BizLegal-AIStart Free
compliance

FCA Cryptoasset Registration FSMA Regime: Pre-Application Meetings Guide

FCA cryptoasset registration under the FSMA regime is now open for pre-application meetings. Learn what firms must prepare, common pitfalls, and key deadlines.

BizLegal-AI Intelligence DeskgbFCA

FCA Cryptoasset Registration FSMA Regime: Pre-Application Meetings Guide

The FCA's new FSMA-based cryptoasset regime — expected to go live in 2026 following HM Treasury's consultation on the Financial Services and Markets Act 2000 (Cryptoassets) framework — represents the most significant structural shift for UK crypto firms since the MLR 2017 registration requirement. The FCA has confirmed it will offer Pre-Application Support Service (PASS) meetings to firms preparing for full authorisation under the incoming regime, and the window to engage early is already open. Miss this window and you risk a cold-start application with no regulator feedback, a near-certain recipe for rejection.

TL;DR

  • The FSMA cryptoasset regime will require firms to obtain FCA authorisation (not just registration) to conduct regulated cryptoasset activities in the UK.
  • The FCA's PASS programme lets firms book pre-application meetings before submitting a formal application — a critical step given the FCA's historically high rejection rate for crypto MLR registrations.
  • Firms already holding MLR cryptoasset registration are not automatically grandfathered; they must apply under the new regime.
  • Key activities likely in scope include cryptoasset exchange, custody, lending, and staking services.
  • Preparation now — governance frameworks, financial promotions compliance, consumer duty mapping — materially improves authorisation odds.

What This Regulation Actually Requires

The Shift from MLR Registration to FSMA Authorisation

Since January 2020, UK cryptoasset businesses have operated under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), which required registration with the FCA for AML/CTF purposes only. That regime was deliberately narrow. The FCA's temporary registration list and the high-profile refusals — including Binance's 2021 withdrawal of its UK application — signalled that even the low-bar MLR process was catching firms unprepared.

The FSMA regime is categorically different. It brings cryptoasset activities within the UK's mainstream financial services authorisation framework. Firms will need to satisfy the FCA's Threshold Conditions under Schedule 6 of FSMA 2000: adequate resources, suitability of management, appropriate business model, and effective systems and controls. This is the same standard applied to investment firms, payment institutions, and banks.

Regulated Activities Under the New Regime

HM Treasury's consultation papers and the subsequent draft legislation identify a set of "specified cryptoasset activities" that will require authorisation. These are expected to include:

  • Cryptoasset exchange — operating a platform that facilitates buying, selling, or exchanging cryptoassets for fiat or other cryptoassets.
  • Cryptoasset custody — safeguarding or administering cryptoassets or private cryptographic keys on behalf of clients.
  • Issuance and admission services — facilitating the issuance of cryptoassets or their admission to a trading platform.
  • Lending and staking — providing yield-bearing products where client assets are deployed.

The exact perimeter will be confirmed in secondary legislation, but firms should assume that any activity touching client assets or facilitating client transactions will be in scope.

Financial Promotions Obligations

Separate from authorisation, the FCA's financial promotions regime for cryptoassets — which came into force on 8 October 2023 under the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 as amended — already applies. Firms communicating or approving crypto financial promotions to UK consumers must either be FCA-authorised or have their promotions approved by an authorised person. The FCA issued 146 alerts against illegal crypto promotions in the first three months after the regime launched. That enforcement posture isn't softening.

Consumer Duty Intersection

Authorised cryptoasset firms will fall within the scope of the FCA's Consumer Duty (PS22/9), which requires firms to deliver good outcomes for retail customers across four outcome areas: products and services, price and value, consumer understanding, and consumer support. This is not a tick-box exercise. The FCA expects firms to evidence outcome monitoring through data, not assertions.

What This Means for Your Company

If you hold an existing MLR cryptoasset registration: You have a compliance baseline, but don't mistake that for a head start on FSMA authorisation. The MLR process assessed AML controls only. FSMA authorisation will scrutinise your entire business — capital adequacy, governance, conflicts of interest, technology resilience, and client asset protection. Many MLR-registered firms will find significant gaps.

