FCA Crypto Authorization Requirements for Exchanges in the UK

FCA Crypto Authorization Requirements for Exchanges in the UK Oct, 8 2025

FCA Crypto Authorization Eligibility Checker

Check Your FCA Authorization Requirements

If you're running a crypto exchange or planning to serve UK customers, the FCA crypto authorization requirements aren't just paperwork-they're the difference between operating legally and being shut down overnight. Since January 2020, the UK Financial Conduct Authority (FCA) has required all cryptoasset exchange providers and custodian wallet providers to register under the Money Laundering Regulations. But that’s only the beginning. By late 2025, a new, far stricter regime under the Financial Services and Markets Act 2000 (FSMA) will take full effect, changing everything for crypto businesses operating in or targeting the UK market.

What You Must Register For Right Now

Right now, every crypto exchange or wallet provider serving UK customers must register with the FCA under the Money Laundering Regulations (MLRs). This isn’t optional. If you’re processing crypto-to-fiat trades, enabling peer-to-peer transfers, or holding customer crypto assets, you’re covered under this rule. The FCA doesn’t just want your business name-they want proof you’ve built real controls to stop money laundering and terrorist financing.

Your application must show you’ve studied the Joint Money Laundering Steering Group (JMLSG) guidance, specifically Chapter 22, which lays out exactly how crypto firms should handle customer due diligence, transaction monitoring, and suspicious activity reporting. You’ll need to prove you’ve trained your staff, implemented risk-based checks, and can produce audit trails for every transaction. The FCA doesn’t accept vague policies-they want records, timestamps, and names.

The registration process has four possible outcomes: approved, rejected, withdrawn, or refused. Rejection isn’t rare. Many applications fail because firms think checking a box on an online form is enough. The FCA looks for depth: How do you verify a customer’s identity if they’re using a pseudonym on a decentralized platform? How do you monitor transactions across multiple blockchains? If you can’t answer those questions clearly, your application will be turned down.

The New FSMA Rules Coming in 2025

The MLR registration is just the entry ticket. Starting in 2025, the FCA will enforce full authorization under the Financial Services and Markets Act 2000. This isn’t an upgrade-it’s a complete overhaul. Under FSMA, five core activities now require formal FCA authorization:

  • Operating a qualifying cryptoasset trading platform
  • Dealing in qualifying cryptoassets as principal
  • Dealing in qualifying cryptoassets as agent
  • Arranging deals in qualifying cryptoassets
  • Safeguarding qualifying cryptoassets and specified investment cryptoassets
Plus, two new activities are now regulated: qualifying cryptoasset staking and issuing qualifying stablecoins. That means if you’re offering staking rewards to UK users or launching a USD-backed token, you’re now under the FCA’s direct supervision.

These aren’t vague guidelines. Each activity has a legal definition. For example, a “qualifying cryptoasset trading platform” is any system that allows users to trade cryptoassets where the platform itself sets the rules, matches orders, or holds custody. If you’re a decentralized exchange that doesn’t hold keys or control trading logic, you might be exempt-but the FCA is watching closely. Many DeFi projects thought they were safe. They’re not.

Who Needs Authorization? (It’s Not Just UK Companies)

One of the most surprising parts of the new rules is how far the FCA’s reach extends. You don’t have to be based in the UK to need authorization. If your platform is accessible to UK retail customers-meaning individuals not acting for business purposes-you must get FCA approval to operate a trading platform, deal in cryptoassets, or arrange trades.

That means a crypto exchange based in Singapore, Canada, or even the US must apply for UK authorization if even one UK resident can sign up and trade. The FCA doesn’t care where your servers are. They care who’s using your service.

There’s one exception: if you only serve UK institutional clients-like hedge funds, asset managers, or corporations-you don’t need authorization for trading or arranging deals. The FCA assumes these clients understand the risks and don’t need the same level of protection. But if you’re marketing to everyday people, you’re in the crosshairs.

