The UK’s cryptoassets regulatory regime is expected to go live on 25 October 2027, with the application window opening on 30 September 2026. Firms intending to undertake regulated cryptoasset activities will be required to submit an application to the Financial Conduct Authority (“FCA”) and obtain authorisation. In this article Rachel Hillier, Ankit Vyas and Bo Kay Fung set out 10 key tips to assist firms in preparing a strong FCA application for their cryptoasset activities.
1. Comprehensive Business Plan
Your business plan, including the projected trajectory of your firm’s growth, will be a key tool for the FCA to determine the level of scrutiny to apply when assessing your risks and control measures. A well‑structured, detailed and realistic business plan is essential to support a strong application.
2. Usable policies and procedures
The FCA expects firms to be ready, willing and organised to comply with both current and future regulatory requirements. A key element is ensuring all relevant policies and procedures are in place, up to date, and genuinely usable in practice. Avoid lengthy or overly complex policies which technically meet FCA requirements but are difficult for staff to understand or follow in day‑to‑day operations. A helpful test is to ask: would a new joiner be able to read, understand and confidently apply this policy? Template procedures are a good start but must be tailored to how your business will implement related policies.
3. Resourcing
Now is a good time to assess your firm’s resourcing needs and identify who will undertake key roles within the organisation. Evaluate whether individuals meet the FCA’s fit and proper requirements for senior managers: assess skills gaps to competence and capability, do background checks to assess integrity.
4. Operational resilience
In its consultation paper CP25/25, the FCA has proposed extending its operational resilience framework to cryptoasset firms, so that SYSC 4 (General Risk Management Requirements), SYSC 7 (Risk Control), SYSC 8 (Outsourcing) and SYSC 15A (Operational Resilience Requirements) would apply. Consider risks such as unauthorised access to private security keys, cyber‑attacks, misconduct or operational failures by validators, hacking of smart‑contract code and wider service disruptions.
5. Monitoring
Implement and evidence by written procedures, monitoring measures that oversee not only your firm’s own processes but also those of any outsourced service providers. The FCA will expect firms to have appropriate oversight and due‑diligence mechanisms. The FCA does recognise that crypto firms will have specific challenges in relation to outsourcing, for example, it has proposed that permissionless distributed ledgers should not be treated as an outsourcing arrangement.
6. Regulatory Capital
Cryptoassets firms will be required to hold regulatory capital. Consider whether your liquidity management is sufficient for your business model. The FCA will be introducing two new prudential sourcebooks: COREPRU and CRYPTOPRU with further information on proposed prudential requirements included in CP25/15 and CP25/42.
7. Insurance
Although the FCA has not proposed to mandate cryptoasset specific insurance, firms should assess their operational and custodial risks and consider appropriate insurance coverage to demonstrate robust consumer protection and operational resilience.
8. Understand when Consumer Duty applies
If your cryptoasset firm provides products or services to retail customers, Consumer Duty will apply. Keep in mind that the FCA recognises important differences between cryptoassets and traditional financial activities, for example, certain cryptoasset manufacturers may fall outside the scope of Consumer Duty where there is no identifiable issuer, such as in the case of Bitcoin.
9. Utilise PASS
Pre-Application Support Service is a new offering from the FCA. Cryptoasset firms can discuss their plans and any questions they may have prior to submitting the full application for authorisation. PASS is open to UK and overseas firms and is available free of charge.
10. Submit a complete application
The FCA places strong emphasis on firms submitting complete and high‑quality applications. Draft or incomplete documents are likely to be rejected, which can delay your authorisation process. This is especially important if you intend to rely on any saving or transitional provisions.
How can we help?
If you would like support with your FCA authorisation application, have questions about providing cryptoasset services in the UK, or want to understand how the FCA’s proposed regulations may affect your business, please contact a member of our Financial Services team.
Rachel Hillier
Partner
Business Crime and Investigations, Consumer Credit, Cryptoassets, Financial Services, Financial Services Regulation
Rachel is a partner and leads our Financial Services team, providing financial services regulatory advice to innovative Fintech clients and traditional financial services firms. She is an experienc... Read More
