1.  How is crypto regulated?
  2.  What are the steps taken by the regulator to adopt MiCAR? 
  3. Are the following activities regulated or unregulated in your jurisdiction? ― Direct sales of tokens by issuers — Exchange (buy/sell) ― Custody (hold) ― Borrowing/lending ― Yield/staking services— Staking on proof of stake consensus mechanisms
  4. Can offshore business provide services to local customers on either active solicitation or reverse solicitation basis? 
  5. How long would establishing a cryptoasset business/obtaining a license in your jurisdiction take?
  6. What would be the approximate overall cost of obtaining a licence?
  7. What is the probability (%) of success in obtaining a licence?
  8. What other limitations are there in your jurisdiction when looking to set up a cryptoasset business? E.g., Compliance requirements and physical presence

jurisdiction

United Kingdom

Disclaimer: This chapter was last updated on 20 August 2025 and does not reflect any subsequent developments. The information provided is intended for general informational purposes and should not be construed as legal advice.

For the latest developments, please see the page on Crypto Regulation in the UK. There, we provide an overview of the FCA’s and HM Treasury’s proposed new framework for cryptoassets and crypto services, including the consultation timeline through to 2026. You will also find summaries of the incoming regimes on stablecoins, custody, prudential requirements, trading platforms, lending, staking and DeFi, alongside updates to the market abuse and disclosure rules. This additional content explains how the UK is reshaping its financial services framework to integrate crypto, and what this means for firms already subject to the current AML and financial promotion regimes. We invite you to explore the updates for a fuller picture of the UK’s evolving approach.  

1. How is crypto regulated?

AML RegulationAny other regulation

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLRs”) contain a number of relevant anti-money laundering and counter-terrorist financing (“AML”) rules.  Firms that fall within the scope of the MLRs generally need to be registered with the United Kingdom Financial Conduct Authority (“FCA”).

The MLRs apply to:

  • a  “cryptoasset exchange provider”, being a firm or sole practitioner that by way of business provides one or more of the following services:
    • exchanging, or arranging or making arrangements with a view to the exchange of:
      • cryptoassets for money or money for cryptoassets; or
      • one cryptocurrency for another; or
    • operating a machine which utilises automated processes to exchange cryptoassets for money or money for cryptoassets; and
  • a “custodian wallet provider”, being a firm or sole practitioner who by way of business provides services to safeguard, or to safeguard and administer:
    • cryptoassets on behalf of its customers; or
    • private cryptographic keys on behalf of its customers in order to hold, store and transfer cryptoassets,

when providing such services.

For the purposes a “cryptoasset” is “a cryptographically secured digital representation of value or contractual rights that uses a form of distributed ledger technology and can be transferred, stored or traded electronically”.

As such, cryptoasset businesses carrying out exchange or custody activities within the UK will generally be subject to regulation under the MLRs. Please see the response to question 3 below for further detail.

Firms within the scope of the MLRs are required to implement certain AML systems and controls, including the UK’s implementation of the “travel rule” where cryptoasset businesses have been required to collect, verify and share information about cryptoasset transfers. The specific information to be collected will depend on the value of the transaction and whether it involves an international transfer.

Existing regulation: The Financial Promotion Regime 

The financial promotion regime applies to any communications which are capable of having an effect in the UK that invite or induce persons to engage in certain types of investments, including a “qualifying cryptoasset”.

Most types of cryptocurrencies will fall within the current proposed definition of a “qualifying cryptoasset”, including for example Bitcoin. 

The regime applies to communications made to or directed at persons located in the UK, including from overseas on a cross-border basis. 

Any financial promotions communicated in the course of business must:

  • be issued by an FCA-authorised person;
  • be approved by an FCA-authorised person; or
  • fall within an exemption from the financial promotion regime.

Those who breach the financial promotion regime may be subject to up to two years imprisonment and/or an unlimited fine, as well being liable to pay compensation to any investors that may have invested following such a breach.

Existing regulation: the Digital Securities Sandbox 

In September 2024, the UK opened the Digital Securities Sandbox (“DSS”) to allow market participants to explore new and innovative technologies and business models, such as those that utilise decentralised ledger technology, within the confines of existing rules. The DSS is intended to facilitate the testing of how UK legislation needs to change to accommodate digital asset technology and the new practices associated with it by allowing firms to experiment in a “safe regulatory environment” under temporarily modified legislation. 

