The Due Diligence Process to Approve Promotions: a Guide

For crypto exchanges, this process is needed for identifying potential risks before engaging in promotional activities or listing new cryptoassets. It involves systematically reviewing and verifying the credentials, technical robustness, regulatory compliance, and market viability of crypto projects.

In recent years, the Financial Conduct Authority (FCA) has been stepping up its involvement in the world of crypto. Most recently, the world-renowned regulating body brought in a set of stringent rules that control the marketing of cryptoassets.

It’s not just the UK, but a global trend towards tighter oversight. Effective from October 2023, these rules mandated a handful of rules, such as a cooling-off period for first-time crypto investors, explicitly banning 'refer a friend' bonuses, and imposing rigorous criteria for promotional content to ensure “clarity, fairness, and non-misleading information”. 

The legislation makes cryptoassets closer to traditional investments, which are, of course, already tightly regulated. This includes a new controlled investment category for qualifying cryptoassets, meaning due diligence in assessing not only the asset's viability but its compliance stance is highly important. Firms must now decipher this new framework, perform their due diligence, and make sure their promotional strategies align with the FCA's new standards.

If you have already read about the new regulatory framework from our free infographic on the cryptoasset financial promotions regime, then skip ahead to the “Due Diligence Process in Crypto Promotions Approval” section.

The New Regulatory Framework for Crypto Promotions

Before getting stuck into the due diligence, it’s important to know the ins and outs of the new regulatory adjustments, which are geared towards fortifying consumer protection within the crypto market. 

At the core of this regulatory update is the introduction of a mandatory cooling-off period for first-time crypto investors, which helps mitigate impulsive investment decisions (these are often caused by potentially misleading promotions). This period grants investors a short buffer to reconsider their investment choices in light of the inherent (and often quite weighty) risks associated with (and again, often quite infant) crypto assets. 

Unlike traditional investments, the period between when an investor first hears about a crypto project or investment and the moment they decide to involve themselves in it, is quite short. So, the cryptoasset firm must bear some educational responsibility as well as include risk warnings.

The FCA has explicitly prohibited the offering of 'refer a friend' bonuses, a common snowball marketing tactic. This is likely because the friends that are being referred are even less knowledgeable about the investment, and are more likely to underestimate the risks. 

To ensure compliance, crypto promotions now have a mantra of “clarity, fairness, and non-misleading information”

What is a Due Diligence Process?

The due diligence process is a comprehensive evaluation undertaken by businesses to assess the risks and opportunities associated with their operational activities, investments, or partnerships. 

For crypto exchanges, this process is needed for identifying potential risks before engaging in promotional activities or listing new cryptoassets. It involves systematically reviewing and verifying the credentials, technical robustness, regulatory compliance, and market viability of crypto projects. 

For example, due diligence extends beyond mere financial assessment to include scrutiny of the technological infrastructure and security measures, along with the legal framework governing the assets and their promotion. 

This ensures that exchanges operate within the bounds of regulatory requirements while safeguarding their platforms and users from risk (e.g. fraudulent activities, market manipulations, etc.). By conducting due diligence, crypto exchanges not only protect themselves but also contribute to a more transparent and stable cryptocurrency ecosystem.

Due Diligence Process in Crypto Promotions Approval

A deep assessment of a few key components is required for the due diligence process concerning the approval of crypto promotions.

Understanding Qualifying Cryptoassets

First and foremost is to understand the classifications of one's own cryptoassets. Unfortunately, it’s not always a simple, quick answer. 

Qualifying cryptoassets are defined under the new regime to encompass a wide range of digital assets, excluding specific categories like NFTs and electronic money. This distinction necessitates that crypto firms accurately classify their assets to determine the applicable regulatory requirements. 

The classification hinges on the asset's functionality, underlying technology, and use case. You need to distinguish between assets that offer investment returns and those that facilitate purchases or represent ownership of a unique item. For example, is it an exchange, or is it an environment that promotes financial gain? 

There’s often no immediate answer, so firms must undertake a comprehensive analysis of the asset's structure and the rights it confers to investors to ensure accurate classification. Only then can they do due diligence on the promotions themselves, because they will then know which rules they’re subject to.

Assessing Promotional Compliance

We’ve spoken a bit about the FCA’s promotional mantra already. Clear, fair, and non-misleading is again somewhat vague if you get into the specifics, but the spirit of it is clear. 

It requires firms to present a balanced view of the potential risks and returns, including the volatile nature of cryptoassets and the possibility of total investment loss. Firms need to scrutinise their promotional content, including social media posts, advertisements, and referral schemes, against these criteria. 

The assessment should also consider the promotion's target audience to ensure the information is accessible and understandable to non-expert investors. For example, an exchange would see a wide variety of users, from beginners to experts, and so must accommodate the “lowest common denominator” rather than having presumptuous marketing. 

Compliance extends beyond the content itself to include the timing and context of the promotion, guarding against the exploitation of market conditions to mislead investors. If you’re authorised to oversee such promotions and instead use an authorised firm, this compliance responsibility isn’t passed over—it’s shared.

Navigating the Approval Routes

As touched on, the path to promoting cryptoassets in the UK now involves getting through a series of approval routes. These are tailored to the firm's operational framework and the nature of the cryptoasset. 

Firms classified as authorised persons, such as banks and investment firms, are permitted to promote cryptoassets directly (subject to compliance with the FCA's promotional standards). A crypto firm could go through the authorisation process themselves, though, they needn’t be involved in traditional finance. 

