Are you interested in getting the FCA crypto registration (a.k.a., FCA crypto license UK or crypto exchange license)? Do you need explanations of rules and requirements applicable to crypto businesses in the UK? If your answer to these questions was yes, then you have come to the right place. In this page, you will find everything you will need to know about the UK cryptocurrency license. Do you also need help with applying? At the end of the page, we will also explain our services if you want to submit the best application possible.
Let’s start with the basics, but if you need something specific, there is a table of contents below.
FCA crypto license UK is merely a registration with the FCA under the AML/CTF regime. Registration is usually not called a license on its own. However, it can be regarded similar to a license as, without that registration, it is prohibited to provide certain crypto services from within the United Kingdom.
Some business activities require registration under the Money Laundering Regulations 2017 (MLRs 2017). Most of these activities require registration with HMRC instead of the FCA. For example, a real estate agency or a company incorporator must register with HMRC. However, the provision of certain crypto activities requires registration with the FCA, and the process of registration is quite different from the one a real estate agency must go through.
What is the Cryptoassets AML/CTF regime?
The United Kingdom has one of the strictest and most highly developed legislative frameworks to prevent, identify and eliminate money laundering, terrorism financing and financial fraud. To combat ML and TF, various services providers, so-called relevant persons or obliged entities as they are called under the EU law, must help the government enforcement agencies. In essence, they must have robust systems for monitoring suspicious activities and reporting them to the NCA and HMRC. Such relevant persons do not have much choice, if they refuse or fail to assist the government, they will be penalised. If they provide services without notifying a relevant regulator, they will still be punished.
From 10th of January 2020, certain crypto businesses became relevant persons in the United Kingdom. Bye-bye Crypto Wild West, hello AML/CTF supervision by the FCA! So, rest assured, anonymous crypto exchanges like in 2017 will never operate from the UK. The reason is that, apparently, pseudonymous/anonymous peer-to-peer versions of electronic cash are handy tools for criminals and terrorists.
The piece of legislation that made many crypto exchange businesses in the EU days to spend money on compliance is called the 5MLD or the Fifth Anti-Money Laundering Directive (Directive (EU) 2018/843). The Directive is the first piece of pan-EU legislation regulating crypto which obliges the EU Member States to enforce fiat-to-crypto exchanges and custodian wallet providers to have appropriate procedures and policies preventing money-laundering and terrorist financing. While owners of the crypto businesses were enjoying famous crypto cruises, in December 2019, the UK mercilessly enacted The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 which amended The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
According to the UK government, its ambition was not only to implement 5MLD and follow the most recent international guidelines but also to have one of the most comprehensive responses globally to the use of cryptoassets for illicit activity. And the response is, indeed, comprehensive. As the 5MLD is a minimum harmonisation piece of the EU legislation, the UK was able to follow some, but not all, Financial Action Task Force (FATF) best practises and go beyond the scope of the Directive. To cut a long story short, the UK decided to bring more crypto businesses under the scope of the AML/CTF regime and require them to obtain the FCA crypto registration.
The UK crypto AML/CTF regime has the following differences from the 5MLD:
- more crypto businesses are covered (e.g., crypto-to-crypto exchanges, issuance of crypto assets, crypto ATMs);
- the definition of virtual currency is broader (in the UK the definition is “cryptoasset” instead of “virtual currency”) and is that provided by the Cryptoasset Taskforce;
- the definition of a custodian wallet is different.
Do I need FCA crypto registration if I am not based in the UK?
The FCA crypto license UK is obligatory if you are carrying out your crypto business from within the UK. Let us explain what it means.
Firstly, you are a relevant person and have to register with the FCA if your registered office or head office is in the UK and the day-to-day management of the carrying on your cryptoasset business is the responsibility of that office or another UK establishment. Alternatively, it applies if you have a crypto ATM in the UK. Even if you or your company is from Delaware one tiny crypto ATM somewhere in London will be sufficient to make you a relevant person under the UK AML/CTF regime that requires the FCA crypto registration to operate the ATM in the UK.
My company has a cryptocurrency license from another EU Member State. Does it need to register in the UK?
You may have this question if you own one of the thousands of companies with Estonian crypto license. If that is the case, you should understand that registration is not an authorisation to provide financial services and currently, there is no such thing as EU Passport for crypto activities. However, it does not mean that you have to register in the UK unless your company is based in the UK and provides crypto services by way of business.
Yes, you still need it. Even if your firm is regulated by the FCA and/or PRA, the crypto provisions of the MLRs 2017 require you to obtain crypto assets authorisation from the FCA in addition to the existing regulatory authorisations. Thus, a company should apply for a crypto license in the UK even if it is a bank, investment firm, or a company with an e-money license UK or PI license UK.
