If you're running a crypto business and want to reach customers in the United Kingdom, you can't just set up a website and start trading. Since September 1, 2023, the Financial Conduct Authority (FCA) has required every virtual asset service provider (VASP) that markets to UK users to register officially. This isn't a suggestion. It's the law. And if you ignore it, you risk being blocked, fined, or even shut down.
Who Needs to Register?
Not every crypto company needs to register with the FCA. But if you do any of these things, you're in scope:- You advertise your crypto services to UK customers - even just once
- You have a UK office or manage crypto operations from the UK
- You run a crypto ATM located in the UK
- You receive money from UK users or benefit financially from their activity
The Core Requirements
Getting registered isn't about filling out a form. It's about proving you can operate safely, legally, and transparently. The FCA expects you to meet standards as strict as those for banks.- Anti-Money Laundering (AML) and Know Your Customer (KYC): You must verify every customer's identity, monitor their transactions, and flag anything suspicious. This includes checking names against global sanctions lists and tracking unusual patterns like sudden large transfers or rapid trading cycles.
- Travel Rule Compliance: Starting in 2023, every crypto transfer over ÂŁ1,000 must carry sender and receiver details - name, account number, address. This applies even if one party uses an unhosted wallet. You need systems that automatically collect and transmit this data. No exceptions.
- Financial Strength: You must prove you have enough capital to cover losses. This means submitting audited financial statements and showing you can handle cash flow shocks without collapsing.
- Cybersecurity: Your systems must be hardened against hacks. That includes encryption, multi-factor authentication, intrusion detection, and regular penetration testing. The FCA doesn't accept "we use AWS" as a security plan.
- Asset Segregation: Client funds must be kept completely separate from your company's operating money. No mixing. No borrowing. No using customer deposits to pay your rent.
The Application Process
You apply through the FCA's online portal called Connect. It's not a quick submission. You need to prepare at least six months in advance. Hereâs what youâll need to submit:- Company incorporation documents
- Organizational chart showing leadership and compliance roles
- Detailed AML/KYC policy manual
- Transaction monitoring system design
- Proof of cybersecurity measures
- Financial projections for the next three years
- Background checks on all directors and major shareholders
Why So Many Applications Get Rejected
Most rejections arenât because the company is shady. They fail because they underestimate the depth of compliance needed.- Weak KYC systems: Using just a passport scan and selfie? Thatâs not enough. The FCA requires document verification with live detection, biometric checks, and risk-based scoring.
- Missing Travel Rule infrastructure: Many firms think they can handle peer-to-peer transfers manually. They canât. Automated systems are mandatory.
- No clear segregation of funds: If your accounting shows customer deposits sitting in the same account as your payroll fund, youâll be asked to resubmit.
- Unrealistic financial projections: Saying youâll hit ÂŁ10M in revenue in six months without a clear customer acquisition plan raises red flags.
What Happens After Registration?
Registration isnât a one-time checkbox. Itâs a continuous obligation.- You must submit annual AML reports
- You must update your compliance manual every time you add a new service
- You must notify the FCA within 24 hours of any material cybersecurity incident
- You must undergo periodic audits - sometimes unannounced
What About Businesses Outside the UK?
If you're based outside the UK and donât market to UK customers, you donât need to register. But hereâs the catch: if you donât actively block UK users, the FCA may still consider you in scope. A simple "UK users not served" banner isnât enough. You need geolocation blocking, IP filtering, and currency restrictions. Some firms use legal teams to argue theyâre not targeting the UK. The FCA doesnât care about your legal arguments. They care about your traffic logs. If 15% of your users are from London, and your site is in English with GBP pricing - youâre in.
Future Changes Coming in 2026
The FCA is expanding its oversight. By late 2026, expect:- More detailed reporting on token classifications (utility vs. security)
- Stricter rules on staking and yield products
- Expanded Travel Rule to cover all transfers, regardless of amount
- Integration with the UKâs digital pound infrastructure
Common Mistakes to Avoid
- Waiting until the last minute to start
- Using templates from other countries (EU rules donât work in the UK)
- Assuming "registration" means approval - it doesnât. You must prove compliance
- Thinking you can outsource compliance to a third party and forget about it
- Ignoring the banking problem - without a payment partner, registration is meaningless
Final Reality Check
The UK isnât trying to scare crypto businesses away. Itâs trying to make sure they donât become tools for crime. The system is tough, but itâs not impossible. Companies like CoinJar and Bitstamp got approved by building systems from scratch - not by cutting corners. If youâre serious about serving UK customers, treat this like building a bank. Document everything. Test everything. Train everyone. And never assume compliance is a form you fill out. Itâs a culture.Do I need to register if I only have UK customers but no office in the UK?
Yes. The FCA focuses on who you're targeting, not where you're based. If you market to UK users - through ads, website language, currency options, or app store listings - youâre required to register. Having no physical office doesnât exempt you.
How long does VASP registration take in the UK?
