Crypto regulation in the United Kingdom

The UK’s “crypto license” is primarily the FCA registration as a cryptoasset business under the UK’s AML regime. It is widely pursued due to the United Kingdom’s legal credibility, access to professional talent, and strong expectations around governance, systems, and controls.

The FCA registration regime for cryptoasset businesses began in January 2020. The approach is evidence-driven: the FCA focuses on whether the firm can demonstrate effective controls, fit-and-proper leadership, and a working operating model (onboarding, KYC/KYB, monitoring, reporting).

The UK structure largely rests on two pillars:

• FCA supervision for cryptoasset AML registration (case-by-case review of the operating model).
• AML/CFT legal framework under the UK Money Laundering Regulations (policies, systems, controls, KYC/KYB).

Note: Cryptocurrency is not legal tender in the UK.

Structurally, the journey is clear; practically, it is rigorous in evidence. Excluding incorporation and file preparation, regulatory review is commonly referenced at around ~3 months, depending on completeness and FCA follow-ups.

• Incorporate a UK company with credible governance and operational substance.
• Appoint an AML / MLRO function (fit-and-proper, capable of oversight).
• Prepare an evidence-grade compliance and operating pack (policies, controls, tooling, and workflows).

The FCA registers firms under a single construct: “Registration as a Cryptoasset Business.” The registration is effectively scope-specific and aligned to your proposed activities and risk profile. Certain models may trigger additional regulatory regimes (e.g., where tokens are treated as regulated investments).

• Incorporate a UK company (Ltd by shares is common).
• Establish a real operational footprint (not just a mailbox).
• Appoint directors and senior management with relevant competence.

• Define products and customer types; complete a formal risk assessment.
• Draft AML/KYC/KYB policies, EDD triggers, sanctions screening approach, monitoring rules, and reporting workflow.
• Document data protection, cybersecurity controls, incident response, recordkeeping, and governance cadence.
• Prepare operational evidence (systems screenshots, workflows, tooling, logs, training, QA).

• Submit the application via the FCA portal process; obtain firm and individual identifiers where applicable.
• Answer clarification questions rapidly with documentary evidence.
• Demonstrate readiness: onboarding, KYC decisioning, monitoring, escalation, SAR/STR pathway, and reporting.

• Business plan: operations, products, target segments, cash flows, and growth assumptions.
• Scheme of operations: end-to-end flow (customer onboarding → transaction monitoring → escalation → reporting).
• Policies, systems & controls: AML/KYC/KYB, EDD, sanctions, recordkeeping, governance, training.
• Fit & proper pack: UBOs, directors, senior managers, control persons, and key function holders.
• Technology evidence: monitoring approach, data model, audit trails, and operational QA/testing.

The UK maintains a Cryptoasset Registry listing FCA-registered firms, typically including company details and the registration status. This registry is used by counterparties (including banks) as a basic signal of AML registration status.

Cryptoasset activity is generally permitted when delivered by an FCA-registered firm for client-facing services. Proprietary trading is different from providing services to customers; customer-facing models require registration.

HMRC has published guidance on the taxation of cryptoassets. Typical business tax considerations include:

• Corporation Tax (including chargeable gains where applicable)
• Income Tax considerations (depending on activity and structure)
• Capital gains treatment for certain activities

Corporate Income Tax: commonly referenced at 25% for many companies since April 2023 (subject to thresholds and reliefs).

• Maintain an effective AML framework (risk assessment, policies, monitoring, reporting).
• Ongoing CDD/EDD, sanctions screening, and recordkeeping.
• Escalation process for suspicious activity and SAR filing to the National Crime Agency when required.
• Staff training, governance oversight, and periodic control testing/audit.
• Be ready to provide information to the FCA upon request.

Operating without the appropriate registration or materially breaching obligations can result in significant enforcement actions (including bans, fines, and other penalties). In practice, the best risk-reducer is a strong evidence trail showing controls are working, not merely documented.

UK expectations focus on real operational substance and accountable leadership. For many models, credible UK presence and decision-making are critical to application quality.

Acquisitions are possible in the market, but they require careful due diligence and regulator-facing change control. Treat it as a full risk exercise, not a shortcut.

Banking appetite changes frequently. Preparation (registry status, controls, governance) materially improves outcomes, but timelines and acceptance depend on the bank’s current risk posture.

Yes — CryptoWisely can structure the business plan, compliance narrative, and operating model documentation (in coordination with UK legal/compliance specialists where needed).

Disclaimer: This note is for informational planning only and does not constitute legal advice. Always confirm the latest FCA expectations and UK AML requirements before execution.