Regulation

Cryptoasset Authorisation: The FCA Gateway Opens 30 September 2026

The FCA's final cryptoasset rules are published and the authorisation gateway opens 30 September 2026. What the new regime requires and how firms should prepare.

MC

Michaela Clarke

Operations & Compliance Coordinator

12 May 202610 min read
Cryptoasset Authorisation: The FCA Gateway Opens 30 September 2026

The UK's cryptoasset industry stands at a pivotal moment. On 30 June 2026 the FCA published the final policy statements establishing the UK cryptoasset regulatory regime, and the authorisation application window opens on 30 September 2026 and closes on 28 February 2027. The new regime itself commences on 25 October 2027. Existing registrations will not convert automatically, so the application window is the critical planning date for every in-scope firm. This guide examines what the new regime entails, which activities fall within scope, and how firms should prepare.

The End of the Registration Regime

Since January 2020, cryptoasset businesses operating in the UK have been required to register with the Financial Conduct Authority under the Money Laundering Regulations. This registration regime, whilst establishing baseline anti-money laundering controls, was never intended as a permanent solution. The FCA has been clear that registration does not constitute authorisation and provides no assurance regarding a firm's broader conduct or financial soundness.

The new framework, established by the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026 (passed by Parliament on 4 February 2026), represents a fundamental shift from registration to full authorisation. When the regime commences on 25 October 2027, firms carrying on regulated cryptoasset activities in the UK must hold FCA authorisation under FSMA with permission for those activities. Registration under the Money Laundering Regulations will not convert automatically and will no longer suffice. Firms authorised under the Payment Services or Electronic Money Regulations, and firms relying on a section 21 financial promotions approver, will also need authorisation if they carry on in-scope activities.

This change reflects the government's ambition to position the UK as a global hub for cryptoasset technology and investment, whilst ensuring robust consumer protection and market integrity. The regulatory perimeter is expanding significantly, bringing cryptoassets into the mainstream of financial regulation.

Scope of the New Regime

Regulated Cryptoasset Activities

The new framework introduces a comprehensive suite of regulated activities relating to cryptoassets. Firms will require authorisation if they carry on any of the following activities by way of business in the UK:

Trading and Exchange Services

  • Operating a cryptoasset trading venue
  • Dealing in cryptoassets as principal or agent
  • Arranging deals in cryptoassets
  • Making a market in cryptoassets

Custody and Safeguarding

  • Safeguarding or administering cryptoassets on behalf of clients
  • Operating cryptoasset custody services
  • Providing wallet services where the firm holds private keys

Staking and Validation

  • Operating a cryptoasset staking service
  • Running validation nodes on behalf of clients
  • Providing delegation services for proof-of-stake networks

Decentralised Finance Activities

  • Operating lending or borrowing platforms involving cryptoassets
  • Providing liquidity pool services
  • Operating decentralised exchange protocols where the firm maintains control

Advisory and Management Services

  • Advising on cryptoassets
  • Managing cryptoasset portfolios
  • Operating collective investment schemes investing in cryptoassets

Territorial Scope

The regime applies to firms carrying on regulated cryptoasset activities in the UK. This includes:

  • UK-based firms serving domestic or overseas clients
  • Overseas firms actively marketing to or serving UK consumers
  • Firms operating platforms accessible to UK users

The FCA has indicated it will take a purposive approach to territorial scope, focusing on where activities have their effect rather than where infrastructure is technically located.

Prudential Requirements

One of the most significant changes under the new regime is the introduction of comprehensive prudential requirements for cryptoasset firms. These requirements are calibrated according to the nature and scale of a firm's activities.

Capital Requirements

The prudential framework, finalised in PS26/12 on 30 June 2026, is a UK-specific, activity-based regime built around new COREPRU and CRYPTOPRU sourcebooks. Requirements are calibrated to the activities a firm carries on rather than a single size-based tier system. Key features include a permanent minimum requirement for issuers of qualifying stablecoins of £350,000, own funds requirements built on investment-firm-style concepts adapted for cryptoasset risk, and fixed overhead style requirements for ongoing operation. Firms should work from the final rules in PS26/12 and the accompanying CRYPTOPRU guidance consultations to calculate their own position, since the applicable requirement depends on the specific permissions sought.