Thereâs no fixed timeline. Simple applications with clear documentation can be approved in 3-6 months. Complex ones - especially those with new business models or weak compliance systems - often take 9-18 months. The FCA doesnât rush approvals, and they wonât tell you why delays happen until theyâre ready to reject you.
Can I operate while my application is pending?
No. Operating without registration is illegal. Even if you submitted your application, you cannot offer services to UK customers until you receive written approval. Many firms pause UK marketing entirely during the review period.
What happens if I get rejected?
Youâll get a detailed letter explaining why. Common reasons include incomplete AML policies, unverified senior staff, or lack of cybersecurity controls. You can reapply, but you must fix the specific issues. Reapplying without changes almost always leads to another rejection.
Do I need to register if I only deal with non-fungible tokens (NFTs)?
It depends. If your NFT platform allows trading, staking, or lending, and you take fees or commissions, you likely need registration. The FCA treats NFTs as crypto assets if theyâre used for investment or have financial utility. Pure collectible NFTs without financial features may be exempt - but the line is blurry.
bro i just tried to register and got ghosted for 8 months. no feedback, no updates, just silence. now my whole business is on life support. this isn't regulation, it's bureaucratic warfare.
lol the FCA is acting like crypto is gonna blow up their bank vaults đ
but seriously, if you're building something real, just grind through it. i got approved after 11 months and now my UK clients are the most loyal. it's a pain, but worth it. đ
You mean to tell me... that if I use the word 'pound' on my website... I'm suddenly a bank? đ¤
And if I don't? I'm a criminal? Well. I guess I'll start adding 'no UK customers allowed' in 12-point font. And maybe a flag. And a disclaimer in Latin. Because that's what this is. A performance.
The Travel Rule requirement for all transfers over ÂŁ1,000 is non-negotiable under UK law. Failure to implement automated metadata transmission for both hosted and unhosted wallets constitutes a material breach under AML Directive 6. You must use compliant API integrations like Chainalysis or Elliptic. Manual processes are not acceptable.
I tried to open a business account after registration and every bank said no. even the ones that used to work with crypto. now im using a crypto payment processor that charges 8% and has a 3 day hold. this is not regulation. this is exclusion
Letâs be clear: if youâre relying on AWS and a KYC selfie, youâre not a VASP-youâre a liability waiting for a regulatory takedown. The FCA isnât asking for compliance; theyâre demanding institutional-grade infrastructure. If you canât articulate your counterparty risk model in a 10-page whitepaper, you shouldnât be in this space.
you think this is hard? try being a founder who got banned in Canada for 'inadequate AML' and now the FCA digs up your 2019 crypto exchange suspension like it's a crime scene. they don't want you here. they want you gone. and they'll dig up your grandpa's tax evasion to make it happen đ
The reality is that most crypto businesses fail the Fit and Proper test not because they're dishonest, but because they have no understanding of governance structure. The FCA doesn't care if your CEO is a blockchain evangelist from Reddit-they care if he's ever been flagged by FinCEN, if his LinkedIn is outdated, if his last job ended in a lawsuit. The bar isn't high. It's invisible. And it moves.
this is not regulation. this is the old world flexing its muscles. the FCA is afraid. they see decentralized finance and they feel their power slipping. they want to turn bitcoin into a licensed commodity. but the people? the people are already free. we don't need their stamps. we don't need their forms. we just need our nodes. đâĄ
If you're thinking of registering, don't wait until September. Start now. Build your AML policy from scratch using the FCA's own guidance documents. Don't copy the EU template. UK doesn't recognize the EBA's risk ratings. Your transaction monitoring system needs to flag micro-transactions that cluster around midnight on weekends-that's a known money mule pattern. Also, get your CFO to sign off on the capital adequacy model. The case officer will ask for it on day one.
Registration is not a hurdle. It is a covenant. A solemn commitment to protect the integrity of the financial system. To safeguard the vulnerable. To ensure that innovation does not become exploitation. This is not bureaucracy. This is responsibility. And those who refuse to meet this standard? They are not entrepreneurs. They are risks. And risks have no place in a civilized economy.
you guys are acting like this is hard. nah. this is just the government doing what it does best: making money for lawyers. if you're not paying a compliance firm 50k just to fill out forms, you're doing it wrong. and if you think you can do it yourself? you're the reason your company gets rejected. and honestly? good. the market needs less trash.
This whole system is a trap. The FCA doesn't want crypto. They want control. They're using 'AML' as a pretext to kill competition. If you're a small operator, you'll never get approved. Only the ones with VC backing and legal teams from London get through. This isn't regulation. It's a cartel. And if you're still trying to register? You're being played.
I see so many people scared of this process. But listen: this isn't about fear. It's about building something that lasts. The FCA's rules are brutal, yes. But they force you to become better. To be transparent. To care about your users. If you're building a crypto business that doesn't prioritize safety, you're not building a business-you're building a casino. And casinos don't last. But banks? Banks endure. So take the time. Do it right. Your future self will thank you.