BizLegal-AIStart Free
enforcement

FCA Illegal Crypto Trading Enforcement: P2P Crackdown Explained

FCA illegal crypto trading enforcement hits P2P markets hard. What the first coordinated crackdown means for operators, traders, and compliance teams in the UK.

BizLegal-AI Intelligence DeskgbFCA

FCA Illegal Crypto Trading Enforcement: P2P Crackdown Explained

The FCA's 2024 joint operation with HMRC and the National Crime Agency — targeting unregistered peer-to-peer crypto facilitators operating across Telegram, WhatsApp, and localised exchange platforms — marked a structural shift in UK cryptoasset enforcement. Arrests were made, devices seized, and the FCA issued a stark public warning: facilitating crypto trades without MLR 2017 registration is a criminal offence, not a regulatory grey area. If your business touches P2P crypto flows in the UK, the compliance calculus changed.

TL;DR

  • Operating an unregistered crypto P2P service in the UK is a criminal offence under the Money Laundering Regulations 2017, carrying up to two years' imprisonment.
  • The FCA's first coordinated P2P enforcement action involved HMRC and the NCA, signalling multi-agency pursuit of informal crypto markets.
  • Financial promotions rules apply to P2P platforms just as they do to centralised exchanges — unapproved promotions are an additional enforcement vector.
  • Registered firms face secondary liability if they knowingly facilitate unregistered P2P operators through banking rails or liquidity provision.
  • Compliance teams should audit third-party relationships and transaction monitoring rules for P2P typologies now, not after the next enforcement wave.

What This Regulation Actually Requires

The MLR 2017 Registration Obligation

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 — as amended by the Cryptoasset Business Registration regime effective January 2020 — require any business carrying on "cryptoasset exchange provider" or "custodian wallet provider" activity in the UK to register with the FCA before commencing operations. There is no de minimis threshold. A Telegram group facilitating regular buy/sell matching between UK persons is, on the FCA's reading, a cryptoasset exchange provider.

Registration requires a full AML/CTF framework: customer due diligence, enhanced due diligence for high-risk relationships, transaction monitoring, suspicious activity reporting to the National Crime Agency, and a nominated Money Laundering Reporting Officer. The FCA's assessment of registration applications has been notoriously stringent — as of early 2025, fewer than 50 firms held full registration, with hundreds rejected or withdrawn.

The Financial Promotions Regime

Since October 2023, cryptoasset financial promotions must be approved by an FCA-authorised person or issued by a registered cryptoasset firm. Unapproved promotions — including social media posts, referral links, and group chat messages that constitute an invitation to engage in crypto investment activity — are a criminal offence under section 25 of the Financial Services and Markets Act 2000. P2P operators running Telegram channels advertising trading services are squarely in scope.

The Criminal Finance Act 2017 Overlay

Unexplained Wealth Orders and Account Freezing Orders under the Criminal Finance Act 2017 give the NCA and HMRC additional tools to freeze and forfeit crypto assets held by suspected P2P operators. These orders don't require a criminal conviction. The evidentiary bar is civil, not criminal. That's a meaningful enforcement accelerant.

HMRC's Parallel Tax Enforcement Track

HMRC treats crypto-to-crypto trades as disposal events for Capital Gains Tax purposes. P2P operators who've been matching trades for years without filing returns face compounded exposure: unpaid CGT, income tax on trading profits if HMRC characterises activity as a trade, and potential fraud charges if non-disclosure was deliberate. HMRC's Connect system now ingests data from UK-registered exchanges under its information powers, and cross-references that against self-assessment returns.

What This Means for Your Company

If You Operate a P2P Platform or Facilitate P2P Matching

You need FCA registration. Full stop. The "we're just a technology provider" or "we're just a community admin" argument has been tested and rejected. The FCA's enforcement guidance makes clear that if your platform or service results in crypto being exchanged between parties — even if you don't hold the assets yourself — you're likely in scope.