Currently, the DSS is designed to handle the three following business models:

  • Digital Securities Depositories (“DSDs”), which are firms undertaking central securities depository activities in the context of digital assets;
  • Trading venue operators (including MTFs and OTFs under the existing rules); and
  • “Hybrid” firms that intend to carry on the activities of a DSD and a trading venue operator.

The DSS includes all financial instrument types listed under the UK’s Financial Services and Markets Act 2000 (“FSMA 2000”) and the FSMA 2000 Regulated Activities Order (“RAO”), but excludes unbacked cryptoassets such as Bitcoin.

2. What are the steps taken by the regulator to adopt MiCAR? 

The UK is not a member of the European Union.  As such, MiCAR is not directly relevant to the UK’s national regulatory regime. Instead, the UK government intends to implement its own regulatory regime for cryptoassets by bringing cryptoassets and related financial services into the scope of its existing financial services regime. UK firms should be familiar with MiCAR to the extent that they wish to offer their products and services to EU persons. For more information on the adoption of MiCAR, please see: Legal experts on Markets in Crypto-Assets (MiCA) regulation (cms.law)

Over 2025 and 2026, the UK government and the FCA has and will continue to unveil and consult on a suite of new rules governing the regulatory treatment of cryptoassets, cryptoasset services, and other blockchain-based technologies. Until these proposed rules come into effect (which is expected to be at the end of 2026), existing rules will continue to apply to cryptoasset service providers operating in or selling to customers in the UK. We have set out our summaries of each of these proposed regimes in a separate page, available here, but in short the new regime will cover:

  1. The expansion of FSMA 2000 and the RAO to include cryptoassets and cryptoasset services
  2. Conduct and compliance rules expected of cryptoasset firms carrying on “regulated activities” under the expanded RAO
  3. Market abuse rules
  4. Trading platform admissions and disclosures
  5. Operating crypto trading platforms and intermediaries
  6. Lending and borrowing cryptoassets
  7. Staking and decentralised finance (“DeFi”)
  8. Stablecoin issuance
  9. Cryptoasset custody
  10. Prudential requirements for cryptoasset firms

Our summary of the timeline for the consultation and implementation of each of these regimes can be found here.

3. Are the following activities regulated or unregulated in your jurisdiction? ― Direct sales of tokens by issuers — Exchange (buy/sell) ― Custody (hold) ― Borrowing/lending ― Yield/staking services— Staking on proof of stake consensus mechanisms

AML RegulationAny other regulation

As noted in the response to question 1 above, both exchange and custody activities relating to crypto assets fall within the scope of the MLRs. In essence, the MLRs serve to prohibit cryptoasset service providers that engage in exchange and/or custody activities from operating in the UK unless they are registered with the FCA.

A cryptoasset business will not automatically need to register with the FCA unless it is involved in exchange or custody activity. The MLRs set out specific criteria that aims to determine whether a cryptoasset business is engaging in such activities and, therefore, within scope of the FCA’s supervisory jurisdiction.

Exchange/Direct Sales: A cryptoasset business will be considered to be an ‘exchange provider’ if and where it provides services by way of business to exchange, or arrange, or make arrangements with a view to the exchange of cryptoassets for money or other cryptoassets. This definition also includes crypto ATMs, whereby a person or business operates a machine that utilises automated processes to exchange cryptoassets for money or other cryptoassets.

Custody: A cryptoasset business will be considered to be a ‘custodian wallet provider’ where it provides services by way of business to safeguard, or to safeguard and administer, cryptoassets or private cryptographic keys on behalf of its customers.

It should be noted that, while not explicitly referred to, staking and other mechanisms may take on the characteristics of either exchange or custody activities, with each instance being considered based on the specific fact pattern. Therefore, staking activities could fall within the UK’s AML regime and businesses that offer such services may be required to register with the FCA.

If the activities of a relevant cryptoasset business satisfy either definition, they will need to register with the FCA under the MLRs. Upon a successful application for registration, the cryptoasset business will appear on the FCA’s cryptoasset register and be allowed to carry on their exchange or custody business within the UK. Compliance is ongoing, meaning proper policies and procedures must be put in place and reporting requirements must be adhered to.

Existing regulation: Investment business regulation

Under the current regime, a cryptoasset may constitute a “specified investment” (i.e., it has the characteristics of a share, a debenture, e-money, a unit in a collective investment scheme, a derivative etc.).  If this is the case, then any exchange or custody of that cryptoasset (as well as certain other activities, such as providing investment advice) may constitute a regulated activity under the UK’s regulated investment business regime.

