UK Crypto Licence 2026: How to Get FCA Authorisation Under the New Regime

Quick summary. The UK is moving from the existing Money Laundering Regulations registration regime to a full Financial Services and Markets Act (FSMA) cryptoasset regulatory regime. The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026 was made by Parliament on 4 February 2026. The FCA application gateway opens on 30 September 2026 and closes on 28 February 2027. The full regime commences on 25 October 2027. Every UK firm providing regulated cryptoasset activities — including non-UK firms targeting UK customers — will need full FCA Part 4A authorisation.

Quick answers

• What activities need FCA authorisation?

• When does the gateway open?

• How is this different from MLR registration?

• What about stablecoins?

• How does the UK regime compare to MiCA?

• What should firms do now?

What is the UK crypto licence?

The UK is bringing cryptoasset activities into the full Financial Services and Markets Act (FSMA) regulatory perimeter for the first time. Until now, UK crypto firms have only been required to register with the FCA under the Money Laundering Regulations 2017 (MLRs) — a registration that focuses narrowly on AML and financial crime controls and does not impose conduct, prudential or governance standards. From 25 October 2027, that changes fundamentally.

The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026 (commonly called the Crypto SI) was made by Parliament on 4 February 2026, following a draft published in December 2025. The Crypto SI amends the Regulated Activities Order 2001 to add a series of new "specified activities" relating to qualifying cryptoassets, bringing them within the scope of full FSMA Part 4A authorisation. Any firm performing one of these activities by way of business in or from the UK will require FCA authorisation.

The FCA's authorisation gateway opens on 30 September 2026. The application window runs to 28 February 2027. Firms that submit complete applications within this window will be permitted to continue trading under transitional provisions while the FCA assesses the application. Firms that do not apply by 28 February 2027 face restricted operating provisions and ultimately must wind down regulated UK cryptoasset activity.

The full regime commences on 25 October 2027, by which point the FCA aims to have determined all applications submitted within the application window.

What activities need FCA authorisation?

The Crypto SI creates seven new regulated activities for qualifying cryptoassets. Performing any one of these activities in or from the UK by way of business will require full FCA authorisation under FSMA Part 4A:

1. Issuing qualifying stablecoins in the UK

2. Safeguarding (or arranging the safeguarding of) qualifying cryptoassets and relevant specified investment cryptoassets

3. Operating a qualifying cryptoasset trading platform

4. Dealing in qualifying cryptoassets as principal

5. Dealing in qualifying cryptoassets as agent

6. Arranging deals in qualifying cryptoassets

7. Arranging qualifying cryptoasset staking

A "qualifying cryptoasset" is broadly defined and captures most commercial crypto activity. It excludes financial instruments under existing UK regulation (security tokens, derivatives), unique non-fungible tokens, electronic money under the Electronic Money Regulations 2011, and central bank digital currencies. The FCA published draft perimeter guidance (CP26/13) on 15 April 2026 with consultation closing 3 June 2026, and final perimeter guidance is expected in autumn 2026.

The territorial scope is broad. The Crypto SI extends UK regulation to offshore firms that transact with UK consumers — a non-UK firm "involved" in selling cryptoassets to UK consumers can fall within scope. This is materially wider than the current MLR regime and will require many non-UK firms to either restructure their UK customer flows, obtain UK authorisation, or rely on increasingly narrow exclusions. The reverse solicitation exception under the new regime is, like its EU equivalent, narrowly drawn.

Stablecoins are treated separately. HM Treasury published a draft amending statutory instrument in April 2026 that removes UK-issued qualifying stablecoins (UKQS) from the scope of the dealing and arranging activities, on the basis that stablecoin payment services will migrate to a new regulated payments perimeter following Q2 2026 consultation. UKQS issuance and safeguarding remain within the FCA's cryptoasset perimeter; UKQS-based payment services are expected to move to the payments regime.

When does the gateway open?

The FCA's application gateway opens on 30 September 2026 and closes on 28 February 2027. This is a 5-month application window. The full regulatory regime commences on 25 October 2027.

