The UK is introducing a comprehensive regulatory regime for cryptoasset activities under the Financial Services and Markets Act 2000 (FSMA). The new framework, developed by the FCA, will bring a wide range of cryptoasset activities within the scope of full FSMA authorisation for the first time, replacing the existing Anti-Money Laundering registration requirements for most firms operating in the sector.
Until now, most UK-based cryptoasset businesses have been required only to register with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). That registration covered AML and financial crime obligations, but did not regulate the broader conduct of business, consumer protection, market integrity, or prudential soundness of cryptoasset firms.
The new FSMA-based regime changes that. It brings cryptoasset activities within a full regulatory perimeter, with requirements across governance, consumer protection, financial crime, prudential arrangements, and operational resilience.
The regime regulates a defined set of cryptoasset activities. Firms carrying on any of the following in or from the UK will need to be authorised by the FCA:
The regime applies to UK-based firms and, in certain circumstances, to overseas firms serving UK customers. It covers both retail and wholesale activity, though requirements are calibrated to the business model.
Any business carrying on regulated cryptoasset activities in the UK will need to obtain FCA authorisation under FSMA. This applies to new entrants and to firms already operating in the UK crypto sector under MLR registration. Existing MLR registration does not automatically convert into FSMA authorisation. All firms — including those already registered — will need to submit a new application under the new regime during the application window.
The FCA expects applications to address the following areas:
Applicants must have a clear legal and governance structure with genuine UK substance. This means a UK-incorporated entity or branch, management and oversight functions based in the UK, and a structure that allows the FCA to supervise the firm effectively. Overseas applicants must demonstrate that appropriate accountability sits within the UK.
Controllers, directors, and senior managers must be fit and proper. Firms must have clear governance arrangements, with appropriate reporting lines, accountability, and oversight proportionate to the business model. The FCA will assess the experience and integrity of the management team and the adequacy of the governance framework.
Applications must set out a robust AML, CTF, sanctions, and Travel Rule compliance framework. This includes a comprehensive financial crime risk assessment, customer due diligence and enhanced due diligence policies, transaction monitoring, sanctions screening, and — for transfers of cryptoassets — compliance with Travel Rule requirements.
Firms must demonstrate adequate financial resources, including capital, liquidity, and wind-down arrangements. Prudential requirements are calibrated by activity type. Stablecoin issuers and trading platforms face more detailed prudential requirements than arranging or agency businesses.
Applications must address operational resilience, cyber security, incident management, and business continuity. Firms must demonstrate that they can maintain services under stress, manage IT and technology risk, and respond to operational incidents without material harm to customers or market integrity.
Retail-facing firms must address consumer protection, appropriate disclosure of risks, complaints handling, and financial promotions. The FCA’s Consumer Duty applies across the regime and sets high-level expectations for how firms treat their retail customers.
Depending on the business model, applications may also need to cover custody and safeguarding arrangements, stablecoin reserve management and redemption, trading venue governance and market abuse controls, staking disclosures and risk management, or principal dealing controls.
The FCA opened pre-application support for cryptoasset firms in July 2026. The formal application window runs from 30 September 2026 to 28 February 2027. The new regime is expected to come into force on 25 October 2027.
Firms already operating under MLR registration that apply within the window will be able to continue operating under temporary permissions while their application is assessed by the FCA.
Existing MLR registration does not carry over. Firms currently registered under the MLRs must submit a full FSMA authorisation application during the application window if they wish to continue operating after the new regime comes into force. Firms that do not apply within the window, or whose application is not granted, will no longer be permitted to carry on regulated cryptoasset activities in the UK.
We help you define the regulatory scope, structure the business model, prepare the application documents, and manage the authorisation process from start to finish.