The joint operation's targets included individuals running high-volume OTC desks through encrypted messaging apps. Volume isn't the threshold; the nature of the activity is. Even low-volume operators face criminal exposure.

If You're a Registered Exchange or Broker

Your exposure is indirect but real. If your firm's rails — bank accounts, liquidity pools, API access — are being used by unregistered P2P operators, you face potential liability for facilitating money laundering under the Proceeds of Crime Act 2002. Transaction monitoring systems that aren't calibrated to detect P2P typologies (high-frequency small trades, rapid in-out flows, counterparty clustering) are a supervisory weakness the FCA will probe.

The FCA's Dear CEO letters to registered cryptoasset firms in 2023 and 2024 explicitly flagged inadequate monitoring of downstream customer activity as a recurring deficiency.

If You're a Legal or Compliance Adviser

Client privilege doesn't extend to facilitating ongoing criminal activity. If a client is operating an unregistered P2P service and you're aware of it, your own MLR 2017 obligations as a regulated professional apply. Tipping-off restrictions under POCA 2002 also constrain what you can say to the client once an SAR has been filed.

How to Operationalize

Registration and Authorisation Checklist

  1. Determine scope. Map every function your business performs: matching, custody, promotion, referral. If any function constitutes cryptoasset exchange or custody activity, registration is required before that function operates.

  2. Appoint an MLRO. The nominated officer must be a senior person with genuine authority and resource. Nominal appointments are a red flag in FCA assessments.

  3. Build your AML framework. This means a written risk assessment, CDD/EDD procedures, transaction monitoring rules, SAR filing procedures, and staff training records. The FCA's MLR registration assessment reviews all of these.

  4. Audit financial promotions. Every piece of content that could constitute an invitation to engage in crypto activity — website copy, social posts, referral schemes — needs legal review against the financial promotions regime. Unapproved promotions must be withdrawn immediately.

  5. File the registration application. The FCA's Connect portal is the submission route. Budget 12+ months for assessment. Operate under the Temporary Registration Regime only if you were already registered before the January 2020 deadline and have a pending application — new entrants don't qualify.

  6. Implement transaction monitoring for P2P typologies. Red flags include: counterparties who appear only once, rapid asset movement post-receipt, trades structured just below round numbers, and geographic clustering inconsistent with stated customer base.

  7. Establish NCA SAR filing procedures. Suspicious Activity Reports must be filed through the NCA's SARs Online portal. Consent SARs (where you need to proceed with a transaction that may involve criminal property) require a 7-day moratorium period.

  8. Conduct annual AML risk assessments. The FCA expects these to be living documents, updated when the business model, customer base, or product set changes.

  9. Train staff on P2P red flags. Customer-facing staff need to recognise indicators of P2P activity being routed through your platform.

  10. Review third-party relationships. If you provide liquidity, banking, or technology to other crypto businesses, conduct due diligence on their registration status and AML frameworks.

Common Mistakes and How to Avoid Them

Assuming low volume means low risk. The FCA's enforcement action targeted operators across a range of volumes. The legal test is the nature of the activity, not its scale. A Telegram group with 200 members facilitating regular trades is in scope.

Treating registration as a one-time event. Registration is the floor, not the ceiling. The FCA conducts ongoing supervisory assessments of registered firms. Firms that pass initial registration but then fail to maintain their AML frameworks face enforcement action — including de-registration, which is itself a criminal trigger if the firm continues operating.

Ignoring the financial promotions regime. Many P2P operators focus on the registration question and overlook that their marketing activity is independently criminal. An unapproved financial promotion is a strict liability offence. The FCA has issued over 1,800 alerts about illegal crypto promotions since the October 2023 regime came into force.

Inadequate transaction monitoring calibration. Generic AML transaction monitoring rules designed for fiat banking don't capture crypto P2P typologies. Rules need to be crypto-specific: velocity checks on wallet addresses, counterparty reuse analysis, on-chain clustering alerts.

