Setting up a crypto and blockchain company in the United Kingdom requires more than standard company formation. The UK has built a layered regulatory framework that treats crypto asset businesses as financial services firms, not technology startups. Before a single token is issued or a single wallet is opened for a client, the business must be correctly structured, registered with the Financial Conduct Authority (FCA), and aligned with anti-money laundering obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017).
The concrete risk is straightforward: operating without FCA registration as a cryptoasset business is a criminal offence under the Financial Services and Markets Act 2000 (FSMA 2000), as amended by the Financial Services and Markets Act 2023 (FSMA 2023). The FCA maintains a public register of registered and rejected firms, and enforcement action - including prosecution of directors - has already occurred against unregistered operators.
This article covers the legal framework, corporate structuring options, FCA registration mechanics, ongoing compliance obligations, and the most common mistakes made by international founders entering the UK crypto market.
---
The United Kingdom does not have a single "crypto law." Instead, crypto and blockchain businesses operate under a patchwork of statutes, secondary legislation, and FCA guidance that has evolved rapidly since 2020.
The core legislative pillars are:
The FCA operates two distinct tracks for crypto businesses. The first is AML/CTF registration under the MLRs 2017, which applies to cryptoasset exchange providers and custodian wallet providers. The second is full FCA authorisation under FSMA 2000, which applies where the business carries on regulated activities - such as operating a collective investment scheme, dealing in investments, or arranging deals in investments - that happen to involve cryptoassets.
A common mistake among international founders is assuming that AML registration is the only regulatory hurdle. In practice, a business that structures its token offering as a security, or that manages pooled client funds, may require full FCA authorisation - a significantly more demanding process with higher capital requirements and ongoing supervisory obligations.
The FCA';s Perimeter Guidance Manual (PERG) provides detailed guidance on which activities cross the regulatory perimeter. Founders should analyse their specific business model against PERG before selecting a corporate structure, not after.
---
The United Kingdom offers several corporate vehicles for crypto and blockchain businesses. The choice of structure affects liability, tax treatment, investor appetite, and the ease of FCA registration.
Private limited company (Ltd)
The private limited company incorporated under the Companies Act 2006 is the most common vehicle for crypto startups in the UK. It offers limited liability for shareholders, a familiar governance framework, and straightforward share issuance for fundraising. For FCA AML registration purposes, the FCA requires disclosure of all persons with significant control (PSC) and beneficial owners, which is already a standard requirement under the Companies Act 2006 for UK companies.
A private limited company is appropriate for: cryptoasset exchange operators, custodian wallet providers, blockchain software developers, and token issuers where the token does not constitute a regulated investment.
Public limited company (PLC)
A public limited company incorporated under the Companies Act 2006 is relevant where the business intends to list on a UK exchange or raise capital from the public. The PLC route involves higher formation costs, a minimum share capital requirement, and more stringent ongoing disclosure obligations. For most early-stage crypto businesses, a PLC is premature and adds regulatory complexity without corresponding benefit.
Limited liability partnership (LLP)
A limited liability partnership formed under the Limited Liability Partnerships Act 2000 offers pass-through taxation and flexible profit allocation, which can be attractive for blockchain infrastructure businesses or professional services firms operating in the crypto space. However, LLPs are less familiar to international investors and may create friction in fundraising rounds that use standard equity instruments.
Branch of a foreign company
A foreign company may register a UK branch under the Companies Act 2006 rather than incorporating a new entity. This approach is sometimes used by established overseas crypto businesses entering the UK market. The branch is not a separate legal entity - the parent company remains liable for its obligations. Critically, the FCA treats a UK branch of a foreign company as a separate registrant for AML/CTF purposes, so the branch must independently satisfy the MLRs 2017 registration requirements.
Holding and subsidiary structures
Many international crypto groups use a UK holding company above operating subsidiaries in other jurisdictions. The UK holding company benefits from the participation exemption on dividends and capital gains under the Corporation Tax Act 2010, making it an efficient structure for groups with multiple operating entities. The UK holding company itself may not require FCA registration if it does not directly carry on registrable activities - but founders must document this analysis carefully, as the FCA has challenged structures where the holding company was found to be directing or controlling registrable activities.
In practice, the most common structure for a UK-based crypto business targeting retail and institutional clients is a private limited company as the primary operating entity, with a separate holding company above it if the group has international operations.
To receive a checklist on corporate structure selection for crypto and blockchain companies in the United Kingdom, send a request to info@vlolawfirm.com.
