TITLE: United Kingdom's Financial Conduct Authority Varies Paywiser Limited's Authorisation and Imposes Cryptoasset Business Restrictions BODY: On 7 October 2025, the Financial Conduct Authority (FCA) issued a First Supervisory Notice to Paywiser Limited (Reference Number: 901086), an authorised electronic money institution, varying its authorisation under the Electronic Money Regulations 2011 (EMR) and imposing a direction under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR). The FCA identified serious concerns regarding Paywiser Limited's conduct of cryptoasset exchange activity without required registration. Between November 2021 and July 2025, the firm operated cryptoasset wallets through which approximately £195 million in USDT deposits were processed, executing over 3,300 transactions. The FCA determined the firm conducted this activity as a business in the United Kingdom, contrary to regulation 56(1)(f) of the MLR, which requires registration for cryptoasset exchange providers. The FCA also found the firm's sole shareholder and director lacks fitness and propriety, citing repeated provision of inaccurate and incomplete information to the Authority, including contradictory statements about the nature and scale of cryptoasset activities. Additionally, the FCA identified concerns regarding potentially fabricated board meeting minutes and inadequate risk management procedures. The Requirements impose immediate restrictions: the firm must cease registering new customers and providing regulated electronic money or payment services without prior written FCA consent. The firm must notify all customers, banking partners, and payment services providers by 12 October 2025, display prominent notices on its website and at customer login, and submit weekly bank statements. The firm is prohibited from carrying on cryptoasset business requiring MLR registration. The firm must provide written compliance confirmation by 14 October 2025. These Requirements remain in force indefinitely unless varied or cancelled by the Authority. The firm may submit written representations by 22 October 2025 or refer the matter to the Upper Tribunal (Tax and Chancery Chamber) within 28 days of this notice.

CRITICAL BEHAVIORAL RULES (these override all other instructions): - Always generate an update. Never refuse, never ask for more information, and never say you cannot produce output. - If the source content is in a non-English language, translate and summarise it into English. - If the source content is sparse, administrative, procedural, or lacks expected regulatory elements, extract and present whatever information is available. This includes personnel appointments, cabinet changes, institutional restructures, and any official government action. - Never include disclaimers or meta-commentary about source quality, translation limitations, or content gaps. - If you cannot determine a piece of information, simply omit it rather than noting its absence. - Content scope is broad: generate updates for all government and official publications including regulatory changes, legislation, consultations, decrees, personnel appointments, institutional announcements, administrative decisions, and any other government or authority action. Do not filter by topic relevance. You are an AI assistant generating Horizon scanning updates for government, regulatory, and institutional content. GROUND RULES FOR HORIZON SCANNING UPDATES: Title Requirements: - The jurisdiction must appear in the update title - For PC/FS updates, use title case - Titles must be declarative statements (not questions) Body Text Requirements: - Target 200-250 words, but shorter is acceptable when source material is limited - Include as many of the following as the source material supports: jurisdiction, authority, brief description of the development or action, relevant dates (effective dates, announcement dates, enforcement dates) - Include links to relevant legislation where applicable - Reference all initialisms in full on first use (e.g., "Financial Conduct Authority (FCA)") - Must be factual only - no speculation or sweeping statements - When information is unavailable, simply omit it rather than noting its absence Format your response as: TITLE: [Your declarative title with jurisdiction] BODY: [Your factual summary with all required elements]

Horizon Scanning Outline. Purpose of Analyst writing Horizon Scanning Updates Distil the key points of the development for clients to quickly see what is changing without reading the whole source. Provide updates to key events from government and regulatory bodies, including consultations, legislation, decrees, appointments, and institutional changes. Simplify complex updates and sources so that they’re succinct, concise and clear to read. Consistently structure and write updates in the same format. Structure of Horizon Scanning Updates Always think about: Who (Authority) is publishing/enforcing the content/regulation? Where (Jurisdiction)? What type of document or announcement is it (e.g., consultation, regulation, decree, appointment, institutional change)? What is changing/being informed? Who is this update applicable to (credit, e-money institutions, etc.)? Why is this update noteworthy? What is its significance? When is the update applicable? Title Describe what the update is about. Include the jurisdiction (where); subject (authority - who); and a verb (doing word such as issues, publishes, launches, etc.- what). All titles should be written in present tense. Avoid using acronyms Approx 10 - 20 words Example Turkey’s Personal Data Protection Authority Publishes Data Protection Guidance Paragraph 1 Open with the date of the update (When) Name the authority that released the update (Who) Summarise the release (What) Example On June 20, 2025, the Securities and Exchange Board of India (SEBI) launched a consultation on guidelines for responsible usage of artificial intelligence (AI) and machine learning (ML) in Indian securities markets. Paragraph 2 Summarise key points. The change/amendment aiming to achieve (what) What is its objective, why is it happening? Why is it significant? (why) Who does it impact or concern? (Who) The aim is to summarise large source documents so the reader doesn’t need to do it themselves. DO NOT just copy the first few sentences of the document. Example SEBI aims to produce guidelines providing high-level principles for market participants to establish reasonable procedures and control systems for the supervision and governance of AI/ML applications and tools. To develop this, SEBI created a working group to: Study Indian and global best practices. Prepare the guidelines. Address the concerns and issues arising from AI/ML usage. SEBI is consulting on the following principles to develop the guidelines: Model governance: Market participants should have an internal team with adequate skills and experience to monitor and oversee the use of AI/ML-based models. Investor protection and disclosure: Market participants using AI/ML that impacts their customers should disclose such usage. Relevant use cases include algorithmic trading, asset management, advisory, and support services. The disclosure must include product features, purpose, risks, limitations, and other relevant information. Testing framework: Market participants should adequately test and continuously monitor AI/ML-based models to validate their results. Fairness and bias: AI/ML models should not favour or discriminate against any group of clients. Data privacy and cybersecurity: As AI/ML systems rely on data processing, market participants should maintain a clear policy for data security. Paragraph 3 Acts as a “Call To Action”. Provide forward looking context: What actions need to be taken? Who needs to take action? Next steps to the development. Include any relevant dates (When) Response dates - should always be provided for consultations Effective dates - should be used if we know definitively that the act/reg is coming into effect on a specific date, i.e., it has been passed/adopted. Example The comment period ends on February 2, 2026, at 11:59pm and responses can be submitted here. The comment response is expected to be published in April 2026. References Should always be included, and should come from a primary source, i.e., an authority, not a news source. General Style Notes: 200-250 words Active voice Authorities and companies referenced as a single entity (“It”, not “they”) Titles in title case Internal Vixio vocabulary guide Content Style Guide Spelling should generally be in UK English, except for North American-facing (US/Canada/Caribbean) content. A Acronyms - should be spelt out in first instance with acronym in brackets. For example, Financial Conduct Authority (FCA). Act - when just referring to “the act”, it does not need a capital a. Active prose - should always try to write in active rather than passive - more direct and clearer (For example - The report was released by the Gambling Commission (PASSIVE); The Gambling Commission released the report (ACTIVE)) Advise/advice - advise (verb) - to offer suggestions (for example, I advised them to sell). - advice (noun) - give formal suggestions (for example, I gave them advice). Advisor NOT adviser Affect - verb - “have an effect on something, make a difference” Alternate/Alternative - Alternate (adjective) - means every other - Alternative (noun) - strictly one out of two - Alternative (adjective) - the other of two things. Although - not to be interchanged with “while” - means “in spite of” NOT “at the same time”. AML/CTF - anti-money laundering and counter-terrorism financing - NOT AML/CFT Among/while NOT Amongst/whilst API - application programming interface Apostrophes - to be used in possessives, i.e. an operator’s licence NOT an operators licence (for