Within the application window, firms that submit complete applications will be permitted to continue trading under transitional provisions while the FCA assesses the application. The FCA has stated it aims to determine all applications received during the application window before the 25 October 2027 commencement date. Firms that submit late, that submit incomplete files, or that have applications still under assessment at commencement may enter a "saving provision" that limits ongoing activity.

For new market entrants — firms not already operating in the UK before 25 October 2027 — there is no transitional period. New entrants apply directly under the new regime from inception. Authorisation must be granted before regulated activity begins.

The FCA has been explicit that the application window is tight relative to the volume of applications expected. As of early 2026, approximately 50 firms hold FCA MLR registration as cryptoasset businesses; the population that will need full FSMA authorisation is materially larger because the new perimeter is wider than the MLR perimeter and includes activities (trading platforms, dealing as principal, staking) not covered by the MLR regime. Realistic estimate is 200 to 500 firms entering the gateway in the 5-month window.

Application preparation requires 4 to 6 months for a credible file. Firms intending to apply in September 2026 should be in active build now (May 2026). Firms not yet started should accept that submission in late 2026 or early 2027 is more realistic.

What capital and resources are required?

Initial capital is being finalised in the FCA's prudential consultations (CP25/15, CP25/42 and successor papers). The capital framework is expected to be tiered by activity, with stablecoin issuers facing materially higher requirements aligned to the e-money regime. Final capital tiers will be confirmed in the FCA's prudential policy statement before the application gateway opens.

Application fees are set by the FCA's published fee schedule. Under the existing cryptoasset MLR registration regime (which continues until the new FSMA regime commences on 25 October 2027), MLR registration as a cryptoasset firm falls into Category 6 with a fee of £11,150 (FCA FEES Sourcebook, last updated 3 March 2026). The FCA's fee structure for the new FSMA cryptoasset regime is being finalised alongside the prudential framework and will be published in advance of the application gateway opening on 30 September 2026. Annual periodic fees scaling with the firm's revenue and activity will also apply once authorised.

Senior management. The Senior Managers and Certification Regime (SM&CR) applies in full. The FCA's expectation is experienced senior management — typically a CEO, CFO, MLRO, head of compliance and (for trading platforms) head of market surveillance, all with regulated firm experience. Senior management hiring is generally the largest line in the application budget.

Technology and operational build. Custody arrangements (where relevant), AML and transaction monitoring, market surveillance (for trading platforms), Consumer Duty compliance, financial promotions framework and regulatory reporting infrastructure all need to be built and tested before authorisation.

Legal and consulting support. A credible application file requires substantive regulatory drafting, governance design, prudential modelling and case officer engagement. Firms with existing MLR registration have a head start because governance, AML and senior management already meet a regulated standard, but the gap to full FSMA standards is still substantial.

Firms with existing FCA MLR registrations have a head start — governance, AML and senior management already meet a regulated standard — and can authorise for materially less. Firms starting from scratch face the full bill.

How long does it take?

The FCA's stated objective is to determine applications submitted within the September 2026 to February 2027 application window before commencement on 25 October 2027 — implying assessment timelines of 8 to 13 months for applications submitted at the start of the window.

In practice, complete and well-prepared applications are likely to be assessed faster than incomplete or weak applications. Realistic 2026/2027 timelines:

• 2 to 3 months of application preparation before submission

• 6 to 8 months from submission to authorisation for a complete file

For new entrants applying after the application window closes (28 February 2027), the FCA has indicated it will continue to accept applications but determination is unlikely before commencement and the firm cannot begin regulated activity until authorisation is granted.

The application file structure follows the FCA's standard Regulatory Business Plan template adapted for cryptoasset activities. The Regulatory Business Plan, supporting policies, individual approvals for senior managers, capital evidence, and three-year financial projections are all required. The FCA has signalled that it will apply the same gateway standards to cryptoasset applications as to payment institution and EMI applications — meaning application quality at submission is the single biggest variable.

How is this different from MLR registration?

The current FCA cryptoasset MLR registration is a narrow AML-focused registration. The new FSMA regime is a full regulated firm authorisation. The differences are fundamental:

A firm currently MLR-registered will need to apply for FSMA authorisation if it wants to continue regulated cryptoasset activity past 25 October 2027. The MLR registration does not convert automatically. Firms with MLR registration have an easier transition (governance and AML are already in place) but still face a substantial gap to close.