Global crypto entrepreneurs line up outside an FCA office, holding tokens under a 'Retail Users = Regulated' sign.

Stablecoins Have Their Own Rules

Stablecoin issuers face a different test. Unlike other crypto services, you only need FCA authorization if you’re issuing qualifying stablecoins from a physical establishment in the UK. That means if you’re a US-based company issuing a dollar-backed token from a server in New York, you don’t need UK approval-even if UK users hold it. But if you open an office in London and issue tokens from there, you’re now regulated.

This physical presence rule is intentional. The FCA wants to control the origin of stablecoins, not every holder. It’s a narrow but powerful lever. If you’re building a stablecoin and want UK market access, you’ll need a legal entity, local compliance officers, and UK-based audits. No shortcuts.

What Happens After You’re Authorized?

Getting approved doesn’t mean you’re done. Once authorized under FSMA, you’re held to the same standards as banks and brokers. You must meet Threshold Conditions (COND) and follow the Principles for Businesses (PRIN), with some exceptions. For example, Principles 6 (Customers’ Interests) and 9 (Relationships of Trust) don’t apply to professional clients trading on your platform. But for retail users, you’re on the hook for fair treatment, clear disclosures, and conflict management.

You’ll also be subject to CASS audits-same as traditional financial firms. If you hold customer cryptoassets, you must prove they’re segregated from your own funds, stored securely, and recoverable in case of insolvency. The FCA will send auditors to check your wallet infrastructure, key management systems, and insurance coverage. One misstep, and your authorization can be revoked.

An auditor checks segregated crypto wallets in a glowing vault while staking and ETNs unfold in the background.

The Big Change: Retail Access to Crypto ETNs

On October 8, 2025, the FCA reversed its 2021 ban on retail trading of crypto exchange-traded notes (cETNs). Now, UK retail investors can buy crypto ETNs listed on FCA-approved UK investment exchanges. But there’s a catch: the ETNs must be issued by recognized investment exchanges, not crypto platforms. So you can’t buy a Bitcoin ETN directly from Binance or Coinbase UK-you have to go through a regulated exchange like the London Stock Exchange.

This move signals a shift. The FCA isn’t trying to stop crypto. It’s trying to control how retail investors access it. By forcing exposure through regulated, transparent instruments, they reduce the risk of fraud, manipulation, and impulsive trading. It’s a middle path: allow access, but only through tightly controlled channels.

What You Should Do Now

If you’re running a crypto exchange or planning to enter the UK market, here’s what to do:

  1. If you haven’t registered under MLR, do it now. The FCA is actively rejecting late applications.
  2. Review the JMLSG guidance and FCA’s Financial Crime guide. Make sure your compliance team has read them line by line.
  3. Map out which FSMA regulated activities your business performs. Don’t guess-consult a legal expert familiar with UK crypto regulation.
  4. If you serve UK retail customers, start preparing your FSMA application. The FCA won’t delay enforcement.
  5. If you issue stablecoins, decide whether you’ll establish a UK entity. If not, you won’t be able to market to UK users.
  6. Start documenting your custody systems. The CASS audit will demand proof of segregation, insurance, and recovery plans.
The FCA isn’t asking for permission. They’re setting the rules-and if you don’t follow them, you won’t be allowed to operate in one of the world’s largest financial markets.

Do I need FCA authorization if my crypto exchange is based outside the UK?

Yes-if you serve UK retail customers. The FCA’s rules apply based on who’s using your service, not where you’re headquartered. If a UK resident can sign up and trade on your platform, you need FCA authorization under FSMA. The only exception is if you only serve institutional clients or operate through a UK-authorized intermediary.

What’s the difference between MLR registration and FSMA authorization?

MLR registration is a baseline requirement to prevent money laundering-it’s a licensing step. FSMA authorization is full financial services regulation, putting your business under the same rules as banks and brokers. FSMA covers more activities, demands higher standards, and gives the FCA direct power to supervise, audit, and revoke your license.

