--- title: UK FCA Cryptoasset Authorisation Under PS23/6 (2026) slug: uk-fca-cryptoasset-authorisation publishedAt: 2026-05-07T09:00:00Z author: Finconduit Editorial Team tags: FCA, FSMA, SMCR canonicalUrl: https://finconduit.com/resources/uk-fca-cryptoasset-authorisation --- # UK FCA Cryptoasset Authorisation Under PS23/6 (2026) UK FCA cryptoasset authorisation — the financial promotions regime, the legacy MLR register sunsetting, the new FSMA 2023 Designated Activities authorisation, SMCR, capital, costs, and FCA vs MiCA decision. Post\-**Brexit**, the United Kingdom runs its own crypto regulatory regime separate from **MiCA** — and historically the **most demanding** of the major Western regulators. The [Financial Services and Markets Act 2023](https://www.legislation.gov.uk/ukpga/2023/29/contents) created the **Designated Activities Regime**, the **FCA**'s [PS23/6](https://www.fca.org.uk/publication/policy/ps23-6.pdf) brought **cryptoasset financial promotion**s inside the **FSMA** **Section 21** perimeter from **October 2023**, and the full authorisation framework signalled in [DP23/4](https://www.fca.org.uk/publication/discussion/dp23-4.pdf) is now rolling out through **2026**–**2027** across cryptoasset issuance, exchange, custody, lending, and **stablecoin issuance**.¹[^1]²[^2]³[^3] The **Financial Conduct Authority**'s track record on crypto remains the **most demanding** of any G7 regulator. Approximately 75% of firms that applied for the legacy **MLR 2017** cryptoasset register between 2020 and 2023 were rejected or withdrew. The new authorisation regime will be at least as rigorous — likely more so — bringing crypto firms inside the [Senior Managers and Certification Regime](https://www.fca.org.uk/firms/senior-managers-certification-regime), requiring full prudential capital, and embedding crypto firms in the **FCA**'s standard supervisory model rather than treating them as a separate **AML**\-only category.⁵[^4] This guide explains the current state of **UK** cryptoasset regulation, the timeline for the full authorisation regime, the **financial promotions regime** that already applies, the legacy **MLR 2017** register that is sunsetting, the documents and substance the **FCA** expects in an authorisation file, the cost and timeline of a serious application, and how **UK** **FCA** authorisation compares to **MiCA CASP** for firms choosing where to base their crypto business. ## **UK** Cryptoasset Regulation — Three Overlapping Regimes Three regimes apply to crypto firms operating in or from the **UK** in **2026**. Each addresses a different perimeter and they cumulate rather than substitute: a firm with **UK** customers may need to comply with all three simultaneously. *Table: The three UK cryptoasset regulatory regimes \(2026\).* | Regime | Source | Scope | Status | | --- | --- | --- | --- | | MLR 2017 cryptoasset register | Money Laundering Regulations 2017 \+ 5MLD transposition | AML registration for crypto\-asset exchange \+ custodial wallet provision | Live since 2020; sunsetting as full authorisation regime activates | | Cryptoasset financial promotions regime | FSMA Section 21 \+ PS23/6 | Any communication promoting a cryptoasset to UK consumers | Live from 8 October 2023 | | Cryptoasset authorisation regime \(full\) | FSMA 2023 Designated Activities Regime \+ DP23/4 successor instruments | Issuance, exchange, custody, lending, stablecoin issuance | Phasing in 2026–2027; legislation in flight | > **Warning:** The financial promotions regime is the operational gateway today. Any communication into the UK promoting a cryptoasset must either be made by an FCA\-authorised firm, approved by an FCA\-authorised approver, or fall within an exemption. Non\-UK firms marketing into the UK without an approver routinely receive Section 21 enforcement letters — including correspondence to social\-media platforms requiring takedown. ## The Financial Promotions Regime \(Live Today\) **FCA** **PS23/6** brought **qualifying cryptoasset**s within the financial promotions perimeter under **Section 21** of the Financial Services and Markets Act. From 8 **October 2023**, any promotion of an **in\-scope cryptoasset** to **UK** consumers must be made by an **FCA**\-authorised firm, approved by an **FCA**\-authorised approver, or fall within a narrow exemption \(high\-net\-worth, sophisticated investor, MLR\-registered self\-promotion\). The practical consequences for non\-**UK** **CASP**s are immediate. Targeted advertising into the **UK**, app\-store listings on **UK** storefronts, partnership marketing with **UK**\-based affiliates, and even branded social media accounts that