If you're running a crypto business and want to reach UK customers, you can't just set up a website and start trading. Since September 1, 2023, the Financial Conduct Authority (FCA) has required all Virtual Asset Service Providers (VASPs) operating in or targeting the UK to register. This isn't a suggestion. It's the law. Skip it, and you risk being blocked, fined, or shut down - even if your office is overseas.
Who Needs to Register?
The FCA doesn't care where your company is legally based. What matters is whether you're doing business with people in the UK. If your crypto platform, exchange, wallet service, or ATM is marketed to UK users, you need to register. That includes:- Running ads targeting UK consumers
- Accepting GBP deposits or withdrawals
- Having a UK-based customer support team
- Operating crypto ATMs on UK soil
- Using UK domain names or English-language interfaces without clear disclaimers
Even if your headquarters is in Singapore or Dubai, if you're actively promoting your service to UK residents - through social media, Google Ads, or influencer partnerships - you're in scope. The FCA makes it clear: marketing to UK customers triggers registration. No exceptions.
What the FCA Actually Checks
Registration isn't just filling out a form. The FCA runs a full background check and demands proof you can operate safely. Here’s what they look for:- Anti-Money Laundering (AML) and KYC Systems - You must verify every customer's identity, track their transaction history, and flag suspicious behavior. Automated tools aren't enough - you need trained staff reviewing alerts.
- Financial Strength - You must show you have enough capital to cover losses. The FCA doesn't specify a fixed amount, but startups with under £500,000 in liquid assets rarely pass.
- Cybersecurity - Your systems must be hardened against hacks. This means multi-factor authentication, encrypted data storage, penetration testing, and incident response plans. A single breach can kill your application.
- Organizational Structure - You need clear roles: a compliance officer, a risk manager, and a senior executive accountable for AML. No more "CEO does everything" setups.
- Client Asset Protection - Customer funds must be kept separate from company money. Mixing them is a red flag.
The FCA also requires you to prove you’ve trained your team. If your compliance officer has never worked in regulated finance before, expect tough questions during interviews.
The Travel Rule - It’s Already Live
Since September 2023, every crypto transfer over £1,000 between VASPs must include originator and beneficiary details. That means:- Name, address, account number of the sender
- Name, address, account number of the receiver
This applies even if one party uses an unhosted wallet - you still have to collect and store that info. Most small exchanges don’t have the tech to do this. They either build a custom solution or partner with a compliance provider like Chainalysis or Elliptic. Skipping this rule means automatic rejection.
How to Apply - Step by Step
The FCA uses an online portal called Connect. Here’s what the process looks like in 2026:- Prepare documents - Corporate registration papers, audited financials, AML policy manual, cybersecurity audit report, org chart, and CVs of key personnel.
- Submit application - All documents must be uploaded in PDF format. No Word files. No links to Google Drive.
- Wait for assignment - Your application gets assigned to a case officer. This can take 2-6 weeks.
- Respond to requests - The FCA will ask for clarifications. Delays happen if you don’t reply within 10 days.
- Interview - Senior staff (CEO, CCO) are interviewed by phone or video. Expect scenario-based questions: "What would you do if a customer tried to launder £500,000?"
- Decision - Approval takes 3-12 months. Most applications are rejected on the first try.
There’s no public timeline. The FCA says processing depends on "application complexity." In practice, that means startups with no track record get scrutinized harder. Companies with existing licenses in the EU or Switzerland have a slight edge - the FCA checks for consistency in compliance standards.
Why So Many Get Rejected
Over 60% of applications are rejected in the first round. The top reasons:- Weak KYC systems - Using basic ID verification without facial recognition or document authenticity checks.
- No audit trail - Failing to log who approved each customer onboarding.
- Unqualified compliance officers - Hiring someone who’s never handled AML before.
- Banking access issues - If you can’t open a business bank account, the FCA assumes you’re not serious.
- Missing Travel Rule tech - Claiming you’ll "implement it later" is not acceptable.