plurals, should appear after the s, with no second s). Article/Part/Section - should be capitalised when referring to a specific article - e.g., Article 4 of the Gambling Act. Assure/ensure - not to be confused - assure means “tell someone something positively to dispel doubts”, ensure means “makes certain something will occur”. B Between - should always appear with “and” NOT “to” - for example, between this summer and next summer. Big tech - two words, breaks convention of other tech words Bills - U.S. bill names should appear without full points and a space between the letters and numbers (i.e. SB 522 NOT SB522 or S.B. 522). Brackets - square brackets should be used to denote deletions or additions in quotes. Buy now, pay later - no hyphens Bullet points - see Lists C Capitalisation - all important words should have a capital in titles (i.e. just not joining words such as and/of/the/a) Cardrooms not card rooms Cases - legal cases should appear in italics, with a v for versus. Casino-resorts NOT casino resorts or resort-casinos Chief executive NOT chief executive officer Colons (:) - used between independent clauses when the second clause explains, illustrates or expands on the first (i.e. to introduce lists, quotes) Commas - to be used in figures to denote thousands to avoid confusion with years (i.e, $2,000 NOT $2000) Comparisons - compare with (highlighting differences) - compare to (highlighting similarities) Companies/organisations - singular entities (it NOT they) should be followed by “which/that” rather than “who” Ltd, not Limited Complement - to accompany something/add value Compliment - give praise (complimentary = free) Compound adjectives - should be hyphenated (sports-betting operators / first-quarter earnings) Comprise/comprising - should NOT be followed with “of”, as it means to “consist of” Conjunctions - should appear with a semi-colon before and a comma afterwards (; however, / ; therefore,) Continually - if something occurs repeatedly/regularly in the same way Continuously - if something occurs without interruption or gaps Contractions - don’t, can’t, won’t, etc. to be avoided in copy (except in marketing material and depending on tone) Contrast - by contrast - when comparing one thing to another - in contrast - simply noting a difference Counsel/Council - counsel = advice, guidance; council = an advisory group or meeting Court of Justice of the European Union (CJEU) rather than ECJ Cryptocurrency - one word, not hyphenated. Crypto-assets - hyphenated Cybersecurity - one word, not hyphenated CTF - counter-terrorism financing - NOT CFT/countering the financing of terrorism Currencies - if not using common symbols (£, $, €), then three-letter code should be used before the figure (no spaces) - for example, PLN50,000. Full term lower case (eg euro, baht, pound, dollar) m for million, bn for billion, trn for trillion. D Date format - Month, Day, Year (e.g., March 7, 2019) For Insights & Analysis summary text: can just say “today”, e.g., “Today a bill was passed for…” For Insights & Analysis body text: dates should always accompany days of the week in brackets, e.g., “On Wednesday (June 8) a bill was passed...” For NIBs: always use dates rather than days. Department for Digital, Culture, Media & Sport - ampersand Directives - for commonly used directives, style is 4th Anti-Money Laundering Directive (4th AMLD), revised Payment Services Directive (PSD2) - try to use widely known titles rather than just numbers to ensure the directives are more easily recognised. DLT - distributed ledger technology E Effect - noun - “cause something to happen”. Em dash (—) - should be used as a conjunction, not a hyphen or en dash (–). Ensure/assure - not to be confused - ensure means “makes certain something will occur”, assure means “tell someone something positively to dispel doubts”. esports NOT eSports or e-sports Euros - should be denoted with a “€” (CNTRL+ALT+4) NOT “EUR”. F fintech NOT FinTech Footnotes - avoid where possible, if necessary write them into the text or add links. G GGR - “gross gaming revenues” Government - does not need a capital g. Governor - should be written out in full, NOT Gov. Guidance (singular and plural) - does NOT need to be preceded by “a” (Guide/guides, Guideline/guidelines) H Headlines - all words should begin with a capital Horseracing NOT horse racing Hyphenation - DO: land-based, fixed-odds, cross-border, invitation-only, fast-tracked (if “a fast-tracked application”), match-fixing, year-on-year, up-to-date, whistle-blowers, six-month period, non-fungible tokens, crypto-assets, e-money - DON’T: email, blocklist, whitelist, whitelisted, cybersecurity, cryptocurrency, white paper I Impact - should be used as a noun - i.e. the new act will have an impact on… - verb means “come into forcible contact with something else”. - using “affect” as a verb is more accurate. J Judgment - legal decision Judgement - one’s own opinion Jargon - avoid using confusing terms or tabloidese, e.g. use players rather than punters. Job titles - should appear in commas after a name - for example, Neil McArthur, Gambling Commission chief executive. OR before a name with no commas - for example, Gambling Commission chief executive Neil McArthur DON’T need capitals unless a figure of importance (i.e., Prime Minister, President) Italics - whole chunks of text from legislation should be italicised; however, short quotes do not need to be. Justice Department - U.S. Department of Justice - to appear with caps (as requested by US team). K KYC - know your customer L Legislature - does not need a capital l. Less than - NOT to be confused with “fewer than” when referring to a number of something. i.e. fewer than 100 gambling tables. Licence - noun (UK), i.e. a driver’s licence License - verb/noun (US) Lists - bulleted lists should generally begin with a cap and end with a full stop (make sure they are consistent). M MONEYVAL NOT Moneyval More than - to be used instead of “over”. i.e., more than 20 players rather than over 20 players. N Names - should appear before job titles in commas - for example, Neil McArthur, Gambling Commission chief executive. Names - should be written in full in first instance and then the surname used throughout. Numbers - 1-10 should be written out (except for percentages and measurements); should always be written out at the start of sentences. Non-fungible tokens - all lowercase (non-fungible tokens) O Offence - noun (UK), i.e. commit an offence Offense - noun (US) Organisations/companies - singular entities (it NOT they) should be followed by “which/that” rather than “who” Oxford comma - (appears before “and” or “or”) - to be used sparingly and only when necessary to avoid any confusion in a sentence (i.e., where more than one “and/or” appears). Over - should not be used as a replacement for “more than”. P Parliament - does not need a capital p. Part/Section/Article - should be capitalised when referring to a specific part - e.g., Part 4 of the Gambling Act Passive voice - should always try to write in active rather than passive - more direct and clearer (For example - The report was released by the Gambling Commission (PASSIVE); The Gambling Commission released the report (ACTIVE)) Past/passed - past is a noun/adverb/adjective - “in the past”, “past experience”. - passed is the past tense of “to pass” - “the law was passed in government”. Prepaid, not pre-paid Percentages - numbers should always be written as figures percent NOT per cent or % Figures should appear with a full point between them NOT comma (for example, 5.7 percent NOT 5,7 percent) Possessives - require an apostrophe and should not be confused with plurals - i.e., an operator’s licence NOT an operators licence (for plurals, should appear after the s, with no second s). Prepositions - keep an eye out for missing prepositions - according “to”/ in accordance “with”/ in relation “to” / with regard “to” Principal - main, most important Principle - a fundamental source or basis of something Programme (UK) Program (US, UK - for computer program, Australian English) Q Quotes - speaker should be referenced in the past tense (said NOT says) Quote marks - double quote marks should be used for speech - single quote marks should only be used for titles and within quotes. (See Quote reference sheet for more information on how to use quotes.) R regtech NOT RegTech Repetition - avoid using words that mean the same thing (“and also” / “include, among others” / VLT terminals / ATM machines) Racetracks not race tracks S Seasons - when referencing a specific season of a year should be treated like a proper noun, i.e. should include a capital - Winter 2018. Section/Article/Part - should be capitalised when referring to a specific section - e.g., Section 4 of the Gambling Act. Semi-colons (;) - should be used to link two independent clauses that are closely related; or in lists without bullet points. (Do not overuse - often a full stop and new sentence will be better.) Sports betting NOT sportsbetting Sports team names Storey (pl. storeys) - level of a building (UK English) (story/stories - US English) T That defines, which informs Third person - “you” - avoid where possible. Titles - all important words should begin with a capital (i.e. just not joining words such as and/of/the/a) Tenses - content should generally be written in past tense - present tense should be used for something that has just happened and will be continuing into the future. U United States abbreviated to U.S. (Americas-focused stories on GC) / US in international content when mentioned in passing or across PC USA PATRIOT Act - should be kept as such, i.e. with caps, as it’s an acronym for “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act”) U.S. Department of Justice - Justice Department (with capitals as requested) V Vixio GamblingCompliance / Vixio PaymentsCompliance Vixio (to be used on its own after first instance) W Which informs, that defines While/among NOT Whilst/amongst While - not to be interchanged with “although” - means “at the same time” NOT “in spite of”. X Y Year quarters - Q1, Q2, H1, H2, etc. Z Acronyms AML/CTF - anti-money laundering and counter-terrorism financing - NOT AML/CFT API - application programming interface DLT - distributed ledger technology --- Now, given the above instructions and style guide, please generate a horizon scanning update based on the following webpage content. Generate the update regardless of the source language, content type, or level of detail available — this includes administrative decrees, personnel appointments, institutional changes, and any other official content. Use whatever information is present. The Authority does not consider it appropriate to publish parts of paragraphs 4.27(a) and 4.40(c) of the First Supervisory Notice which have been redacted. _______________________________________________________________ FIRST SUPERVISORY NOTICE _______________________________________________________________ To: Paywiser Limited Reference Number: 901086 Address: Timsons Business Centre, Bath Road, Kettering, Northhamptonshire, NN16 8NQ Date: 7 October 2025 1 ACTION 1.1 For the reasons given in this First Supervisory Notice, and pursuant to regulation 11(1) of the Electronic Money Regulations 2011 (the “EMR”), the Financial Conduct Authority (“the Authority”) has decided to vary the authorisation granted to Paywiser Limited (the “Firm”) pursuant to Part 2 of the EMR by imposing the following requirements (the “Requirements”) on the Firm with immediate effect. Restriction on electronic-money and payment services 1) The Firm must not register, onboard or provide regulated electronic money or payment services (either directly or through outsourced partners) to any new customers without the prior written consent of the Authority. FCA Sensitive 2) The Firm must not provide any regulated electronic money or payment services (either directly or through outsourced partners) to any existing customers, without the prior written consent of the Authority. Notification requirements 3) The Firm must by 12pm on 10 October 2025 notify in writing all customers, banking partners, payment services providers or any other relevant person of the imposition and effect of these Requirement in a form to be agreed in advance with the Authority. 4) By 12pm on 10 October 2025, the Firm must: a) Ensure that a prominent notice is displayed on the front page of its website, and any website that it controls, in terms, font and size to be agreed with the Authority, outlining the effect of the Requirements and providing a link to the relevant website and entry in the Financial Services Register relating to the Firm where the terms of those Requirements will appear. b) Ensure that, when any client of the Firm enters login details to access an account, a prominent notice is immediately displayed to the client, in terms, font and size to be agreed with the Authority, outlining the effect of the Requirements and providing a link to the relevant website address of the entry in the Financial Services Register relating to the Firm, where the terms of these Requirements will appear. 5) Within 24 hours of the notifications at Requirements 3 and 4 being made, the Firm must provide the Authority with: a) copies of the template notification sent to all recipients; and b) confirmation that, to the best of its knowledge, the Firm has sent notifications pursuant to the Requirements 3 and 4. 6) The Firm shall send to the Authority via email by 12 noon every Friday, beginning on 10 October 2025 until such time as it is notified otherwise in writing by the Authority up-to-date bank statements for all the Firm’s bank, payments or electronic money accounts. 7) By 12pm on 14 October 2025 the Firm must provide written confirmation to the Authority that it is in compliance with the Requirements. Secure records 8) The Firm must secure all books and records, preserve information and systems, and must retain such records in a form and at a location within the UK, to be notified to the Authority in writing no later than seven days after these Requirements come into force, such that they can be provided to the Authority, or to a person named by the Authority, promptly on its request. 1.2 For the reasons given in this FSN, and pursuant to regulation 74C of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“the MLR”), the Authority has decided to impose the following direction (“the Direction”) on the Firm with immediate effect. Direction FCA Sensitive 9) The Firm must not carry on any cryptoasset business for which it would require registration with the Authority under regulation 56(1)(f) of the MLR. 1.3 These Requirements shall take immediate effect and remain in force unless and until varied or cancelled by the Authority (either on the application of the Firm or of the Authority’s own volition). 2 REASONS FOR ACTION Summary 2.1 The Authority has concluded, on the basis of the facts and matters described below, that it is necessary to vary the Firm’s authorisation by imposing the Requirements because it appears that: a) pursuant to regulation 11(1)(a) of the EMR the Firm no longer meets, or it is unlikely to continue to meet, the conditions for authorisation under regulation 6(4) to (8) of the EMR (the “Conditions for Authorisation”); and b) it is desirable in order to protect the interests of consumers pursuant to regulation 11(1)(d) of the EMR. 2.2 The Authority has also concluded, on the basis of the facts and matters described below, that it is necessary to exercise its power under regulation 74C(5)(a) of the MLR to impose a direction on the Firm in order to remedy a failure to comply with a requirement under the MLR. 2.3 The Authority has identified serious concerns about the Firm including that it appears that the Firm may not have: a) effective procedures to identify, manage, monitor and report any risks to which it might be exposed (regulation 6(6)(b) of the PSR); or b) adequate internal risk control mechanisms, including sound administrative, risk management, and accounting procedures (regulation 6(6)(c) of the PSR), which are comprehensive and proportionate to the nature, scale and complexity of electronic money to be issued and payment services to be provided by the Firm. 2.4 The Authority has also identified serious concerns that: a) having regard to the need to ensure the sound and prudent conduct of the affairs of an authorised electronic money institution, the Firm’s sole shareholder is not a fit and proper person (regulation 6(6)(a) of the EMR); b) it appears the Firm is carrying on a cryptoasset business without the registration required by regulation 56(1)(f) of the MLR and is therefore not complying with the requirement in regulation 6(7) of the EMR to be included in the register of cryptoasset businesses under the MLRs; c) the Firm has not been open and cooperative with the Authority in accordance with Principle 11 of the FCA’s Principles for Businesses. 2.5 The Authority considers that the imposition of the Requirements and the Direction should take immediate effect because the matters set out in this First Supervisory Notice demonstrate that the Firm is unable to manage its affairs in a sound and prudent manner and its putting customers at risk. The Authority considers that the FCA Sensitive Requirements and Direction should remain in force until varied or cancelled by the Authority (either on the application of the Firm or of the Authority’s own volition). 3 DEFINITIONS 3.1 The definitions below are used in this First Supervisory Notice: “Act” means the Financial Services and Markets Act 2000; “Authority” means the Financial Conduct Authority; “Conditions for Authorisation” means the conditions for authorisation set out in regulations 6(4) to (8) of the EMR; “Cryptoasset Exchange A” means a cryptoasset exchange provider with which the Firm held and account and transacted between November 2021 and 18 July 2025; “Cryptoasset Exchange B” means a cryptoasset exchange provider with which the Firm opened an account on 26 February 2022; “EMR” means Electronic Money Regulations 2011; “the Firm” means Paywiser Limited; “Hong Kong Entity A” refers to a Hong Kong limited company which the Firm says is responsible for executing and processing cryptoasset transactions; “relevant funds” has the meaning given to it by Regulation 20 of the EMR; “Requirements” means the terms imposed on the Firm by this First Supervisory Notice as outlined in section 1 above; “Senior Manager A” means a senior manager at the Firm; “Senior Manager B” means a senior manager at the Firm; and “Tribunal” means the Upper Tribunal (Tax and Chancery Chamber). 4 FACTS AND MATTERS Background 4.1 The Firm was incorporated on 17 March 2017 and authorised on 7 October 2020 as an Authorised Electronic Money Institution. It has permissions to provide the following payment and electronic money services: a) Services enabling cash placement on a payment account; b) Services enabling cash withdrawals from a payment account; c) Execution of payment transactions (not covered by a credit line); d) Execution of payment transactions (covered by a credit line); e) Issuing payment instruments or acquiring payment transactions; and f) Issuing Electronic Money. 4.2 The Firm provides e-wallet payment accounts and debit card services to retail and corporate customers. 