There is indeed a recent change to the FCA's rules concerning invitations to invest in cryptoassets. For these, and certain other kinds of sophisticated investments such as derivatives, the offering firm must carry out an "appropriateness assessment". At a broad level, the point is that random members of the public should be insulated from the temptation to immediately sink their entire net worth into NFTs, while not actually forbidding them from doing so. Meanwhile, different rules apply to marketing to random hedge fund managers, because they are presumed to already know what they are doing.
Some of the observed features of these communications, such as the 24-hour lock-out period, are not specific to cryptocurrencies but are required for any "restricted mass market investment" (RMMI). That category also covers shares in unlisted companies, and other things which are not always straightforward to trade.
The nature of the regulations allow the financial service provider some latitude in exactly how they carry out the assessment, but there is this specific new guidance in relation to cryptoassets being marketed to retail investors. This recommends, but does not require, asking certain questions of the customer in order to determine whether they know what they are getting into. There is a pre-existing broad duty,
A firm must pay due regard to the information needs of its clients, and communicate information to them in a way which is clear, fair and not misleading. (PRIN 2.1.1(7))
which must be read together with the specific FCA rules, plus their contextual policy guidance.
New rules include those in COBS 10 Annex 4, which begins as follows -
When determining whether a retail client has the necessary knowledge to understand the risks involved in relation to a qualifying cryptoasset, a firm should consider asking the client questions that cover, at least, the matters in (1) to (12).
Firms may need to ask additional or alternative questions to ensure that the retail client has the necessary knowledge to understand the risks involved in relation to the specific type of qualifying cryptoasset offered.
The matters are:
(1) the role of the business offering or marketing the qualifying cryptoasset (the business) and the scope of its services, including what the business does and does not do on behalf of clients, such as what due diligence is and is not undertaken by the business on any underlying investments;
...
These can be read in the context of COBS 10.2, which includes a rule (10.2.1) that the firm must ask their client "to provide information regarding his knowledge and experience in the investment field relevant to the specific type of product or service offered or demanded", and make a determination on that basis about whether the client understands the risks. The guidance (10.2.9 and Annex 4) only speaks about how "a firm should consider asking the client questions" covering the specifically cited matters. The firm might gain information in other ways and does not need to ask these exact questions. Saying "a firm should consider" implies that a firm might consider all this and decide not to do it, so long as they can fulfil their obligations under 10.2.1 (and other provisions) in another way.
The relevant changes were introduced by the Cryptoasset Financial Promotions Instrument 2023, which was made in conjunction with the Financial Services and Markets Act 2023, s.69 to allow the FCA to regulate the marketing of cryptoassets. That is in addition to its previous powers over financial marketing in general, ultimately originating in the Financial Services Act 1986.