If you're operating under a temporary registration: The FCA's temporary registration list has been a lifeline for firms caught in the backlog. That lifeline ends when the FSMA regime goes live. Firms on the temporary list should treat the PASS meeting as urgent, not optional.

If you're a new entrant: You have no legacy infrastructure to retrofit, which is an advantage. But you also have no regulatory relationship with the FCA. A PASS meeting is your first opportunity to establish one and to test whether your business model is viable under the new framework before you've committed capital to build it.

If you're a non-UK firm serving UK customers: The territorial scope of the FSMA cryptoasset regime will likely follow the existing FSMA framework — overseas firms conducting regulated activities in the UK, or actively marketing to UK persons, will need authorisation or to rely on a permitted exemption. The FCA has been explicit that it will not tolerate regulatory arbitrage through offshore structuring.

How to Operationalise

Getting value from a PASS meeting requires preparation. The FCA won't use the session to do your compliance work for you. Here's a practical sequence:

Step 1 — Map your regulated activities. List every service your firm provides or intends to provide. Cross-reference against the draft list of specified cryptoasset activities. Flag anything ambiguous and prepare a written analysis of why you believe it is or isn't in scope. The FCA will want to see that you've thought this through.

Step 2 — Conduct a Threshold Conditions gap analysis. Work through each of the five Threshold Conditions (legal status, location of offices, adequate resources, suitability, and appropriate business model) and document your current position against each. Identify gaps honestly. The FCA responds better to firms that know their weaknesses than to firms that oversell.

Step 3 — Prepare your governance documentation. Identify your Approved Persons / Senior Managers (the SMF regime will apply). Draft or update your governance map showing board composition, committee structure, and accountability lines. The FCA will scrutinise whether your senior managers have relevant cryptoasset or financial services experience.

Step 4 — Draft a regulatory business plan. This is the single most important document in your application. It should cover: your target market, revenue model, risk appetite, how you'll comply with each applicable FCA rule, and your financial projections. Keep it honest. Optimistic projections that don't survive scrutiny destroy credibility.

Step 5 — Book the PASS meeting. Submit your PASS request through the FCA's Connect system. Include a brief description of your business model and the specific questions you want to address. The FCA uses this to allocate the right supervisory staff to your meeting. Vague requests get generic responses.

Step 6 — Follow up in writing. After the meeting, send a written summary of what was discussed and any commitments you made. This creates a record and demonstrates the kind of organised, proactive approach the FCA wants to see from authorised firms.

Step 7 — Build your compliance infrastructure before applying. Don't apply until your AML/CTF framework, financial promotions controls, Consumer Duty implementation, and technology resilience documentation are substantially complete. Incomplete applications are rejected, and rejections go on your regulatory record.

Common Mistakes and How to Avoid Them

Treating PASS as a shortcut. PASS meetings are diagnostic, not advisory. The FCA won't tell you whether your application will succeed. Firms that arrive expecting a green light leave disappointed and underprepared.

Underestimating the governance bar. The FCA has been explicit in multiple Dear CEO letters that weak governance is the primary driver of crypto firm failures. If your board lacks financial services experience, address that before applying — through hiring, advisory appointments, or non-executive directors with relevant backgrounds.

Ignoring the financial promotions regime. Some firms have assumed that FSMA authorisation will resolve their financial promotions compliance issues. It won't, automatically. You need a standalone financial promotions approval process, including fair and clear risk warnings, before you communicate with UK retail customers.

Conflating MLR registration with FSMA readiness. The FCA's MLR assessments focused on AML policies, procedures, and controls. FSMA authorisation adds capital requirements, conduct of business rules, client asset protection (CASS), and Consumer Duty. These are not incremental additions — they require substantive infrastructure.

