The path to Cryptoassets regulation in the UK

The FCA has the oversight to check that cryptoasset firms have effective and governed anti-money laundering (AML) and terrorist financing procedures in place, but generally, cryptoassets themselves a


Avatar Placeholder

The FCA has the oversight to check that cryptoasset firms have effective and governed anti-money laundering (AML) and terrorist financing procedures in place, but generally, cryptoassets themselves are not regulated. Security tokens (tokens with certain characteristics that provide rights and obligations akin to specified investments, like a share or a debt instrument) are the only FCA-regulated cryptoasset.

Exchange tokens (such as Bitcoin, Ethereum, and other cryptocurrencies) are only regulated in the UK for money laundering purposes (AML). If cryptoassets firms are registered with the FCA it means they follow a level of AML regulation acceptable to the FCA and conduct appropriate customer due diligence and checks before onboarding clients.


The FCA has been the AML and Combating Financing of Terrorism (CFT) supervisor of UK cryptoasset businesses since January 2020. Since then, they have received over 300 applications for registration under the Money Laundering, Terrorist Financing, and Transfer of Funds Regulations 2017 (MLRs). As of January 2023, out of the applications the FCA determined, they approved and registered 41 (15%), whereas 195 (74%) either refused or withdrew their application and 29 (11%) of submissions were rejected.

The FCA has recently released an article on applications that can act as a “best practice” guide to help applicants when they prepare their applications for registration. This will no doubt help make the process as simple and efficient as possible.

Do I need to register with the FCA for carrying out cryptoasset activity?

If in doubt, the FCA has produced a helpful flowchart that lays out which firms need to be registered.

Consequences of non-compliance

The FCA states that cryptoassets firms who do not comply with the regulation will face a multitude of consequences, for instance, firms failing to meet regulatory obligations will be blacklisted and see banks unable to provide services to them. Regulators however also have the power to shut down firms altogether. A recent change has also come into force. From 11th August 2022, any person who decides to acquire 25% or more control of an FCA-registered cryptoasset firm must receive prior FCA approval before completing the transaction.

So, what next? How do I register?

First, you need to fill in the online application form and pay the FCA a registration fee. This is all completed on the FCAs “Connect” system.

The FCA will ask for information about the applicant and key individuals within the firm, there may be a requirement for additional information beyond the basics in this section and applicants should be prepared to allow 3-6 months for the entire application process. The FCA has the right to suspend or cancel the registration if it does not meet the requirements of the regulations.

Beyond the above the FCA will require the applicant to appoint a Money Laundering Reporting Officer (MLRO)/Nominated Officer with relevant knowledge, experience, and training as well as a level of authority, independence, and sufficient access to resources and information, to enable them to monitor and manage compliance with policies, procedures, and controls to carry out their roles and responsibilities under the MLRs. This individual should have adequate skills and experience to manage the application and answer any additional information that may be required. There are many areas of the business that the FCA will require information on, and we have outlined the key areas below.

Business Plan

The FCA requires firms to provide evidence of a business plan. The plan should not only display the firm’s business model, roles, and responsibilities of business partners but be holistic and include other aspects of the business such as compliance oversight, risk mitigation, and financial controls. The FCA has also stated that a business plan should be submitted together with a forecast for any component of the plan.

Risk Assessment

Regulators want applicant firms to display knowledge of thorough understanding of the risks that come from dealing with cryptoassets as well as a business-wide risk assessment (BWRA). The BWRA should take into consideration any AML/ CTF risks and assess any proliferation financing risks. The understanding of the risk incurred by the firm as well as a solid BWRA will be fundamental to the approval of the license.

Policy and Controls

Considering the importance of the BWRA for regulators it is expected that firms will also need to provide policies, systems, and control in place to mitigate risks emerging from the BWRA, as well as evidence of the strength of these controls. However, the FCA also expects firms to provide evidence of a strong AML framework and a strong governance structure.

The application process is comprehensive and thorough, where relevant, applicants should consider seeking independent compliance advice as part of preparing a successful application. Applicants are required to demonstrate that they are agile in their approach and prepared to deal with a rapidly evolving regulatory framework, scanning for emerging risks and industry changes, and tracking financial crime typologies and new rules that could affect their business operations.

How Delta Capita can help

Delta Capita has an experienced and dedicated team that provides expertise in cryptoassets regulatory compliance across many financial institutions.

This experience gives us a good view of industry best practices and financial regulations. For organisations impacted by these changes, we can provide valuable insights and ensure your firm is always aligned with the latest regulations and licenses.

To find out more and speak to one of our experts, contact us.

This article was written by Tom Stringer and Alessio Anulli.