FCA Cryptoasset Registration: The Complete Guide for UK Firms

FCA cryptoasset registration in the UK is a mandatory requirement for any firm carrying on cryptoasset business in the United Kingdom. Under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017), as amended, cryptoasset exchange providers and custodian wallet providers must register with the Financial Conduct Authority before commencing business. The FCA is the designated anti-money laundering and counter-terrorist financing supervisor for UK cryptoasset businesses, and operating without registration is a criminal offence. This guide covers the registration process, assessment criteria, common failure modes and the upcoming transition to full FSMA authorisation.

What Is FCA Cryptoasset Registration?

FCA cryptoasset registration is the process by which the FCA admits a cryptoasset business to the register of firms supervised for AML/CFT compliance under the MLRs 2017. The requirement was introduced by the Money Laundering and Terrorist Financing (Amendment) Regulations 2019, which brought cryptoasset exchange providers and custodian wallet providers within the scope of the MLRs. Registration is not full FCA authorisation — registered cryptoasset firms are supervised for AML compliance only, not for conduct of business, capital adequacy or consumer protection. The FCA assesses whether the firm has adequate AML systems and controls, whether its officers and beneficial owners are fit and proper, and whether the business plan is viable. A cryptoasset exchange provider is defined as a firm that exchanges, or arranges or makes arrangements with a view to the exchange of, cryptoassets for money, money for cryptoassets, or one cryptoasset for another. A custodian wallet provider is a firm that provides services to safeguard, or to safeguard and administer, cryptoassets on behalf of its customers or private cryptographic keys on behalf of its customers in order to hold, store or transfer cryptoassets.

Who Must Register with the FCA?

This requirement typically applies to:

• Cryptoasset exchanges operating in the UK that facilitate the buying, selling or exchanging of cryptoassets
• Peer-to-peer platforms matching buyers and sellers of cryptoassets
• Custodian wallet providers holding customer cryptoassets or private keys
• Cryptoasset ATM operators enabling the purchase or sale of cryptoassets for cash
• Firms providing cryptoasset-to-cryptoasset exchange services
• Decentralised finance (DeFi) platforms where a UK-based entity operates or controls the platform
• Over-the-counter (OTC) desks facilitating large-volume cryptoasset trades

Firms that only issue their own cryptoassets (without providing exchange or custody services) are not required to register under the MLRs 2017, although they may be subject to financial promotions requirements and the upcoming FSMA cryptoasset regime. Firms providing only advisory services about cryptoassets, without facilitating exchange or custody, are also currently outside the scope of MLR registration.

Key Regulatory Requirements for Registration

AML programme. The FCA's primary assessment focuses on the quality and specificity of the firm's AML/CFT programme. The programme must include a business-wide risk assessment identifying the money laundering and terrorist financing risks specific to the firm's cryptoasset activities, customer types, transaction patterns and geographic exposure. Customer due diligence (CDD) procedures must be tailored to cryptoasset-specific risks — including the pseudonymous nature of blockchain transactions, the speed of cross-border transfers and the potential for layering through multiple wallets. The programme must include ongoing monitoring calibrated to cryptoasset transaction patterns, blockchain analytics capability (or documented rationale for not using analytics tools), sanctions screening, and suspicious activity reporting (SAR) procedures. Staff training must address cryptoasset-specific money laundering typologies.

MLRO fitness and propriety. The nominated MLRO must demonstrate competence in both AML compliance and the specific risks of cryptoasset businesses. The FCA assesses the MLRO's qualifications, experience, understanding of the firm's business model and ability to fulfil the role effectively. A generic compliance professional without cryptoasset sector knowledge is likely to face FCA challenge. The MLRO must be sufficiently senior within the firm to have authority and independence.

Key person Individual Questionnaires. All directors, beneficial owners (holding 25% or more), and the MLRO must complete the FCA's Individual Questionnaire (IQ). The IQ requires disclosure of employment history, regulatory history, criminal convictions (including spent), CCJs, insolvencies and any civil or regulatory proceedings. The FCA conducts background checks through the Register, Companies House, credit reference agencies and criminal records databases. Incomplete or inaccurate IQs are a common cause of delay — the FCA will identify discrepancies.

Business plan. The firm must submit a business plan explaining the business model, target market, customer acquisition strategy, revenue model, technology infrastructure and operational setup. The business plan must demonstrate that the firm is commercially viable — the FCA will not register a firm that appears unlikely to sustain operations. Financial projections should cover at least 12 months and demonstrate adequate resources to fund AML compliance activities.

Pre-application engagement. The FCA offers pre-application meetings for prospective cryptoasset registrants. These meetings allow firms to discuss their business model, regulatory classification and application approach with FCA assessment staff before formal submission. Pre-application meetings are not mandatory but are strongly recommended — they can identify potential issues early and improve application quality.

