If you’re running a crypto business and want to serve customers in the UK, you must register with the Financial Conduct Authority (FCA) as a Virtual Asset Service Provider (VASP). There’s no gray area. No exceptions. No loopholes. Since September 1, 2023, it’s been illegal to operate any crypto service-whether it’s exchanges, wallet providers, or crypto ATMs-without FCA authorization if you’re targeting UK customers. This isn’t just paperwork. It’s a full regulatory overhaul designed to stop money laundering, protect consumers, and bring crypto into the same compliance cage as banks.
Who Exactly Needs to Register?
It’s not just about having a UK office. The FCA looks at what you’re doing, not just where you’re based. If you’re marketing your crypto services to people in the UK-through ads, social media, websites in English, or even just having a .co.uk domain-you’re already operating in the UK market. That means you need to register. Even if your servers are in Singapore and your team is in Estonia, if UK customers can sign up and trade, the FCA considers you in scope. The rules are clear: if you’re receiving direct or indirect benefits from crypto activities involving UK customers, or if you’re doing these activities with any kind of regularity, you’re a VASP. That includes:- Running a crypto exchange accessible to UK users
- Operating a crypto ATM located in the UK
- Providing custodial wallet services to UK residents
- Offering crypto-to-fiat trading with GBP
- Marketing your platform using UK-based influencers or Google Ads targeting London, Manchester, or Edinburgh
The Core Requirements: It’s Not Just a Form
Registration isn’t a checkbox. It’s a complete rebuild of how your business operates. The FCA expects you to meet the same standards as a bank. Here’s what you need to have in place before you even hit submit:- AML and KYC systems: You must verify every customer’s identity using government-issued ID, proof of address, and facial recognition tools. You can’t just accept screenshots. You need a live verification process that meets international standards.
- Transaction monitoring: Your system must flag unusual activity-large transfers, rapid deposits and withdrawals, patterns matching known laundering techniques. This isn’t software you buy off the shelf. It needs customization and daily oversight.
- Travel Rule compliance: Starting September 2023, every crypto transfer over £1,000 must carry originator and beneficiary data-name, account number, address. If you’re sending funds to an unhosted wallet (like a personal MetaMask), you must collect and verify the recipient’s identity. Most platforms fail this part. It’s the #1 reason applications get rejected.
- Financial strength: You must prove you have enough capital to cover at least six months of operating costs. This isn’t just your bank balance. The FCA wants audited financial statements, cash flow projections, and evidence you can survive a market crash without collapsing.
- Cybersecurity: Your systems must be penetration-tested annually. You need multi-factor authentication, encrypted data storage, and a documented incident response plan. No excuses. Hackers target crypto firms because they know many still use outdated tech.
- Segregation of assets: Client crypto and fiat funds must be kept completely separate from your company’s money. No commingling. No using customer deposits to pay staff salaries.
The Application Process: What They Actually Look At
You apply through the FCA’s online Connect system. But before you even start, you need to prepare a mountain of documents:- Company incorporation papers
- Organizational chart showing all key roles
- Detailed AML/CFT policy manual
- Proof of IT security controls
- Business plan covering the next three years
- Background checks for all directors and senior managers
Why So Many Applications Get Rejected
The rejection rate is high. Over 60% of first-time applications are turned down. Why? Most companies think they can copy-paste a compliance template from a blog. They can’t. The top three reasons applications fail:- Weak KYC/AML systems: Using basic ID scanners without live verification, not recording the source of funds, or failing to monitor for red flags like rapid layering.
- No Travel Rule solution: Not having a way to collect and transmit required data for transfers over £1,000. Many platforms claim they’re compliant but can’t produce logs proving they did it.
- Banking access issues: The FCA requires you to have a UK business bank account. Many banks still refuse to work with crypto firms. If you don’t have one, your application is dead on arrival.
What Happens After You Register?
Getting approved isn’t the end. It’s the start of ongoing scrutiny. The FCA doesn’t give you a certificate and forget about you. You must:- Submit annual financial audits
- Report suspicious activity within 24 hours
- Update your AML policies every six months
- Notify the FCA of any changes in ownership, management, or key systems
- Undergo unannounced inspections
What If You Don’t Register?
The FCA doesn’t just send warning letters. They take action.- Your website can be blocked by UK ISPs
- Your domain can be seized
- You can be fined up to £1 million or more
- Individual directors can be personally prosecuted
- Your name can be published on the FCA’s warning list, killing your reputation
Where Do You Go From Here?