Applying too early. Counter-intuitive, but true. An incomplete application wastes FCA resource, damages your relationship with your case officer, and can result in a refusal that's harder to overcome than a delayed application. The FCA's target determination period is six months for complete applications. Incomplete applications reset that clock.

Neglecting technology and operational resilience. The FCA's PS21/3 on operational resilience applies to authorised firms. Cryptoasset firms will need to identify important business services, set impact tolerances, and demonstrate they can remain within those tolerances during severe but plausible disruption scenarios. This requires documented testing, not just policy.

FAQ

Q: When does the FSMA cryptoasset regime go live?

A: HM Treasury has indicated a 2026 implementation timeline, but the exact commencement date depends on secondary legislation being laid before Parliament. Firms should monitor FCA Policy Statements and HM Treasury announcements closely. The FCA has signalled it will provide a transitional period for existing MLR-registered firms, but the length of that period hasn't been confirmed.

Q: Do I need to be FCA-authorised before the regime goes live to continue operating?

A: Firms currently operating under MLR registration will likely benefit from a transitional period allowing them to continue operating while their FSMA application is processed, provided they apply within a specified window. The precise mechanics will be set out in the commencement regulations. Missing the application window could mean you need to cease regulated activities until authorisation is granted.

Q: What's the difference between PASS and the FCA's Innovation Hub?

A: The Innovation Hub (part of the FCA's Innovate programme) is designed for genuinely novel business models where the regulatory perimeter is unclear. PASS is for firms that have a reasonably clear view of their regulatory status and are preparing a formal application. If your business model is established (exchange, custody, lending), PASS is the right route. If you're doing something genuinely new — tokenised securities, DeFi interfaces, embedded crypto — the Innovation Hub may be more appropriate first.

Q: Will the FCA's Consumer Duty apply to all cryptoasset firms?

A: Consumer Duty applies to FCA-authorised firms in relation to retail customers. Once the FSMA cryptoasset regime is live, authorised cryptoasset firms serving retail clients will be subject to Consumer Duty in full. Firms serving only professional or institutional clients have a narrower set of obligations, but the boundary between retail and professional in crypto is often blurry and requires careful analysis.

Q: What happens to firms that continue operating without FSMA authorisation after the regime goes live?

A: Conducting a specified cryptoasset activity without authorisation will be a criminal offence under Section 23 of FSMA 2000, carrying up to two years' imprisonment and/or an unlimited fine. The FCA has demonstrated willingness to pursue criminal enforcement in the financial services space. This is not a risk to manage — it's a risk to eliminate.

Sources

  • Financial Services and Markets Act 2000 (as amended), Schedule 6 — Threshold Conditions
  • HM Treasury, Future Financial Services Regulatory Regime for Cryptoassets: Consultation and Call for Evidence (February 2023)
  • FCA, PS22/9: A New Consumer Duty (July 2022)
  • FCA, Financial Promotion Rules for Cryptoassets — amendments to the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005, effective 8 October 2023

Disclaimer

This article is produced by BizLegal-AI Intelligence Desk for general informational purposes only. It does not constitute legal advice and does not create a solicitor-client or adviser-client relationship. Regulatory requirements are subject to change; readers should verify current requirements with the FCA and seek qualified legal counsel before making compliance decisions. BizLegal-AI makes no representations as to the completeness or accuracy of information regarding pending or proposed legislation.

FCAcryptoassetsFSMAUK crypto regulationgbpre-application supportPASScryptoasset authorisationFCA registrationfinancial promotion
Turn this guide into a plan

Get your jurisdiction-specific compliance risk score

BizLegal-AI maps your structure against this exact regulation and tells you what's missing — before a regulator does. Free preview, no card required.

Run my free risk check →

Used by founders & counsel across 50+ jurisdictions · Not legal advice

Related

Regulatory changes, before they cost you

One email when a rule that affects crypto, fintech, or cross-border deals actually changes. No noise. Unsubscribe anytime.

Disclaimer: BizLegal-AI produces regulatory intelligence and working drafts. It is not legal, financial, or tax advice. Consult qualified counsel for specific situations.