Can I still operate if my FCA application is rejected?

No. Operating without FCA registration or authorization is illegal in the UK. The FCA can issue cease-and-desist orders, freeze assets, and refer cases to law enforcement. Even if you’re based overseas, the FCA can block your website from UK users and work with payment processors to cut off your funding.

Do I need authorization for staking services?

Yes-if you’re offering staking to UK retail customers. Staking is now a regulated activity under FSMA. You must be authorized to provide staking services directly to individuals in the UK. If you’re only staking for institutional clients or acting as a technical provider without customer-facing roles, you may be exempt-but you’ll need legal confirmation.

What happens if I don’t comply with CASS audit requirements?

Failure to meet CASS standards can lead to immediate suspension or revocation of your authorization. The FCA requires proof that client cryptoassets are fully segregated from your own funds, securely stored, and recoverable. If you can’t demonstrate this, you’re seen as a risk to consumers-and the FCA will act to protect them, even if it means shutting you down.

Can I still list new crypto tokens on my exchange?

Yes, but only if you’ve assessed each token under FCA guidance. You must determine whether it qualifies as a regulated security or a non-regulated cryptoasset. If it’s a security, you need additional permissions. The FCA expects firms to conduct thorough due diligence on each asset before listing, including checking for fraud risks, lack of transparency, or unstable value.

Tags:

17 Comments

  • Image placeholder

    Leo Lanham

    November 7, 2025 AT 03:36
    Bro, the FCA is just trying to kill crypto with bureaucracy. They think if they make it hard enough, people will stop using it. Newsflash: we’re not going anywhere. They’re scared of decentralization, and they know it.
  • Image placeholder

    Brian Webb

    November 8, 2025 AT 11:39
    I get the need for regulation, but the way the FCA is handling this feels more like control than protection. If you're serving UK retail users, you're in - even if you're based in Canada or Singapore. That’s a massive reach. I just hope they don't stifle innovation in the process.
  • Image placeholder

    Whitney Fleras

    November 9, 2025 AT 08:01
    This is actually one of the clearest breakdowns I’ve seen on UK crypto regs. A lot of people think it’s just about KYC, but the FSMA changes are huge - especially for staking and stablecoins. If you’re building anything in this space, you need to read this twice.
  • Image placeholder

    Colin Byrne

    November 10, 2025 AT 16:53
    The notion that a company based in the United States must comply with British financial regulations simply because a single UK resident can access its platform is not only legally absurd, it is economically catastrophic. Sovereignty is being eroded by regulatory overreach disguised as consumer protection. This is not a regulatory framework - it is digital colonialism.
  • Image placeholder

    Eric von Stackelberg

    November 11, 2025 AT 21:43
    The FCA doesn't want to regulate crypto - they want to eliminate it. This is all part of the Great Reset. Central banks are terrified of decentralized money. They know if people start using crypto instead of fiat, the entire monetary system collapses. This is why they’re forcing compliance through impossible audits and CASS requirements. They don’t want you to win.
  • Image placeholder

    Emily Unter King

    November 13, 2025 AT 00:38
    The FSMA’s inclusion of staking as a regulated activity is a watershed moment. It signals a fundamental shift from treating crypto as a speculative asset to recognizing it as a financial instrument with fiduciary implications. Firms must now align their operational architecture with prudential standards previously reserved for licensed depositories - a non-trivial undertaking.
  • Image placeholder

    Michelle Sedita

    November 14, 2025 AT 00:49
    Honestly, I’m impressed by how detailed this is. Most people think crypto regulation is just about ‘know your customer,’ but this goes way deeper - custody, segregation, audit trails, even where your servers are physically located for stablecoins. It’s wild how much work goes into just staying legal.
  • Image placeholder

