+44 (0) 207 096 2100
info@acumengcompliance.com
37th Floor, 1 Canada Square, London E14 5DY
If you are planning to launch a crypto business in London or are already operating one, understanding your FCA registration obligations is not optional. And a common question arises- “How to register a crypto business in London?” It is the legal foundation on which everything else depends.
UK crypto regulation has tightened significantly since 2021. The FCA has refused or withdrawn registration for a significant proportion of applicants. Enforcement action against unregistered crypto firms in London is accelerating. And with the UK’s broader crypto authorisation regime developing rapidly in 2025–2026, the expectations placed on crypto businesses are higher than they have ever been.
This guide explains exactly what FCA crypto registration requires, walks you through the eight-step registration process, and sets out what a genuinely compliant crypto AML framework looks like in 2026 so your business can register with confidence, not uncertainty.
| Quick Answer To register a crypto business in the UK, you must apply for FCA crypto asset registration under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. The process requires a comprehensive AML/CFT compliance framework, governance documentation, Fit and Proper assessments for all beneficial owners and managers, and FATF Travel Rule implementation. FCA crypto registration typically takes 12–18+ months from a complete submission. Operating without registration is a criminal offence. |
What Is FCA Crypto Registration? The UK Regulatory Framework
What Is FCA Crypto Asset Registration?
It is important to understand that FCA crypto registration, as it currently stands, is distinct from full FCA authorisation under the Financial Services and Markets Act 2000. Registration under the MLRs is an AML-focused regulatory gateway. Full FCA authorisation, which is where UK crypto regulation is heading in 2025–2026, is a conduct-based framework covering the full range of regulatory obligations.
For businesses operating in the UK crypto market today, this distinction matters practically: while the immediate requirement is MLR registration, any firm building for the long term should be building compliance infrastructure that meets authorisation-standard, not minimum-registration-standard.
Which Crypto Activities Require FCA Registration?
The following activities require FCA registration under the MLRs:
• Operating a UK-based crypto asset exchange (fiat-to-crypto and crypto-to-crypto)
• Providing custodian wallet services, holding, storing, or transferring crypto assets for third parties
• Operating a peer-to-peer crypto exchange platform
• Issuing new crypto assets in the UK
• Operating crypto ATMs
• Crypto lending and staking platforms (where applicable under current FCA guidance)
• Firms providing Initial Coin Offering (ICO) services
• DeFi platforms with a demonstrable UK nexus an area of rapid regulatory development in 2026
| Operating Without FCA Registration Is a Criminal OffenceThe penalties for operating a UK crypto business without FCA registration include unlimited fines and up to two years’ imprisonment for individuals. The FCA has issued consumer warnings, imposed financial penalties, and made criminal referrals against unregistered crypto businesses in the UK. The FCA’s public register of non-compliant firms creates significant reputational and commercial risk. If you are uncertain whether your activity requires registration, seek specialist advice before launching. |
How to Register a Crypto Business in London with the FCA
FCA crypto registration is an eight-stage process. Each stage builds on the previous one and the quality of your preparation at each stage directly determines the speed and outcome of the FCA’s assessment.
Step 1: Incorporate Your UK Business Entity
FCA crypto registration requires a UK-incorporated legal entity, either a limited company (Ltd) or a limited liability partnership (LLP). Incorporation through Companies House is the first practical step, with appropriate SIC codes that reflect your crypto activities.
Your registered office must be a genuine UK address, not a virtual address or mail-forwarding service. Your shareholder and director structure must be clearly documented, as this feeds directly into the Fit and Proper assessments that the FCA will conduct on all beneficial owners and controllers.
Step 2: Appoint Your Senior Management Team and Conduct Fit and Proper Assessments
Every beneficial owner, officer, and manager of a UK crypto business must pass the FCA’s Fit and Proper standard. The FCA assesses financial soundness, honesty and integrity, and competence and capability for each individual. This is not a formality. Fit and Proper concerns are the most common basis for FCA crypto registration refusals.