The Registration Process: Step by Step

Step 1 — Regulatory assessment. Confirm that the firm's activities fall within the scope of the MLRs 2017 cryptoasset definitions. Identify all registrable activities and prepare a regulatory perimeter analysis. Timeline: 1–2 weeks.

Step 2 — AML programme development. Build the AML/CFT programme from the ground up — business-wide risk assessment, CDD procedures, ongoing monitoring framework, SAR processes, sanctions screening, record-keeping and training programme. This must be tailored to the firm's specific cryptoasset activities, not a generic template. Timeline: 6–10 weeks.

Step 3 — Pre-application meeting (recommended). Request a pre-application meeting with the FCA to discuss the business model and application approach. Timeline: 2–4 weeks to arrange.

Step 4 — Application submission. Submit the registration application via the FCA's Connect system, including the AML programme, business plan, Individual Questionnaires for all key persons and the registration fee. Timeline: 1–2 weeks.

Step 5 — FCA assessment and determination. The FCA assessment involves detailed review of the AML programme, key person fitness and propriety checks, and assessment of the business plan. Information requests are common — typically 2–4 rounds. Timeline: 3–12 months depending on application quality and complexity.

Common Mistakes and Why Applications Fail

The FCA's rejection rate for cryptoasset registrations has been notably high — approximately 1 in 14 applications were rejected in 2021, rising to approximately 1 in 5 by 2023. The most common reason for rejection is an AML programme that is generic, template-based and not tailored to the specific risks of the firm's cryptoasset business model. An exchange serving retail UK customers trading Bitcoin and Ethereum has a different risk profile from an OTC desk serving institutional clients or a P2P platform serving international remittance corridors. The FCA expects the risk assessment and CDD procedures to reflect these differences.

Second, inadequate blockchain analytics capability. The FCA expects firms processing significant transaction volumes to employ blockchain analytics tools for transaction monitoring and risk assessment. Firms that rely solely on manual review without technological support face FCA challenge — particularly where transaction volumes make manual monitoring impractical.

Third, unqualified or inappropriately junior MLROs. The MLRO is the cornerstone of the AML programme, and the FCA assesses whether the nominated individual has the competence, seniority and independence to fulfil the role. Nominating a junior employee or an external consultant with no operational involvement in the firm is likely to result in rejection.

Fourth, undisclosed personal history. The FCA conducts thorough background checks on all key persons. Failure to disclose previous regulatory sanctions, criminal convictions, directorships of failed companies or adverse credit history in the IQ will result in delay or rejection — and may raise fitness and propriety concerns that are more difficult to address after the omission is discovered.

What Firms Should Do Now

1. Confirm whether your cryptoasset activities require FCA registration — map your services against the MLRs 2017 definitions of cryptoasset exchange provider and custodian wallet provider.
2. Build a comprehensive AML programme tailored specifically to your business model — not a generic template. Include cryptoasset-specific risk factors, blockchain analytics capability and transaction monitoring rules calibrated to your customer types and volumes.
3. Appoint an MLRO with demonstrable competence in both AML compliance and the cryptoasset sector — the FCA will scrutinise this appointment.
4. Complete Individual Questionnaires for all key persons with full and accurate disclosure — conduct internal due diligence on all directors and beneficial owners before submission.
5. Request an FCA pre-application meeting to validate your regulatory classification and discuss your application approach.
6. Begin preparing for the transition to FSMA authorisation (October 2027) — the new regime will impose substantially more demanding requirements including prudential capital and conduct of business obligations.

Regulatory Context and Outlook

The UK cryptoasset regulatory landscape is undergoing fundamental transformation. The current MLRs 2017 registration regime — which supervises firms for AML compliance only — will be replaced by a full FSMA authorisation regime from October 2027. The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, made by Parliament in February 2026, bring cryptoasset activities within the scope of FSMA for the first time. The FCA gateway for new FSMA cryptoasset applications opens in September 2026. Firms currently registered under the MLRs will have a transitional period to apply for FSMA authorisation, but should begin preparation now — the new regime introduces prudential capital requirements, conduct of business obligations, governance standards and operational resilience requirements that are substantially more demanding than MLR registration. Firms that delay preparation risk being unable to meet the October 2027 deadline.

Regulatory Counsel manages FCA cryptoasset registrations and advises firms on the transition to the FSMA authorisation regime. Our team has direct experience of the FCA's assessment approach for crypto firms and has achieved registrations across exchange, custody and P2P business models. Firms seeking specialist support with FCA cryptoasset registration can contact Regulatory Counsel for a free initial consultation. See our licensing and authorisation service for details.