reach **UK** consumers all count as financial promotions. Most firms now operate either through a **UK**\-authorised subsidiary or a **UK**\-authorised approver relationship; some have geo\-blocked the **UK** entirely. - Self\-authorised — **UK**\-authorised firm promotes its own cryptoasset products. The cleanest position; requires the **FCA** authorisation discussed below. - Approver route — **FCA**\-authorised firm acts as approver for a non\-**UK** **CASP**'s communications. Approver must conduct ongoing diligence; cost £20,000–£100,000\+ per year. - MLR\-registered firm — **FCA** cryptoasset\-registered firms can promote their own products without approver. This route closes as the register sunsets. - Exemption route — limited to high\-net\-worth and sophisticated investors with documented self\-certification. Not available for retail. - Geo\-block **UK** — exit the **UK** promotions perimeter entirely. Operationally clean; commercially expensive. ## The Full Cryptoasset Authorisation Regime \(**2026**–**2027**\) **FCA** **DP23/4** set the direction for full **UK** cryptoasset authorisation; subsequent consultation papers are crystallising the regime through 2025–**2026** with rolling application through **2026**–**2027**. The expected perimeter: *Table: Expected scope of the UK cryptoasset authorisation regime as currently signalled \(subject to final HMT and FCA instruments\).* | Activity | Authorisation required from | Comparable EEA / EU | | --- | --- | --- | | Cryptoasset issuance \(asset\-referenced and e\-money equivalents\) | FCA — under stablecoin issuance regime | MiCA EMT / ART issuer authorisation | | Operating a cryptoasset exchange \(UK customers or premises\) | FCA — full authorisation | MiCA CASP Class 3 \(trading platform\) | | Cryptoasset custody \(UK customers\) | FCA — full authorisation | MiCA CASP Class 3 \(custody\) | | Cryptoasset lending and borrowing | FCA — full authorisation | \(No direct MiCA equivalent; restricted in EEA\) | | Operating a fiat\-backed stablecoin payment system | FCA \+ Bank of England \(systemic regime\) | MiCA EMT issuer \+ payment service authorisation | | Cryptoasset advisory and portfolio management | FCA — full authorisation; SMCR\-equivalent | MiCA CASP Class 1 \(advisory\) / Class 2 \(portfolio\) | ## What the **FCA** Will Expect in the Authorisation File Based on **PS23/6**, **DP23/4**, and **FCA**'s existing playbook for similar authorisation regimes \(payment services, e\-money, MiFID firms\), the cryptoasset authorisation file will require nine workstreams. Each is approximately equivalent in depth to a **MiCA CASP** file but with **FCA**\-specific overlays. *Table: Expected UK cryptoasset authorisation file workstreams \(based on PS23/6, DP23/4, and FCA payment services / MiFID precedent\).* | Workstream | FCA expectation | Comparable MiCA element | | --- | --- | --- | | Programme of operations \+ scope | Detailed; aligned to specified activity definitions | Programme of Operations \(MiCA Article 60\) | | Senior management — Senior Managers and Certification Regime | SM&CR\-equivalent for cryptoasset firms; pre\-approval of named individuals | MiCA Article 68 governance | | Capital — initial capital \+ ongoing | £50,000–£500,000 by activity \(likely\) | MiCA Annex IV Class 1/2/3 | | AML/CTF programme | MLR 2017 \+ FCA Financial Crime Guide | MiCA \+ EBA Guidelines | | Cryptoasset financial crime controls | Travel Rule; blockchain analytics; sanctions; PEP | Equivalent EEA expectations | | ICT and operational resilience | Operational Resilience policy SS1/21 \+ UK DORA\-equivalent | DORA | | Client asset safeguarding | CASS\-equivalent for cryptoassets | MiCA Article 75 | | Conduct of business \+ complaints | Treating Customers Fairly \+ DISP rules | MiCA conduct rules | | Stablecoin\-specific \(if applicable\) | Bank of England oversight for systemic stablecoins | MiCA EMT/ART issuer regime | > **Note:** The Senior Managers and Certification Regime is the structural difference. Unlike MiCA's reliance on the management body collectively, SMCR makes named individuals personally accountable for specific responsibilities \(including financial crime, customer protection, and operational resilience\). The FCA's case\-by\-case interview of SMCR candidates is the most demanding individual fit\-and\-proper process of any major regulator. ## Timeline and Cost **FCA** full\-authorisation timelines historically run **12–24 months** for payment services and e\-money, with the **most demanding** cases \(banks, asset managers\) at 18–36 months. Cryptoasset authorisation under the new regime is expected to land at the upper end of this range — likely **18–24 months** for a complex exchange \+ custody applicant, **12–18 months** for advisory or portfolio management. *Table: Indicative UK cryptoasset authorisation programme cost — exchange \+ custody applicant.