You must also appoint a designated Money Laundering Reporting Officer (MLRO), a senior, empowered individual with genuine crypto AML expertise. The MLRO does not require FCA pre-approval for MLR registration, but their competence will be assessed by the FCA, and a weak MLRO appointment is a significant red flag.
| Warning — Fit and Proper Is the Number One Rejection ReasonThe FCA’s most common basis for refusing or withdrawing UK crypto registration applications is concerns about the Fit and Proper status of owners, controllers, or managers. Undisclosed regulatory history, criminal convictions, sanctions exposure, or evidence of dishonesty will result in refusal. If you have any relevant history to disclose, address it proactively with specialist legal and compliance advice before submitting your application. |
Step 3: Build Your AML/CFT Compliance Framework
This is the most substantive and most scrutinised element of any FCA crypto registration application. The FCA’s assessment of your AML framework is not a checkbox exercise; it is a detailed evaluation of whether your controls genuinely address the specific financial crime risks of your crypto business model.
Your AML framework must include:
• Firm-wide AML risk assessment: A documented, board-approved, crypto-specific assessment of every financial crime risk your business model presents, exchange risk, custody risk, corridor risk, product risk
• Customer Due Diligence (CDD): Identity verification procedures tailored to crypto customer risk profiles, including source of funds and source of wealth for higher-risk customers
• Enhanced Due Diligence (EDD): Heightened scrutiny for PEPs, high-risk jurisdictions, complex ownership structures, and high-value transactions
• Blockchain analytics: Operational blockchain analytics capability, Chain lysis, Elliptic, Cipher Trace, or equivalent, with documented alert thresholds and review procedures
• FATF Travel Rule compliance: Technical implementation of originator/beneficiary data collection and transmission for qualifying transfers
• Sanctions screening: Real-time screening against OFSI, UN, EU, and OFAC lists, including wallet address screening against OFAC’s SDN list
• SAR procedures: Internal suspicious activity reporting procedures, MLRO review protocols, and NCA submission process
• Unhosted wallet risk policy: How your firm assesses, monitors, and manages transactions involving non-custodial wallets
• AML policies: Board-approved, operationally integrated written policies covering every element of your AML framework
• Staff training: Regular, documented, crypto-specific AML training for all relevant personnel
| Expert Insight from Acumen Global ComplianceThe FCA has been explicit in its guidance: it expects crypto businesses to demonstrate AML controls that are genuinely specific to the risks of crypto-asset transactions, not general financial services AML frameworks with minor adaptations. Blockchain analytics, Travel Rule implementation, and unhosted wallet risk management are not optional enhancements; they are baseline expectations. A well-resourced payment institution’s AML framework, repurposed for crypto, will not pass FCA scrutiny. Specificity is everything. |
Step 4: Establish Governance and Oversight Structures
The FCA wants to see that your board and senior management are actively engaged in AML oversight, not just nominally responsible. This means documented board-level reporting on AML matters, a clear governance hierarchy from frontline staff through MLRO to board, a written risk appetite statement for financial crime, and evidence that governance structures are operational rather than theoretical.
Your governance framework should also address data protection and GDPR compliance, particularly important for crypto businesses handling large volumes of customer identity and transaction data and operational resilience, including business continuity plans that cover cybersecurity incidents specific to crypto operations.
Step 5: Prepare Your Regulatory Business Plan and Supporting Documentation
Your Regulatory Business Plan must clearly and specifically describe your crypto business model, the regulated activities you will carry out, your customer base and its risk profile, your technology infrastructure, your outsourcing and third-party arrangements, and your financial projections.
The FCA reads crypto business plans carefully for specificity and credibility. A plan that vaguely describes ‘providing crypto exchange services’ without explaining the mechanics, risk controls, and customer journey in detail will generate immediate Information Requests. Every assertion about your compliance capabilities must be backed by documented evidence.