Failing to file SARs. The NCA's 2024 SARs Annual Report noted that cryptoasset-related SARs remain underreported relative to the sector's transaction volumes. Failure to file when there's knowledge or suspicion of money laundering is itself a criminal offence under POCA 2002, section 330.

Relying on overseas registration. A firm registered with a non-UK regulator — MiCA in the EU, FinCEN in the US — is not exempt from UK MLR 2017 registration if it serves UK persons. The FCA's jurisdictional reach follows the customer, not the firm's incorporation address.

FAQ

Q: If I'm just an individual trading crypto P2P for myself, do I need FCA registration?

A: No — MLR 2017 registration applies to businesses carrying on cryptoasset exchange activity, not to individuals trading their own assets. But if you're regularly matching trades between third parties, even informally, the FCA may characterise you as operating a business. HMRC's tax obligations apply regardless: every disposal is a CGT event.

Q: Can I operate a P2P platform while my FCA registration application is pending?

A: Only if you were already registered before January 10, 2020 and submitted a registration application before the deadline — that's the Temporary Registration Regime. New entrants cannot operate while an application is pending. Operating without registration is a criminal offence from day one.

Q: What's the penalty for operating an unregistered cryptoasset business?

A: Under Regulation 86 of the MLR 2017, operating without registration is a criminal offence carrying up to two years' imprisonment and/or an unlimited fine. Civil penalties and asset forfeiture under POCA 2002 and the Criminal Finance Act 2017 apply in parallel.

Q: Does the financial promotions regime apply to my Discord server where I share crypto trade ideas?

A: Potentially yes, if the communications constitute an invitation or inducement to engage in investment activity. The FCA's guidance on cryptoasset financial promotions covers real-time and non-real-time communications. A Discord server with a trading signals channel is a realistic enforcement target. Get legal advice before assuming community exemptions apply.

Q: How does HMRC's enforcement interact with the FCA's?

A: They're parallel tracks. The FCA pursues regulatory and criminal offences under MLR 2017 and FSMA 2000. HMRC pursues tax evasion and fraud. The NCA coordinates on proceeds of crime. Joint operations — like the 2024 P2P action — mean all three agencies share intelligence and can pursue simultaneous investigations. A target of one is effectively a target of all three.

Sources

  • Financial Conduct Authority, Cryptoasset Registration, FCA Register and Guidance (FCA.org.uk)
  • HM Treasury, Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, SI 2017/692, as amended
  • Financial Conduct Authority, Financial Promotions for Cryptoassets, PS23/6 (June 2023)
  • National Crime Agency, Suspicious Activity Reports (SARs) Annual Report 2024 (NCA.gov.uk)

Disclaimer

This article is produced by BizLegal-AI Intelligence Desk for informational purposes only. It does not constitute legal advice and should not be relied upon as such. Regulatory positions, enforcement priorities, and legislative requirements change frequently. Readers should obtain independent legal advice from a qualified solicitor or regulated adviser before taking or refraining from any action based on this content. BizLegal-AI is not a law firm and does not establish a solicitor-client relationship through publication of this material. All case references and regulatory citations should be independently verified against primary sources.

FCAcrypto enforcementP2P tradingHMRCUKMLR 2017cryptoasset registrationfinancial promotionssuspicious activity reportsJMLIT
Turn this guide into a plan

Get your jurisdiction-specific compliance risk score

BizLegal-AI maps your structure against this exact regulation and tells you what's missing — before a regulator does. Free preview, no card required.

Run my free risk check →

Used by founders & counsel across 50+ jurisdictions · Not legal advice

Related

Regulatory changes, before they cost you

One email when a rule that affects crypto, fintech, or cross-border deals actually changes. No noise. Unsubscribe anytime.

Disclaimer: BizLegal-AI produces regulatory intelligence and working drafts. It is not legal, financial, or tax advice. Consult qualified counsel for specific situations.