UK cryptoasset firms had to follow a framework that requires registration with the Financial Conduct Authority (FCA) under the Money Laundering Regulations (MLRs). However, regulations and certain requirements, like in many jurisdictions, have changed over the years to become stricter. Cryptocurrencies or virtual assets (VAs) are now the equivalent of traditional financial means, having the same regulatory requirements and Anti-Money Laundering (AML) rules as traditional financial institutions.
Yet, in practice, there’s a whole different story. Last year, FCA fines for AML and Know Your Customer (KYC) failures hit a record £124 million, including giants like Monzo slipping with huge cases of non-compliance. To fix that and improve guidelines, especially in the crypto sector, the FCA finalized its guidance for the UK’s new cryptoasset regime on 30 June 2026. It included policy statements about market abuse, regulated activities, trading admissions, and stablecoin issuance.
I explain in a simple manner which obligations UK crypto firms need to follow and how to support each requirement in practice below.
This guide is for: compliance officers, MLROs, and founders at UK cryptoasset firms (exchanges, custodians, brokers, stablecoin issuers, staking providers, etc.) preparing for FCA authorization under the Cryptoassets Regulations 2026, including overseas platforms serving UK customers who need to understand whether the new perimeter catches them.
This guide is not for: retail crypto investors looking for tax or investment guidance (HMRC covers cryptoasset taxation separately), firms dealing exclusively in security tokens or e-money already regulated under existing FSMA/EMR frameworks, or fully out-of-scope projects like non-transferable NFTs.
Who is the Regulator for Crypto in the UK?
The Financial Conduct Authority (FCA) is the main regulator for cryptoasset firms in the UK. This requires any company carrying out cryptoasset activity in the UK to register its activity with the FCA under the Money Laundering Regulations (MLRs) as a way to comply with AML rules. Regulated businesses include exchanges, custodian wallet providers, and similar firms working with cryptoassets.
The FCA doesn’t oversee the UK crypto industry alone. Other key authorities include:
- HM Treasury sets the legislative framework and decides which activities fall inside the regulatory perimeter
- The Bank of England shares responsibility for stablecoins that reach systemic scale, regulating them jointly with the FCA
- HMRC handles the tax treatment of cryptoassets
- The National Crime Agency receives suspicious activity reports filed by crypto entities
Under the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, the FCA moved from supervising crypto firms purely for AML and financial promotions compliance to full conduct, prudential, and market oversight. This is the same standard/model applied to banks and investment firms and is expected to be applied to UK crypto firms in full force in 2027.

If you’re operating in the UK as a crypto platform, you should register with the FCA and follow its guidelines to comply with more stringent requirements in the near future without the hassle or stress that can come with it when you’re chasing regulatory deadlines.
You can fill out a quick form here and subscribe to FCA’s news regarding cryptoassets.
KYC for crypto and blockchain
Stay compliant with evolving crypto regulations. iDenfy helps exchanges and DeFi platforms verify users globally.
Explore Crypto SolutionWhat are the Main Crypto Regulations in the UK?
The main requirements that UK crypto platforms need to follow include:
-> The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, or simply the MLRs
This regulation defines the general AML obligations and the main responsibility for crypto firms in the UK, which is the mandatory FCA registration requirement. That said, it has been amended over the years via:
- Implementation of the EU’s AMLD5 in 2019,
- Extension of the Travel Rule to cryptoasset transfers in 2022.
- Most recently, through the Money Laundering and Terrorist Financing (Amendment) Regulations 2026
For example, the latest amendments narrow mandatory enhanced due diligence (EDD) to “unusually complex” transactions and limit automatic EDD to FATF’s high-risk countries/Call-for-Action jurisdictions.
Related: KYC in Blockchain & Crypto: A Complete Compliance Guide
-> The Terrorism Act 2000 and the Proceeds of Crime Act 2002 (POCA), which set the reporting regime for UK entities and their SAR filing processes
Like in other jurisdictions, UK crypto companies are required to track and monitor users and trigger EDD measures, like continuous monitoring, if a high-risk situation escalates this need. If suspicious activity is actually detected, the firm needs to file a Suspicious Activity Report (SAR). It typically explains every detail and works like a case file, following the who-what-where-when-how-why structure.
This means analysts working with the case log the full name, DOB, address, and key identifiers (like a passport) for individuals and the exact legal name, trading name, Company Registration Number (CRN) issued by Companies House and the country of incorporation for corporate entities. Often, SARs are submitted when a suspicion of money laundering, terrorism financing, or other AML-related crimes is detected. UK crypto firms do this via the National Crime Agency (NCA) portal.
Related: Know Your Business (KYB) for UK Firms [Guide]
-> The Sanctions and Anti-Money Laundering Act 2018 (SAMLA), responsible for UK sanctions legislation
Enforced on the financial sanctions side by the Office of Financial Sanctions Implementation (OFSI), part of HM Treasury, this is the main UK sanctions legislation, under which the UK’s post-Brexit sanctions regime has operated since the end of 2020.
Cryptoassets are treated no differently from cash or property, meaning that transferring crypto to (or receiving it from) a designated/sanctioned person breaches the sanctions regime. UK crypto firms are obliged to screen their customers and their transactions against the UK sanctions list.
UK Cryptoassets and their Main Types
The UK doesn’t regulate all crypto firms in the same way. Depending on the type of cryptoassets a business deals with, different regulations in the UK can apply.
“To be able to get funds from our community, we need to solve all of the compliance checks first — the KYC and the AML checks.”
— Founder, crypto token launchpad via a meeting with iDenfy
There are three categories of UK cryptoassets, which are:
- E-money tokens. This includes stablecoins that are fiat-backed, making them qualify as electronic money, subject to Payment Services Regulations (PSRs) or Electronic Money Regulations (EMRs).
