FCA Crypto Authorization Requirements for Exchanges in 2025

If you're running or planning to launch a crypto exchange in the UK, the FCA’s rules aren’t just paperwork-they’re the difference between operating legally and being shut down overnight. Since January 2020, any crypto business serving UK customers has had to register with the Financial Conduct Authority under the Money Laundering Regulations. But that’s only the beginning. By late 2025, a new, far stricter system under the Financial Services and Markets Act 2000 (FSMA) will replace the current registration process. If you’re not ready, you won’t be allowed to operate.

What You Must Register For Right Now

Right now, all crypto exchanges and custodian wallet providers must register with the FCA under the Money Laundering Regulations. This isn’t optional. It’s the baseline. If you’re accepting UK customers, processing trades, or holding crypto on their behalf, you need this registration. The FCA doesn’t issue licenses-it issues registrations, and they’re not easy to get.

The application process demands proof you understand anti-money laundering (AML) and counter-terrorist financing (CTF) rules. You can’t just copy a template. The FCA expects you to show you’ve read and applied the Joint Money Laundering Steering Group (JMLSG) Guidance, specifically Chapter 22, which lays out exactly how crypto firms should monitor transactions, verify users, and report suspicious activity. If your KYC process doesn’t match JMLSG standards, your application will be rejected.

You also need to prove your staff are trained, your tech can detect unusual patterns, and your leadership has no history of financial crime. The FCA checks directors’ backgrounds thoroughly. A single past conviction for fraud, even overseas, can disqualify your entire application.

The Big Change: FSMA Authorization Coming in 2025

By the end of 2025, the current registration system will be replaced by full FSMA authorization. This isn’t an upgrade-it’s a complete overhaul. Under FSMA, crypto firms must be authorized for specific activities, not just registered. The FCA has defined five core regulated activities that now require formal permission:

• Operating a qualifying cryptoasset trading platform
• Dealing in qualifying cryptoassets as principal
• Dealing in qualifying cryptoassets as agent
• Arranging deals in qualifying cryptoassets
• Safeguarding qualifying cryptoassets and relevant specified investments

Plus, two new activities are now regulated: qualifying cryptoasset staking and issuing qualifying stablecoins. If your exchange offers staking rewards or supports a stablecoin you issued, you need separate authorization for those too.

This means if you’re a crypto exchange that lets users stake ETH or trade USDC, you now need authorization for three separate activities: trading platform, safeguarding, and stablecoin issuance. No more hiding behind one blanket registration.

Overseas Exchanges: Are You Covered?

Many crypto exchanges are based outside the UK-Singapore, Malta, the Cayman Islands. But if you’re serving UK retail customers, you’re still in scope. The FCA’s territorial rules are broad. If a UK person can sign up, deposit money, and trade on your platform, you need UK authorization.

There’s one big exception: if you only serve UK institutional clients-funds, hedge funds, corporations-you don’t need authorization for trading or dealing activities. The FCA assumes these clients know the risks and don’t need the same protections as everyday investors.

But here’s the catch: if an institutional client is acting as a middleman for retail users-say, a UK-based fund offering crypto access to its investors-you’re still caught by the rules. The FCA is cracking down on this loophole.

The only way overseas firms can avoid direct authorization is by partnering with a UK-authorized intermediary. For example, if a U.S.-based exchange wants to serve UK retail users, it can work through a UK-registered broker who holds the FCA authorization. But that broker takes on all the legal risk-and the fees.

Stablecoins Have Their Own Rules

Stablecoins are treated differently. If you issue a stablecoin like USDC or a new GBP-backed token, you only need FCA authorization if you’re doing it from a physical office in the UK. That’s it. No matter how many UK users hold your stablecoin, if your team is based in Switzerland and your servers are in Germany, you’re not required to register with the FCA.

This is intentional. The FCA doesn’t want to chase every foreign stablecoin issuer. But if you set up a UK office, hire UK staff, or have a UK-based legal entity managing your stablecoin, you’re in. This creates a clear line: physical presence = regulation.

The FCA also requires stablecoin issuers to pass CASS audits-similar to how banks must audit client asset handling. You must prove your reserves are fully backed, segregated, and audited monthly by a qualified third party. No “proof of reserves” blog posts. Real, independent audits.

What Happens to Retail Crypto ETNs?

In October 2025, the FCA reversed its 2021 ban on retail access to crypto exchange-traded notes (cETNs). Now, UK retail investors can buy cETNs that track Bitcoin or Ethereum-but only if they’re listed on a UK-based Recognised Investment Exchange. That means products like the Bitwise Bitcoin ETP or Grayscale Ethereum Trust can now be sold to everyday investors, but only through platforms like the London Stock Exchange, not through Binance or Coinbase.

This is a strategic move. The FCA isn’t endorsing crypto. It’s channeling retail exposure into regulated, transparent markets with strict listing rules, daily pricing, and investor protections. You won’t see a direct crypto purchase on your brokerage app-but you might see a cETN that mirrors it.

Compliance Isn’t Optional-It’s Costly

Getting authorized isn’t just about filling forms. It’s about rebuilding your business. Firms that have gone through the process report spending between £200,000 and £1.2 million just on legal, compliance, and tech upgrades. That doesn’t include ongoing costs: annual fees, audits, staff training, and monitoring systems.

You need a dedicated compliance officer, a robust transaction monitoring tool, real-time AML alerts, and a system that flags high-risk wallets. The FCA doesn’t care if you’re a startup. If you’re serving UK users, you need enterprise-grade controls.

And don’t assume you can delay. The FCA is actively targeting unregistered platforms. In 2024, they blocked over 200 crypto websites from operating in the UK. Many were based overseas but had English-language interfaces and accepted GBP deposits. The FCA doesn’t wait for complaints-they proactively scan for violations.

What You Should Do Now

If you’re planning to serve UK users, here’s your checklist:

1. Apply for FCA registration under MLRs immediately if you haven’t already.
2. Review the JMLSG Chapter 22 guidance and update your AML policies.
3. Map your business model to the five FSMA regulated activities. Are you doing more than trading? What about staking or stablecoins?
4. If you’re overseas, decide: are you targeting retail or institutional clients? If retail, you need authorization or a UK partner.
5. Start budgeting for compliance costs. Don’t wait until the deadline.
6. Attend FCA pre-application meetings. They offer free guidance to help you avoid common mistakes.

The FCA isn’t trying to kill crypto. It’s trying to stop fraud, protect consumers, and bring order to chaos. The firms that survive are the ones that treat compliance as part of their product-not a cost center to minimize.