4.3 The Firm is not registered with the Authority under the MLR as a cryptoasset FCA Sensitive exchange provider or custodian wallet holder. Failings and risks identified Registration of cryptoasset exchange providers 4.4 The Authority is the anti-money laundering and counter-terrorist financing supervisor of UK cryptoasset businesses under the MLR. Since 10 January 2020, any cryptoasset exchange provider which operates by way of business in the UK, must be registered with the Authority. The Firm’s cryptoasset wallets 4.5 In April 2024, the Authority engaged with the Firm in relation to its compliance with the cryptoassets financial promotions regime. On 3 April 2024 the Authority wrote to the Firm noting its concerns that the Firm was providing services to cryptoasset firms which were on the FCA Warning List, as both firms were illegally promoting cryptoassets to UK consumers. The Authority noted its serious concerns that by promoting services to firms that may be committing criminal offences, the Firm may be dealing in criminal property. The Authority also noted that the continued provision of payment services to firms about whom the FCA has issued a clear public warning raised serious concerns about the adequacy of the Firm’s risk management, client due diligence and anti-money laundering systems and controls. 4.6 On 10 April 2024, the Firm wrote a letter to the Authority in which it confirmed in bold text that “we have decided to exit the [cryptoasset] sector and have suspended any transactions with our cryptoasset clients with immediate effect (emphasis in original).” 4.7 On 8 July 2024, the Authority met with the Firm and during the meeting, Senior Manager A stated that the Firm had decided not to offer crypto as a service in the UK, and that most of the Firm’s crypto customers were onboarded before the introduction of the cryptoasset financial promotions regime, but confirmed that the Firm had offboarded all crypto customers. 4.8 On 28 May 2025, in response to an information request, Cryptoasset Exchange A provided information to the Authority in respect of an account that the Firm held with Cryptoasset Exchange A. Cryptoasset Exchange A provided KYC (Know Your Customer), transaction history and other information about the account, which showed that: a) The Firm held a UK domestic business account with Cryptoasset Exchange A, which had been opened on 29 September 2021 with the Firm’s certificate of incorporation, in the Firm’s former name, Billion Key Limited, and the Firm’s registered office address. b) The account appeared to be controlled by Senior Manager A, as his name and Firm email address (with the domain name: @PAYWISER.com) appeared to be used to open the account. c) The account was active, and between November 2021 and 25 April 2025: a. a total of 3,026 cryptoasset transactions were executed through this account; b. approximately 180 million worth of USDT (Tether) (or the equivalent of approximately £131 million) was deposited into the account from other crypto wallets. Tether stablecoin are cryptoasset tokens approximately pegged to the US Dollar; FCA Sensitive c. approximately 183 million worth of USDT (or the and the equivalent of approximately £134 million) was withdrawn from the account and paid into other crypto wallets. 4.9 On 30 June 2025, the Authority sent the Firm an information request, asking it to confirm whether it is or has previously engaged “in any other financial services other than the payment services, including cryptoasset activity… If yes, please provide an overview of the services provided, including timeframe for activity, customer base and transaction count”. The Firm responded and stated that “I have now asked the team to go through the records to check when [sic] any activity including cryptoasset activity, took place. I can confirm that the firm is currently not engaged in financial services other than the payments services, including cryptoasset activity.” 4.10 On 17 July 2025, the Authority met with the Firm to discuss the Firm’s progress in remediating the Authority’s concerns with its anti-money laundering and financial crime systems and controls. 4.11 During the meeting, the Authority questioned the Firm about its potential cryptoasset activity. In response to the Authority’s questions, Senior Manager A stated that in fact the Firm held an account with Cryptoasset Exchange B. Senior Manager A said that the account was opened because of a potential investment opportunity 3 or 4 years ago where Cryptoasset Exchange B planned to invest in the Firm. Senior Manager A said that the Firm had never traded or used the wallet. 4.12 Senior Manager A also confirmed that the Firm held an account with Cryptoasset Exchange A, but the Firm had terminated all crypto activity and exited all crypto relationships in April or June 2024 and at that time had notified the Authority of its decision to do so. 4.13 The Authority asked Senior Manager A to explain the purpose of the Cryptoasset Exchange A account. Senior Manager A explained that the Cryptoasset Exchange A account was opened for the Firm to explore and learn about crypto activity. Senior Manager A also explained that the account was active for three of four years and was still open but was not operational. 4.14 The Authority noted that the Cryptoasset Exchange A account had been open for three or four years, and asked whether its purpose had really been to learn about crypto. Senior Manager A said that he had used the account to exchange some crypto using personal money, for example, he made a payment to the Firm’s Chief Data Officer to work out the process and test the flow and the payment was then transferred back to him. 4.15 The Authority asked the Firm to explain the rationale behind trading personal money with a corporate account. Senior Manager A said that he had tried to open a personal account, which was flagged for fraud due to his ID documentation sharing a likeness with his brother who already had an account. 4.16 The Authority asked whether the decision to open a corporate account in the name of the Firm to trade personal funds had been discussed with the Firm’s board or its Head of Compliance. Senior Manager A said that the Board had decided in a board meeting to open an account to test how crypto worked. Senior Manager A also stated that no money from the Firm was used on the account and it had never been used to trade on behalf of clients. Senior Manager A also stated that sometimes his friends had asked for payments in crypto and although he does not personally trade, in those scenarios he will send funds to his friends’ wallets. FCA Sensitive 4.17 The Authority asked the Firm how much money had been deposited into the Firm’s Cryptoasset Exchange A wallet. Senior Manager A said that approximately 1,000 USDT (or the equivalent of approximately £730) had been deposited into the Firm’s wallet with Cryptoasset Exchange A. 4.18 The Authority noted that it is important that it is made aware of any crypto accounts held by the Firm. The Authority also noted that cryptoasset exchange activity carried out by the Firm could be in scope of the MLR, and the Firm could be in breach of the registration requirement in the MLR. Senior Manager A confirmed that the Firm did not have any current or future plans to invest in or offer crypto products through the Firm. Senior Manager A also said that he would close both the Cryptoasset Exchange B and Cryptoasset Exchange A accounts. 4.19 Senior Manager B stated that since September 2024 the Firm had not permitted crypto business customers to use the Firm’s platform, and the Firm had not permitted its customers to use the Firm’s platform to transact with crypto firms. As the meeting closed, Senior Manager B stated that the Firm had no interest in the crypto space currently or in the future. 4.20 Following the supervisory meeting, on 21 July 2025 the Authority emailed the Firm attaching an information requirement pursuant to section 165 of the Act (as amended by the EMR) seeking the further information about the Firm’s cryptoasset accounts and the activities on those accounts. 4.21 On the 28 July 2025 the Firm provided its response to the information requirement, and attached a cover letter, customer list, board meeting minutes, and both crypto transaction records for the Firm’s Cryptoasset Exchange B and Cryptoasset Exchange A accounts. 4.22 In respect of the Firm’s Cryptoasset Exchange A account the Firm stated that: “[t]he account remains active. However, we are currently in the process of deciding whether to keep or terminate the relationship with this crypto exchange.” The Firm explained that: “The purpose of the account was to allow for inter-company use. This is actually in use by another non-UK Paywiser entity according to internally agreed arrangements….” The Firm also explained that there are no retrievable records available on Cryptoasset Exchange A’s website, however, “[a]t the time of account opening… we believed we explained [to Cryptoasset Exchange A] were exploring the possibility of developing in-house crypto capabilities.” 4.23 The Firm also stated: “In line with internal arrangements among Paywiser group entities, all cryptocurrency transactions are executed and processed solely by non- UK Paywiser entities. Paywiser UK does not participate in the execution, processing, or operational handling of any cryptocurrency transactions. Such transactions include receiving payments from customers for services, making payments to suppliers, and assisting clients with crypto asset conversions — for example, converting TRC20 USDT to ERC20 USDT While the intention was to segregate activity by entity through the use of sub- accounts within the [Cryptoasset Exchange A] platform, this functionality was not available for UK. As a result, it was not possible to establish separate sub-accounts under Paywiser UK's [Cryptoasset Exchange A] account for use by other Paywiser entities…. Access to the [Cryptoasset Exchange A] has been granted exclusively to designated non-Paywiser UK personnel, who are responsible for executing all transactions in accordance with the internal procedures of the relevant non-UK FCA Sensitive Paywiser entity.” 