If you're running a crypto business and want to serve customers in the UK, you must register with the Financial Conduct Authority (FCA). It’s not optional. Since September 1, 2023, any company advertising crypto services to UK residents - even if it’s based overseas - has to get approved. Failure to do so means you can’t legally operate in the UK. No bank accounts. No payment processors. No customers. And you could face fines or criminal charges.
Who Exactly Needs to Register?
Not every crypto company needs to apply. The FCA draws a clear line. If your business does any of these things, registration is required:- You have a physical office or headquarters in the UK
- You run crypto ATMs located in the UK
- You market your services directly to UK customers - through ads, websites, social media, or email campaigns
- You receive money or benefits from UK-based clients
- Your business operations are managed from the UK, even if your team is global
Here’s the key: if you’re just serving UK customers as an afterthought - say, someone from London buys Bitcoin from your site in Singapore - you might be okay. But if you’re actively targeting UK users, running ads in English, offering GBP deposits, or having customer support in the UK timezone, the FCA considers you a UK-based business. And that triggers mandatory registration.
The FCA is strict about this. Even if you don’t have a UK office, if your website says “We serve UK customers” or has a .co.uk domain, you’re in scope. There’s no loophole. The regulator has made it clear: marketing equals jurisdiction.
What Does the Registration Process Look Like?
Applying isn’t a form you fill out in 10 minutes. It’s a multi-month process that demands serious preparation. The FCA uses its online Connect system, and applications are reviewed by dedicated case officers. Here’s what you’ll need to submit:- Complete corporate documents - articles of incorporation, shareholder details, ownership structure
- Proof of financial health - bank statements, balance sheets, capital reserves
- A detailed operational plan - how you’ll run your business day-to-day
- Full AML and KYC procedures - how you verify customers, monitor transactions, flag suspicious activity
- Cybersecurity policies - how you protect data, prevent hacks, and secure private keys
- Background checks on all key personnel - directors, compliance officers, crypto managers
Every person in a senior role must pass a “Fit and Proper Test.” That means the FCA checks their criminal history, past financial misconduct, and even their reputation in the industry. A history of fraud, money laundering, or failed financial firms? You’re likely to be rejected.
There’s no fixed timeline. Some applications get approved in 4 months. Others take over a year. The biggest delays come from incomplete paperwork or unclear explanations. The FCA doesn’t give second chances. If your application is messy, they’ll reject it - and you’ll have to start over.
Compliance Isn’t Optional - It’s Built Into the System
Once you’re registered, the work doesn’t stop. The FCA expects ongoing compliance. You’re not just getting a stamp - you’re signing up for constant oversight.Travel Rule is one of the toughest requirements. Since September 2023, every crypto transfer over £1,000 between VASPs must include full sender and receiver info: full name, address, account number. This applies even if the other party is in another country. If you’re sending to an unhosted wallet (like a personal MetaMask), you must still collect and record the recipient’s identity - or block the transaction. No exceptions.
You also need to:
- Keep transaction records for at least 5 years (8 years if the transaction involves high-risk activity)
- Report suspicious activity to the National Crime Agency (NCA) within 24 hours
- Conduct regular internal audits of your AML systems
- Separate client funds from your company’s operating money - no commingling
- Have a designated compliance officer who reports directly to your board
The FCA doesn’t just check paperwork. They may send inspectors to your office. They can demand access to your systems. They monitor your transaction volumes. If your business suddenly spikes in activity without proper controls, they’ll investigate.
Why Do So Many Applications Get Rejected?
From industry reports, over 60% of initial applications are turned down. Why? Three main reasons:- Weak KYC/AML systems - Many companies use basic identity checks. The FCA wants biometric verification, document authenticity tools, and real-time risk scoring. If you’re just asking for a passport photo and a selfie, you’re not ready.
- No banking access - Banks still treat crypto firms like high-risk. Even if you get approved by the FCA, you might not find a bank willing to open an account. Without a GBP or EUR account, you can’t pay staff, vendors, or taxes. Many applicants fail because they don’t secure banking before applying.
- Unclear organizational structure - The FCA wants to know who’s responsible for what. If your compliance officer is also your CEO and your tech lead, that’s a red flag. Roles must be clearly separated. You need a dedicated compliance team, not someone doing it part-time.
Companies that succeed usually hire a regulatory consultant before applying. Firms like Buckingham Capital Consulting help draft applications, run mock audits, and prep teams for FCA interviews. It’s not cheap - but it’s cheaper than getting rejected twice.
What Happens If You Don’t Register?
The FCA has already shut down dozens of unregistered crypto firms. They don’t just issue warnings. They:- Block UK access to your website
- Force payment processors to cut you off
- Issue public warnings on their website
- Refer cases to law enforcement
In 2024, the FCA published a list of 23 unregistered crypto firms. Their names are still live on the FCA website. That’s public shame. It kills trust. Customers won’t use you. Partners won’t work with you. And if you’re caught operating illegally, you could face criminal prosecution.
