FCA Crypto Authorization Requirements for Exchanges: 2026 Guide

Running a crypto exchange in the United Kingdom is no longer a gray area. If you are looking to operate here, you need to understand that the Financial Conduct Authority (FCA) is the primary regulator overseeing financial services and crypto asset activities in the UK has tightened its grip significantly. As of 2026, the landscape has shifted from simple anti-money laundering registration to a complex web of full financial authorization under the Financial Services and Markets Act 2000 (FSMA). For exchanges, this means the difference between operating legally and facing immediate shutdown.

The core change? You can no longer just register as a money laundering entity and call it a day. The FCA now demands full authorization for specific high-risk activities. This guide breaks down exactly what those requirements are, who they apply to, and how you should prepare your compliance strategy right now.

From Registration to Full Authorization

To understand where we stand today, you have to look at where we started. Since January 2020, cryptoasset exchange providers and custodian wallet providers had to register with the FCA under the Money Laundering Regulations (MLRs). This was the baseline. It proved you weren’t a criminal enterprise, but it didn’t mean you were fully regulated like a bank.

That era is ending. The new framework brings crypto activities under the FSMA regime. This is a massive shift. Under FSMA, the FCA treats crypto firms much more like traditional financial institutions. You aren’t just checking boxes for anti-money laundering (AML) anymore; you are being judged on your fitness, propriety, and ability to protect consumers.

The transition involves two distinct pathways depending on your business model:

• Current MLR Registration: Still required for basic cryptoasset exchange and custodian wallet services. This is your entry ticket, but it’s not enough for broader operations.
• Future FSMA Authorization: Required for specific regulated activities like operating trading platforms, dealing in cryptoassets, or issuing stablecoins. This is the heavy lifting.

If you are an existing registered firm, you need to prepare for this upgrade. If you are new to the market, you must design your compliance structure around FSMA from day one. Relying solely on MLR registration will leave you exposed when the new rules fully kick in.

Five Core Activities Requiring Authorization

The draft legislation under FSMA identifies five core activities that trigger the need for full FCA authorization. If your exchange performs any of these, you fall into the stricter regulatory bucket. Let’s break them down so you know which one applies to you.

1. Operating a Qualifying Cryptoasset Trading Platform: This covers the actual marketplace where buyers and sellers meet. If you run the order book or facilitate the matching of trades, this is your primary activity.
2. Dealing in Qualifying Cryptoassets as Principal: This happens when your exchange buys or sells crypto for its own account, not on behalf of a client. Proprietary trading desks fall here.
3. Dealing in Qualifying Cryptoassets as Agent: This is when you execute trades on behalf of your customers. Most standard brokerage functions fit this description.
4. Arranging Deals in Qualifying Cryptoassets: This includes introducing clients to other parties or facilitating introductions that lead to transactions. Even if you don’t touch the assets, arranging the deal counts.
5. Safeguarding Qualifying Cryptoassets: If you hold private keys on behalf of clients, you are safeguarding their assets. This triggers strict custody requirements.

Additionally, two separate activities have their own distinct authorization tracks: qualifying cryptoasset staking and issuing qualifying stablecoins. Staking involves locking up assets to secure a network, while stablecoin issuance creates tokens pegged to fiat currencies. Both require specialized approvals due to their unique risks.

Territorial Scope: Do You Need a UK License?

This is where many overseas exchanges get tripped up. The FCA’s jurisdiction extends beyond companies physically located in the UK. The key question is: do you serve UK consumers?

Under the new FSMA rules, overseas cryptoasset firms dealing directly or indirectly with UK consumers must obtain UK authorization for:

• Operating qualifying cryptoasset trading platforms
• Dealing in qualifying cryptoassets as principal or agent
• Arranging deals in qualifying cryptoassets

The definition of "consumer" is critical here. It refers to individuals acting outside their trade, business, or profession. In plain English, retail users count. Institutional clients do not.

Here is the loophole that saves some overseas firms: if you deal with UK consumers through a UK-authorized intermediary who already has the necessary permissions, you might not need separate authorization. The FCA designed this to prevent an "ever-growing chain of firms" from needing licenses. However, this only works if the UK intermediary truly bears the responsibility. You cannot use this as a shield if you are still directly marketing to UK retail users.

For institutional clients, the rules are looser. Overseas firms serving only UK institutional customers are exempt from authorization for trading platform operations and dealing activities, provided those institutions aren’t acting as intermediaries to retail clients. But remember, for safeguarding and staking, overseas firms generally need UK authorization even for institutional clients, unless acting at the direction of an authorized person.