Currently, only so-called cryptoasset exchange providers and custodian wallet providers require FCA crypto registration. If you are providing both services, you will have to indicate this in your application to the FCA. In any case, there is one license for both types of crypto activities.
Before we explain you two categories of crypto activities subject to registration, we want to make sure that you understand which cryptoassets are regulated under the FCA crypto AML/CTF regime.
Which cryptoassets are regulated under the FCA crypto asset AML regime?
The definition of a cryptoasset in the MLRs is quite broad. It is a crypto-secured digitalised representation of value or contractual rights running on a form of DLT, including blockchain, that is capable of being transferred, stored or traded by electronic means.
As JMLSG notes, the definition of cryptoassets is broad enough to include even in-game currencies. If you represent a company issuing an in-game cryptocurrency, you must consider whether it can be used only within a specific game or whether it is possible to exchange the in-game cryptocurrency for a value that is accepted beyond the game environment. The same consideration applies to utility tokens that are closed-loop tokens, such as loyalty or reward tokens.
What is a cryptoasset exchange provider?
A crypto exchange license in the UK is required for individuals and corporate entities who professionally:
- exchange or arrange or make arrangements with the intention of crypto-to-fiat and fiat-to-crypto exchange;
- exchange or arrange or make arrangements with the intention of crypto-to-crypto exchange;
- operate an automated machine that allows making crypto-to-fiat, and fiat-to-crypto exchange (crypto ATM).
The above categories are also quite broad. For example, during an ICO, an issuer exchanges its tokens for other crypto currency or fiat currency. To ensure that you understand whether a specific business model falls within the registration below, read our analysis below.
What about crypto-derivatives exchanges? Do they need to have FCA crypto registration?
Exchanges, where a user does not own a cryptoasset, but rather has a right to, or interest in it, are also covered under the FCA crypto license in the UK. In any case, if you want to set up a crypto derivative exchange in the UK, there are some bad news for you, unless you target institutional investors as the FCA banned the sale of crypto-derivatives to retail clients.
Does it matter whether an entity is an issuer or non-issuer of a cryptoasset it exchanges?
Additionally, you should be aware that FCA crypto registration is required regardless of whether a business is an issuer of such cryptocurrency or not. It means that if you sell your own tokens, you still have to register unless your tokens do not fall within the definition of cryptoassets.
What about airdrops and acceptance of crypto as a payment method? Are these activities covered by crypto license in the UK?
As we explained, the issuance of cryptoassets in exchange for other cryptoassets or fiat is covered under the FCA cryptoassets regulatory regime. At the same time, JMLSG explains that the issuance of cryptocurrency in exchange for services, goods, actions (e.g., e-mail subscription) and rights will not likely require crypto exchange license in the UK. Hence, airdroppers, merchants and various professions accepting crypto can relax, at least for now.
Do decentralised exchanges (DEXes) and P2P platforms fall within the scope of the AML crypto regime?
Some centralised exchanges (CEXes) and DEXes can be called peer-to-peer platforms or peer-to-peer exchange service providers. However, the difference between them is the following:
- All DEXes are non-custodial platforms, while P2P CEXes are usually custodial.
- DEXes use the power of smart contract technology to exclude a middleman from the exchange process.
It is an interesting question of whether firms behind DEXes and P2P are arranging or making arrangements with a view to the exchange of crypto assets. As it is often with legal questions, the answer is: “It depends.”
According to JMLSG, an exchange that only provides a forum where buyers and sellers can post their bids and usually offers, should not generally fall under the AML/CTF regime (such companies should be analysed on a case-by-case basis). JMLSG provided an example of a bulletin board where the availability of the assets is made known, and buyers and sellers trade at an outside venue either through individual wallets or other wallets not hosted by the forum or a connected firm. JMLSG explains further during an analysis of a business model that developers of crypto-software and other providers connected to an exchange have high chances to be excluded from the scope of the AML/CTF regime, especially if they derive no income or benefit from consequent transactions.
At the same time, HM Treasury underlined that the government agreed that when a peer-to-peer exchange is operated by a centralised entity that is completing, matching or authorising a transaction between two people, such entities could be brought into the scope of the MLRs.
Hence, centralised peer-to-peer platforms or peer-to-peer exchange service providers must be registered with the FCA to provide their services, while with DEXes, the situation is not that straightforward. Some developers behind DEXes do not get any commission or fees from transactions via DEXes, and they most likely will not need FCA crypto exchange license in the UK. Nevertheless, it is still advisable for them to get a comprehensive legal opinion on this matter.