Those engaging in any such regulated activity will need to apply for authorisation under FSMA 2000. Carrying on a FSMA 2000 regulated activity without authorisation (or without falling within an exemption) constitutes a criminal offence. Those who breach the rules may be subject to up to two years imprisonment and/or an unlimited fine, as well being liable to pay compensation to any investors that may have invested following such a breach.

Existing regulation: the Digital Securities Sandbox

As above, firms that currently carry on activities as a (i) central securities depository or a (ii) trading venue, using DLT or in relation to other digital assets, may be eligible to operate within the DSS.

Future regulation: Update of UK financial services regime

As above, the UK is currently consulting on and implementing a new suite of rules that will govern cryptoasset financial services and service providers. We have set out our summaries of each of these proposed regimes in a separate page, available here.

 

4. Can offshore business provide services to local customers on either active solicitation or reverse solicitation basis? 

Existing Regulation: Financial Promotions

The financial promotions regime applies to any invitation or inducement to engage in investment activity that is capable of having an effect in the UK and which relates to a ‘qualifying cryptoassets’, unless an exemption applies. 

Accordingly, it is irrelevant whether the communication is being made by a UK entity or an offshore entity or is actively directed at UK persons; what matters is whether UK persons (being people based in the UK) can access the communication. This essentially means that reverse solicitation is not, in itself an effective defence to any breach of the financial promotions regime. 

There are three routes cryptoasset firms can take to lawfully communicate cryptoasset promotions:

  1. an authorised person communicates the promotion;
  2. an authorised person approves the promotion; or
  3. the promotion otherwise complies with the conditions of an exemption in the FPO. 

Under (iii), one such exemption related to the communication of a financial promotion by a cryptoasset firm that is registered under the MLRs. 

In practice, most transactions and activities relating to qualifying cryptoassets will be considered “controlled activities” and, therefore, fall within scope of the rules; for example, any activity of dealing or trading in qualifying cryptoassets will fall within scope.   

In relation to (i) and (ii), there are various FCA rules that need to be complied with, depending on the type of financial promotion and its content.  These include:

  1. risk warnings and summaries;
  2. banning incentives to invest;
  3. 24 hour cooling off period;
  4. personalised risk warning pop-up;
  5. client categorisation;
  6. appropriateness assessment; and
  7. record keeping requirements. 

As mentioned in the answer to question 1, breach of the financial promotion rules is a criminal offence. Those who breach the financial promotion regime may be subject to up to two years imprisonment and/or an unlimited fine, as well being liable to pay compensation to any investors that may have invested following such a breach. 

Future Regulation: Update of UK Financial Services Regime

At the moment, the FCA has not published any rules on whether the updated UK financial services regime will feature a reverse solicitation exemption in relation to any specific regulated cryptoasset activities. We expect that any such exemption will be published in the Consultation Paper on the FSMA 2000 RAO regime, which is due to be published in Q3 2025.

5. How long would establishing a cryptoasset business/obtaining a license in your jurisdiction take?

AML RegulationAny other regulation
At present, the FCA expects new applications for MLR licensing to take six to eight months. In saying this, and depending on the quality of the application, this estimate is subject to change; for example, a poorly prepared or overly complicated application may take over a year to be processed by the FCA. 

Existing regulation: Financial Promotion regime

There is no licence required from the FCA to comply.  Instead, as stated above there are three routes cryptoasset firms can take to lawfully communicate cryptoasset promotions:

  1. an authorised person communicates the promotion;
  2. an authorised person approves the promotion; or
  3. the promotion otherwise complies with the conditions of an exemption in the FPO.

Exact timing will depend on the route that is taken.  However, this usually related to the time involved in drafting and/or arranging for the financial promotion to be approved/fall within an exemption.

Existing regulation: Investment business authorisation

Most cryptoasset relates firms are not currently within the scope of FSMA 2000.  For those that are, processing times for FSMA 2000 applications will vary depending on the authorised activity.

From the date of submission, the FCA is required to process a complete application within six months and an incomplete application within 12 months.