Step 6: Submit via FCA Connect
Applications are submitted through the FCA’s online Connect portal with all supporting documentation uploaded at the point of submission. The FCA acknowledges receipt and assigns a case officer. Unlike payment institution licences, there is no statutory assessment deadline for crypto registration the FCA can take as long as it requires.
| Important — No Statutory Deadline for Crypto ApplicationsFCA crypto registration has no fixed statutory assessment period. The FCA’s current processing time is 12–18+ months in most cases, with no upper limit. This makes the completeness and quality of your initial submission critically important, as open-ended uncertainty caused by multiple IR cycles damages commercial planning, investor confidence, and operational readiness. |
Step 7: Respond to FCA Information Requests and Prepare for Possible Interview
The FCA will almost certainly issue Information Requests during its assessment. Each IR is an opportunity to demonstrate your compliance competence and a risk if your responses are incomplete or unconvincing. Responses should be accurate, comprehensive, and submitted promptly.
The FCA may also request interviews with your MLRO, CEO, or other senior managers. These interviews test a genuine understanding of your AML framework, business model risks, and governance structure. Preparation, including rehearsal with an experienced compliance consultant, is not optional for high-stakes interviews with the FCA.
Step 8: Receive Decision and Activate Post-Registration Obligations
On successful registration, your firm appears on the FCA’s Cryptoasset Register. All AML obligations under the MLRs are live from this point and subject to ongoing FCA supervision, including the possibility of on-site inspections and supervisory visits.
Annual AML risk assessment updates are required. FATF Travel Rule compliance must remain current as the technical standards evolve. And your MLRO must ensure that the AML framework continues to reflect your actual business operations, not the business you described at the point of application.
AML Requirements for UK Crypto Businesses: What the FCA Expects in 2026
FCA crypto registration is, at its core, an AML/CFT assessment. Understanding what the FCA specifically expects beyond generic compliance language is the single most important preparation step any crypto business can take.
The FATF Travel Rule Mandatory for UK Crypto Firms
| Travel Rule DefinitionThe FATF Travel Rule (Recommendation 16) requires Virtual Asset Service Providers (VASPs) to collect and transmit originator and beneficiary information for crypto asset transfers above the applicable threshold of £1,000 for UK firms. UK crypto businesses must have technical systems capable of collecting, screening, and transmitting Travel Rule data. Non-compliance with the Travel Rule is a material FCA concern and a common cause of registration delays and refusals. The FCA expects operational Travel Rule compliance at the point of application, not a future implementation commitment. |
Blockchain Analytics Not Optional for UK Crypto Businesses
Blockchain analytics is the technical foundation of any credible crypto AML framework. The FCA expects crypto firms to have the capability to identify, investigate, and act on suspicious patterns in on-chain transaction data, which generic transaction monitoring tools cannot provide.
• Recognized providers: Chain lysis, Elliptic, Cipher Trace (Mastercard), TRM Labs, each with different strengths by asset class and risk typology
• Key risk signals to monitor: Mixer and tumbler usage, dark web marketplace exposure, sanctioned wallet addresses, privacy coin transactions, high-risk counterparty VASPs
• Unhosted wallet risk: The FCA expects a clear policy on how the firm assesses, due diligence, and monitors transactions involving non-custodial wallets
• Alert calibration: Alert thresholds must reflect actual risk not be set so high that genuine red flags are missed
• Staff competence: Blockchain analytics tools are only as effective as the people operating them. Staff training is mandatory
Sanctions Screening for Crypto Beyond Name Matching
Crypto firms face sanctions risk at a level of complexity that traditional financial services firms do not. In addition to standard name-based sanctions screening, UK crypto businesses must:
• Screen wallet addresses against OFAC’s SDN list in real-time. OFAC publishes designated wallet addresses alongside designated individuals
• Conduct VASP due diligence on counterparty exchanges and wallet providers including assessment of their own sanctions compliance
• Monitor for indirect sanctions exposure transactions routed through jurisdictions or entities with sanctions connections
• Maintain documented escalation and freeze procedures for sanctions matches
• Stay current with evolving UK (OFSI), EU, and US sanctions programmes the crypto sanctions landscape changes frequently
| Is Your Crypto AML Framework FCA-Ready? Acumen Global Compliance Ltd specialises in FCA crypto registration support, AML frameworks, blockchain analytics implementation, Travel Rule compliance, and full application management. [ Get a Free Crypto Compliance Assessment → acumengcompliance.com ] |
Why FCA Crypto Registration Applications Fail And How to Get Yours Right
The FCA’s rejection and withdrawal rate for crypto registration applications has been materially higher than for other regulated activities. Understanding why applications fail is essential to ensuring yours does not.