For firms that are not currently MLR-registered, MLR registration may still be required as a bridge to FSMA authorisation. The FCA has indicated it will continue to accept MLR registrations during 2026 and into 2027, particularly for firms whose activities require MLR registration but who do not yet meet the full FSMA standard. Strategic sequencing — MLR first, then FSMA — is the right path for some applicants.

What about stablecoins?

The UK has developed a more complex stablecoin regime than MiCA, with three layers of regulation depending on the stablecoin's significance and use case.

FCA-regulated qualifying stablecoins are the default category. Issuance of qualifying stablecoins in the UK is a regulated activity under the Crypto SI (regulation 9F). FCA standards under CP25/14 cover reserve management (full backing in high-quality liquid assets, with daily reconciliation), redemption rights at par, governance, custody of reserve assets at independent third parties, monthly reserve attestations, and ongoing prudential requirements. The FCA finalised its policy statements for stablecoin issuance in summer 2026.

Bank of England-regulated systemic stablecoins apply to sterling-denominated stablecoins designated by HM Treasury as systemic — meaning their failure could threaten UK financial stability. The Bank of England's November 2025 consultation paper proposed a regime under which systemic stablecoin issuers can hold up to 60% of backing assets in short-term UK government debt and up to 40% in unremunerated central bank reserve accounts at the Bank of England (with a transitional 95% sovereign debt allowance for newly designated issuers). Joint regulation by the Bank of England and the FCA applies once a stablecoin is designated systemic.

Stablecoin payment services are being moved out of the cryptoasset perimeter and into a new payments perimeter. HM Treasury's April 2026 amending SI removes UK-issued qualifying stablecoins (UKQS) from the dealing and arranging activities, on the basis that stablecoin payment services will be regulated under a reformed payment services regime following Q2 2026 consultation. The exact perimeter is being finalised; firms providing stablecoin-based payments need to track this consultation closely.

The architecture is more complex than MiCA's two-tier (EMT/ART) model and reflects the UK's choice to integrate stablecoins with existing financial regimes (e-money for non-systemic, payment systems for systemic) rather than create a new vertical.

How does the UK regime compare to MiCA?

The UK and EU regimes are broadly aligned in objectives — full regulated firm authorisation, strong consumer protection, prudential and governance standards — but differ in detail and timing.

Timing. MiCA has been in force since 30 December 2024 with transitional cover ending 1 July 2026. The UK regime commences 25 October 2027 with the application gateway open from 30 September 2026 to 28 February 2027. Firms targeting both markets face overlapping but offset deadlines.

Perimeter. MiCA covers ten activities; the UK regime covers seven. Coverage is broadly equivalent in substance: trading platforms, dealing, arranging, custody, advice and order execution are all in scope of both. UK staking arrangement is explicitly regulated; MiCA does not regulate staking arrangement directly. EU portfolio management of crypto-assets is explicitly regulated; the UK has not (yet) created an equivalent activity.

Stablecoins. MiCA distinguishes EMTs (single fiat reference, EMI-issued, treated as e-money) from ARTs (multi-asset reference, separately authorised). The UK has qualifying stablecoins (FCA-regulated), systemic stablecoins (Bank of England regulated), and stablecoin payment services (moving to a separate payments perimeter). The regimes are not interoperable: an EMT authorised in the EU is not automatically a UK qualifying stablecoin.

Substance. Both regimes require local-resident senior management and genuine local substance. EU authorisation requires an EU-incorporated entity; UK authorisation requires UK incorporation or a UK branch authorisation. Letterbox arrangements are not acceptable in either regime.

Passporting. EU CASP authorisation grants passporting across the EEA. UK authorisation does not provide EU passporting (post-Brexit). Firms targeting both markets need parallel authorisations.

Operational resilience. EU CASPs are subject to DORA. UK authorised firms are subject to the FCA's operational resilience policy (PS21/3) and the Bank of England's resilience expectations for systemic firms. Standards are broadly comparable in substance.

Enforcement. Both regimes have substantial enforcement powers. MiCA enforcement is at national level with maxima up to €5 million or percentage-based penalties. The FCA has unlimited enforcement powers including unlimited fines, requirement notices, individual prohibitions and criminal prosecution (where the underlying activity is also a criminal offence).