* | Cost line | Range \(£\) | Notes | | --- | --- | --- | | FCA application fee | £20,000–£70,000 | Tiered by activity scope | | Legal counsel \(Magic Circle / fintech firms\) | £300,000–£900,000 | Programme of operations, AML programme, SMCR submissions | | Senior management \+ relocation | £600,000–£1.5M | Multiple SMCR candidates with UK residence | | Capital — initial own funds | £350,000–£500,000\+ | Locked but recoverable | | Premises \+ ICT setup | £200,000–£600,000 | London office, ICT environment, audit | | AML / blockchain analytics / Travel Rule stack Year 1 | £100,000–£300,000 | Comparable to MiCA stack; FCA scrutiny somewhat higher | | Compliance \+ operations headcount Year 1 | £500,000–£1.2M | MLRO, Compliance Officer, operations leadership | | Total programme cost \(excluding capital\) | £1.7M–£4.5M | Among the highest authorisation programmes globally | ## **UK** **FCA** vs **MiCA CASP** — Choosing Between London and the **EEA** **UK** authorisation is expensive, slow, and demanding — but commercially valuable for any firm whose customer base is materially **UK**\-resident. The 67\-million\-person **UK** retail market is large enough to justify a dedicated authorisation, and **UK** institutional counterparties \(banks, asset managers, exchanges\) require **FCA** oversight for routine commercial relationships. - Choose **UK** **FCA** if: **UK** retail is a primary market; institutional **UK** counterparties matter \(banks, **FCA**\-regulated asset managers\); founders prefer London; or eventual **UK** listing is on the strategic horizon. - Choose **MiCA CASP** if: **EEA** **passporting** matters commercially; Lithuania/Cyprus/Malta speed and tax efficiency are operationally significant; **UK** retail volume is incidental; or programme cost matters more than **UK** brand. - Run both if: you operate at scale with material customer demand in the **UK** and the **EEA**. Major operators \(**Coinbase**, **Kraken**, **Revolut**\) hold **UK** **FCA** authorisation alongside an **EEA** **MiCA CASP** authorisation; the architectural cost is meaningful but commercially forced. ## Common **UK** **FCA** Application Pitfalls - Treating **SMCR** like **MiCA** Article 68. **SMCR** is materially more individualised; named senior managers face direct personal liability under Statement of Responsibilities documents. Plan **SMCR** candidate selection **12 months** before submission. - Generic **AML** programme drawn from **EU** templates. The **FCA**'s Financial Crime Guide is structurally different; **AML** programmes that read as **MiCA**\-translated are downgraded. - Ignoring the Operational Resilience expectations. SS1/21 and the Operational Resilience Policy Statement set high bars on Important Business Services, impact tolerances, and self\-assessment. - Underestimating the **FCA**'s diligence on capital source. Multi\-layer holding structures, offshore intermediate entities, and unaudited capital sources are routinely challenged. - Marketing into the **UK** before the **FCA** authorisation is granted. **PS23/6** enforcement is active and disproportionately public; an enforcement letter pre\-authorisation is a serious file complication. ## Frequently Asked Questions ### Is the **FCA cryptoasset register** still open in **2026**? The **MLR 2017** cryptoasset register is sunsetting as the full authorisation regime activates. New applications are still accepted but the **FCA** has signalled that the register will be replaced by the **FSMA 2023** **Designated Activities Regime** authorisation in **2026**–**2027**. Firms applying now should plan to convert to the full authorisation when it becomes available; firms not yet registered should consider applying directly under the new regime once it opens. ### Why is the **FCA**'s **rejection rate** so high? The historic \~75% **MLR 2017** register **rejection rate** reflects the gap between applicant readiness and **FCA** expectations. Common rejection reasons: **AML** programmes generic to crypto; capital source not satisfactorily evidenced; Senior Manager candidates without specific cryptoasset experience; insufficient governance substance; absence of named blockchain analytics and **Travel Rule** providers. Applicants who pass typically spent 9–**12 months** pre\-application building the file rather than 3 months reactive drafting. ### Do I need an **FCA**\-authorised approver to advertise into the **UK** from the **EEA**? Yes, unless you fall within an exemption or hold **UK** authorisation directly. The **PS23/6** **financial promotions regime** applies to any communication that is capable of having an effect in the **UK** — geographic targeting is a fact\-based assessment, not a formal exclusion. Approver relationships cost £20,000–£100,000\+ per year depending on diligence scope and run alongside the firm's home\-state regulation. ### Can my **MiCA CASP** authorisation provide any access to **UK** customers? No. Post\-**Brexit**, **MiCA** **passporting** does not extend to the **UK**. Serving **UK** retail customers from a **MiCA CASP** requires either **UK** **FCA** authorisation, an **FCA**\-authorised approver, a narrow exemption, or genuine reverse solicitation. The **FCA** has signalled that reverse solicitation will be interpreted at least as restrictively as ESMA interprets it under **MiCA** — narrow. ### How does the **UK** **stablecoin** regime compare to **MiCA** EMT/ART? Substantively similar in direction with structural differences in detail. Both treat **fiat\-backed stablecoin**s as e\-money\-equivalent with reserve requirements, redemption obligations, and prudential oversight. The **UK** regime adds Bank of England systemic\-**stablecoin** oversight for **stablecoin**s reaching defined size thresholds — similar to ESMA's significant ART issuer designation under **MiCA**. Issuers operating across both perimeters typically need parallel authorisations. ### What does an **SMCR** submission look like for a cryptoasset firm? Detailed and individualised. Each Senior Manager candidate \(CEO, CFO, CCO, **MLRO**, Head of Custody, Head of IT\) submits a Statement of Responsibilities documenting their specific accountabilities, prior approval history, fit\-and\-proper evidence, and detailed CV. The **FCA** conducts case\-by\-case interviews of named individuals — the **most demanding** individual approval process of any major regulator. Expect 8–14 weeks per candidate from submission to approval. > **Call to action:** Considering UK FCA cryptoasset authorisation or scoping the financial promotions regime? Finconduit makes vetted introductions to UK fintech counsel, SMCR\-experienced executive recruiters, and approver firms — and supports the authorisation file end\-to\-end. Get a free UK cryptoasset authorisation scope. ## Related Guides - [EEA vs UK vs Offshore: Where to Incorporate Your Crypto Business](/resources/eea-uk-offshore-crypto-incorporation): Which jurisdiction maximises regulatory access and tax efficiency - [MiCA Compliance Guide for CASPs](/resources/mica-compliance-guide-casps): Authorisation walkthrough — capital, governance, supplier stack - [UAE VARA Licence Guide](/resources/uae-vara-licence-guide): Application, capital, timeline, and ADGM FSRA comparison - [AML Compliance for Crypto Firms](/resources/aml-compliance-crypto-6amld): What the 6**AML**D requires from **CASP**s and **VASP**s **UK** **FCA** authorisation is the **most demanding** crypto regulatory programme in the major Western jurisdictions — and the most commercially valuable for any operator whose **UK** exposure is material. The historic **75% rejection rate** will not collapse under the new regime; if anything, the bar will rise as cryptoasset firms move from **AML**\-only registration into the full **FSMA** authorisation perimeter with **SMCR** overlay. Plan a 12\-month pre\-application programme, hire **SMCR** candidates with prior **UK** regulated\-firm experience, and build the file to the **FCA**'s Financial Crime Guide rather than to **MiCA** templates. The cost is high. The brand and counterparty access from **UK** **FCA** authorisation justifies it for firms with serious **UK** ambition. - [Gibraltar DLT Provider Licence](/resources/gibraltar-dlt-provider-licence) — the Gibraltar DLT regime as a UK\-adjacent alternative to FCA cryptoasset authorisation. ## Footnotes [^1]: Financial Services and Markets Act 2023 — UK statute creating the post\-Brexit financial services architecture; introduced the Designated Activities Regime under which UK cryptoasset authorisation is being implemented. [^2]: FCA PS23/6, Financial Promotion Rules for Cryptoassets — Policy Statement, June 2023; live from 8 October 2023. [^3]: FCA DP23/4 — Discussion Paper on regulating cryptoassets, November 2023, setting the direction for full authorisation. [^4]: FCA Senior Managers and Certification Regime \(SMCR\) — applicable to most authorised firms; cryptoasset firms expected to fall within scope on full authorisation. --- Source: https://finconduit.com/resources/uk-fca-cryptoasset-authorisation