| Most Common Failure Reason | Typical Consequence |
| Fit and Proper concerns undisclosed history, sanctions exposure | Refusal or withdrawal |
| Generic AML framework not specific to crypto | Multiple IR rounds possible refusal |
| No blockchain analytics capability was evidenced | Immediate IR 2–4 months additional |
| FATF Travel Rule is not operationally implemented | Major delay or refusal |
| Unhosted wallet policy absent or inadequate | IR 1–3 months additional |
| MLRO lacks genuine crypto AML competence | FCA interview concerns possible refusal |
| Business plan too vague on crypto activities | IR 1–2 months additional |
| AML governance is not evidenced at the board level | 1–3 months additional |
| Sanctions screening is limited to the name only | IR wallet screening evidence required |
6 Ways to Strengthen Your FCA Crypto Registration Application
1. Commission a specialist crypto AML risk assessment before submitting the FCA’s most consistent criticism of crypto applications is that the risk assessment is generic, not crypto-specific.
2. Implement and evidence blockchain analytics before submission, have your integration documented and operational. A plan to implement is not the same as evidence of implementation.
3. Address all Fit and Proper issues proactively, disclose relevant history with context and mitigation, before the FCA discovers it independently.
4. Implement the FATF Travel Rule technically before submitting operational evidence of compliance, not a future commitment.
5. Appoint an MLRO with genuine crypto AML expertise; the FCA will probe their competence. A compliance generalist learning crypto on the job is not adequate.
6. Engage a specialist FCA crypto registration consultant; the complexity and rejection risk in this sector is too high for generalist compliance advice.
| From Acumen Global Compliance, the firms that successfully register with the FCA are not the ones with the most sophisticated technology or the biggest teams. They are the ones with the most specific, evidence-based, and operationally credible AML frameworks. The FCA has reviewed hundreds of crypto applications. Firms that show they genuinely understand their own risk profile and have built controls that demonstrably address it are the ones that get registered. |
FCA Crypto Registration Costs and Timeline in 2026
Understanding the full cost of FCA crypto registration — including the time investment — is essential for commercial planning.
| Stage | Typical Duration |
| Pre-application preparation | 2–4 months |
| FCA application to acknowledgement | 2–4 weeks |
| FCA assessment period | 12–18+ months (no statutory deadline) |
| Information Request cycles (if applicable) | 1–6 months additional per cycle |
| Realistic total: decision-to-apply to FCA decision | 14–24+ months in current environment |
| Cost Category | Approximate Range (2026) |
| FCA application fee | £2,000 – £10,000+ (income-dependent) |
| Blockchain analytics tooling | £12,000 – £60,000+/year |
| Travel Rule solution (setup and ongoing) | £5,000 – £25,000+ |
| MLRO (external appointment or retained) | £40,000 – £80,000+/year |
| Specialist compliance consultancy | Project-based (tailored to scope) |
| Legal costs (incorporation, contracts) | £3,000 – £15,000+ |
| Ongoing FCA annual supervision fee | Variable — income-based |
These figures reflect the reality of operating a compliant UK crypto business in 2026. The FCA’s expectations are high, and meeting them requires genuine investment in people, technology, and specialist expertise. However, the cost of registration is substantially lower than the commercial, legal, and reputational costs of operating unregistered or having an application refused after 18 months.