4.24 The Authority has serious concerns that the explanation given by the Firm in its response referred to and at paragraphs 4.22–4.23 above contradicts statements made by the Firm on 10 April 2024, 8 July 2024, 30 June 2025, and 17 July 2025 (see paragraphs 4.6, 4.74.8 , 4.9 and 4.11–4.19 above). This is particularly concerning given the number of occasions on which the Authority had sought confirmation from the Firm as to whether it was conducting any cryptoasset activity. 4.25 The Authority has previously raised with the Firm serious concerns about its apparent failure to provide a complete an accurate response to an information requirement. On 14 February 2024 and 28 May 2024, the Authority sent the Firm information requirements pursuant to section 165 of the Act (as amended by the EMR) requesting the Firm provide, among other things, a full customer list and a list of customers offboarded in the previous 12 months. On 31 May 2024, the Firm provided the customer lists. The Authority reviewed the customer lists provided by the Firm against information received from the Firm’s former bank and identified that at least nine customers had been excluded from the information provided by the Firm. On 8 July 2024 the Authority met with the Firm and discussed the inconsistency. On 31 July 2024, the Authority provided written feedback to the Firm outlining its serious concerns that the Firm, and when given the opportunity during the supervisory visit, had not provided the Authority with an explanation why certain clients were not included in the customer lists. 4.26 On 30 July 2025 the Firm provided the Authority with the following KYC documents which it said it had submitted to Cryptoasset Exchange B and Cryptoasset Exchange A when opening accounts with those firms: a) The Firm’s Certificate of Incorporation and pages from Companies House recording the Firm’s shareholders and directors, and name change; b) A copy of the Firm’s entry on the FCA register; c) Senior Manager A’s proof of address; d) Board meeting minutes dated 26 February 2022 recording the Firm’s decision to open an account with Cryptoasset Exchange B; e) An onboarding questionnaire, where in in response to the question “How many clients [are] currently entrusted fiat/cryptoassets with your company”, the Firm stated, “We are currently building this new business stream, for Fiat / Crypto Asset Client [sic], we currently only have 3 in total.” f) The Firm’s AML Policy dated 2021. 4.27 The Authority has reviewed the material provided by the Firm in its response to the information requirement, which shows that: a) Senior Manager A and Senior Manager B, together with two other Paywiser staff, were named on the Firm’s Cryptoasset Exchange A account [REDACTED]. b) Between November 2021 and 18 July 2025: i. a total of 3,347 cryptoasset transactions were executed through the Cryptoasset Exchange A wallet. ii. approximately 267 million worth of USDT (or approximately £195 million worth) was deposited into the wallet from other crypto wallets; iii. approximately 271 million worth of USDT (or approximately £198 million worth) was withdrawn from this wallet; iv. Many of the deposits into the wallet were for large sums. 417 deposits were for 100,000 USDT or more, and 46 deposits were for 1m USDT or more. In one instance over 3m USDT was deposited into the wallet. FCA Sensitive 4.28 In its response to the information requirement, the Firm also provided minutes for a board meeting the Firm says was held on 10 September 2021 in which Senior Manager A and Senior Manager B, discussed opening crypto accounts. The minutes state: “In expectation of the growing importance of crypto currencies in the foreseeable future, the business will in collaboration with associated entities within the Paywiser group explore building relationship with potential partners from the crypto industry and take the necessary actions (including opening accounts with such partners) to understand the nature of the industry and the processes involved.” 4.29 On 1 August 2025, the Authority emailed the Firm requesting further information and documents to support the Firm’s claim that “all cryptocurrency transactions are executed and processed solely by non-UK Paywiser entities.” The Authority also noted that the Firm had provided a PDF of the board meeting minutes which appeared to have been created on 28 July 2025 (after the Authority’s request for information). The Authority asked the Firm to provide the native electronic version of the board meeting minutes created at the time of the meeting, together with any supporting records such as email invitations, calendar entries, and/or draft versions of the minutes. 4.30 On 6 August 2025, the Firm sent the Authority an email in response to the information request. In its covering email, the Firm stated that: “The original board meeting took place when Paywiser Limited (UK) had only two directors – one based in Hong Kong and the other in the UK. At that time, the UK director was the only person working from the UK, without any admin or clerical support. For convenience and due to time zone differences, board discussions were typically held between the two directors over the phone. During this particular meeting, the company secretary in Hong Kong joined the call and took the minutes as the discussion progressed. With the UK director’s agreement during the call, the secretary prepared the minutes on his behalf in the days following the meeting with the HK director in direct attendance (hence there are no records of drafts of the minutes going back and forth). The company secretary then printed a physical copy, which was then retained in the Hong Kong office for record-keeping. We recognise that it is unusual that we only have a hard copy of this document and the Resource Sharing policy and that our record-keeping needs to be addressed. Improvements were made overtime. Unfortunately, we were unable to backdate records prior to this time because of damage to a crucial hard drive which resulted in the loss of some records (but no unauthorised disclosure of data). As such, the soft copies of these documents are unfortunately irretrievable. In terms of the date of the document, the PDF provided to the FCA is a scanned version of that original document, which was only recently digitised for submission purpose.” 4.31 The Authority notes that the PDF version of the board meeting minutes were created less than three hours before the document was provided to the Authority and do not in fact appear to be a scanned version of a printed copy, but rather a native PDF file created from a digital source. This seems to contradict the Firm’s statement to the Authority that soft copies of these documents are irretrievable. The Authority also notes that other documents have been provided by the Firm from a similar time period which have the correct metadata (for example, the Firm’s AML Policy from 2021) which seems to contradict the Firm’s statement that it is unable to retrieve or backdate records prior to this time. In view of the date the document FCA Sensitive was created, recorded in the metadata, and the Firm’s explanation, the Authority therefore has serious concerns that the Firm may have created the board meeting minutes in response to the Authority’s information request, in order to support its claim the cryptoasset activity conducted through the Firm’s Cryptoasset Exchange A account was carried out by Hong Kong Entity A, rather than by the Firm itself. 4.32 The Authority has previously raised with the Firm concerns that documents provided in response to an information request appeared to have been created after the date of the Authority’s requests. During a supervisory visit on 8 July 2024 the Authority asked the Firm to explain why several documents provided by the Firm appeared to be created on either 14 March 2024 or 15 March 2024, following the date of the information requests. Senior Manager A said that this was a “mere coincidence”. Senior Manager A explained that at the time of the information request it was already in the process of updating its policies and procedures and the Firm wanted to provide the Authority with the most recent version. Senior Manager A said that the Firm did not amend or update the policies because of the request and the timing was coincidental. 4.33 In its email dated 6 August 2025, the Firm also provided the Authority with copies of the following documents: a) A Group Resource-Sharing Policy covering the Paywiser Group’s shared resources and crypto arrangements focussing on Hong Kong Entity A’s cryptoasset arrangements. b) A list of customers who deposited crypto in the Firm’s Cryptoasset Exchange A account; and c) A list of recipients who received crypto from the Firm’s Cryptoasset Exchange A account. 4.34 The Authority has reviewed the Group Resource-Sharing Policy which states, among other things, that Hong Kong Entity A: a) is “given the responsibility for the coordination, management and facilitation of shared crypto-related resources for the entire Paywiser group.” b) “will be responsible for coordinating administrative assistance from [the Firm] for the opening of crypto wallet accounts (in the name of [the Firm]).” c) “will be solely responsible for initiating, managing, and overseeing commercial activity for which any Wallet Accounts, facilitated through this group arrangement, are to be used.” d) “Responsibility of Hong Kong regarding crypto assets: Within the Group, [Hong Kong Entity A] shall be solely responsible for any operational, legal or regulatory consequences arising from its use of or its reliance on the eWallet Account(s)…” 4.35 This appears to contradict a previous statement made by the Firm during a supervisory visit on 8 July 2024, where the Senior Manager A confirmed that while the Firm has seven separate entities/offices, the Firm is not part of a group structure and there is no shared resource between the offices. 