Dentons | Katharine HarleAndrew Barber Venetia JacksonAnn ZhengJane Bassett and Sophia Rahman

United Kingdom

This is the second of our articles examining the new regulatory regime for cryptoassets in the UK, which is expected to come into force on 25 October 2027. In this article we examine the requirement for authorisation and what interested firms need to be considering now.

Background

At present, many cryptoasset activities are not fully regulated as financial services under the Financial Services and Markets Act 2000 (FSMA). The FCA’s existing remit in relation to cryptoassets is therefore limited, focusing primarily on the regulation of financial promotions and on anti-money laundering requirements, under which cryptoasset exchanges and custodian wallet providers must be registered for AML and counter-terrorist financing purposes. Whilst some limited categories of cryptoassets are already within the scope of designated investments, most firms will not be regulated for cryptoasset activities and will need to consider the authorisation requirements and process as part of their future business model.

In particular, cryptoasset firms operating in or from the UK who have to date only been registered for AML purposes under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) will move beyond this model and become subject to authorisation under FSMA, bringing them under full FCA supervision and subject to enhanced consumer protection and market integrity requirements.

Under the new regime, cryptoasset firms will need to obtain FCA authorisation before carrying out any of the new regulated activities concerning cryptoassets. Once authorised, they will be subject to ongoing supervisory oversight focused on reducing harm and prioritising areas of highest risk. Given the FCA’s concerns already expressed around consumers and cryptoassets, firms in this sector can expect FCA scrutiny as they become accustomed to FCA regulation. As with all authorised firms, cryptoasset firms will also fall within the FCA’s enforcement remit, meaning the regulator can take action, including imposing penalties or restrictions, where firms fail to meet required standards or cause significant consumer or market harm.1

The new UK cryptoasset regime

Our first article outlined the new activities which will form the regulatory perimeter for cryptoassets. As set out in that article, a key requirement now for firms looking to carry on cryptoasset activities is assessing their current and planned business against these activities to determine whether they will require authorisation or whether they will benefit from an exclusion to the activities. This can often be a complex analysis and the FCA will expect firms seeking authorisation to have considered carefully what activities they will be doing and will require authorisation for.

The new categories of specified activity are as follows:

  • Issuing qualifying stablecoins, including activities relating to their offer, redemption and stabilisation.
  • Safeguarding (custody) of qualifying cryptoassets and relevant specified investment cryptoassets, such as tokenised securities.
  • Arranging for another person to safeguard qualifying cryptoassets or relevant specified investment cryptoassets.
  • Operating a qualifying cryptoasset trading platform, including exchanges facilitating trading in qualifying cryptoassets or money (including e-money).
  • Dealing in cryptoassets, whether as principal or agent, including lending and borrowing activities.
  • Arranging deals in qualifying cryptoassets.
  • Making arrangements with a view to transactions in qualifying cryptoassets.
  • Carrying on cryptoasset staking activities, defined as making arrangements for the use of qualifying cryptoassets in blockchain validation.

Authorisation requirements

Key dates

The following are key dates for firms interested in cryptoasset authorisation to note:

  • July 2026 – Pre-application support service (PASS) opens.
  • 30 September 2026 – Application window opens.
  • 28 February 2027 – Application window closes (note applications can be made after this time but may not be approved before the new regime comes into force).
  • 25 October 2027 – New regime comes into force.

Key elements

The new regime does not include any temporary permission arrangements. This means that:

  • Firms currently registered under only the MLRs will need to apply under Part 4A for authorisation to carry on regulated activities.
  • Firms that already have Part 4A permission for other activities will need to apply for a variation of their permission to undertake any new cryptoasset activities.

Where a firm applies for authorisation or a variation of its permission within the application window, the FCA expects to determine the application before the new regime commences. If the FCA has not determined the firm’s application within this time, a saving provision will allow the firm to continue to operate until its application is finally determined. This includes cases where the firm refers the decision to the Upper Tribunal.

If a firm’s application is refused or withdrawn, it will enter into the transitional arrangements to allow it to wind down its cryptoasset business in an orderly manner. The transitional arrangements will also apply to any firm who applies outside of the application window and whose application has not been determined before the new regime commences.

Firms should note that the FCA intends to require firms using the saving provisions to notify the FCA when they start to use them and when they cease to use them.

