working with crypto asset service providers that this part of the assessment brings the challenge of balancing access to crypto assets with acting in the best interests of the customer.

For instance, in the event of the customer failing the appropriateness assessment, the rules do not prevent the firm from transacting for the customer (providing the warning has been issued) but they also guide the firm, when considering next steps, to think about the customer’s best interests2 . So, the question for the firm becomes “Do we allow them to buy or not?” when they have failed the assessment.

We believe a balance is achievable by using positive frictions to allow the customer time to pause and reflect on the purchase. We know from the Consumer Duty that the FCA wants firms to think more about how positive frictions support customers’ decision-making generally, thereby supporting good outcomes, and such measures have been implemented into the new rules for crypto asset firms marketing to retail consumers.

For example, customers can be provided with more information, such that their knowledge level is enhanced, and they are allowed to re-take the assessment again in a few days. This creates a natural pause in the sales process, which allows the customer time to think and reconsider.

Customers that then re-take the assessment and fail a second time, could then be allowed to proceed (with the appropriate warning) or, alternatively, the firm may deem that crypto assets, coupled with a non-advised service, are not for the customer on this occasion.

As we noted earlier, the appropriateness rules don’t extend an obligation for the assessing firm to not proceed with the transaction in this instance, meaning this decision ultimately sits with them. That being said, firms should always be mindful of the optics of such a decision, especially when the best interests of the client are also factored in.


The appropriateness test is now a critical component of the regulatory framework governing crypto firms in the UK. By ensuring that investors possess the necessary knowledge and experience, the FCA aims to strike a balance between fostering financial innovation and protecting market participants.

Crypto firms must navigate these regulatory requirements diligently and carefully. We have already seen the regulator wasting no time in baring its teeth to crypto asset firms. In October 2023, they issued 146 alerts about crypto asset promotions on the first day of the new regime.

In the past, the FCA has looked at the way different sectors apply the appropriateness test, and results have not always been positive. We think it is highly likely that the customer journeys for firms offering crypto assets will be under the spotlight in 2024. Firms should ensure they are ready to demonstrate that good outcomes sit behind their assessments of appropriateness.

How Can Kroll Help?

We have experts who have both supervision and policy experience of the appropriateness assessment process. We have also worked with a number of clients in the P2P, banking and crypto sectors to help them design their assessments so that they remain compliant and commercially viable.



1FCA Dear CEO Letter – Customer take on review in firms offering Contract for Difference Products, 2016
2COBS 2.1.1R