UK FCA Cryptoasset Authorisation Under PS23/6 (2026)

Post-Brexit, the United Kingdom runs its own crypto regulatory regime separate from MiCA — and historically the most demanding of the major Western regulators. The Financial Services and Markets Act 2023 created the Designated Activities Regime, the FCA's PS23/6 brought cryptoasset financial promotions inside the FSMA Section 21 perimeter from October 2023, and the full authorisation framework signalled in DP23/4 is now rolling out through 2026–2027 across cryptoasset issuance, exchange, custody, lending, and stablecoin issuance.¹^[1]²^[2]³^[3]

The Financial Conduct Authority's track record on crypto remains the most demanding of any G7 regulator. Approximately 75% of firms that applied for the legacy MLR 2017 cryptoasset register between 2020 and 2023 were rejected or withdrew. The new authorisation regime will be at least as rigorous — likely more so — bringing crypto firms inside the Senior Managers and Certification Regime, requiring full prudential capital, and embedding crypto firms in the FCA's standard supervisory model rather than treating them as a separate AML-only category.⁵^[4]

This guide explains the current state of UK cryptoasset regulation, the timeline for the full authorisation regime, the financial promotions regime that already applies, the legacy MLR 2017 register that is sunsetting, the documents and substance the FCA expects in an authorisation file, the cost and timeline of a serious application, and how UK FCA authorisation compares to MiCA CASP for firms choosing where to base their crypto business.

Three regimes apply to crypto firms operating in or from the UK in 2026. Each addresses a different perimeter and they cumulate rather than substitute: a firm with UK customers may need to comply with all three simultaneously.

FCA PS23/6 brought qualifying cryptoassets within the financial promotions perimeter under Section 21 of the Financial Services and Markets Act. From 8 October 2023, any promotion of an in-scope cryptoasset to UK consumers must be made by an FCA-authorised firm, approved by an FCA-authorised approver, or fall within a narrow exemption (high-net-worth, sophisticated investor, MLR-registered self-promotion).

The practical consequences for non-UK CASPs are immediate. Targeted advertising into the UK, app-store listings on UK storefronts, partnership marketing with UK-based affiliates, and even branded social media accounts that reach UK consumers all count as financial promotions. Most firms now operate either through a UK-authorised subsidiary or a UK-authorised approver relationship; some have geo-blocked the UK entirely.

• Self-authorised — UK-authorised firm promotes its own cryptoasset products. The cleanest position; requires the FCA authorisation discussed below.

• Approver route — FCA-authorised firm acts as approver for a non-UK CASP's communications. Approver must conduct ongoing diligence; cost £20,000–£100,000+ per year.

• MLR-registered firm — FCA cryptoasset-registered firms can promote their own products without approver. This route closes as the register sunsets.

• Exemption route — limited to high-net-worth and sophisticated investors with documented self-certification. Not available for retail.

• Geo-block UK — exit the UK promotions perimeter entirely. Operationally clean; commercially expensive.

FCA DP23/4 set the direction for full UK cryptoasset authorisation; subsequent consultation papers are crystallising the regime through 2025–2026 with rolling application through 2026–2027. The expected perimeter:

Based on PS23/6, DP23/4, and FCA's existing playbook for similar authorisation regimes (payment services, e-money, MiFID firms), the cryptoasset authorisation file will require nine workstreams. Each is approximately equivalent in depth to a MiCA CASP file but with FCA-specific overlays.

FCA full-authorisation timelines historically run 12–24 months for payment services and e-money, with the most demanding cases (banks, asset managers) at 18–36 months. Cryptoasset authorisation under the new regime is expected to land at the upper end of this range — likely 18–24 months for a complex exchange + custody applicant, 12–18 months for advisory or portfolio management.

UK authorisation is expensive, slow, and demanding — but commercially valuable for any firm whose customer base is materially UK-resident. The 67-million-person UK retail market is large enough to justify a dedicated authorisation, and UK institutional counterparties (banks, asset managers, exchanges) require FCA oversight for routine commercial relationships.

• Choose UK FCA if: UK retail is a primary market; institutional UK counterparties matter (banks, FCA-regulated asset managers); founders prefer London; or eventual UK listing is on the strategic horizon.

• Choose MiCA CASP if: EEA passporting matters commercially; Lithuania/Cyprus/Malta speed and tax efficiency are operationally significant; UK retail volume is incidental; or programme cost matters more than UK brand.

