The UK crypto regulatory landscape is entering a decisive new phase. From 2026, cryptoasset firms operating in or from the UK will face a fundamental shift away from the current AML-only registration regime towards full financial services regulation under the Financial Services and Markets Act (FSMA).
For many firms, this will represent the most significant regulatory change since the FCA introduced cryptoasset registration under the Money Laundering Regulations. For some businesses, it will determine whether continuing to operate in the UK market is realistic at all.
From AML registration to full FCA authorisation
Today, most UK crypto firms are registered with the FCA under the Money Laundering Regulations. This regime is deliberately limited in scope. The FCA supervises firms only for anti-money laundering and counter-terrorist financing compliance. It does not assess financial resilience, safeguarding of client assets, consumer protection standards or wider governance arrangements.
From 2026, this position will change materially.
Using powers introduced by the Financial Services and Markets Act 2023, HM Treasury and the FCA are bringing cryptoasset activities fully within the UK regulatory perimeter. Firms carrying on regulated cryptoasset activities will need to become FCA-authorised persons, subject to ongoing prudential, conduct, safeguarding and governance requirements.
In practical terms, crypto firms will move from being registered to being authorised, and will be assessed in a similar way to other regulated financial services businesses.
Regulatory update – December 2025
The FCA has today published a further consultation setting out its proposed prudential framework for cryptoasset firms. This consultation confirms that from 2026, authorised crypto firms will be subject to explicit capital, liquidity and risk assessment requirements, calibrated to the nature, scale and complexity of their activities.
This reinforces that UK crypto regulation is moving decisively beyond AML compliance. Financial resilience, orderly wind-down and the ability to absorb losses without consumer harm are now central regulatory objectives.
Who the new regime will apply to
The FSMA crypto framework will apply to firms carrying on regulated cryptoasset activities in or from the UK. This includes firms operating:
- cryptoasset trading platforms or exchanges
- crypto custody or wallet services
- cryptoasset dealing or brokerage models
- arranging or intermediary cryptoasset services
- certain staking and intermediation activities
Both new market entrants and existing MLR-registered firms will be affected. For most commercial crypto business models, AML registration alone will no longer be sufficient.
What the FCA will require from crypto firms
While detailed rules are still being finalised, the FCA has been clear and consistent about the standards it expects crypto firms to meet. These requirements align closely with those applied across the wider financial services sector.
Prudential requirements
Crypto firms will be required to maintain regulatory capital and liquidity appropriate to the risks they pose. The FCA’s proposed prudential regime introduces minimum own funds requirements, risk-based capital calculations and ongoing assessments of financial resilience.
For firms accustomed to operating with limited balance sheet oversight, this represents a significant step change. Weak capitalisation or unclear funding models are likely to be a barrier to authorisation.
Safeguarding and custody controls
Firms providing crypto wallets or custody services will be subject to some of the most stringent expectations under the new regime. The FCA has consistently identified custody as a high-risk activity due to the potential for consumer harm, operational failure and loss of client assets.
Wallet providers will be expected to demonstrate clear legal ownership structures for client cryptoassets, robust segregation between client and firm assets, secure wallet architecture and key management arrangements, and credible incident, loss and insolvency planning. Custody models relying on informal controls, undocumented practices or weak financial backing are unlikely to meet FCA authorisation standards.
For many firms, custody readiness rather than AML compliance is likely to be the decisive factor in whether authorisation is achievable.
Governance and accountability
Crypto firms will be expected to operate with clear and effective governance arrangements. This includes defined senior management accountability, appropriate experience and competence at board and executive level, and documented risk management and decision-making processes.
Crypto businesses will be assessed as regulated financial services firms, not as experimental technology ventures.
Conduct and consumer protection
New conduct requirements will govern how crypto firms communicate with customers, disclose risks, handle complaints and respond to operational incidents. The FCA has made clear that consumer protection in crypto markets will be delivered through enforceable conduct standards, not disclosure alone.
Ongoing AML integration
AML and counter-terrorist financing obligations will continue to apply. However, AML compliance will sit within a broader regulatory framework, with increased FCA scrutiny of how financial crime controls interact with governance, systems and controls across the firm.
What this means for existing MLR-registered firms
Existing crypto firms should expect a transitional period during 2026 in which to apply for full FCA authorisation. This should not be viewed as a low-risk grace period. Firms that cannot demonstrate credible progress towards authorisation may be required to restrict or cease regulated crypto activities.
The FCA has been clear that it does not intend to replicate the extended temporary regimes of the past. Firms that are not demonstrably authorisation-ready are unlikely to be permitted to continue operating indefinitely.
What new entrants should be doing now
Firms looking to launch crypto products in 2025 or early 2026 should design their businesses on the assumption that the FSMA regime already applies. Building to AML-only standards risks costly re-engineering, delays to authorisation or forced exit once the new rules take effect.
Early alignment with prudential, safeguarding and governance expectations will materially improve the prospects of successful FCA authorisation.
How AuthoriPay supports crypto firms
AuthoriPay supports crypto firms through every stage of this regulatory transition. Our work includes regulatory gap analysis against future FCA expectations, design and implementation of AML and safeguarding frameworks, custody and wallet readiness assessments, pre-application regulatory strategy and ongoing compliance support for firms preparing for FCA authorisation.
The move to full FSMA regulation is already influencing FCA decision-making today. For crypto firms operating in the UK, preparation for 2026 is no longer optional.
If you would like to discuss how these changes affect your business, or assess your readiness for FCA authorisation, please contact AuthoriPay for an initial consultation.
Informazioni su AuthoriPay
AuthoriPay is a specialised consultancy firm providing regulatory compliance support to UK firms in the Fintech and NPPS sectors. The co-founders have over 40 years combined experience working directly for regulated firms and the consultancy practitioners that they rely on. AuthoriPay has significant experience in providing a wide range of safeguarding services, from audits to remediation work following reviews from regulators. AuthoriPay is fully versed in all matters of fintech compliance. AuthoriPay and its consultants are members of the Association of Professional Compliance Consultants and Advisory member of the Canadian MSB association. AuthoriPay is a Leader of the UK Payments Association.