What’s Next? The Road Ahead in 2026
The FCA isn’t slowing down. In autumn 2025, they held information sessions in Edinburgh and plan more in 2026. They’re tightening rules around DeFi, NFTs, and stablecoins. New guidance is expected on how to handle decentralized exchanges and peer-to-peer platforms.Expect:
- More frequent audits
- Stricter capital requirements
- Expanded Travel Rule enforcement
- Greater pressure on banks to serve licensed VASPs
The UK is setting a global standard. If you want to operate in Europe, the UK’s rules are becoming the benchmark. Getting registered now isn’t just about staying legal - it’s about staying competitive.
How to Prepare Right Now
If you’re serious about serving UK customers, here’s your action plan:- Review your marketing - Are you targeting UK users? If yes, you need to register.
- Map out your AML/KYC flow - Can you verify a customer in under 5 minutes? Do you screen against sanctions lists? If not, fix it.
- Secure banking - Talk to crypto-friendly banks like Revolut, Wirex, or Salt. Start this early - it takes months.
- Organize your team - Assign clear roles: compliance officer, tech lead, finance manager.
- Start your application - Use the FCA’s Connect portal. Don’t wait for perfection. Submit early, get feedback, then refine.
The window for easy entry is closing. The FCA is not here to help you grow. They’re here to protect the public. If you’re ready to play by the rules, registration is your path forward. If you’re not, you’ll be left behind.
Do I need to register if I only have a few UK customers?
Yes. If you’re marketing your services to UK customers - even if you have just one - the FCA considers you a business operating in the UK. Registration is required. The number of customers doesn’t matter. The intent to serve them does.
Can I register if I’m based outside the UK?
Yes. Many registered VASPs are based in Europe, Asia, or North America. What matters is whether you’re targeting UK customers or conducting business activities within the UK. You don’t need a UK office - but you do need to comply with UK rules, including the Travel Rule and AML requirements.
How long does VASP registration take?
There’s no fixed timeline. Simple applications can take 3-6 months. Complex ones, especially with incomplete documentation or banking issues, can take over a year. The FCA doesn’t guarantee timelines. Preparation is the biggest factor in speed.
What’s the cost of VASP registration?
The FCA charges an application fee of £5,000 for most crypto businesses. If you’re classified as a high-risk firm, the fee can rise to £15,000. There are also annual fees based on your revenue. But the real cost is in compliance: hiring staff, building systems, and legal advice - which can run into tens of thousands of pounds.
Can I operate while my application is being reviewed?
No. You cannot legally offer crypto services to UK customers while your application is pending. Doing so is a violation of the law. You must wait for written approval. Some firms pause UK marketing until registration is complete.
What happens if my application is rejected?
You’ll get a detailed letter explaining why. Common reasons include weak AML controls, unclear ownership, or insufficient capital. You can reapply, but you must fix the issues. The FCA doesn’t allow multiple applications without major changes. Many firms hire consultants to fix problems before reapplying.
Do I need to register for each crypto service I offer?
No. One registration covers all crypto services - exchanges, custody, staking, NFT trading, and more - as long as they’re under the same legal entity. You don’t need separate registrations for each product.
Is the Travel Rule enforced for all transactions?
Yes. For transfers over £1,000, you must collect and send sender and receiver info. For transfers below £1,000, you still need to identify the counterparty if they’re a VASP. For unhosted wallets, you must collect identity data - or refuse the transaction. There are no exceptions for small amounts.
This is the most thorough breakdown I've seen on UK VASP rules. Seriously, if you're even thinking about targeting UK customers, stop scrolling and start preparing. The FCA isn't playing around anymore. I've seen three startups get crushed this year because they thought 'a few users' meant 'no consequences'. Nope. Marketing = jurisdiction. Period. Get your AML stack locked down before you even draft your first ad.
This is gold 🙌 Just saved this for my team. We're based in Bangalore but have 12% of our users in the UK. We just upgraded our KYC to include facial liveness checks and document AI validation. Took 3 months. Worth every second. The FCA doesn't care where you're from - they care if you're serious.
The Travel Rule is a nightmare. We blocked 87 transactions last month because users refused to submit ID for under ÂŁ1k transfers. Turns out, 'I just want to send Bitcoin to my friend' doesn't fly when your backend logs show they're using a wallet tied to a known mixer.
Why are banks still acting like crypto is the plague? We got FCA approval in January. Took 6 months to find a bank. Revolut rejected us. Wirex said 'no stablecoin exposure'. We ended up with a shell banking partner in Estonia. It's a mess. The UK is making it impossible for legit firms to operate.
I've helped five crypto founders navigate this process. The biggest mistake? Thinking 'we'll fix compliance later'. You don't get a second chance. The FCA's Connect portal is brutal - one typo in your ownership structure and you're sent back to square one. Hire a UK regulatory lawyer. Even if it costs $20k. It's cheaper than being publicly shamed on the FCA's 'unregistered' list.
I think this system... reflects a deeper tension... between innovation and control... The FCA isn't just regulating crypto... it's defining what 'legitimate financial activity' means in the 21st century... Are we building a future where trust is algorithmic? Or one where bureaucracy chokes possibility?... The answer will shape global finance...