Crypto Firms
Crypto Firms: FCA Registration, Compliance & Support
What does a crypto firm need to operate legally in the UK?
Every crypto exchange or custodian serving UK customers must register with the FCA and demonstrate strong AML/CTF controls. This includes solid KYC processes, on-chain transaction monitoring, sanctions screening, clear governance, and documented policies tailored to crypto-specific risks. Firms must also meet the UK financial promotions rules and provide clear, compliant customer risk warnings.
How difficult is it to get FCA approval?
The FCA’s crypto registration process is extremely demanding, with bank-level expectations on risk assessments, governance, tooling, and evidence of real operational controls. Many firms are rejected for gaps in documentation or weaknesses in their framework, which is why most applicants need expert compliance and legal support to prepare a complete, credible submission that meets the FCA’s high bar.
Who does this affect?
Crypto-related projects are one of the fastest growing industries and the services associated with them are immensely varied. Firms providing the services listed in the table below* should ensure that they are register as soon as possible:
|
Crypto-asset activity |
Description of services provided |
|
Crypto-asset exchange provider |
A business that provides the following services:
|
|
Crypto-asset Automated Teller Machine (ATM) |
Physical kiosks that allow users to exchange crypto-assets and fiat currencies |
|
Custodian Wallet Providers |
A business that looks after the customer’s tokens in its IT system or server and may administer or transfer the token on behalf of the customer. |
|
Peer to Peer Providers |
A business that provides an online marketplace which facilitates the exchange of fiat currencies and crypto-assets (both fiat-to-crypto and crypto-to-crypto) between prospective buyers and sellers |
|
Issuers of new crypto-asset, e.g. Initial Coin Offering (ICO) or Initial Exchange Offering (IEO) |
A business that sells a crypto-asset, promoted or sold as a new type of crypto-asset or one that will become usable in the future, in exchange for fiat currency. |
|
Publication of open-source software e.g. Non-Custodian Wallet providers |
A business that provides software such as an application, that may be downloaded and used by a customer on their device to store or administer a token, e.g. a non-custodian wallet application that a customer can download onto a device to store the private key in relation to a token. |
What is the application process?
The registration process has been broken down into 4 steps and is summarised in the table below*:
| Step | Process |
| Step 1: Pre-Application Preparation | It is vital that a firm’s entire AML/CTF framework is fully prepared before submitting an application. The FCA will not progress an incomplete or weak submission, and most applications fail at this stage due to gaps in documentation, governance or evidential support. Firms must have a complete business-wide risk assessment, customer-risk model, KYC/CDD processes, on-chain monitoring approach, governance structure, and fully drafted policies. Given the complexity and the high expectations, the FCA expect firms to use specialist consultants and lawyers to design a credible framework and avoid early rejection. |
| Step 2: Application Submission via FCA Connect | The firm submits its full application pack through FCA Connect, including detailed policies, governance evidence, financials, organisational charts, oversight frameworks and senior management declarations. The FCA will only begin assessment once the application is considered complete. |
| Step 3: FCA Review, Queries & Interviews | The FCA conducts an in-depth assessment of the firm’s AML framework, governance arrangements, operational controls and technology. This typically includes requests for additional evidence, interviews with senior management, testing of transaction-monitoring logic, and scrutiny of high-risk customer processes. Most firms experience several rounds of detailed questions. |
| Step 4: Determination & Ongoing Supervision | If the FCA is satisfied that the firm meets the required standard, it will be added to the Cryptoasset Register. Post-registration, firms are subject to ongoing supervision, including periodic audits, financial promotions monitoring, risk-based reviews and potential enforcement action if standards fall short. |
What are the FCA looking for?
The FCA assesses crypto firms against the Money Laundering Regulations and expects a mature, well-evidenced financial crime framework. While the regime is AML/CTF-focused, the FCA applies a high supervisory standard: firms must demonstrate strong governance, clear accountability, credible operational controls, and the ability to monitor crypto-specific financial-crime risks, including on-chain activity. The regulator expects firms to understand their risks, design controls proportionate to those risks, and provide clear evidence that those controls are fully embedded in day-to-day operations.
Crypto firms must also meet expectations set out in the FCA’s Financial Crime Guide, JMLSG Guidance, and the UK financial promotions regime. The FCA is not simply looking for drafted policies — it is looking for genuine operational readiness, appropriate staffing, effective systems, and a senior management team capable of overseeing a high-risk business.
Key Requirements (summarised in the 3 phases below):
| Phase | Requirement |
| Phase 1: Identify your risks | The FCA expects firms to conduct a detailed business-wide AML/CTF risk assessment that reflects their products, customers, geographies, technology and delivery channels. This risk assessment must be specific, evidence-based and fully aligned to crypto-specific typologies, not generic templates. |
| Phase 2: Build a framework | Once risks are understood, firms must build a governance and control framework capable of managing them. This includes defining senior management responsibilities, establishing escalation paths, documenting all financial-crime controls, and designing a monitoring approach that covers on-chain behaviour and fiat flows. |
| Phase 3: Implement the controls | The FCA will expect firms to show that their controls are operational — not theoretical. This includes KYC/CDD processes, enhanced due diligence, sanctions screening, blockchain analytics, transaction-monitoring rules, suspicious-activity reporting procedures, staff training, record-keeping, and quality-assurance reviews. Evidence of live systems and real workflows is essential. |
How AuthoriPay can Help
AuthoriPay specialises in supporting crypto firms through the entire FCA registration journey. We help you:
-
Identify and document your crypto-specific risks
-
Build a compliant governance and AML framework
-
Implement KYC, monitoring and reporting controls
-
Prepare and structure your FCA application pack
-
Respond to FCA queries and evidential requests
-
Strengthen governance and oversight prior to submission
Our approach is practical, experienced and tailored — giving you the best possible chance of meeting the FCA’s high standards and operating in the UK with confidence. We can also introduce you to industry recognised lawyers to help with the legal preperation.
To discuss your requirements or request support with the FCA application process, please contact us.
*Source, FCA Website: https://www.fca.org.uk/firms/financial-crime/cryptoassets-aml-ctf-regime
Get in touch
AuthoriPay Ltd, Milton Hall, Ely Road, Cambridge, CB24 6WZ.