For those not directly authorised, securing approval from an authorised person becomes a prerequisite. This process involves demonstrating a thorough understanding of the cryptoasset, the associated risks, and the regulatory compliance of the promotional content. The authorised person you’re using should be not just experts in compliance, but compliance within your niche and audience.

For cryptoasset service providers registered under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations (2017), a specific exemption allows for the promotion of their financial products. However, this exemption is narrowly defined and requires detailed documentation and adherence to specific operational criteria.

The revised regulations also introduce new exemptions and clarify existing ones, which has impacted how cryptoassets can be marketed to high-net-worth and sophisticated investors. These changes necessitate a deep dive into the regulatory texts and potentially seeking legal advice regarding the nuances.

Security Measures and Operational Integrity

In assessing the suitability of cryptoasset promotions, operational integrity and security measures of the underlying technologies and platforms remain relevant. 

Firms should conduct thorough due diligence to ensure that the cryptoassets promoted are underpinned by robust technological frameworks. This includes evaluating the cybersecurity measures in place to protect against unauthorised access, data breaches, and other cyber threats. 

Firms should also assess the scalability and reliability of the technology to handle peak transaction volumes without compromising security or performance. Due diligence should cover data protection practices too, ensuring that personal and transactional information is securely managed (and compliant with relevant data protection regulations like GDPR). 

By rigorously evaluating these aspects, firms can provide assurances that the cryptoassets they promote meet regulatory standards and offer security for consumers.

Incorporating ESG Considerations in Cryptoasset Due Diligence

An increasingly critical aspect of the due diligence process is the assessment of environmental, social, and governance (ESG) risks. The Financial Conduct Authority explicitly states the importance of evaluating these ESG considerations to ensure that cryptoasset promotions are not only compliant with financial promotion rules but also align with broader societal and environmental objectives. For example, things that may have negative externalities attached to it.

Environmental Impact

Given the significant energy consumption associated with certain blockchain technologies and crypto mining activities, firms must assess and disclose the environmental footprint of the cryptoassets they promote. This includes evaluating the energy efficiency of the underlying blockchain technology and the sources of energy utilised in mining processes. One of the most relevant updates was the new GreenWashing rule.

Exchanges somewhat side-step this, but transparent disclosure about the environmental impact is still required to enable investors to make informed decisions in line with their values. Again, this is an alignment with what’s going on in traditional finance.

Social Responsibility

The social dimension involves examining the cryptoasset's contribution to societal issues, such as financial inclusion and privacy. Firms should consider how the cryptoasset addresses or potentially worsens social inequalities and the measures in place to ensure privacy and data protection for its users. Promotions should reflect these aspects to provide a holistic view of the asset's social impact.

Governance Practices

Governance relates to the decision-making processes and practices that guide the cryptoasset's development and use. This is big for many cryptoasset projects, which try to remain decentralised and/or democratic. 

This includes the clarity of rights and responsibilities among stakeholders, the transparency of decision-making processes, and the mechanisms for addressing disputes. Firms should conduct due diligence to ensure that the cryptoassets they promote adhere to robust governance standards, thereby mitigating risks related to fraud and conflicts of interest.

Incorporating ESG considerations into the due diligence process not only aligns with the FCA's promotional mantra but also reflects a commitment to responsible and sustainable cryptoasset practices. This goes for those that aren’t directly building a currency themselves, but are instead facilitating investments in them. 

The due diligence process for promotion approval ultimately requires a multi-faceted approach. It’s a blend of legal, financial, and technical expertise to ensure you remain compliant. But, being compliant today isn’t enough, as new updates are constantly rolled out, meaning due diligence is an ongoing process—a process that you may want to seek help with.

Specialised Crypto Due Diligence Services

Crypto due diligence demands a technical, detail-oriented approach to ensure comprehensive risk management and regulatory compliance. Engaging in specialised services, such as CrypTegridy, includes conducting thorough Know Your Business (KYB) checks, leveraging advanced analytics for technical assessment, and utilising blockchain forensics. 

These methods are important in evaluating the security protocols of crypto projects. They help ensure the legitimacy of transactions and assess compliance with anti-money laundering (AML) standards. 

For instance, KYB checks are used to understand the business operations behind crypto projects, while blockchain forensics provides insights into the origins of funds and transaction patterns. 

Advanced analytics help in scrutinising the technical robustness and potential vulnerabilities of cryptoassets, offering a microscopic view of the operational integrity. This technical due diligence is needed for firms to stay compliant in constantly changing and somewhat grey-area regulatory frameworks.

Impact of Regulatory Changes on Crypto Marketing Strategies

Continuous education is an important strategy when staying compliant, particularly with the new promotional restrictions. Advisors and firms must stay informed about these changes, understanding their implications on promotional strategies. Equally, education can be pointed outwards, where you become an authority and thought leader within the space. Not only is this an effective SEO marketing practice, but it reaffirms your attitude towards keeping your customers well informed.

Adaptation involves integrating this knowledge into everyday business practices. For crypto firms, this means constantly revising marketing materials and staff training, along with the systems to monitor compliance. You can outsource to an extent, but a culture of compliance needs to be created in all scenarios. Due diligence is a process, but it operates better under such a culture, rather than imposed on it unwillingly.


As crypto evolves, staying in line with regulatory standards is needed when maintaining market integrity. For firms, this means a diligent, informed approach to compliance, with an emphasis on transparency and robust security measures. Get in touch to see how we can help today.

Every month we bring regulatory updates and industry news to your inbox, packed with featured content, top tips from Englebert’s founders and success stories.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.