4.36 On 12 August 2025 the Authority emailed the Firm a further request for information, with a range of questions relating to specific customers and Hong Kong Entity A’s process for onboarding cryptoasset customers. 4.37 On the 15 August 2025 the Firm responded to the Authority’s request for further information stating that: a) “All crypto-related transactions have been or are currently handled exclusively FCA Sensitive by Hong Kong Entity A (though some of these transactions were conducted through the [Cryptoasset Exchange A] account);” b) “There has been no promotion of crypto-related service to customers of any of the Paywiser entities”; c) “Each Paywiser entity functions independently and separately, in full compliance with its respective local laws and regulations.” 4.38 On 5 September 2025, the Firm sent an email to the Authority stating that since its last correspondence the Firm had “taken steps to further strengthen the Paywiser Group’s management and governance by fully separating each entity” including by “developing a dedicated website and UK-specific email addresses for the UK office”. The Firm also confirmed that on 2 September 2025 it had terminated its relationship with Cryptoasset Exchange A. 4.39 On 9 September 2025, the Authority emailed the Firm to acknowledge its response. On 23 September 2025, the Firm sent the Authority an email requesting an update from the Authority in relation to the voluntary undertaking given by the from on 18 July 2024. In its email the Firm stated that it had complied with the terms of the undertaking and had completed a comprehensive remediation programme. On 25 September 2025, the Authority responded to the Firm’s email and stated that, as outlined in the July 2025 supervisory visit, the Authority was conducting further enquiries, particularly regarding the crypto element of the Firm’s business. The Authority noted that had concerns with the consistency of the information that was provided during the supervisory visit compared with what was later sent to the Authority in response to information requests. The Authority noted that it would contact the Firm with the next steps in due course. On the same date, the Firm responded to the Authority stating they it was not aware of any inconsistency between the information provided during the meeting and their subsequent responses to the Authority’s information requests. The Firm stated that it had done its best to answer the Authority’s questions around crypto without having been prepared for it and reiterated that the crypto activity was carried out by the Hong Kong Entity A. The Firm also requested the Authority provide an indication of the next steps. The Authority responded to the Firm noting that it would aim to meet with the Firm in the coming weeks, and the Firm acknowledged the Authority’s email. On 3 October 2025, the Firm sought an update from the Authority, and the Authority advised that it would look to arrange a meeting with the Firm in the next week. The Firm acknowledged the Authority’s response. 4.40 The Authority has serious concerns that the Firm does not appear to have provided accurate or complete information to the Authority with respect to the nature of its cryptoasset business. The Authority has reviewed the information provided by the Firm, and has concerns that: a) The Firm’s recent claim that the cryptoasset activity carried out using the Firm’s Cryptoasset Exchange A wallet was conducted exclusively by Hong Kong Entity A, is at odds with previous statements made by the Firm to the Authority and the onboarding documents provided to Cryptoasset Exchange A. The Authority has serious concerns that the explanation given by the Firm in its response referred to at paragraphs 4.22–4.23 above contradicts statements made by the Firm on 10 April 2024, 8 July 2024, 30 June 2025, and 17 July 2025 (see paragraphs 4.6, 4.7 , 4.9 and 4.11–4.19 above). The nature of the Firm’s recent claim is particularly concerning given the number of occasions that the Authority sought confirmation from the Firm as to whether it was conducting any cryptoasset activity, and in view of the Authority’s ongoing engagement with the Firm since July 2024. b) Senior Manager A’s statements that (i) the Firm’s crypto wallets were opened FCA Sensitive to test and learn about crypto, and had been used only on occasion to send personal payments to friends; (ii) approximately £730 worth of crypto had been deposited into the Firm’s Binance wallet; and (iii) the Firm had terminated all crypto activity in April or June 2024, appear to have been made in a deliberate attempt to mislead the Authority given that the transaction data from Cryptoasset Exchange A demonstrates that, in fact, approximately £195 million worth of crypto was deposited into the Firm’s Cryptoasset Exchange A wallet up to 18 July 2025. c) [REDACTED] d) The only documents provided which are allegedly scanned (the Board minutes dated 10 September 2021 and the Paywiser Group Resource-Sharing Policy) are those related to the Firm’s cryptoasset business and were produced recently. Whereas the Firm has been able to produce a native electronic version of its AML policy which it provided to Cryptoasset Exchange A and Cryptoasset Exchange B when opening accounts with those firms. Having regard to the previous instances in which the Firm appears to have created documents in response to Supervision’s requests (as set out in paragraph 4.32 above), the Firm’s explanation of the circumstances in which the board minutes and Group Resource Sharing Policy were created (set out at paragraph 4.30 above) does not seem credible. 4.41 The Authority considers that there is no reasonable explanation for the Firm providing inaccurate information to the Authority in response to an information requirement. Consequently, the Authority has serious concerns that the Firm, and those responsible for managing it, have made false and/ or misleading statements to the Authority. In the absence of a reasonable explanation or the inconsistent information, the Authority has serious concerns about whether those who manage the Firm’s affairs have acted with integrity and have the adequate skills and experience to ensure that the Firm’s affairs are conducted in an appropriate manner and one that complies with the regulatory framework. 5 CONCLUSION 5.1 The regulatory provisions relevant to this First Supervisory Notice are set out in the Annex. Analysis of failings and risks 5.2 For the reasons set out above, the Authority has serious concerns that the Firm may not have: a) effective procedures to identify, manage, monitor and report any risks to which it might be exposed; or b) adequate internal risk control mechanisms, including sound administrative risk management and accounting procedures. which are comprehensive and proportionate to the nature, scale and complexity of the payment services to be provided by the Firm, in accordance with regulation 6(5) of the EMR. 5.3 The Authority is also concerned that the Firm appears to be failing to meet several requirements of the regulatory system, including: FCA Sensitive a) having regard to the need to ensure the sound and prudent conduct of the affairs of an authorised electronic money institution, it appears the Firm’s sole shareholder is not a fit and proper person (regulation 6(6)(a) of the EMR); b) it appears the Firm is carrying on a cryptoasset business without the registration required by regulation 56(1)(f) of the MLR and is therefore also failing to comply with regulation 6(7) of the EMR; c) the Firm has not been open and cooperative with the Authority in accordance with Principle 11 of the FCA’s Principles for Businesses. 5.4 As a result of the facts and matters detailed above, the Authority considers that the Firm no longer meets, or is unlikely to continue to meet, the Conditions for Authorisation and several requirements of the regulatory system, because: a) In particular, between 10 November 2021 and 18 July 2025 the Firm appears to have operated a cryptoasset business in the UK when not registered by the Authority to do so, in breach of regulation 56(1)(f) of the MLR. Although the Firm asserts that all cryptoasset activity is conducted by a Hong Kong entity, Hong Kong Entity A, and the Firm has provided a copy of a Paywiser Group Resource-Sharing Policy which states that Hong Kong Entity A is solely responsible for initiating and managing commercial activity in the Firm’s cryptoasset wallets, on balance, Supervision considers that the following evidence demonstrates that the cryptoasset activity was carried out by way of business in the UK. The Firm’s opened cryptoasset business accounts with Cryptoasset Exchange A and Cryptoasset Exchange B and during the onboarding process with these firms, Firm relied on its FCA authorisation by providing a copy of the Firm’s entry on the Financial Services Register and provided a copy of the Firm’s AML policy. The Firm also relied on its certificate of incorporation for this purpose – not that of the Hong Kong entity. The Firm in its KYC documentation for Cryptoasset Exchange A and Cryptoasset Exchange B stated that it was “building a new business stream, for Fiat / Crypto Asset Client [sic]” and stated that the majority of its crypto clients would be based in the UK/Europe. The Group Resource-Sharing Policy also states that crypto wallet accounts will be opened by the Firm (clause 4.2(a)). Through the Firm’s Cryptoasset Exchange A wallet, the Firm has exchanged, arranged or made arrangements with a view to the exchange of cryptoassets for cryptoassets. Between 10 November 2021 and July 2025, the Firm used its