- Security tokens. Similar to bonds or shares, the FCA regulated security tokens under the Financial Services and Markets Act (FSMA). For example, Archax, which is the first FCA-authorized digital securities exchange, is used by institutions like Lloyds.
- Other cryptoassets. Includes known examples like Ether or Bitcoin, exchange or utility tokens that are traditionally regulated under AML compliance and the MLRs.
Related: KYC Requirements in the UK
What Does Full Authorization Under FSMA Mean for UK Crypto Platforms?
Due to recent changes under the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, UK crypto firms will need full FCA authorization instead of the old “registration-only” approach:
MLR registration (old) -> FSMA authorization (new)
This means that crypto platforms will be part of the UK’s full financial regulatory framework, not just standard AML protocols. As a crypto firm, you’ll need:
- Proper risk management strategy
- Financial stability before being able to legally operate and establish your platform in the UK (similar to how a UK bank operates, for example)
For example, some executives from major UK crypto firms welcomed the final guidance positively and praised the new rules for the UK crypto market as proportionate and “an opportunity to develop and grow their businesses in a competitive jurisdiction”. The new rules are set to apply from 25 October 2027.
Requirements like “financial stability” have concrete grounds with published figures from the FCA. For example, stablecoin issuers face a strict demand for a £350,000 permanent minimum capital requirement, different from a practice that the EU follows. However, there are other nuances, like some softened original requirements after receiving the community’s feedback. For instance, the FCA reduced the K-SII capital rule for stablecoin issuers from 2% to 1%, while the EU’s MiCA framework continues to be set at 2%.
Other important dates that you should add to your compliance calendar:
-> 30 September 2026. The FCA authorization gateway opens. Pre-application support meetings are already available.
-> 28 February 2027. The end of the priority application window. Firms applying by this date benefit from a saving provision. If the FCA has not determined their application by go-live, they may continue operating until it does.
-> 25 October 2027. This regime takes full effect. Unauthorized firms must stop operating their UK cryptoasset platform.
Related: How Does AML Apply to Crypto? [With Examples]
Which UK Cryptoasset Firms Need to Comply With the Cryptoassets Regulations 2026?
Six activities that will require FCA authorization when carried out in/into the UK include the following:
- Operating a cryptoasset trading platform (exchanges matching buyers and sellers of qualifying cryptoassets)
- Dealing in qualifying cryptoassets as principal or agent (brokers, OTC desks, and market makers)
- Arranging deals in qualifying cryptoassets (intermediaries that route or facilitate orders without executing them)
- Safeguarding (custody) (firms holding cryptoassets or the means of access to them on behalf of clients, including custodian wallet providers)
- Issuing qualifying stablecoins from the UK (subject to the separate stablecoin rulebook, backing-asset requirements, and the £350,000 minimum capital floor)
- Staking arrangements (firms operating or arranging staking services for UK customers)
Does MLR Registration Automatically Equal Authorization?
No. If your firm holds MLR registration today, that registration does not convert into authorization. Every obliged UK crypto firm (including those registered since 2020) will need to apply through the cryptoasset gateway via the standard Connect portal (deadlines are set to run from 30 September 2026 to 28 February 2027).
Also, these new requirements apply to firms that operate abroad but still serve UK customers. So, you generally can’t avoid FCA authorization if you provide regulated cryptoasset services in the UK.
How to Prepare as a UK Crypto Firm Before October 2027
You’ll need to review and map out your activities against the six regulated cryptoasset categories. Often, many crypto firms operate various services, which means you’ll need multiple permissions. For example, an exchange with custody and staking products needs permissions for each category.
“We recently just got licensed by the FCA. Currently, we’re looking for a screening vendor just to start the business.”
— Compliance Manager, FCA-licensed UK fintech via a meeting with iDenfy
On that note, standard KYC/AML controls aren’t going anywhere, as they’re continuing to be valid as the essence of the new crypto regime. That means poor or the lack of ID verification, PEPs & sanctions screening, risk assessment, transaction monitoring, etc., will negatively affect your authorization application.
Strong KYC/AML infrastructure is also the part of the application that you can fix the fastest. Crypto platforms working with iDenfy have already automated exactly the controls the FCA will scrutinize. For example:
-> HollaEx, a white-label crypto exchange provider, replaced manual ID reviews with an automated KYC workflow and saw package upgrades rise 10–15% after bundling it into its exchange offering.
-> Neobridge, which bridges decentralized wallets with traditional banking rails, used iDenfy’s KYC and AML screening (sanctions, PEPs, and watchlists) solutions to comply with its banking partners’ compliance expectations.
-> Coinzilla, a crypto advertising network, standardized its KYB workflow with automated data collection and custom onboarding questionnaires, which is the same corporate due diligence the FCA expects for business clients.
You can have a look at all use cases for more info.
Other tips:
- Assess the gaps against the new rulebook. Currently, the FCA’s June 2026 policy statements are the standards you’ll be authorized against. Check the conduct, Consumer Duty, custody standards, prudential requirements, and market abuse rules.
- Build up your financial position. This means you need to ensure you meet capital and liquidity requirements and have clear audit backing demonstrating that you meet the thresholds.
- Complete and submit your application early. The FCA has already signaled it will reject incomplete submissions rather than help or coach UK crypto firms to fix them. That indicates that the authorization bar is higher than the previous MLR registration system.
“You should have a proper contract because an auditor or regulator might always do due diligence on your processes.”
— Robert Kotov, Head of Partnerships, iDenfy
At iDenfy, we specialize in crypto compliance (KYC/KB & AML), covering industry-specific requirements in 200+ countries and jurisdictions, including the UK. Try out our identity verification service for crypto for free today.