Stablecoins: The Physical Presence Test

If you plan to issue stablecoins, the rules are different. Unlike trading platforms, which focus on who the customer is, stablecoin issuance focuses on where the activity happens.

Firms issuing qualifying stablecoins require UK authorization only when carrying on the activity from an establishment in the United Kingdom. This is a physical presence test. If your company is based in Singapore and issues a stablecoin used by UK residents, you generally don’t need FCA authorization unless you have a UK office or branch conducting the issuance.

This approach prevents extraterritorial overreach. The FCA wants to oversee stablecoins that have a direct nexus to the UK economy without trying to regulate every global token project. However, if you do set up shop in the UK, you face intense scrutiny. Stablecoins are seen as systemically important, meaning failure could ripple through the broader financial system.

Compliance Standards: What the FCA Actually Checks

Getting authorized isn’t just about filling out forms. The FCA applies high-level regulatory standards similar to those for banks and investment firms. You need to demonstrate robust governance, adequate capital, and strong consumer protection measures.

The Principles for Businesses (PRIN) apply to crypto firms, but with some modifications. For example, Principles 1 (Integrity), 2 (Skill, Care and Diligence), 6 (Customers' Interests), and 9 (Customers: Relationships of Trust) are disapplied for transactions entered into on qualifying cryptoasset trading platforms by members. Why? Because the platform operator supervises the trading rules. For professional clients, Principles 6 and 9 are also often disapplied, recognizing their sophistication.

You must also adhere to Threshold Conditions (COND) and General Provisions (GEN). These cover:

• Adequate Resources: Can you sustain operations during market downturns?
• Effective Management: Does your leadership team have the expertise to manage crypto risks?
• Systems and Controls: Are your cybersecurity and operational resilience measures up to par?

The Supervision (SUP) provisions give the FCA broad powers. They can demand information, appoint skilled persons to audit your books, and vary or cancel your permission if you slip up. For stablecoin issuers and custodians, there are specific CASS (Client Assets Sourcebook) audit requirements. These audits ensure you are properly segregating client funds and cryptoassets from your own corporate holdings.

Recent Changes: Retail Access to Crypto ETNs

In October 2025, the FCA made a significant move that affects how exchanges list products. They lifted the ban on retail access to crypto exchange-traded notes (cETNs). Previously, since January 2021, selling derivatives referencing unregulated transferable cryptoassets to retail clients was prohibited.

This change allows retail consumers to buy cETNs, but with strict conditions. These instruments must trade on FCA-approved, UK-based investment exchanges that are Recognised Investment Exchanges. This ensures the market infrastructure meets high investor protection standards. For exchanges, this opens a new product line but requires partnering with recognized venues rather than listing directly on your own platform.

Application Process: What You Need to Submit

Applying for authorization is resource-intensive. The FCA expects comprehensive documentation proving your compliance posture. You cannot wing this application.

Your submission must include evidence of how you have considered official guidance documents. Specifically, you need to show alignment with:

• JMLSG Guidance: Part II, Chapter 22 covers cryptoasset exchange providers and custodian wallet providers.
• FCA Financial Crime Guide: Demonstrates your understanding of fraud and money laundering risks.
• FG17/6 Guidance: Shows how you handle Politically Exposed Persons (PEPs).
• FATF Risk-Based Approach: Proves you are applying global best practices for Virtual Asset Service Providers (VASPs).

Pre-application meetings are available. Use them. The FCA encourages prospective applicants to engage early. This helps you avoid costly mistakes in your initial submission. Many firms fail because they underestimate the depth of detail required for their AML frameworks and technological infrastructure descriptions.

Strategic Next Steps for Exchanges

If you are planning to enter the UK market or expand your current operations, time is critical. The implementation timelines for the full FSMA regime are still being finalized, but the direction is clear. Here is your action plan:

1. Audit Your Current Status: Confirm your MLR registration is active and compliant. Identify which of the five core FSMA activities you perform.
2. Assess Territorial Exposure: Map your user base. How many retail vs. institutional clients are in the UK? Are you marketing directly to UK residents?
3. Prepare Documentation: Start drafting policies aligned with JMLSG and FATF guidance. Don’t wait for the final FSMA rules to begin this work.
4. Engage Legal Counsel: Hire specialists familiar with FCA crypto applications. The nuance between "arranging deals" and "dealing as agent" can make or break your case.
5. Plan for Capital: FSMA authorization likely requires higher capital reserves than MLR registration. Ensure your treasury can support this.

The cost of non-compliance is existential. The FCA has shown it is willing to refuse registrations and shut down unauthorized operations. By proactively aligning with the new framework, you position your exchange as a trusted, long-term player in the UK crypto market.