FCA Crypto Authorization Requirements for Exchanges in 2026

If you're running or planning to launch a crypto exchange in the UK, the rules have changed-dramatically. As of January 2026, the Financial Conduct Authority (FCA) no longer just wants you to register. You need authorization. This isn’t a form you fill out and forget. It’s a full-scale compliance overhaul that impacts everything from how you handle customer funds to whether you can even serve UK retail investors.

What’s Changed Since 2020?

Back in 2020, the FCA introduced a basic registration system under the Money Laundering Regulations (MLRs). If you ran a crypto exchange or custodial wallet service, you had to register. That was it. No deep review. No ongoing supervision. Just a checkbox to tick before you could operate.

That system is gone. The MLR registration still exists as a baseline, but it’s now just the first step. The real gatekeeper is the Financial Services and Markets Act 2000 (FSMA), which came into full force in 2025. Now, if you operate a crypto trading platform, deal in cryptoassets, or safeguard client funds, you need formal FCA authorization. No more gray areas. No more loopholes.

The Five Core Activities That Require Authorization

The FCA has clearly defined five crypto activities that trigger mandatory authorization under FSMA:

• Operating a qualifying cryptoasset trading platform
• Dealing in qualifying cryptoassets as principal
• Dealing in qualifying cryptoassets as agent
• Arranging deals in qualifying cryptoassets
• Safeguarding qualifying cryptoassets and relevant specified investment cryptoassets

If your business does any of these, you’re not just registering-you’re applying for a full financial services license. That means submitting detailed documentation on your governance, risk controls, AML procedures, and financial soundness. The FCA will dig into your team’s experience, your tech stack, and your third-party vendors.

Stablecoins Are a Separate Rulebook

Issuing stablecoins? That’s a whole different ballgame. Under the new rules, you only need FCA authorization if you’re issuing them from a physical office in the UK. If your stablecoin project is based in Singapore or Switzerland but marketed to UK users, you don’t need authorization-unless you’re also doing one of the five core activities above.

This is a deliberate move. The FCA wants to control the infrastructure behind stablecoins, not every foreign issuer. But if you’re issuing a GBP-pegged stablecoin from London, you’re now under the same scrutiny as a bank. Expect audits, capital requirements, and strict redemption rules.

Who Can You Serve? Retail vs. Institutional

The FCA draws a hard line between retail and institutional clients-and it affects whether you need authorization at all.

If you’re an overseas crypto exchange and you only serve UK institutions (hedge funds, asset managers, corporations), you don’t need FCA authorization for trading platforms or dealing activities. But if you’re targeting UK retail investors-people buying crypto for personal use-you’re in the crosshairs. Even if your website is hosted in Estonia, if a UK resident signs up and trades, you need authorization.

There’s one exception: if you work through a UK-authorized intermediary, you’re off the hook. For example, if a UK-based broker with FCA permission connects your platform to their clients, you don’t need your own license. This prevents a chain of foreign firms all trying to get UK approval just to reach one customer.

What About Crypto ETNs? Retail Access Is Back

In 2021, the FCA banned retail investors from buying crypto-backed exchange-traded notes (cETNs). That ban lifted in October 2025. Now, UK retail investors can buy cETNs-but only if they’re listed on an FCA-approved UK investment exchange.

This isn’t a free-for-all. The cETNs must be issued by regulated entities, trade on recognized exchanges like the London Stock Exchange, and come with strict disclosure rules. The FCA isn’t endorsing crypto. It’s just letting retail investors access it through a controlled, transparent channel.

Compliance Isn’t Optional-It’s Built In

The FCA doesn’t treat crypto firms like startups. They’re held to the same standards as banks. That means you must comply with:

• Threshold Conditions: Your firm must be financially sound, properly managed, and have adequate systems to prevent financial crime.
• Principles for Businesses: Most apply, but some are modified. For example, you don’t need to act in the best interests of clients on a trading platform if those clients are professional traders.
• CASS Rules: If you hold client crypto or cash, you must segregate it. No commingling. No using it for liquidity. Audits are mandatory.

You’ll also need to follow guidance from the Joint Money Laundering Steering Group (JMLSG), the FATF, and the FCA’s own Financial Crime guide. Ignorance won’t save you. The FCA expects you to know these documents inside out.

What Happens If You Don’t Comply?

The FCA doesn’t play around. In 2024, they shut down over 200 unregistered crypto firms. They’ve also issued public warnings against 30+ platforms still operating without authorization.

If you’re caught operating without proper authorization:

• Your website can be blocked by UK ISPs
• Your bank accounts can be frozen
• Senior managers can be personally fined or banned
• Criminal prosecution is possible for serious breaches

The FCA has also started using data-sharing agreements with international regulators to track offshore firms targeting UK users. They’re not waiting for complaints. They’re proactively hunting.

How to Prepare for Authorization

If you’re serious about operating in the UK, here’s your roadmap:

1. Review the FSMA regulated activities list. Map what your business does against the five core activities.
2. Conduct a gap analysis. Compare your current AML, KYC, and custody systems to FCA requirements.
3. Apply for MLR registration if you haven’t already. It’s still required, even if you’re preparing for FSMA.
4. Book a pre-application meeting with the FCA. They offer these to help firms understand expectations.
5. Start building your application package: business plan, compliance manual, organizational chart, financial projections, and evidence of staff training.
6. Engage a compliance consultant with FCA experience. Don’t try to wing it. The application failure rate is high.

The average application takes 6-9 months. Don’t wait until your current registration expires. Start now.

What’s Next?

The FCA is still refining the rules. They’re consulting on technical standards for cryptoasset custody, staking, and stablecoin redemption. Expect more guidance in 2026. But the core framework is locked in.

The message is clear: the UK is no longer a wild west for crypto. If you want to serve UK customers, you need to play by the rules of a mature financial system. That means more cost, more complexity, and more accountability. But it also means legitimacy. The firms that get authorized now will be the ones trusted by institutions, banks, and retail investors in 2027 and beyond.

Final Thoughts

The FCA isn’t trying to kill crypto. It’s trying to clean it up. The firms that survive are the ones that treat compliance like a competitive advantage-not a cost center. Authorization isn’t a hurdle. It’s your ticket to institutional partnerships, bank relationships, and long-term credibility.

If you’re still operating on MLR registration alone, you’re already behind. The clock is ticking. Start preparing today-or get ready to be left out of the UK market entirely.