Existing regulation: Digital Securities Sandbox

There are various application stages or “gates” that DSS applicants must pass in order to carry on certain activities, with each successive gate granting the ability to carry out a wider range of activities. Stage 1, for example, is a preliminary registration stage that grants entrance to the DSS, whereas stage 2 grants the ability to “go live” and carry on the intended activities. We explore the different timelines and costs applicable to each stage, and in relation to each type of business model, in a summary table available here

6. What would be the approximate overall cost of obtaining a licence?

AML RegulationAny other regulation

The application fees for cryptoasset businesses registering with the FCA will vary depending on the activities or services offered. At the time of writing, application fees for cryptoasset business are around £10,000. Assuming the application is successful, additional fees will be charged per year; these will vary depending on the size and income of the authorised firm, starting at around £2,000.

Legal and other professional fees will be necessary. There are compliance costs associated with meeting the regulatory requirements set by the FCA. These costs may include hiring compliance professionals, conducting AML and KYC checks, and implementing robust security measures.

 

Existing regulation: Financial promotion regime

There is no licence required from the FCA to comply.  The costs involved usually instead relate to compliance relates costs.

Existing regulation: Investment business authorisation

The application fee will depend on the particular application. Legal and other professional fees will be necessary.

Existing regulation: Digital Securities Sandbox

As above, we explore the different timelines and costs applicable to each stage, and in relation to each type of business model, in our article here.

7. What is the probability (%) of success in obtaining a licence?

AML RegulationAny other regulation

The FCA publishes statistics relating to applications for registrations under the MLRs here.

The FCA have published high-level guidance, detailing what they expect to see in applications; successful applications will generally be sufficiently detailed and properly advised. Among other things, a successful application will detail that the business has implemented proper procedures, policies and controls to address the risk of money-laundering and terrorist financing, measured proportionately to the size and nature of the business’ activities.

Existing regulation: Financial promotion regime

There is no licence required from the FCA to comply.

Existing regulation: Investment business authorisation

The success rate for applications both since the inception of the regime since January 2020, and over the last 12 months (since August 2024 to August 2025), has been 14%. A current list of the statistics for MLR applications is available here.  

The Government has confirmed that registration under the MLRs will not translate to automatic FSMA 2000 authorisation under the incoming cryptoasset regulatory regime.  Cryptoasset firms that are registered under the MLRs will therefore need to submit a new authorisation application under the new regime.

Existing regulation: Digital Securities Sandbox

At the moment, the Bank of England and the FCA have not published the statistics or an estimate success rate of firms applying to become a DSS entrant. However, we note that several firms have already become stage 1 DSS entrants since the start of the DSS at the end of 2024, and the full list of successful applicants is available here

8. What other limitations are there in your jurisdiction when looking to set up a cryptoasset business? E.g., Compliance requirements and physical presence

AML RegulationAny other regulation

The MLRs registration requirement generally only applies to persons and entities that conduct their business from within the UK. The regime will therefore apply to UK companies, and will also extend to businesses that have a sufficient physical nexus to the UK (i.e., employees, offices etc.).  In these instances, the FCA has made it clear that they expect these businesses to have a sufficient establishment within the UK and comply with the associated UK regulations.  Money Laundering Reporting Officers (“MLROs”) are expected to be based within the UK and the FCA is likely to refuse any applications with non-UK based MLROs.

All firms that are looking to set up a cryptoasset business within the UK should comply with the FCA’s non-exhaustive list of conditions to be registered under the MLRs. These conditions include:

  • taking appropriate steps to identify and assess the risk of money laundering and terrorist financing, as the business is or may subject to;
  • assessing the money laundering and terrorist financing risks that relate to any new technologies before launching or integrating such technologies, taking appropriate measures to manage and mitigate such risks;
  • undertaking customer due diligence (CDD) when entering into a business relationship or occasional transactions; and
  • applying more intrusive due diligence (or ‘enhanced due diligence’) when dealing with customers that may present a higher money laundering or terrorist financing risk, such as politically exposed persons.

Existing regulation: Financial promotion regime

Please see comments in earlier questions

Existing regulation: Investment business authorisation

Similar to the MLRs, the threshold conditions to be authorised under FSMA 2000 including having an office and appropriate resources in the UK. 

The firm will need to show the FCA that they are able to comply with the FCA’s detailed rules and requirements as part of the authorisation process. 

Existing regulation: Digital Securities Sandbox

The DSS compliance requirements set out by the Bank of England and the FCA are only applicable to firms that have already become registered phase 2 DSS firms, i.e. those that have been given permission to “go-live”. They do not apply to phase 1 entrants or any other firms outside of the DSS.