---
The FCA registration process for cryptoasset businesses under the MLRs 2017 is one of the most demanding AML registration processes in any major jurisdiction. The FCA has publicly stated that it rejects a significant proportion of applications due to inadequate AML/CTF frameworks, and it has used its power under Regulation 74A of the MLRs 2017 to impose requirements on applicants during the assessment period.
Who must register
Under Regulation 14A of the MLRs 2017, a cryptoasset exchange provider or custodian wallet provider that carries on business in the UK must register with the FCA before commencing activity. A cryptoasset exchange provider is defined broadly to include businesses that exchange cryptoassets for fiat currency, exchange one cryptoasset for another, or operate a cryptoasset ATM. A custodian wallet provider holds cryptoassets on behalf of clients.
Businesses that only develop blockchain software, provide smart contract auditing, or offer non-custodial tools generally fall outside the MLRs 2017 registration requirement - but they must still comply with the financial promotions regime if they communicate financial promotions to UK persons.
The application process
The FCA application is submitted through its Connect portal. The application requires:
The FCA has a statutory assessment period of three months from receipt of a complete application, but in practice assessments have taken considerably longer - often six to twelve months - due to the volume of applications and the FCA';s detailed scrutiny of AML frameworks.
Fit and proper assessment
Every beneficial owner, officer, and manager of the applicant must satisfy the FCA';s fit and proper test. This covers honesty and integrity, competence and capability, and financial soundness. The FCA will conduct criminal record checks, review regulatory history in other jurisdictions, and assess whether the individual has the knowledge and experience to perform their role in a regulated crypto business. A non-obvious risk for international founders is that a prior regulatory action in another jurisdiction - even if resolved - can delay or block UK registration.
Temporary registration and the register
The FCA maintains a public register of registered cryptoasset businesses. During the transition period following the introduction of the MLRs 2017 registration requirement, the FCA operated a Temporary Registration Regime (TRR) for businesses that had applied before the deadline. The TRR has now closed, and any business that did not obtain registration before the TRR closure and continues to operate is doing so illegally.
Full FCA authorisation under FSMA 2000
Where the business model involves regulated activities - for example, operating a multilateral trading facility (MTF) for security tokens, managing a cryptoasset fund, or providing investment advice on cryptoassets that qualify as specified investments - the business requires full FCA authorisation under FSMA 2000, not merely AML registration. Full authorisation involves a more extensive application, including a regulatory business plan, detailed financial projections, capital adequacy calculations, and individual applications for each approved person under the Senior Managers and Certification Regime (SM&CR).
The SM&CR, introduced by the Bank of England and Financial Services (Miscellaneous Provisions) Act 2017 and extended to solo-regulated firms, requires that senior managers of FCA-authorised firms take personal responsibility for their areas of the business. For a crypto firm, this means the CEO, CFO, and compliance officer will each hold named senior manager functions and be personally accountable to the FCA.
---
The financial promotions regime is one of the most practically significant legal issues for crypto and blockchain companies operating in or targeting the UK market. Section 21 of FSMA 2000 prohibits any person from communicating a financial promotion in the course of business unless they are FCA-authorised or the promotion has been approved by an FCA-authorised person.
From October 2023, the Financial Promotion (Cryptoassets) Order 2023 brought cryptoasset financial promotions within this regime. A "cryptoasset financial promotion" is broadly defined to include any communication that invites or induces a person to engage in investment activity related to a qualifying cryptoasset. This covers website content, social media posts, email campaigns, and white papers that promote a token sale to UK persons.
Qualifying cryptoassets and the securities question
Not all cryptoassets are treated equally under UK law. The FCA';s classification framework distinguishes between:
The critical legal question for any token issuance is whether the token constitutes a specified investment under the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO 2001). If it does, the issuer requires FCA authorisation to issue or promote it, and the issuance may constitute a public offer of securities requiring a prospectus under the UK Prospectus Regulation.
A common mistake is structuring a token as a "utility token" based on the label in the white paper, without conducting a substantive legal analysis of the economic rights it confers. The FCA and, where relevant, the courts will look through the label to the substance. If the token confers rights to a share of profits, a right to vote on governance matters, or a right to receive a return based on the efforts of others, it is likely to be classified as a security regardless of what the white paper calls it.