Cryptoasset Exchange A wallet to receive £198 million worth of cryptoasset deposits. Many of the deposits were for sums of 1m USDT or more. Through its Cryptoasset Exchange A wallet the Firm executed a total of 3,331 cryptoasset transactions and withdrew and transferred approximately £198 million worth of cryptoassets to different crypto wallets. The pattern of transactions in the Cryptoasset Exchange A wallet suggests that trades were being carried out on behalf of clients, for example with cryptoassets being transferred in, exchanged for other cryptoassets, and then transferred to other crypto wallets, all in quick succession. The Firm’s claim that the cryptoasset activity has been carried out exclusively by a Hong Kong limited company, Hong Kong Entity A, is inconsistent with the Firm’s previous statements and evidence. b) Conducting cryptoasset exchange activity on a major scale has put the Firm at risk of being used for the purposes of financial crime. The nature and scale of the Firm’s cryptoasset business has presented an obvious financial crime risk. For example, it is not clear which group entity has been conducting KYC (if any) on the cryptoasset business customers who have deposited approximately £198 million into the Firm’s Binance account. Since July 2024, the Firm has been remediating its financial crime controls. While the Firm has appeared to have FCA Sensitive made progress with its remediation, the Firm’s failure to identify and disclose the nature of the cryptoasset activity being conducted in its cryptoasset wallets, notwithstanding the Firm’s ongoing engagement with the Authority, calls into question the effectiveness of the remediation. In view of the Firm’s failure to identify and disclose the cryptoasset activity to the Authority or apply for registration as a cryptoasset business, the Authority has serious concerns that the Firm may not have effective procedures to identify, manage, monitor and report financial crime risks to which it might be exposed or adequate internal risk control mechanisms, including sound administrative, risk management. c) The Firm has not been open and cooperative with the Authority and those responsible for managing it appear to have failed to disclose to the Authority important matters in respect of which the Authority would reasonably expect notice, namely the existence of and details relating to the Firm’s crypto asset business. Information obtained relating to the Firm’s cryptoasset activities raises very serious concerns that the Firm, and those responsible for managing it, have provided information to the Authority which is inaccurate and incomplete and may have misled the Authority in relation to the existence of its cryptoasset business. The Firm’s explanation provided in response to an information requirement, requesting information about the Firm’s cryptoasset business, contradicts statements made by the Firm on a number of occasions. In the absence of a satisfactory explanation for the inconsistency, the Authority has serious concerns about the integrity of the current senior managers and that the Firm’s business may have been used for a purpose connected with financial crime. The Firm’s repeated failure to provide accurate and complete responses to information requests means that, overall, the Authority has serious concerns over its ability to supervise the Firm effectively and the ability of the Firm to be run in a sound and prudent manner. d) The Firm’s director and sole shareholder, Senior Manager A, has demonstrated an ongoing pattern of an inability to provide the Authority with complete and accurate responses to its requests for information. The Authority has serious concerns that Senior Manager A and the Firm do not appear to have been candid and truthful in their engagement with the Authority and do not appear to demonstrate a readiness or willingness to comply with the requirements and standards of the regulatory system. Consequently, the Authority is concerned that these failures indicate that Senior Manager A is not a fit and proper person. 5.5 Based on the above, the Authority has serious concerns that the Firm is no longer meeting, or is unlikely to continue to meet, the Conditions for Authorisation, and other regulatory requirements. The Authority considers that the variation of the Firm’s authorisation by the imposition of the Requirements and the imposition of the Direction are a proportionate and appropriate means to address the current and immediate risks, and are desirable to protect the interests of consumers in accordance with the Authority’s duties under regulation 11(1)(d) of the EMR. Timing and duration of the Requirements 5.6 It is necessary to impose the Requirements on an urgent basis given the seriousness of the risks and the need to protect consumers’ funds. 5.7 The Authority considers that it is necessary for the Requirements to remain in place indefinitely. 6 PROCEDURAL MATTERS Decision maker FCA Sensitive 6.1 The decision which gave rise to the obligation to give this First Supervisory Notice was made by an Authority staff member under executive procedures according to DEPP 2.5.7 and DEPP 2.5.7B. 6.2 This First Supervisory Notice is given to the Firm under regulation 11(6) of the EMR and in accordance with regulation 11(7) of the EMR, and also under regulation 74C(9) and in accordance with regulation 74C(10) of the MLR. 6.3 The following statutory rights are important. Representations 6.4 The Firm has the right to make written representations to the Authority (whether or not it refers this matter to the Tribunal). The Firm may also request to make oral representations but the Authority will only consider this in exceptional circumstances according to DEPP 2.3.1AG. The deadline for providing written representations and notifying the Authority that the Firm wishes to make oral representations is 22 October 2025 or such later date as may be permitted by the Authority. Any notification or representations should be sent to the Executive Decision Making Secretariat (EDMCaseInbox@fca.org.uk). The Tribunal 6.5 The Firm has the right to refer the matter to which this First Supervisory Notice relates to the Tribunal. The Tax and Chancery Chamber is the part of the Tribunal which, amongst other things, hears references arising from decisions of the Authority. Under paragraph 2(2) of Schedule 3 of the Tribunal Procedure (Upper Tribunal) Rules 2008, the Firm has 28 days from the date on which this First Supervisory Notice is given to it to refer the matter to the Tribunal. 6.6 A reference to the Tribunal can be made by way of a reference notice (Form FTC3) signed by or on behalf of the Firm and filed with a copy of this First Supervisory Notice. The Tribunal’s contact details are: Upper Tribunal, Tax and Chancery Chamber, 5th Floor, Rolls Building, Fetter Lane, London EC4A 1NL (telephone: 020 7612 9700; email: uttc@hmcts.gsi.gov.uk). 6.7 Further information on the Tribunal, including guidance and the relevant forms to complete, can be found on the HM Courts and Tribunal Service website: http://www.justice.gov.uk/froms/hmcts/tax-and-chancery-upper-tribunal 6.8 The Firm should note that a copy of the reference notice (Form FTC3) must also be sent to the Authority at the same time as a reference is filed with the Tribunal. A copy of the reference notice should be sent to the Executive Decision Making Secretariat (EDMCaseInbox@fca.org.uk). Confidentiality and publicity 6.9 The Firm should note that this First Supervisory Notice may contain confidential information and should not be disclosed to a third party (except for the purpose of obtaining legal advice on its contents). 6.10 The Firm should note that section 391(5) of the Act, as applied by paragraph 8 of Schedule 3 of the EMR, requires the Authority, when this First Supervisory Notice takes effect (and this First Supervisory Notice takes immediate effect), to publish such information about the matter to which the notice relates as it considers appropriate and regulation 74C(20) of the MLR also permits such publication where FCA Sensitive directions are issued under the MLR. Authority contacts 6.11 For more information concerning this matter generally, contact the Executive Decision Making Secretariat (EDMcaseinbox@fca.org.uk). Decision made under executive procedures Director, Payments and Digital Assets FCA Sensitive Annex RELEVANT STATUTORY PROVISIONS Electronic Money Regulations 2011 1. Regulation 7(1) of the EMR provides that the Authority may include in the authorisation of an authorised electronic money institution such requirements as it considers appropriate. Regulation 7(2) of the EMR provides that a requirement may, in particular, be imposed so as to require the person concerned to: 1) take a specified action, or 2) to refrain from taking a specified action. 2. Regulation 8(a) of the EMR provides that the Authority may, on the application of an authorised electronic money institution, vary that person’s authorisation by, among other things, imposing a requirement such as may, under regulation 7 of the EMR, be included in an authorisation. 3. Regulation 11(1) of the EMR provides that the Authority may vary the authorisation of an electronic money institution in any of the ways mentioned in regulation 8 if it appears to the Authority that: “[…] (a) The person no longer meets, or is unlikely to continue to meet, any of the conditions set out in regulation 6(4) to (8) of the requirement in regulation 19(1) to maintain own funds. (c) The person would constitute a threat to the stability of a payment system by continuing to issue electronic money or provide payment services. (d) The variation is desirable in order to protect the interests of consumers.” 