FCA cryptoasset authorisation – Ready to launch?
FCA cryptoasset authorisation – Ready to launch?
From 25 October 2027, firms conducting qualifying cryptoasset activities must obtain full authorisation from the Financial Conduct Authority (“FCA”) or if already carrying out other authorised activities under the Financial Services and Markets Act (“FSMA”) seek a Variation of Permission (“VoP”) to continue undertaking these activities alongside FSMA authorised activities. In-scope activities include but are not limited to:
- Issuing qualifying Stablecoins in the UK
- Undertaking Custody/Safeguarding of cryptoassets
- Arranging Safeguarding/Custody of cryptoassets and specified investment cryptoassets
- Qualified cryptoasset staking
- Operating a cryptoasset Trading Platform (“CATP”)
- Dealing in cryptoassets (Agent or Principal)
- Arranging Deals in cryptoassets
- Making arrangements with a view to transacting in qualifying cryptoassets.
NOTE: Firms only regulated under the Electronic Money Regulations (“EMRs”) and Payment Services Regulations (“PSRs”) will need to seek full authorisation from the FCA under the new regime if conducting qualifying activities.
Timelines
The FCA requires all firms undertaking these activities to obtain full FSMA authorisation by 25 October 2027. The application window will run from 30 September 2026 – 28 February 2027, with no automatic conversion for firms currently registered under Money Laundering Regulations (“MLRs”) or authorised for other activities. Therefore, it is imperative to prepare sooner rather than later.
There are several notable elements of existing FCA regulation that other already authorised firms experience that will become applicable to cryptoasset firms for the first time (either applied ‘as is’ or modified to fit). These may require careful focus and planning in the early stages of preparing to apply in order to accommodate. The following are five key elements of regulation that all firms will be subject that may require further interrogation as to the practical impact on your cryptoasset business:
Core Regulatory Expectations and Requirements
If coming into the regulation for the first time, applicants should not underestimate that there may be significant consequences for their UK operations depending on the current set up. Notable requirements that will become applicable (and therefore need to be shown as being met through the application) include the following:
- UK Substance & Governance Requirements: The FCA have made it clear that regulated firms are expected to operate a UK incorporated legal entity with some exceptions made in limited circumstances allowing Branches in rare cases (on the basis that home state regulators have acceptable regulations and protections). Furthermore, it is likely that FCA will expect firms to have formally localised governance and oversight arrangements not unlike those already applicable to the majority of firms authorised under FSMA. This would include but not be limited to:
- A fully constituted UK Board with a documented terms of reference and ability to determine its own affairs (even if part of overseas headquartered group)
- Limits to roles that can be ‘double hatted’ i.e. will not be generally acceptable to have a compliance/risk role holder also conducting a customer facing function
- Formal arms-length agreements for intra-group service provision and appropriate reporting/oversight arrangements
- Risk management and compliance arrangements which allow for the UK Board to have ‘line of sight’ regardless of whether sharing resources with other group companies
- Senior Managers & Certification Regime (“SM&CR”): Regulated cryptoasset firm staff will be fully subject to the Senior Managers & Certification Regime (“SM&CR) which is the FCA’s accountability regime for senior individuals as well as other important persons in the business. It is already well embedded by firms regulated under FSMA and the FCA’s expectations are well documented. The regime asks for:
- Clearly defined senior management responsibilities
- Fit and proper assessments for key personnel
- Certification of staff performing certain other critical functions.
The majority of firms are expected to fall into a ‘Core’ tier which mandates six designated functions be allocated and a limited set of mandated prescribed responsibilities (“PRs”). Certain firms (in particular stablecoin issuers and custodians) with significant backing/custody assets may be subject to an Enhanced tier which defines more designated senior management roles that must be approved by the FCA, more granular PRs and enhanced documentation requirements. It should be noted that current payment/e-money firms will be brought into SM&CR for the first time if also carrying out regulated cryptoasset activity.