Firms should also note that the new regime means that if they are currently using an FCA authorised firm to approve their financial promotions, they will no longer be able to rely on this and will need to obtain authorisation if they want to continue to market to UK consumers.

Overseas firms

Cryptoasset activities are often carried out on a cross-border basis. It was notable that the FCA commented that they had representatives from approximately 70 different jurisdictions attend their recent webinar on cryptoasset authorisation. Overseas firms providing cryptoasset services into the UK, especially those unfamiliar with the UK regulatory regime, should not underestimate the preparation required to successfully apply for authorisation in the UK and should consider early whether their activities will be within the UK regulatory perimeter.

Carrying out cryptoasset activities

The Government’s intention with the new regime is to ensure that firms engaging with UK retail customers are subject to UK authorisation requirements, irrespective of where those firms are located.

Under the proposed framework, firms will be required to obtain UK authorisation if they carry out certain cryptoasset activities that involve UK consumers, whether on a direct or indirect basis. These activities include:

  • operating a qualifying cryptoasset trading platform;
  • dealing in qualifying cryptoassets as either principal or agent; and
  • arranging transactions in qualifying cryptoassets.

Certain activities will not require UK authorisation. These include:

  • where an overseas firm interacts with a UK consumer solely through a UK-authorised intermediary, such as an authorised trading platform or a firm authorised to deal as principal. In this case the overseas firm itself will not need to be authorised;
  • where an overseas firm deals exclusively with UK institutional clients provided that those institutional clients are not themselves acting as an intermediary to UK retail customers; and
  • where the overseas firm issues stablecoins, as this will only be a regulated activity in the UK when carried out from a UK establishment.

Application

Pre-application support service

The FCA’s PASS offers firms an early opportunity to engage with the regulator ahead of submitting a cryptoasset authorisation application. PASS meetings allow firms to discuss their proposed business model and queries they have. There is no stated limit on the number of PASS meetings, making the service particularly valuable for firms navigating the new crypto regime that have not previously been authorised, or those with complex and evolving models. Firms should strongly consider booking a PASS meeting as part of their application strategy, as early engagement can improve the quality and efficiency of the eventual submission.

Application stages

The FCA has indicated in their recent webinar that firms aiming to become authorised for cryptoasset activities should expect a multi-stage authorisation process. This may include an optional PASS meeting, but can be expected to include the following stages:

  • submission of the formal application;
  • initial review and feedback;
  • assessment meetings or interviews with the FCA;
  • further feedback; and
  • the FCA’s application outcome decision.

During cryptoasset authorisation applications, the regulator will notify firms when it is minded to approve their applications, where it considers that the required standards are likely to be met.

The FCA’s targets for determining authorisation applications do not apply to new regimes. The number of stages above reflect an anticipated rigorous approach from the FCA to cryptoasset authorisations. Firms should ensure that they plan sufficient time for these stages when considering when to make their application.

Application substance

The FCA has emphasised that applications which are light on information will be rejected. An application for authorisation to the FCA requires a substantial amount of material to be prepared, including policies and procedures, a detailed regulatory business plan, financial projections for the next three years and accompanying applications for senior managers. The FCA expects firms applying for authorisation to have considered not just their commercial prospects, but also the regulatory regime that will apply and to be able to demonstrate in their application materials how they will comply with it.

To minimise the time the FCA needs to consider the application and to maximise the prospects of a successful application, firms should ensure that all material information is included and that the FCA is notified if any material information arises during the process. Firms should also ensure that the application is clearly focused on the applicant firm rather than a wider group of firms. When a firm makes a re-application, which covers any situation where it has previously applied for permissions for the FCA for any type of activity and it has had its application refused or withdrew the application, it must be made clear how previous FCA feedback has been addressed.

Next steps

The introduction of a full FCA authorisation regime for cryptoasset activities marks a material increase in regulatory expectations for cryptoasset firms who become authorised. For many cryptoasset firms, this will represent a significant compliance uplift when compared with the existing AML-only framework.

Firms should take early, practical steps now to prepare for the FCA’s new cryptoasset regulatory regime, including:

  • Start building your authorisation plan now.
  • Be ready to demonstrate a credible and coherent business model.
  • Assess governance, systems and controls against FCA expectations.
  • Plan early engagement with advisers and the FCA, including PASS.

To view all formatting for this article (eg, tables, footnotes), please access the original here.

This article first appeared on Lexology | Source