Liquidity Requirements

All authorised cryptoasset firms must maintain adequate liquid resources to meet obligations as they fall due. The specific requirements vary by firm type but include:

  • Basic liquid asset requirements
  • Stress testing for operational continuity
  • Recovery and resolution planning for larger firms

Client Asset Protection

Firms holding client cryptoassets must comply with enhanced safeguarding rules, including:

  • Strict segregation of client and firm assets
  • Use of appropriate custody arrangements
  • Regular reconciliation and reporting
  • Insurance or capital coverage for custody risks

Market Conduct and Disclosure

Market Abuse Regime

The new framework extends market abuse provisions to cryptoassets, creating criminal and civil liability for:

  • Insider dealing in cryptoassets
  • Market manipulation, including wash trading and spoofing
  • Improper disclosure of inside information

Firms operating trading venues will be required to implement market surveillance systems and report suspicious transactions to the FCA.

Disclosure Requirements

Cryptoasset issuers and trading venues will be subject to new disclosure obligations:

Admission Documents

  • Detailed disclosures for cryptoassets admitted to trading
  • Information on technology, governance, and risk factors
  • Ongoing disclosure of material changes

Consumer Disclosures

  • Clear risk warnings
  • Fee transparency
  • Product information requirements

Periodic Reporting

  • Annual and interim financial statements for larger firms
  • Regulatory returns on trading volumes and client positions
  • Complaints and operational incident reporting

Stablecoin-Specific Requirements

The regime introduces a distinct framework for stablecoin issuance and services, reflecting the particular risks these instruments pose to financial stability and consumer protection.

Fiat-Backed Stablecoin Issuers

Firms issuing fiat-backed stablecoins must:

  • Obtain specific authorisation as a stablecoin issuer
  • Maintain reserves equal to 100% of outstanding tokens
  • Hold reserves in high-quality liquid assets
  • Provide redemption rights to holders
  • Publish regular reserve attestations
  • Submit to enhanced supervision

Stablecoin Service Providers

Firms providing custody, exchange, or payment services for stablecoins will be subject to additional requirements around:

  • Reserve verification
  • Redemption facilitation
  • Consumer communication

Systemic Stablecoins

Stablecoins reaching systemic scale will be subject to additional requirements under Bank of England oversight, including:

  • Enhanced reserve requirements
  • Recovery and resolution planning
  • Restrictions on reserve investment

Transitional Arrangements

The FCA has established transitional arrangements to facilitate an orderly transition to the new regime.

Currently Registered Firms

Firms holding valid FCA cryptoasset registration under the Money Laundering Regulations may continue operating under a Treasury saving provision, provided they:

  • Submit a complete authorisation application during the application window (30 September 2026 to 28 February 2027)
  • Continue to comply with existing registration conditions while the application is determined

Where the FCA has not determined an in-window application before the regime commences on 25 October 2027, the saving provision allows the firm to continue providing cryptoasset services until the application is finally determined.

New Market Entrants

Firms not currently registered should prepare to apply as early as possible in the application window. The FCA expects to determine applications made during the window before the regime commences; firms that miss the window risk being unable to operate legally from 25 October 2027.

Firms Exiting the Market

Firms choosing not to seek authorisation must wind down their UK cryptoasset activities before the regime commences on 25 October 2027. This includes:

  • Returning client assets
  • Closing positions
  • Notifying customers of cessation

The Application Process

Pre-Application

Before submitting a formal application, firms should:

  1. Assess regulatory perimeter - Determine which activities require authorisation
  2. Gap analysis - Identify areas requiring development to meet authorisation standards
  3. Business plan refinement - Develop detailed projections and operating model documentation
  4. Governance enhancement - Ensure board composition and senior management meet FCA expectations
  5. Systems and controls - Implement necessary compliance, risk management, and operational infrastructure

The FCA offers pre-application meetings for complex cases, and firms are encouraged to engage early with supervisors.