- Safeguarding & Custody Requirements: A significant change for some firms may be the introduction of safeguarding frameworks to enable segregation of client cryptoassets and related client money. These will also introduce the requirement for controls and regulatory reporting. Notable requirements to be demonstrated at the point of applying and on an ongoing basis will be:
- Trust Requirement: Client cryptoassets must be held on trust to ensure they are legally segregated from the firm’s own assets in the event of insolvency
- Third-Party Oversight: Use of third-party custodians must be in the client's best interest and approved by the firm's governing body
- Disclosure: Firms must provide plain-language disclosures explaining how they secure access to assets and whether they rely on exceptions to trust requirements
- Senior Manager Accountability: Firms must appoint a Senior Manager specifically responsible for the management of client assets, with personal accountability under the SM&CR.
- Regulatory Prudential Requirements: Firms subject to the regime will also be introduced to regulatory prudential requirements, with the governing rules modelled broadly on those applicable to investment firms already regulated by the FCA. Specific requirements to be able to demonstrate compliance with will be:
- Permanent Minimum Requirements (“PMRs”) Regulated Cryptoasset firms will be required to establish baseline financial resilience thresholds calibrated to the firm’s business model and risk profile. Lower PMRs apply to lower risk activities such as arranging or advisory services, while higher PMRs will apply to higher risk activities including principal dealing, operating trading platforms, or undertaking activities with significant market, counterparty, or operational exposure
- Own Funds Requirement (“OFR”) Introduces minimum capital requirements comparable to those applied to traditional investment firms, requiring Cryptoasset firms to calculate and maintain a minimum capital requirement using formulaic methods. These capital requirements must be met using eligible capital instruments such as share capital
- K-Factor Requirements: Will introduce a scaled/variable element driven capital requirements to trading intensity and client exposures
- Wind Down Planning Requirements: Firms will be to demonstrate they can wind down in an orderly manner. This requires firms to hold sufficient capital and liquid assets to effect such an orderly wind-down. This is in addition to maintaining a detailed wind-down plan that includes sufficient detail on the triggers, actions and resources that would be needed to implement the plan.
- Consumer Duty Requirements: The Consumer Duty will apply across most Cryptoasset activities. This will require firms to demonstrate that their products deliver Fair value, they can produce Clear and comprehensible disclosures at the point of sale, can offer Strong consumer support (particularly during operational disruptions such as wallet freezes or staking incidents) and promoting effective consumer understanding measures for products/services sold.
The Pre-Application Process
To help firms prepare for the authorisations gateway, the FCA will from July 2026 offer its Pre-Application Support Service (“PASS”) to potential cryptoasset authorisation applications. This process is designed to improve application quality and clarify expectations ahead of submission. Firms can request free preapplication meetings, where an FCA case officer outlines regulatory requirements, answers questions, and signposts relevant guidance.
We strongly recommend all who are intending to make the application to take advantage of this offer. This would typically entail the preparation of a short presentation deck introducing the firm, founders, its current operations and, at a high level, its proposals to enable it to engage early with the regulatory, make a favourable impression and get feedback in order to make appropriate changes and preparations as required in plenty of time.
How can BDO Support?
BDO has been helping clients become authorised successfully by the FCA for over a decade. As part of this, our dedicated authorisations team, both at BDO and across their wider careers, has supported many licence applications ranging from FinTech start-ups, to stand alone niche investment firms, through payment and e-money firms and many more. Furthermore, BDO’s wider regulatory advisory division houses specialists in all of the areas called out above, including Governance, Risk Management, SM&CR, Safeguarding and prudential regulation.
Reflecting the early engagement process with the FCA, BDO will structure its initial support around helping prospective applicants make the best possible impression by ensuring that these are appropriately prepared for its PASS meeting and can, if required, seamlessly roll into our established modular but flexible approach to supporting authorisation applications. Our typical approach would look as follows:
Our FCA Application Support Structure
Read More
Our guide to getting authorised as a cryptoasset firm is available below:
Get in touch
BDO's regulatory application support is led by Kevin Harabasz, a Director in our regulatory advisory practice who has over 13 years of experience directly supporting a variety of authorisation and regulatory application projects. To discuss how we can support your application, get in touch with Kevin today.