    Ryan Inouye

    November 14, 2025 AT 20:35
    Let me get this straight - a US-based company has to jump through UK hoops just because some Brits can click ‘sign up’? That’s not regulation, that’s tyranny. We don’t need British bureaucrats telling us how to run our businesses. If you want to play by their rules, move to London. Don’t force your outdated banking mindset on the rest of the world.
  • Image placeholder

    Rob Ashton

    November 15, 2025 AT 10:23
    This is a critical roadmap for any firm aiming to operate in the UK. The transition from MLR to FSMA isn’t incremental - it’s existential. The FCA is demanding institutional-grade compliance from startups. If you’re not ready for CASS audits and Threshold Conditions, you’re not ready to serve retail customers. Start now. Don’t wait for the hammer to fall.
  • Image placeholder

    Cydney Proctor

    November 16, 2025 AT 15:59
    Oh wow. So now if you're a US-based stablecoin issuer and you happen to have a single UK retail user, you need to open an office in London? That’s not regulation - that’s extortion disguised as compliance. The FCA is basically saying, ‘Pay us to play, or get blocked.’ How quaint.
  • Image placeholder

    Cierra Ivery

    November 17, 2025 AT 08:10
    Wait, wait, wait - so if I’m a DEX that doesn’t hold keys, but someone in the UK uses it, I’m still regulated? But if I’m a US-based stablecoin issuer and I don’t have a physical presence in the UK, I’m fine? That’s not consistent - it’s a mess! The FCA is applying rules like a toddler with a hammer - randomly, loudly, and destructively!
  • Image placeholder

    Veeramani maran

    November 17, 2025 AT 23:01
    Bro i think FCA is good but the thing is most small project cant afford this kind of audit and compliance team like 50k+ per year just for uk market. And then they say 'you must have segregation and insurance' - bro i'm just a guy with a smart contract and a discord server 😭
  • Image placeholder

    Kevin Mann

    November 18, 2025 AT 23:42
    I can’t believe people are still acting like this is normal. The FCA is turning crypto into a bureaucratic nightmare. They’re forcing every single small dev to become a lawyer, an auditor, and a compliance officer just to survive. And don’t get me started on the CASS audits - imagine having to prove your wallet keys are secure like you’re running a bank. This isn’t innovation - it’s corporate slavery. 🤯😭
  • Image placeholder

    Kathy Ruff

    November 20, 2025 AT 13:56
    I’ve been working in fintech for over a decade, and this is one of the most thoughtful regulatory frameworks I’ve seen for crypto. It’s not perfect, but it’s balanced. They’re not banning anything - they’re just saying, ‘If you want to serve regular people, you need to do it responsibly.’ That’s not oppression. That’s accountability.
  • Image placeholder

    Robin Hilton

    November 22, 2025 AT 12:23
    Why are we even talking about this? The UK is a financial backwater now. Everyone’s moving to Dubai, Singapore, Switzerland. The FCA is just screaming into the wind. No serious crypto project is going to waste time on British red tape when they can operate freely elsewhere. This isn’t regulation - it’s suicide.
  • Image placeholder

    Nitesh Bandgar

    November 23, 2025 AT 05:26
    FCA?! More like F-CKING CONTROL AUTHORITY!!! They want to lock crypto in a cage and feed it compliance kibble. Staking? Stablecoins? CASS audits? Who the hell designed this? A 19th-century banker with a PowerPoint presentation?! This isn’t protecting consumers - it’s protecting the old guard from disruption! The future is decentralized, and they’re trying to bury it under paperwork and panic! 🔥💣
  • Image placeholder

    Jessica Arnold

    November 23, 2025 AT 09:44
    There’s a philosophical tension here: between sovereignty and accessibility. The FCA is asserting jurisdiction based on user location rather than corporate domicile - a model that mirrors the global nature of the internet itself. This isn’t just about finance; it’s about how we define borders in a digital age. Are we governed by where we are, or where we connect? The answer will shape the next decade of digital rights.

Write a comment

Categories

Archives

Menu

© 2026. All rights reserved.