Practical scenarios
Consider three scenarios that illustrate the range of issues:
A UK-incorporated company launches a decentralised exchange (DEX) protocol and issues governance tokens to early contributors. The governance tokens confer voting rights over protocol parameters but no economic rights. The FCA';s analysis would focus on whether the tokens constitute "transferable securities" under the UK Prospectus Regulation or "units in a collective investment scheme" under FSMA 2000. If the protocol is structured so that token holders share in the economic output of the protocol, the collective investment scheme analysis becomes live.
A foreign company with no UK presence runs a token sale and targets UK retail investors through social media. From October 2023, this constitutes a cryptoasset financial promotion communicated to UK persons. Without FCA authorisation or approval from an FCA-authorised person, the promotion is unlawful under Section 21 of FSMA 2000. The foreign company';s directors may be personally liable.
A UK-based company operates a platform that allows users to stake cryptoassets and receive yield. The FCA';s view is that yield-bearing staking products may constitute collective investment schemes or deposit-taking, depending on the structure. Either classification would require full FCA authorisation under FSMA 2000.
To receive a checklist on token classification and financial promotions compliance for crypto businesses in the United Kingdom, send a request to info@vlolawfirm.com.
---
AML/CTF compliance is not a one-time exercise for UK crypto businesses. It is an ongoing operational obligation that the FCA supervises actively, including through desk-based reviews, on-site inspections, and information requests under Regulation 66 of the MLRs 2017.
Customer due diligence
Under Regulation 28 of the MLRs 2017, a registered cryptoasset business must apply customer due diligence (CDD) measures when establishing a business relationship, carrying out an occasional transaction above EUR 1,000 in cryptoassets, or when there is a suspicion of money laundering or terrorist financing. CDD requires identifying and verifying the customer';s identity, identifying the beneficial owner where the customer is a legal entity, and understanding the nature and purpose of the business relationship.
Enhanced due diligence (EDD) is required under Regulation 33 of the MLRs 2017 in higher-risk situations, including where the customer is a politically exposed person (PEP), where the transaction involves a high-risk third country, or where the business relationship presents other elevated risk indicators. For crypto businesses, EDD is frequently triggered by the use of privacy-enhancing technologies, high-value transactions, or customers whose source of funds cannot be readily verified.
Transaction monitoring
Registered cryptoasset businesses must implement transaction monitoring systems capable of detecting unusual patterns of activity. The FCA expects these systems to be calibrated to the specific risk profile of the business - a retail exchange serving thousands of small transactions requires different monitoring parameters than a custody provider serving institutional clients with large, infrequent transactions.
A non-obvious risk is that many early-stage crypto businesses implement off-the-shelf transaction monitoring software without customising the alert thresholds to their actual customer base. The FCA has criticised this approach in supervisory reviews, noting that generic thresholds produce either excessive false positives (which overwhelm the compliance team) or miss genuine suspicious activity.
Suspicious activity reporting
Under the Proceeds of Crime Act 2002 (POCA 2002), a registered cryptoasset business must submit a Suspicious Activity Report (SAR) to the National Crime Agency (NCA) where it knows or suspects that a person is engaged in money laundering. The obligation to report arises before the business has certainty - suspicion is sufficient. Failure to report is a criminal offence under Section 330 of POCA 2002.
The "consent SAR" mechanism under POCA 2002 allows a business to seek a defence against money laundering by submitting a SAR and waiting for the NCA';s response before proceeding with a transaction. The NCA has seven working days to refuse consent; if it does not respond within that period, the business may proceed. This mechanism is practically important for crypto businesses that identify suspicious activity mid-transaction.
Travel rule compliance
The UK implemented the Financial Action Task Force (FATF) Travel Rule through amendments to the MLRs 2017, effective from September 2023. Under the Travel Rule, cryptoasset businesses must collect and transmit originator and beneficiary information for cryptoasset transfers above GBP 1,000. This obligation applies to transfers between registered cryptoasset businesses and to transfers to unhosted wallets in certain circumstances.
Travel Rule compliance requires technical integration with counterparty virtual asset service providers (VASPs) and a process for handling transfers where the counterparty is not Travel Rule-compliant. Many underappreciate the operational complexity of Travel Rule compliance, particularly for businesses that process high volumes of transfers to and from unhosted wallets.
---
Beyond regulatory registration, crypto and blockchain companies in the UK face a set of practical operational challenges that can materially affect the viability of the business.
Banking access
Access to UK banking is one of the most significant practical challenges for registered crypto businesses. UK banks apply enhanced due diligence to crypto businesses under their own AML frameworks, and many decline to open accounts for crypto companies or close existing accounts after the company';s business model becomes apparent. The FCA has acknowledged this issue and has engaged with the banking sector, but the problem persists.