Business models that may be covered by the FCA crypto registration
After considering the above, the following business models and activities are covered under the framework:
- fiat-to-crypto, crypto-to-fiat, crypto-to-crypto exchanges and trading platforms;
- Initial Coin Offerings (ICOs), Initial Exchange Offerings (IEOs). Also, any other offerings when there is an exchange of a cryptoassets, right to or interest in cryptoassets for other cryptoassets or fiat. You should also note that when a cryptoasset is a regulated financial instrument, there may be other applicable regimes.
- Crypto ATMs, terminals and other machines that are programmed to exchange cryptoassets.
Moreover, in the National risk assessment of money laundering and terrorist financing 2020 it is provided that cryptoasset payment cards are also covered under the MRLs and the FCA cryptoasset registration regime.
What is a custodian wallet provider?
A custodian wallet provider is an individual or a corporate entity that professionally safeguards and/or administers the cryptoassets of its clients, private keys on behalf of its client allowing them to hold, store and make transfers of cryptoassets. By “custodian” it is understood that a business has direct control over the client’s cryptoassets. Thus, publishers of open-source wallet software and, by extension, non-custodian wallet providers do not fall within the scope of the AML regime and do need to make the FCA crypto application.
You should note that when we speak about custodian wallet provider license, the notion of a cryptoasset does not include a right to, or interest in, the cryptoasset. Hence, all custodial business models require registration unless there is custody only over a right to, or interest in a cryptoasset.
Exclusions to the FCA AML/CTF regime for crypto activities
As well as other businesses explained above, developers of crypto-software who just sell software (e.g., exchange software) and providers of ancillary products or services to cryptoasset networks are not required to apply for the FCA crypto license in the UK, as long as they do not provide the crypto activities explained above.
Moreover, only crypto services provided by way of business require registration. As usual, whether you are involved in a crypto ‘by way of business’ is determined on a case-by-case basis. To determine whether an activity is provided by way of business the following factors should be taken into consideration:
- the frequency of the activity;
- the significance of the activity in relation to other activities,
- direct or indirect benefit from the activity,
- whether a person’s acts or advertisements suggest that the person is providing cryptoasset services by way of business.
Additionally, there is no need to have a license if you perform a crypto activity on an occasional basis or very limited basis. You should check MRLs 2017 reg. 15(3) for a more detailed explanation of instances when an activity is provided on an occasional basis or very limited basis.
Thus, if you occasionally help your friends to enter the crypto world by selling them your BTC for cash, you do not need a license. However, if you start doing it too often, and it becomes your business, you will have to make an application to the FCA.
Are there differences between regimes applicable to Electronic Money and Payment Institutions and crypto businesses?
This question is very frequently raised by the EMIs and PIs willing to add crypto activities to their authorised services list. Some of them hoped that the regime for crypto would be less strict and that there would be fewer compliance costs.
Our answer is “Yes, there are differences between these regimes.” Nevertheless, it does not mean that crypto activities are regulated to a lesser extent, even if according to the law, there are fewer requirements for crypto businesses. To exemplify, firms with a UK e-money license have certain obligations under MLRs Reg 21(7) which crypto businesses do not have. However, it does not mean that cryptoasset businesses shouldn’t follow such obligations.
Why? Because the main idea of crypto licensing regime in the UK is to make sure that crypto businesses are capable of fighting against money laundering and terrorist financing. While certain obligations do not apply directly to crypto firms, they should be able to demonstrate to the FCA they do not pose increased risks of being a vehicle for money launderers and terrorists.
There are also some requirements enshrined in the MLRs that are specific to the FCA crypto license UK. Whether or not a company has authorisation under the Financial Services Market Act 2000 (FSMA), it should indicate that its cryptoassets activity is not subject to the protection of the Financial Ombudsman Service and/or the Financial Services Compensation Scheme. According to the Explanatory Memorandum, the obligation applies to avoid possible consumer misunderstanding over the protection they have when using a cryptoasset service. In any case, all EMIs and PIs also have to make such disclosure if they are providing cryptoasset related services.
Moreover, there is a specific reporting and enforcement regime for the cryptoasset sector. The FCA has the power to request information, request an appointment of a skilled person who will be reporting to the FCA, and impose various directions on a firm with the FCA cryptocurrency license. Before the new rules, even regulated firms (e.g., companies with Payment Institutions License in the UK) did not have to make reports to the FCA about their crypto business. Under the new regime, they will have to do it, and they can be even ordered to shut down their crypto operations if they fail to prove that they adequately combat money laundering and terrorist financing.