If you’re serious about operating in the UK, start now. The FCA isn’t going to delay enforcement. They’re holding information sessions across the country-including Edinburgh in autumn 2025-to help businesses prepare. Don’t wait for a deadline. You won’t get one. Here’s your action plan:- Review the FCA’s official VASP guidance document-don’t rely on summaries.
- Map out every service you offer and determine which ones trigger registration.
- Build or upgrade your KYC, AML, and Travel Rule systems. Test them with real data.
- Secure a UK business bank account. If your current bank says no, try specialist fintech banks like Wirecard or Revolut Business.
- Prepare your application documents at least six months before you plan to launch in the UK.
- Consider hiring a regulatory consultant. It’s not a cost-it’s insurance.
Frequently Asked Questions
Do I need to register if my crypto business is based outside the UK?
Yes-if you’re marketing your services to UK customers or allowing them to trade on your platform. Location doesn’t matter. Targeting UK users does. The FCA looks at where your customers are, not where your servers are. Even if you have no UK office, if your website is in English, accepts GBP, or runs ads targeting UK cities, you’re required to register.
How long does VASP registration take in the UK?
There’s no fixed timeline. Simple applications with strong documentation can take 3-6 months. Complex ones, especially those with weak compliance systems or banking issues, can take over a year. The FCA doesn’t publish processing times because every case is different. The key is submitting a complete, error-free application. Rushing it will only delay you.
What’s the Travel Rule, and why is it so hard to comply with?
The Travel Rule requires VASPs to share the name, account number, and address of both the sender and receiver for every crypto transfer over £1,000. The problem? Most wallets (like MetaMask or Trust Wallet) are unhosted-you don’t control them. So you need systems that can verify the identity of the person behind that wallet address. Few platforms have built this properly. The FCA has already rejected applications for failing to demonstrate how they collect and verify this data.
Can I use a third-party AML provider instead of building my own system?
Yes, but you’re still responsible. If you use a third-party like ComplyAdvantage or Elliptic, you must prove you’re actively monitoring their alerts, investigating flagged transactions, and keeping records. The FCA doesn’t accept “we used a vendor” as an excuse. You must show you’re managing the risk-not outsourcing it.
What happens if my bank refuses to work with my crypto business?
You can’t register without a UK business bank account. If traditional banks say no, you need to switch to fintech banks that specialize in crypto, like Revolut Business, Wirecard, or Salt Edge. Some firms use payment processors like Stripe or Adyen for fiat on/off ramps, but these often require pre-approval from the FCA. Don’t wait until your application to solve this-start talking to these providers early.
Is there a fee to register as a VASP in the UK?
Yes. The FCA charges an application fee based on your expected annual revenue. For most crypto businesses, it ranges from £5,000 to £25,000. There’s also an annual fee after approval, which can be £10,000 or more depending on your size. These fees are non-refundable, even if your application is rejected.
Andrea Stewart
December 30, 2025 AT 20:06Just finished reviewing the FCA's latest VASP guidance doc - honestly, it's one of the clearest regulatory frameworks I've seen in crypto. They're not trying to kill innovation, they're just tired of being played. If you're building a crypto business and ignoring UK compliance, you're not being edgy, you're being reckless.
Most teams think they can slap on a KYC plugin and call it a day. Nope. The FCA wants live ID verification, source-of-funds tracking, and Travel Rule compliance that actually works. And yes, that means verifying unhosted wallet recipients - no excuses.
Also, don't even think about using a non-UK bank account. They'll reject you before reading your AML policy. Revolut Business and Wirecard are your friends now.
Start early. This isn't a 30-day project. It's a 6–12 month overhaul.
And if you're outsourcing compliance to a vendor? You're still responsible. The FCA doesn't care if you paid someone else to fail.
Josh Seeto
December 31, 2025 AT 03:06Oh wow, the FCA actually wants you to *know* who your customers are? Shocking. Next they’ll ask you to wear pants during Zoom calls.
Meanwhile, my friend in Estonia runs a crypto exchange with a Google Form for KYC and a Discord bot for ‘transaction monitoring.’ He’s got 12k UK users and a Tesla. Guess who’s winning?
Khaitlynn Ashworth
January 1, 2026 AT 22:20Let me get this straight - you need to verify the identity of someone who owns a MetaMask wallet? Like, their full name, address, and birth certificate? Bro. That’s not compliance, that’s dystopian fanfic.
And you’re telling me I can’t just use a $99 ‘AML solution’ from Gumroad? Please. I’ve seen those. One of them had a logo that looked like a potato with wings.
Meanwhile, the FCA’s budget for ‘unannounced inspections’ is bigger than my entire startup’s runway. I’m not scared of regulation. I’m scared of the people enforcing it.