For firms operating in both markets, the practical implication is parallel authorisation projects with substantial overlap in governance, AML, ICT and senior management documentation, but separate legal entities, regulators and capital pools. Application files can be substantially shared with adaptation; the engineering and operational build can be common.

What should firms do now?

For firms intending to apply in the September 2026 to February 2027 window, the immediate priorities in May 2026 are:

• Decide on activities and entity structure. Map your actual business model onto the seven regulated activities. Decide whether to apply for full activities or a narrower subset. Confirm the legal entity (UK Ltd, branch of a foreign firm, or new SPV) that will hold the authorisation.

• Build the senior management team. Key hires take 3 to 6 months. Senior managers with regulated firm experience are scarce in the crypto sector and will be in heavy demand through 2026.

• Begin application file preparation. The Regulatory Business Plan, supporting policies, financial projections, capital plan and senior manager applications all take time to draft to the FCA's standard. Starting in May 2026 for a September submission is appropriate; starting later is risky.

• Engage the FCA early. The FCA has run multiple webinars on the new regime through 2025 and 2026 and welcomes pre-application engagement. Pre-application contact surfaces issues early and creates a relationship with the case officer before formal submission.

• Plan the technology build. Custody arrangements, AML and transaction monitoring, market surveillance (for trading platforms), Consumer Duty controls, financial promotions framework, regulatory reporting — all need to be in place before authorisation. Build in parallel with the application, not after.

• Maintain MLR registration if relevant. Firms with existing MLR registration should maintain compliance to avoid losing the registration as a bridge to FSMA authorisation. Firms without MLR registration may benefit from registering ahead of the FSMA regime as a stepping stone, particularly for activities that fall within the MLR perimeter.

• Plan the EU position. If you also need to serve EU customers, a parallel MiCA CASP application is required. The 1 July 2026 EU deadline is earlier than the UK gateway opens, so EU first / UK second is the realistic sequencing for most firms.

For firms that will not be ready for the September 2026 gateway, the question is whether to apply later in the window (with shorter assessment time and higher refusal risk), apply after the window closes (with no transitional cover), or restructure to operate outside the UK perimeter. Each path has costs and the right answer depends on the firm's size, customer base, and revenue at stake.

How Buckingham Capital Consulting can help

Buckingham Capital Consulting has advised payment institutions, electronic money institutions and (since 2018) cryptoasset firms on FCA regulatory licensing across the UK, with parallel work across European jurisdictions since 2013. We have direct experience with FCA MLR registrations, FCA Part 4A authorisations under the existing payment services and e-money regimes, and the application of the SM&CR, Consumer Duty, operational resilience and prudential frameworks that will apply to authorised cryptoasset firms from 25 October 2027.

We are working with cryptoasset firms now on the application file build for the September 2026 gateway. This includes: business model and perimeter assessment, activity scoping under the seven new regulated activities, entity structure decisions including UK / EU dual licensing where relevant, preparation of the Regulatory Business Plan, AML and financial crime programme, custody policy (for safeguarding services), market surveillance framework (for trading platforms), DORA-equivalent ICT framework, Consumer Duty implementation, financial promotions framework, prudential capital plan, three-year financial projections, senior manager fitness and propriety preparation including SMF interview coaching, MLR registration where relevant as a bridge, and FCA case officer engagement.

For firms operating in both UK and EU, we coordinate parallel CASP and FSMA applications to maximise file overlap and minimise duplication. For stablecoin issuers, we assess the right authorisation path across qualifying stablecoin issuance, the systemic stablecoin regime and the EU EMT regime. After authorisation, we provide ongoing compliance support including SM&CR maintenance, regulatory reporting, policy updates, governance reviews and FCA supervisory engagement.

If you are preparing for the FCA cryptoasset gateway, considering parallel UK and EU authorisations, or assessing the right path between MLR registration and full FSMA authorisation, contact our team for an initial assessment.

Email: info@buckinghamcapitalconsulting.co.uk Tel: 0207 866 2512

Frequently asked questions

When does the FCA cryptoasset gateway open? The FCA application gateway opens on 30 September 2026 and closes on 28 February 2027. The full regulatory regime commences on 25 October 2027. Firms that submit complete applications within the window can continue trading under transitional provisions while assessment is in progress. Firms that miss the window face restricted operating provisions.