4. Regulation 11(2) of the EMR provides that a variation takes effect immediately if the notice given under paragraph (6) states that this is the case, or on such date as may be specified. Regulation 11(3) of the EMR provides that a variation may be expressed to take effect immediately or on a specified date only if the Authority, having regard to the ground on which it is exercising the power under paragraph (1), reasonably considers that it is necessary for the variation to take effect immediately or, as the case may be, on that date. 5. Regulation 11(6) of the EMR provides that, where the Authority proposes to vary a person’s authorisation, it must give the person notice. 6. Section 391 of the Act, as applied in modified form by paragraph 8 of Schedule 3 to the EMR, provides that: “[…] (5) When a supervisory notice takes effect, the Authority must publish such information about the matter to which the notice relates as it considers appropriate. (6) The Authority may not publish information under this section if, in its opinion, publication of the information would be: a) unfair to the person with respect to whom the action was taken (or was proposed to be taken), b) prejudicial to the interests of consumers, or c) detrimental to the stability of the UK financial system. (7) Information is to be published under this section in such manner as the Authority considers appropriate.” FCA Sensitive Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 7. Regulation 14A of the MLR provides that a cryptoasset exchange provider: (1) […] means a firm or sole practitioner who by way of business provides one or more of the following services, including where the firm or sole practitioner does so as creator or issuer of any of the cryptoassets involved, when providing such services— (a) exchanging, or arranging or making arrangements with a view to the exchange of, cryptoassets for money or money for cryptoassets, (b) exchanging, or arranging or making arrangements with a view to the exchange of, one cryptoasset for another, or (c) operating a machine which utilises automated processes to exchange cryptoassets for money or money for cryptoassets. 8. Regulation 9 of the MLR provides that: (1) For the purposes of these Regulations, a relevant person (“A”) is to be regarded as carrying on business in the United Kingdom in the cases described in this regulation even if A would not otherwise be regarded as doing so. (3) The second case is where–(a) A’s registered office (or if A does not have a registered office, A's head office) is in the United Kingdom; and (b) the day-to-day management of the carrying on of A's business is the responsibility of–(i) that office, or (ii) another establishment maintained by A in the United Kingdom. (5) For the purposes of paragraph (3)–(b) it is irrelevant where the person with whom the business is carried on is situated. 9. Regulation 56 of the MLR provides for the requirement that a person must not act as a cryptoasset exchange provider or custodian wallet provider unless they are registered with the Authority. 10. Regulation 74C of the MLR permits the Authority to exercise its powers of direction on a cryptoasset business or financial before, on or after registration, and may be imposed for the purpose of remedying a failure to comply with a requirement under the MLR, preventing a failure to comply or continued non-compliance with a requirement under the MLR, or preventing the cryptoasset business from being used for money laundering, terrorist financing or proliferation financing. 11. Regulation 74C(9) allows directions requiring or prohibiting the taking of a specified action, imposed by the Authority, to take effect on such a date as is specified in the notice. 12. Regulation 74C(20) provides that the Authority may, if it considers it proportionate to do so, publish such information about a notice given under paragraph (9) as it considers appropriate. RELEVANT REGULATORY PROVISIONS FCA Handbook The Supervision Manual (“SUP”) 13. The Authority's approach in relation to its own-initiative powers is set out in SUP 6B, certain provisions of which are summarised below. FCA Sensitive 14. The Authority considers that the powers under regulation 11(1) of the EMR are similar to those under sections 55J and 55L of the Act and that the provisions of SUP 6B “Variation and cancellation of permission and imposition of requirements on the Authority’s own-initiative and intervention against incoming firms” are applicable. 15. SUP 6B.1.1 states that the Authority will have regard to its statutory objectives and the range of regulatory tools that are available to it when it considers how it should deal with a concern about a firm. It will also have regard to: 1) the responsibilities of a firm’s management to deal with concerns about the firm or about the way its business is being or has been run; and 2) the principle that a restriction imposed on a firm should be proportionate to the objectives the Authority is seeking to achieve. 16. SUP 6B.2.3 states that in the course of its supervision and monitoring of a firm or as part of an enforcement action, the Authority may make it clear that it expects the firm to take certain steps to meet regulatory requirements. In the vast majority of cases the Authority will seek to agree with a firm those steps the firm must take to address the Authority’s concerns. However, where the Authority considers it appropriate to do so, it will exercise its formal powers under section 55J or 55L of the Act where the Authority considers it appropriate to ensure such requirements are met. This may include where, amongst other factors, the Authority has serious concerns about a firm, or about the way its business is being or has been conducted or is concerned that the consequences of a firm not taking the desired steps may be serious. 17. SUP 6B.3.1 states that the Authority may impose a requirement so that it takes effect immediately or on a specified date if it reasonably considers it necessary for the requirement to take effect immediately (or on the date specified), having regard to the ground on which it is exercising its own-initiative powers. 18. SUP 6B.3.2 states that the Authority will consider exercising its own-initiative power where: 1) the information available to it indicates serious concerns about the firm or its business that need to be addressed immediately; and 2) circumstances indicate that it is appropriate to use statutory powers immediately to require and/or prohibit certain actions by the firm in order to ensure the firm addresses these concerns. 19. SUP 6B.3.3 states that it is not possible to provide an exhaustive list of the situations that will give rise to such serious concerns, but they are likely to include some of the following characteristics: 1) information indicating significant loss, risk of loss or other adverse effects for consumers, where action is necessary to protect their interests; and 2) evidence that the firm has submitted to the Authority inaccurate or misleading information so that the Authority becomes seriously concerned about the firm’s ability to meet its regulatory obligations. 20. SUP 6B.3.4 states that the Authority will consider the full circumstances of each case when it decides whether an imposition of a requirement is appropriate and sets out a non-exhaustive list of factors the Authority may consider, these include: 1) the extent of any consumer loss or risk of consumer loss or other adverse effect on consumers; 2) the extent to which customer assets appear to be at risk; 3) the financial resources of the firm; 4) the nature of the false or inaccurate information; and 5) the impact that use of the Authority’s own-initiative powers will have on the firm's business and on its customers. 21. SUP 6B.4.4 states that examples of requirements that the Authority may consider imposing when exercising its own-initiative power are: 1) a requirement not to take on new business; 2) a requirement not to hold or control client money; and 3) a FCA Sensitive requirement that prohibits the disposal of, or other dealing with, any of the firm’s assets or restrict those disposals or dealings. Fit and Proper test for Employees and Senior Personnel (“FIT”) 22. The Authority has issued guidance (Payment Services and Electronic Money – Our Approach, November 2024, at 3.104) which explains that the Authority has interpreted the term “fit and proper” in regulation 6 of the EMR in relation to controllers to mean in substance the same for electronic money institutions as it does for individuals approved in FSMA firms. 23. FIT 1.3.1 G states that the Authority will have regard to a number of factors when assessing the fitness and propriety. FIT 1.3.1B G states that in the Authority’s view, the most important consider will be the persons: (1) honesty, integrity and reputation; (2) competence and capability; and (3) financial soundness. 24. FIT 2.1.1G states that in determining a person’s honest, integrity and reputation the Authority will have regard to all relevant matters, but not limited to those set out in FIT 2.1.3G which may have arisen either in the United Kingdom or elsewhere. 25. FIT 2.1.3G states that the matters referred to in FIT 2.1.1G to which the Authority will have regard, and to which a firm should also have regard, include, but are not limited to: (5) whether the person has contravened any of the requirements and standards of the regulatory system (13) whether, in the past, the person has been candid and truthful in all their dealings with any regulatory body and whether the person demonstrates a readiness and willingness to comply with the requirements and standards of the regulatory system and with other legal, regulatory and professional requirements and standards.

First Supervisory Notice 2026: Paywiser Limited

Classification

Pipeline Progress

🔄 Pipeline Journey

🤖 How this summary was made

Full AI Instructions