Also, why is everyone acting like this is new? We’ve been screaming about Travel Rule for five years. Now you’re surprised? Wow. What a revelation. I’ll go cry in my non-compliant wallet now.
Also, if your CEO has a DUI from 2008, you’re banned for life? That’s not financial oversight. That’s a personality test with a spreadsheet.
And don’t even get me started on the £25k application fee. That’s more than most devs make in a year. So only VCs can play? How very British of you.
Someone call the ACLU. Or at least send me a PayPal link so I can fund my next ‘unlicensed’ exchange. I’m feeling rebellious today.
Also, why do I feel like the FCA is just trying to make crypto boring? Like, if you had to file a 12-page form every time you sent ETH, wouldn’t you just… not send ETH?
Also, I’m not even a crypto person. I just like watching trainwrecks. Keep going, FCA. You’re doing god’s work.
rachael deal
January 2, 2026 AT 16:29Okay real talk - this is actually kind of inspiring. I know it sounds like a nightmare, but imagine if crypto finally had to play by the same rules as banks. No more shady OTC desks. No more ‘I don’t know who the sender is’ excuses.
Yes, it’s expensive. Yes, it’s tedious. But if we want real adoption, we need trust. And trust doesn’t come from memes or influencer shoutouts. It comes from accountability.
Start small. Get your KYC right. Talk to a fintech bank. Don’t try to build everything at once.
You got this. And if you need help, there are legit consultants out there who won’t charge you $50k to say ‘use two-factor auth.’
We can do this. Not perfect. Not fast. But right.
And hey - if you’re reading this and you’re scared? That’s okay. Just don’t freeze. Take one step. Then another.
💙
Elisabeth Rigo Andrews
January 4, 2026 AT 10:30Let’s be brutally honest: the FCA’s framework is less about consumer protection and more about institutional gatekeeping. You’re forcing startups to spend six figures on compliance just to get a chance to compete with legacy banks who’ve been laundering for decades.
Travel Rule? You’re requiring decentralized protocols to perform centralized identity verification - which fundamentally contradicts the ethos of crypto. This isn’t regulation. It’s a Trojan horse for financial centralization.
And the banking access requirement? That’s not a barrier - it’s a weapon. Banks have been systematically refusing crypto firms for years. Now you’re making that refusal a regulatory prerequisite? Brilliant.
Meanwhile, the same FCA that shut down 30 platforms last year approved a dozen traditional hedge funds with zero transparency. Double standards are the only thing consistent here.
And don’t even get me started on the ‘background checks for directors.’ You’re effectively banning anyone who’s ever had a tax issue, a misdemeanor, or a failed startup. That’s not risk management. That’s social engineering.
They’re not making crypto accountable. They’re making it extinct.
And the worst part? Most of the people enforcing this have never coded a smart contract. They don’t understand blockchain. They just want to control it.
So congrats, FCA. You won. Crypto’s now just another regulated utility. And the innovators? They’re all offshore. Where they’ve always been.
Enjoy your sterile, compliant, soulless financial future.
Mandy McDonald Hodge
January 6, 2026 AT 04:04ok so i just read this whole thing and honestly?? i feel like crying but also kinda inspired??
i run a tiny wallet app and we never thought we'd need to register bc we're 'just a side project' but then i realized we have 800 uk users and we accept gbp and... oh god
we're gonna need help. like, real help. not just a guy on fiverr who says he 'knows compliance'
anyone know a good, affordable consultant? i'll pay in coffee and memes. seriously. i'll send u a cat video every week.
also... why does this feel like growing up??
😭
Bruce Morrison
January 6, 2026 AT 12:46Compliance isn’t optional if you want to operate in a market with rule of law. The UK isn’t unique here. EU, Canada, Australia - all the same. If you’re targeting users, you’re subject to their rules.
Stop pretending crypto is outside the system. It’s not. It never was.
Build right. Or get out.
Simple.
Andrew Prince
January 7, 2026 AT 00:19It is, without a shadow of a doubt, a fundamental misapprehension of market dynamics to assume that regulatory compliance is a cost center rather than a strategic imperative. The Financial Conduct Authority, in its prudent and meticulously structured governance framework, has instituted a paradigmatic shift in the operational architecture of virtual asset service providers operating within the United Kingdom’s jurisdictional ambit. To presume that one may circumvent or minimize the requisite due diligence obligations - including, but not limited to, the Travel Rule, source-of-funds verification, and segregation of client assets - is not merely an act of negligence, but a categorical dereliction of fiduciary duty, and an affront to the very principles of financial integrity upon which modern capitalist economies are predicated. Moreover, the notion that one may outsource compliance to a third-party vendor without maintaining active, continuous, and documented oversight is not only legally indefensible, but epistemologically incoherent. The FCA’s rejection rate is not a bug - it is a feature. It is the market’s self-correcting mechanism. Those who succeed are not those who exploit loopholes - they are those who institutionalize compliance as the core of their value proposition. To be clear: this is not about regulation. This is about civilization.