What is the difference between FCA MLR registration and the new FSMA regime? MLR registration is a narrow AML-focused registration covering exchange and custody only. The new FSMA regime is full regulated firm authorisation under FSMA Part 4A covering seven regulated activities (issuance, safeguarding, trading platforms, dealing as principal, dealing as agent, arranging, staking arrangement) with full conduct, prudential, governance, SM&CR, Consumer Duty, operational resilience and reporting standards. MLR registration does not automatically convert.

What activities require FCA cryptoasset authorisation under the new regime? Seven activities: issuing qualifying stablecoins in the UK, safeguarding qualifying cryptoassets, operating a qualifying cryptoasset trading platform, dealing as principal, dealing as agent, arranging deals, and arranging cryptoasset staking. The perimeter excludes financial instruments, unique NFTs, electronic money and central bank digital currencies. Final perimeter guidance is expected from the FCA in autumn 2026.

What capital is required for UK FCA cryptoasset authorisation? Capital is being finalised in the FCA's prudential consultations (CP25/15, CP25/42 and successor papers). The framework will be tiered by activity, with stablecoin issuers facing materially higher requirements aligned to the e-money regime. Final tiers will be confirmed in the FCA's prudential policy statement before the application gateway opens. Application fees are set by the FCA's published fee schedule. The largest budget components are typically senior management hiring, technology and operational build, and legal and consulting support — firms with existing MLR registration have a head start but the gap to full FSMA standards is still substantial.

How long does it take to get FCA cryptoasset authorisation? Realistic timelines are 8 to 12 months from submission to authorisation for a complete file, plus 4 to 6 months of preparation before submission. The FCA aims to determine all applications submitted in the September 2026 to February 2027 window before commencement on 25 October 2027. Weak files extend assessment by 6 months or more.

Does a UK MLR-registered firm need to apply for FSMA authorisation? Yes, if it wants to continue regulated cryptoasset activity past 25 October 2027. MLR registration does not automatically convert to FSMA authorisation. MLR-registered firms have an easier transition because governance, AML and MLRO approval are already in place, but the gap to FSMA standards (capital, SM&CR in full, Consumer Duty, conduct rules, operational resilience, capital, reporting) is still substantial.

Can a non-UK firm serve UK customers without FCA authorisation? Generally no, after 25 October 2027. The territorial scope of the new regime extends UK regulation to offshore firms transacting with UK consumers. Reverse solicitation is narrowly drawn and cannot support a commercial business model. Most non-UK firms with UK customers will need to either obtain UK authorisation, restructure to remove UK customer flows, or rely on increasingly narrow exclusions.

How does the UK cryptoasset regime compare to MiCA? Broadly aligned in objectives, different in detail. MiCA covers ten activities; the UK seven. MiCA is in force from 30 December 2024 with grandfathering to 1 July 2026; UK commences 25 October 2027. Stablecoin treatment differs: MiCA has EMTs and ARTs; UK has qualifying stablecoins, Bank of England-regulated systemic stablecoins, and stablecoin payment services moving to a separate payments perimeter. Neither regime provides passporting into the other — firms targeting both markets need parallel authorisations.

What is a qualifying stablecoin under the UK regime? A qualifying stablecoin is a UK-issued stablecoin that falls within the scope of regulation 9F of the Crypto SI as a regulated cryptoasset issuance activity. Issuance is regulated by the FCA. Sterling-denominated stablecoins designated systemic by HM Treasury fall under joint Bank of England and FCA regulation. Stablecoin payment services using qualifying stablecoins are being moved to a new payments perimeter following Q2 2026 consultation.

What should crypto firms be doing now to prepare? Decide on activities and entity structure, begin building the senior management team (3 to 6 months for key hires), start application file preparation (4 to 6 months for a credible file), engage the FCA in pre-application discussions, plan the technology build (custody, AML, market surveillance, Consumer Duty), maintain MLR registration if held, and plan the EU position if EU customers are also served. Firms intending to apply in September 2026 should be in active build now.