Registering a Crypto Business in London: What Local Businesses Need to Know
London is Europe’s largest crypto hub by number of registered businesses, VC investment, and talent concentration. The city’s crypto sector spans Shoreditch’s DeFi and NFT startups, Canary Wharf’s institutional crypto ventures, and a diverse community of exchange operators, custody providers, and crypto payment firms spread across the city.
FCA enforcement activity against unregistered London crypto businesses has accelerated significantly in 2024–2026, with public consumer warnings, financial penalties, and criminal referrals. For any London-based crypto business at any stage of its development, FCA registration is not a future consideration. It is an immediate operational requirement.
| London (Primary) | UK-Wide & International |
| Shoreditch, Tech City, Old Street | Manchester, Edinburgh, Leeds |
| City of London, Canary Wharf | Birmingham, Bristol, Cardiff |
| Whitechapel, Stratford, East London | Liverpool, Sheffield, Glasgow |
| Westminster, Mayfair, Holborn | International firms entering UK market |
| Islington, Hackney, Walthamstow | Remote consultancy available UK-wide |
Why London’s Crypto Businesses Choose Acumen Global Compliance
Acumen Global Compliance Ltd is a London-based regulatory compliance consultancy founded and led by Md M A Khan, an FCA compliance expert with more than 15 years of direct regulatory experience and a track record of over 250 successful FCA applications across the payment, e-money, FinTech, and crypto sectors.
Our approach to FCA crypto registration is built on one principle: the FCA wants to see that your AML controls genuinely address the risks of your specific crypto business model. Not a framework borrowed from a bank. Not a policy document that was adequate in 2021. A current, specific, operationally evidenced framework that shows the FCA your business is ready to operate compliantly in 2026.
We provide end-to-end FCA crypto registration support from initial regulatory scoping and AML framework development through to FCA Connect submission, Information Request responses, and interview preparation. We also provide post-registration compliance monitoring to ensure your AML framework remains current as the regulatory environment evolves.
| Ready to Register Your Crypto Business with the FCA? Speak with our London crypto compliance experts. We’ll assess your current position, identify any gaps, and give you a clear roadmap to FCA registration. [ Book a Free Consultation → acumengcompliance.com ] |
1. Do I need to register my crypto business with the FCA in the UK?
2. How long does FCA crypto registration take?
FAQs
Frequently Asked Questions
What is regulatory compliance in financial services?
Regulatory compliance in financial services means following all FCA rules, AML regulations, HMRC requirements, and applicable UK financial laws. It covers KYC, transaction monitoring, governance, Consumer Duty, SMCR, and data protection. Non-compliance can result in serious penalties, including licence removal or criminal prosecution. A qualified regulatory compliance consultant helps businesses manage these obligations efficiently.
What is the SMCR framework, and does it apply to my business?
The SMCR (Senior Managers and Certification Regime) is an FCA framework that holds senior individuals personally accountable for regulated activities. It applies to all FCA-authorised firms, including banks, payment institutions, insurers, and investment firms. The regime requires firms to identify Senior Managers, set clear Statements of Responsibility, and maintain a Responsibilities Map. Acumen Global Compliance provides expert SMCR advisory across the UK.
What is PSD2 and PSD3 compliance in the UK?
PSD2 (Payment Services Directive 2) is the current EU-derived regulation governing payment services in the UK, covering open banking, strong customer authentication, and third-party provider access. PSD3 is the incoming revision that strengthens consumer protection and fraud prevention. UK firms must ensure their payment services architecture, security, and consent frameworks are fully aligned. Acumen Global Compliance offers specialist PSD2 and PSD3 compliance consultant services.
How do I register a fintech company in the UK?
To register a fintech company in the UK, you’ll typically need to incorporate at Companies House, obtain FCA authorisation or registration (depending on your activities), register with HMRC if you’re an MSB, and implement a full compliance framework including AML, KYC, and data protection. The process involves detailed regulatory submissions and business plan assessments. Acumen Global Compliance manages this entire journey for you.
