FCA (Financial Conduct Authority — UK)

The Financial Conduct Authority is the UK’s conduct regulator for financial services firms and financial markets, established under the Financial Services Act 2012 and operational from April 2013. The FCA replaced the Financial Services Authority (FSA) alongside the creation of the Prudential Regulation Authority (PRA) as the UK adopted a “twin peaks” regulatory model separating conduct regulation from prudential supervision. The FCA’s jurisdiction over cryptoassets has expanded significantly since 2020 and is scheduled to reach full scope under a conduct regulatory framework in October 2027.

The 2020 AML Registration Regime

The FCA’s first formal role in crypto regulation came under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 as amended in 2020. The 2020 amendments required cryptoasset businesses operating in the UK — including exchanges, custodians, and peer-to-peer providers — to register with the FCA for anti-money laundering purposes. Registration did not constitute authorization or imply FCA approval of the business model; it required firms to demonstrate robust AML and CFT systems and controls.

The registration process proved demanding. The FCA rejected or declined to register a substantial majority of initial applicants, citing inadequate AML policies, insufficient due diligence on customers and transactions, and governance weaknesses. High-profile firms including Binance were unable to secure registration, and the FCA issued consumer warnings noting that unregistered firms were operating illegally in the UK. By mid-2025, approximately 40 firms had achieved full registration, a number that grew as the regulatory infrastructure matured.

FSMA 2023: Expansion to Conduct Regulation

The Financial Services and Markets Act 2023 (FSMA 2023) marked the most significant expansion of the FCA’s crypto jurisdiction. The Act amended the Financial Services and Markets Act 2000 to bring cryptoasset activities within the regulated activities framework, giving the FCA authority to regulate not only AML compliance but the full range of conduct obligations: authorization requirements, consumer protection rules, financial promotions, market abuse, and systems and controls.

FSMA 2023 also introduced a designated activities regime that applies to certain cryptoasset activities without requiring full authorization, and it extended the financial promotions regime to cryptoassets in a manner that the FCA implemented from October 2023. The financial promotions rules require firms communicating crypto financial promotions to UK consumers to either be FCA-authorized or have their promotions approved by an authorized person, with specific content requirements including prominent risk warnings and a cooling-off period for first-time investors.

The December 2025 Cryptoassets Regulations

The UK Cryptoassets Regulations, published in final form in December 2025, set out the detailed conduct of business requirements that will apply to FCA-authorized cryptoasset firms. These regulations draw on consultation papers published throughout 2024 and cover trading platform operations, stablecoin issuance and custody, lending and borrowing of cryptoassets, and post-trade transparency. The regulations establish the framework that firms must meet to obtain FCA authorization under the new regime rather than merely AML registration.

The October 2027 go-live date gives firms approximately 18 months after the regulations’ publication to prepare for and obtain authorization under the new framework. The FCA established a transitional regime allowing firms registered under the existing AML regime to continue operating while their authorization applications are processed, reducing the cliff-edge risk of mass market disruption on the go-live date.

Project Innovate and the FCA Sandbox

The FCA has operated one of the world’s most influential regulatory sandboxes, Project Innovate (now rebranded under various iterations), since 2015. The sandbox allows innovative financial services firms — including blockchain and tokenization projects — to test products and business models with real consumers under tailored regulatory supervision, with waivers or modifications of certain requirements applied on a time-limited basis. The FCA has also participated in cross-border sandbox arrangements, including the Global Financial Innovation Network (GFIN), allowing firms to test across multiple jurisdictions simultaneously.

For tokenized securities in particular, the FCA sandbox has facilitated pilots of DLT-based settlement, digital bond issuances, and tokenized fund structures. The insights gained from sandbox cohorts have informed the FCA’s policy development on both the conduct framework and the interaction with the broader UK financial market infrastructure regulatory framework.

Comparison with ESMA and the EU Model

The FCA’s single-regulator model contrasts with the distributed ESMA-NCA structure in the EU. Post-Brexit, UK firms authorized by the FCA lost their EU passport rights, and EU firms authorized under MiCA cannot rely on that authorization to access UK retail clients. The FCA and ESMA have explored equivalence and mutual recognition arrangements, but no comprehensive crypto-specific agreement existed as of early 2026. UK firms serving EU clients must separately comply with MiCA CASP requirements, and EU CASPs serving UK clients must separately register with or obtain authorization from the FCA — a duplication that substantially increases compliance costs for cross-border operators.