Finally, luckily for crypto-asset businesses, most crypto asset activities are not considered as payment services (e.g., if they do not involve a stablecoin that is e-money) and regulations applicable to transfer of funds to do not apply.
However, you should be cautious. For example, while the Wire Transfer Regulation does not apply to transfers in cryptoassets, you should take into consideration relevant FATF guidelines and regulatory developments to ensure that you are compliant. HM treasury underlines that the government is committed to implementing the FATF standards on VASPs. Nevertheless, not all standards have been implemented in the UK yet. For instance, the so-called “Travel Rule for VASPs” which mimics requirements of Wire Transfer Regulation in crypto sector recommended by FATF is not implemented in the UK, but the government plans to include this requirement and other non-implemented FATF recommendations as soon as it is clear there are globally recognised ways to comply.
Are MLRs requirements the same for all types of crypto businesses?
In general, the measures that a company should take in order for it to comply with its AML/CTF obligations depend on the complexity of its business. While for most crypto asset activities, the minimum threshold is the same, it does not mean that only minimum compliance is required. Also, in certain cases, higher standards for some crypto activities are enshrined in the MRLs. For example, apart from other situations explained in the MLRs, crypto businesses must apply CDD measures for occasional transactions of 15,000 EUR or more. However, crypto ATM providers must apply CDD for all transactions according to the MLRs Reg. 27(7D).
To become registered, you will need to submit an application via Connect. You will be asked to provide up-to-date information about your business, managers and shareholders and pay the FCA a registration fee.
When you apply, you will have to indicate which crypto activities requiring registration under the AML/CTF regime you carry out or plan to carry out. You will be able to choose one or more of the following activities:
- fiat-to-crypto exchange;
- crypto-to-fiat exchange;
- crypto-to-crypto exchange;
- operation of a crypto ATM;
- provision of custodian wallet service;
- facilitation of peer-to-peer exchange of crypto;
- participation in Initial Coin Offerings (ICO).
What documents and information an applicant must provide? PSP Lab TIPS on how to get crypto license UK!
If you have never made an application to be registered or authorised by the FCA, you may think that the FCA explanations of the application process are straightforward and you understand them. Most likely, you don’t. To complete an application is like rafting down a river which is full of underwater rocks. Unless you’ve done it before or an experienced person guides you, there is a high chance that your application will sink. Although you haven’t hired PSP Lab yet as your navigator, we still want to provide you with some tips. Below you will find a list of documents and our adjacent commentaries that may help you to conquer the raging river called “FCA Crypto Registration.”
Just like the most modern and fastest boat, lacking an experienced crew has high chances to be dashed against the rocks, so is a crypto business without management that has appropriate knowledge and experience to run a crypto company and a shareholder who can inject money when needed. The FCA carefully assesses every person connected to the firm and each officer who is responsible for management and compliance. Bear in mind; the FCA does not register companies if there is a reasonable belief that such companies are likely to fail and harm their customers as a result.
Our experience shows that the demonstration of honesty, integrity and reputation of directors and owners, the experience of management and their track record, as well as financial soundness of the shareholders should be the core of your application. You will have to provide detailed information about managers and individuals (e.g., address, identification), and/or corporate shareholders (e.g., corporate structure). Additionally, management and shareholders must pass a Fit and Proper test consisting of a hundred questions and checks via government agency databases.
You will also have to provide CVs and information on the suitability assessment. Please make sure that CVs are very detailed and presented professionally enough to persuade the FCA that your crypto business deserves the registration. You must make sure that the size of your team reflects the complexity of your business, and that the FCA will be satisfied with each individual you presented. Do you want a crypto license UK? Then spend money on hiring the best professionals you can find and afford.
The application requires the submission of a business plan to ensure that the applicants know what they are doing and will not fail their customers, to double-check whether activities are requiring a separate authorisation (e.g., under the securities law regime), and to see that the financial model is viable and what kind of budget is dedicated to the compliance department. The plan must incorporate all activities covered by the MLRs regime and include detailed budget forecast, marketing plan and explanation of management and ownership structure. Finally, the information in the document submitted to the FCA must include a list of public keys/wallets, including cold and hot wallets.
The business plan for the FCA crypto application is different from business plans you have probably presented to Venture Capital firms. The FCA doesn’t care about a successful exit, NPV of investment of a company or future valuation. It cares about protecting consumers and preventing money-laundering and terrorist financing. Have this in mind when you are drafting your business plan. Moreover, you must be accurate in predicting your income from cryptoasset activities, as periodic fees paid to the FCA are based on it.