Application Requirements

A complete authorisation application must include:

  • Regulatory business plan
  • Financial projections and capital adequacy assessment
  • Organisational structure and governance arrangements
  • Senior manager and certification regime applications
  • Systems and controls documentation
  • Compliance monitoring arrangements
  • Outsourcing and operational resilience documentation
  • Client asset arrangements
  • Financial crime prevention framework

Determination Timeline

The FCA has said it expects to determine applications made during the application window before the new regime commences on 25 October 2027. Given the volume of applications expected, firms should apply early in the window and anticipate that applications with deficiencies or requiring significant additional information will take considerably longer.

Key Policy Documents

The final rules were published on 30 June 2026. Firms preparing for authorisation should work from these documents:

PS26/9 - Admissions and disclosures, and the market abuse regime for cryptoassets (MARC)

PS26/11 - Regulated cryptoasset activities, including custody and safeguarding

PS26/12 - The prudential regime for cryptoasset firms (COREPRU and CRYPTOPRU)

Alongside the policy statements the FCA published finalised guidance and two further guidance consultations. The full set is collected on the FCA's cryptoasset regime overview page, and practical detail on the gateway is on the how the gateway will operate page.

Preparing Your Firm

With the application window opening on 30 September 2026, firms should be well advanced in their preparation. Key priorities include:

Immediate Actions

  • Complete gap analysis against final rules
  • Finalise authorisation application if not yet submitted
  • Enhance capital position to meet prudential requirements
  • Implement market abuse systems and surveillance capabilities

Ongoing Preparation

  • Train staff on new regulatory obligations
  • Update policies and procedures to reflect authorisation requirements
  • Review client documentation and disclosures
  • Test operational resilience arrangements

Strategic Considerations

  • Assess business model viability under the new regime
  • Consider corporate restructuring if prudential requirements necessitate
  • Evaluate partnerships with authorised firms for activities you may not pursue directly
  • Plan client communication regarding regulatory changes

The Opportunity Ahead

Whilst the new authorisation requirements represent a significant compliance burden, they also present opportunities for well-prepared firms. Authorisation will provide:

  • Enhanced credibility with institutional clients and counterparties
  • Access to mainstream financial services partnerships
  • Clearer regulatory framework supporting business planning
  • Competitive differentiation from unauthorised overseas competitors

The UK's comprehensive approach to cryptoasset regulation positions the market favourably compared to jurisdictions with fragmented or unclear frameworks.

How MEMA Can Help

Navigating the transition to full FCA authorisation requires expertise in both traditional financial services regulation and the unique characteristics of cryptoasset markets. MEMA Consultants brings deep experience across both domains.

Our cryptoasset authorisation services include:

  • Regulatory perimeter analysis - Determining which activities require authorisation and optimal structuring
  • Gap analysis and remediation planning - Identifying areas requiring development and practical solutions
  • Application preparation - Drafting comprehensive authorisation applications to FCA standards
  • Governance and senior management - Advising on board composition, SM&CR applications, and governance frameworks
  • Prudential compliance - Capital and liquidity planning, client asset arrangements, and ongoing compliance
  • Policies and procedures - Developing compliant operational frameworks tailored to your business
  • Project management - Coordinating complex authorisation programmes to meet regulatory deadlines

With the application window opening on 30 September 2026 and closing on 28 February 2027, early engagement is essential. Our team can assess your current position, identify priority actions, and develop a clear pathway to authorisation.

Contact MEMA today to discuss your cryptoasset authorisation requirements and ensure your firm is prepared for the new regulatory landscape. Time is short, but with proper planning and expert support, authorisation is achievable.

<hr>

This article is for general information purposes only and does not constitute legal or regulatory advice. Firms should seek specific guidance on their individual circumstances.

Need expert regulatory guidance?

Our ex-regulator team helps firms navigate complex requirements and evidence compliance with confidence.

Book a Free Scoping Call
Cryptoasset Authorisation: The FCA Gateway Opens 30 September 2026 | MEMA Consultants