One UK-based crypto firm spent $120,000 on consultants, got rejected twice, and finally passed on the third try - only after hiring a former FCA compliance officer as their head of risk.
The Banking Problem
Even if you get registered, you still need a bank. Most UK high-street banks still refuse to work with crypto firms. Revolut and Starling Bank are exceptions - but they’re selective. They want:- FCA registration number
- Proof of ongoing compliance audits
- Clear transaction patterns (no high-risk jurisdictions)
Many businesses solve this by using licensed payment service providers like Wirecard or Stripe (via their regulated crypto partners). But these come with high fees and strict limits.
What Happens If You Don’t Register?
The FCA doesn’t wait. They monitor online activity. If they spot your site targeting UK users without registration:- Your domain gets flagged in their public register of unregistered entities
- Google and Apple may remove your app from stores
- Payment processors like Stripe or PayPal will cut off your account
- You could be sued for operating without authorization
In 2024, the FCA shut down five offshore exchanges that ignored registration. One had 200,000 UK users. They were fined £2.3 million.
What’s Next? The Road Ahead
The FCA plans more information sessions in autumn 2025 - including one in Edinburgh. They’re also working with other regulators to align standards with the EU and US. Expect:- Stricter capital requirements by 2027
- Real-time transaction monitoring mandates
- Public disclosure of registered VASPs (like a UK "crypto license list")
There’s no shortcut. You can’t outsource compliance. You can’t pay a consultant to "get you approved." The FCA wants proof you’ve built a solid, ethical business - not just a tech platform.
Bottom Line
VASP registration in the UK isn’t optional if you want to serve customers here. It’s expensive, slow, and demanding. But it’s the only way to operate legally. Companies that got it right - like Coinfloor and Crypto.com UK - now have access to British banking, customer trust, and long-term growth. Those who waited? They’re gone.Do I need to register if my crypto business is based outside the UK?
Yes, if you market to UK customers or accept UK-based transactions. Location doesn’t matter - behavior does. The FCA looks at where your customers are, not where your office is.
How long does VASP registration take?
Typically 6 to 12 months. Simple applications with strong documentation can be approved in 3 months. Complex ones - especially those with missing compliance systems - can take over a year. There’s no fast-track option.
Can I operate while my application is being reviewed?
No. You cannot offer any crypto services to UK customers until you receive formal approval. Operating before registration is illegal and can lead to fines or criminal charges.
What happens if my application is rejected?
You can reapply after fixing the issues. The FCA will tell you why you were rejected. Common fixes include improving your AML system, hiring qualified compliance staff, or upgrading cybersecurity. Most successful applicants reapply after 6-9 months of improvements.
Do I need a UK bank account to register?
Not technically, but practically, yes. The FCA expects you to demonstrate financial stability, which includes having a business bank account. Without one, your application will likely be flagged as high-risk. Many firms use licensed payment providers as a bridge until they secure banking.
Is there a fee for VASP registration?
Yes. The FCA charges £5,000 just to submit your application. If you’re approved, you’ll pay an annual fee based on your revenue - starting at £10,000 and scaling up to over £100,000 for large operators.
Can I use a third-party compliance provider?
Yes - but only as a tool, not as a replacement. The FCA requires your company to own its compliance program. You can outsource KYC checks or transaction monitoring, but you must still have internal staff managing oversight and accountability.
What’s the difference between registration and licensing?
In the UK, it’s called registration - but it’s functionally the same as licensing. You’re not just signing up; you’re being authorized to operate under strict rules. The FCA has the power to revoke your status anytime if you break the rules.
Do I need to report transactions to the FCA?
Yes. You must report suspicious transactions to the National Crime Agency (NCA) through the UK’s Suspicious Activity Reports (SAR) system. You also need to submit annual financial and compliance reports to the FCA. Failure to report is a criminal offense.
Are NFT platforms required to register?
Only if they function as exchanges or marketplaces for crypto assets. If your NFT platform lets users trade tokens that represent financial instruments (like shares or revenue rights), then yes. If it’s purely for digital art with no resale value tied to crypto, then no.