Jordan Fowles
January 7, 2026 AT 19:31I used to think crypto was about freedom. Now I think it’s about responsibility.
This post doesn’t feel like a restriction. It feels like a coming-of-age story.
For years we said ‘we don’t need banks.’ Now we’re building systems better than banks.
That’s not a defeat. That’s evolution.
It’s messy. It’s expensive. It’s slow.
But it’s real.
Steve Williams
January 9, 2026 AT 03:08As someone from Nigeria, I see this as a model. Many African countries are watching the UK closely. We need this kind of clarity. Too many crypto scams here are hurting ordinary people. Regulation isn’t the enemy - chaos is.
Yes, it’s hard. But if we want crypto to be taken seriously, we must build with integrity.
Respect to the FCA for setting the bar high.
Let’s not copy the worst. Let’s copy the best.
nayan keshari
January 9, 2026 AT 19:40UK thinks it's the center of the world. Bro, I run a crypto service from India and my users are from 30 countries. Why should I care about your rules? You don't even have a blockchain strategy. You're just scared of decentralization.
And you charge £25k to apply? That's more than the GDP of my village. You're not regulating. You're taxing innovation.
My app has zero KYC. And it works. People use it. So what's your problem?
Johnny Delirious
January 10, 2026 AT 11:52Let me be unequivocally clear: the FCA’s VASP regime represents the most consequential regulatory development in digital asset markets since the 2008 financial crisis. The structural rigor demanded - from Travel Rule implementation to asset segregation - is not excessive; it is foundational. The alternative - unregulated, opaque, and exploitative markets - is not innovation. It is predation. The institutions that survive this transition will be the ones that treat compliance not as a burden, but as the bedrock of their competitive advantage. To resist is not to be revolutionary. It is to be irrelevant.
Bianca Martins
January 10, 2026 AT 15:03Just submitted my application yesterday. 87 pages of docs. 3 weeks of sleepless nights.
Got a call from the FCA today asking if my CTO ‘really understands how the transaction monitoring triggers work.’
I cried. Then I laughed.
Then I sent them a GIF of a cat wearing a suit.
They didn’t reply.
But I think they smiled.
🤞
Also - if you’re reading this and you’re scared? Me too.
Let’s do this together.
alvin mislang
January 11, 2026 AT 17:31People who think this is fair are naive. You’re forcing entrepreneurs to beg for permission to build. This isn’t regulation - it’s feudalism. The FCA isn’t protecting users. They’re protecting banks.
And if you’re one of those ‘I support regulation’ people? You’re part of the problem.
Crypto was supposed to be free.
Now it’s just another Wall Street tax.
😭💸
christopher charles
January 13, 2026 AT 13:07Hey - if you’re reading this and you’re thinking ‘I can’t do this’ - stop. You can.
Start with one thing. Just one.
Get your KYC flow right.
Then fix your bank account.
Then tackle Travel Rule.
You don’t need to do it all today.
Just start.
I’ve helped 12 startups get approved. I’ve seen the ones who gave up. And I’ve seen the ones who kept going.
The ones who kept going? They’re thriving.
You can too.
And if you need a hand? DM me. I’ll reply. I promise.
You’re not alone.
Vernon Hughes
January 14, 2026 AT 15:33In the US we call this overregulation
In the UK they call it responsibility
Same thing
Just different words
Same result
Smaller market
Less innovation
More lawyers
Less crypto
That's the story
Alison Hall
January 16, 2026 AT 05:17Just got approved. Took 9 months. Cost me $80k. Worth every penny.
My users trust me now.
That’s worth more than any VC check.
Amy Garrett
January 16, 2026 AT 14:09ok so i just spent 3 hours trying to fill out the fca form and my brain is mush
why does it ask for my cto's high school transcript??
also i think i spelled 'compliance' wrong 5 times
help
Mike Reynolds
January 17, 2026 AT 15:42My buddy’s crypto firm got rejected. They had everything right - KYC, Travel Rule, bank account.
But the CEO had a 15-year-old shoplifting charge.
FCA denied them.
He cried.
I cried.
Then I Googled ‘how to get a pardon in the UK.’
Turns out you can.
So he’s doing it.
Not because he wants to.
Because he has to.
That’s the price of playing in the big leagues.