Risk Management Policies
When submitting your cryptoassets application via FCA Connect, you will be asked to complete the risk table and explain your mitigation measures. Unfortunately, the size of the table only allows you to provide a few paragraphs explanation. You should submit copies of your risk management policies and procedures as separate documents, accompanying the regulatory business plan.
When we speak about the risks of crypto businesses, they are the same or very similar to the regulated payments or e-money institution. You should start with a risk matrix to identify risk and then draft a policy and procedure that will help you to mitigate those risks. You can begin with IT Risk, Liquidity, Crypto-asset and Currency Fluctuation Risk, Financial Crime Risk and Market Risk Policies and Procedures. Additionally, you should have a couple of policies dedicated to regulatory compliance risk. By that, we mean Data Protection Policy and Listing Policy (to ensure that you cryptoassets are not securities if you are not licensed to provide services related to financial instruments). Finally, you should have a Disaster Recovery and Business Continuity Plan that will explain how you are going to manage such issues as a loss of critical partners or personnel, or what you will do in case of a new global pandemic.
We also encourage you to put extra effort in drafting IT risk management policy, which should address risk related explicitly to DLT solutions. You should explain how you plan not to become a new Quadriga CX or KuCoin. Remember, more cryptoassets your platform lists, more comprehensive your policy should be. For example, if a crypto business lists BTC, EOS and ETH, it accepts deposits from 3 different blockchains. Hence, the policy must include an explanation of how the firm plans to ensure the safety of customer funds in relation to 3 blockchains (e.g., explanation of cold, hot wallets and whether there is a multi-signature solution and who has access to cold and hot wallets). You should also provide descriptions of each core software you use for your business and how it is protected from IT attacks.
Do you think there are too many policies and procedures you need to draft and implement? Nope, this a shortlist of mandatory documents that you will need to demonstrate to the FCA and implement in your actual business to protect yourselves from financial losses, regulatory fines, reputational damage, lawsuits and even the risk of losing your authorisation.
The AML Policy is essential not only for the application purposes but also for opening a bank account and finding partners. It must be up-to-date, reflect the newest JMLSG and FATF guidelines (e.g., on red flag for crypto assets) and FCA guidelines such as Financial Crime Guide (FCG), guidance on PEPs (FG17/6) and best practices. You should describe all software you use, including on-chain transaction monitoring software, cryptoasset monitoring software, onboarding software (e.g., biometric authentication and sanctions screening). The policy should be tailored to your business. We’ve seen so many abstract AML policies, so we want to underline it one more time.
Why may the FCA refuse to give a cryptocurrency license?
To cut a long story short, you will not get the FCA crypto registration if:
- you have a weak team (especially MLRO) that is not skilled enough and/or not fit and proper;
- your business is not financially viable;
- you did not provide the FCA with the information they want and/or your documents are not informative (not up to the FCA standards);
- your risk management framework and policies inadequate to the size and complexity of the business;
- the FCA believes that your company will not be able to comply with MLRs obligations and/or your company is a threat to consumers.
According to the Director of Retail and Regulatory Investigations, you must demonstrate to its authorisations team that your company has robust systems and controls for compliance and risk management and that you take your responsibilities under the MLRs seriously.
When do I get a decision?
If the FCA does not have any questions (meaning that your application is 100% complete), it should take 3 months to get a decision about your application. However, we would not advise you to expect the decision in 3 months, as, usually, the FCA requests additional information and explanations. In any case, you should be prepared to answer all FCA questions and provide the required information.
I did not get a license. Can I appeal?
Yes, you can. It’s possible to appeal against FCA’s decision to the Upper Tribunal, a body created by the Tribunals, Courts and Enforcement Act 2007. Hence, you have a second chance with your applications. Appeal only if there is a valid reason to do so. In any case, we would advise you to consult lawyers first.
How much does FCA crypto registration cost?
According to the latest update of the FCA Handbook in April 2021, for the crypto license UK application, the FCA charges to following fees:
- £2,000 – for businesses with UK cryptoasset income up to £250,000
- £10,000 – for businesses with UK cryptoasset income greater than £250,000
Once you become registered, you will be liable to pay an annual periodic fee based on your income to remain registered.
We can help you with obtaining the FCA crypto license in the UK. As you probably understood, we have all the required expertise, a lot of practice, and some insider knowledge as an APCC member. PSP Lab can help you with all the documents, policies and procedures required to become registered, the entire application process and communications with the regulator. Unlike many other firms, we do everything, including drafting all documents, helping with software, office, legal contracts, and human resources. Your success is our success. Feel free to reach out to us for a consultation.
If you have any questions regarding a crypto registration, you may contact Mykyta Sokolov, our advisor with a broad knowledge of crypto regulation, by writing to the following email – firstname.lastname@example.org