• Run both if: you operate at scale with material customer demand in the UK and the EEA. Major operators (Coinbase, Kraken, Revolut) hold UK FCA authorisation alongside an EEA MiCA CASP authorisation; the architectural cost is meaningful but commercially forced.

• Treating SMCR like MiCA Article 68. SMCR is materially more individualised; named senior managers face direct personal liability under Statement of Responsibilities documents. Plan SMCR candidate selection 12 months before submission.

• Generic AML programme drawn from EU templates. The FCA's Financial Crime Guide is structurally different; AML programmes that read as MiCA-translated are downgraded.

• Ignoring the Operational Resilience expectations. SS1/21 and the Operational Resilience Policy Statement set high bars on Important Business Services, impact tolerances, and self-assessment.

• Underestimating the FCA's diligence on capital source. Multi-layer holding structures, offshore intermediate entities, and unaudited capital sources are routinely challenged.

• Marketing into the UK before the FCA authorisation is granted. PS23/6 enforcement is active and disproportionately public; an enforcement letter pre-authorisation is a serious file complication.

The MLR 2017 cryptoasset register is sunsetting as the full authorisation regime activates. New applications are still accepted but the FCA has signalled that the register will be replaced by the FSMA 2023 Designated Activities Regime authorisation in 2026–2027. Firms applying now should plan to convert to the full authorisation when it becomes available; firms not yet registered should consider applying directly under the new regime once it opens.

The historic ~75% MLR 2017 register rejection rate reflects the gap between applicant readiness and FCA expectations. Common rejection reasons: AML programmes generic to crypto; capital source not satisfactorily evidenced; Senior Manager candidates without specific cryptoasset experience; insufficient governance substance; absence of named blockchain analytics and Travel Rule providers. Applicants who pass typically spent 9–12 months pre-application building the file rather than 3 months reactive drafting.

Yes, unless you fall within an exemption or hold UK authorisation directly. The PS23/6 financial promotions regime applies to any communication that is capable of having an effect in the UK — geographic targeting is a fact-based assessment, not a formal exclusion. Approver relationships cost £20,000–£100,000+ per year depending on diligence scope and run alongside the firm's home-state regulation.

No. Post-Brexit, MiCA passporting does not extend to the UK. Serving UK retail customers from a MiCA CASP requires either UK FCA authorisation, an FCA-authorised approver, a narrow exemption, or genuine reverse solicitation. The FCA has signalled that reverse solicitation will be interpreted at least as restrictively as ESMA interprets it under MiCA — narrow.

Substantively similar in direction with structural differences in detail. Both treat fiat-backed stablecoins as e-money-equivalent with reserve requirements, redemption obligations, and prudential oversight. The UK regime adds Bank of England systemic-stablecoin oversight for stablecoins reaching defined size thresholds — similar to ESMA's significant ART issuer designation under MiCA. Issuers operating across both perimeters typically need parallel authorisations.

Detailed and individualised. Each Senior Manager candidate (CEO, CFO, CCO, MLRO, Head of Custody, Head of IT) submits a Statement of Responsibilities documenting their specific accountabilities, prior approval history, fit-and-proper evidence, and detailed CV. The FCA conducts case-by-case interviews of named individuals — the most demanding individual approval process of any major regulator. Expect 8–14 weeks per candidate from submission to approval.

• EEA vs UK vs Offshore: Where to Incorporate Your Crypto Business: Which jurisdiction maximises regulatory access and tax efficiency

• MiCA Compliance Guide for CASPs: Authorisation walkthrough — capital, governance, supplier stack

• UAE VARA Licence Guide: Application, capital, timeline, and ADGM FSRA comparison

• AML Compliance for Crypto Firms: What the 6AMLD requires from CASPs and VASPs

UK FCA authorisation is the most demanding crypto regulatory programme in the major Western jurisdictions — and the most commercially valuable for any operator whose UK exposure is material. The historic 75% rejection rate will not collapse under the new regime; if anything, the bar will rise as cryptoasset firms move from AML-only registration into the full FSMA authorisation perimeter with SMCR overlay. Plan a 12-month pre-application programme, hire SMCR candidates with prior UK regulated-firm experience, and build the file to the FCA's Financial Crime Guide rather than to MiCA templates. The cost is high. The brand and counterparty access from UK FCA authorisation justifies it for firms with serious UK ambition.