In practice, it is important to consider opening banking relationships before FCA registration is complete, using the registration application as evidence of regulatory engagement. Some UK challenger banks and electronic money institutions (EMIs) are more willing to serve crypto businesses than traditional banks. An EMI account under the EMRs 2011 provides payment services but does not offer the same protections as a bank account - notably, EMI client funds are safeguarded but not covered by the Financial Services Compensation Scheme (FSCS).
Directors'; duties and liability
Directors of a UK crypto company owe duties under the Companies Act 2006, including the duty to act within powers (Section 171), the duty to promote the success of the company (Section 172), and the duty to exercise reasonable care, skill and diligence (Section 174). In the context of a regulated crypto business, these duties interact with the personal obligations of senior managers under the SM&CR.
A director who approves a financial promotion that has not been properly approved under Section 21 of FSMA 2000, or who fails to implement adequate AML controls, may face personal liability under both the Companies Act 2006 and the MLRs 2017. The FCA has the power to impose financial penalties on individuals, not just firms.
Intellectual property considerations
Blockchain protocols, smart contracts, and cryptographic algorithms may be protected as software under the Copyright, Designs and Patents Act 1988 (CDPA 1988). However, the UK does not currently permit patents for software as such under the Patents Act 1977, and the patentability of blockchain-related inventions depends on whether the invention makes a "technical contribution" beyond the software itself. Founders should document their development process carefully and consider whether trade secret protection under the Trade Secrets (Enforcement, etc.) Regulations 2018 is more appropriate than patent protection for core algorithmic innovations.
Tax structuring
HM Revenue and Customs (HMRC) treats cryptoassets as property for tax purposes, as set out in HMRC';s Cryptoassets Manual. Corporation tax applies to trading profits and chargeable gains of UK companies. The tax treatment of token issuances, staking rewards, and DeFi transactions is complex and evolving - HMRC has issued guidance on DeFi lending and staking, but significant uncertainty remains in areas such as the tax treatment of liquidity provision and yield farming.
A common mistake is treating token issuances as non-taxable events on the basis that no fiat currency changes hands. HMRC';s position is that the receipt of cryptoassets in exchange for services, or as consideration for the issue of tokens, may give rise to income tax or corporation tax liability at the time of receipt, based on the market value of the cryptoassets received.
Scenario: international founder structuring a UK crypto exchange
Consider a founder based outside the UK who wishes to operate a cryptoasset exchange serving European and UK retail clients. The optimal structure typically involves a UK private limited company as the FCA-registered operating entity, with the founder holding shares through a holding company in a jurisdiction that offers a participation exemption on dividends. The UK operating company applies for FCA AML registration under the MLRs 2017. The financial promotions directed at UK clients are communicated by the UK registered entity. The founder must pass the FCA';s fit and proper assessment personally, regardless of where they are resident.
The cost of setting up this structure - including legal fees for company formation, FCA application preparation, AML policy drafting, and banking assistance - typically starts from the low tens of thousands of GBP, depending on the complexity of the business model and the number of jurisdictions involved.
Scenario: token issuer seeking to avoid the securities perimeter
A blockchain project wishes to issue tokens to fund protocol development. The founders want to avoid full FCA authorisation. The legal analysis must address: whether the tokens constitute specified investments under the RAO 2001; whether the issuance constitutes a collective investment scheme under Section 235 of FSMA 2000; and whether the financial promotions regime applies. If the tokens are structured as pure utility tokens with no economic rights and no secondary market trading is facilitated by the issuer, the project may fall outside the FSMA 2000 perimeter - but the financial promotions regime still applies from October 2023, requiring either FCA authorisation or approval by an FCA-authorised person before any promotion is communicated to UK persons.
Scenario: overseas crypto business acquiring a UK-registered firm
An overseas crypto group acquires a UK-registered cryptoasset business. The acquisition triggers a change of control notification requirement under Regulation 60 of the MLRs 2017. The FCA must be notified before the acquisition completes, and the FCA has the power to object to the acquisition if the acquirer does not satisfy the fit and proper requirements. Failure to notify is a criminal offence. The acquirer';s beneficial owners must each pass the FCA';s fit and proper assessment, which can add several months to the transaction timeline.
---
What is the most significant legal risk for a crypto business operating in the UK without FCA registration?
Operating as a cryptoasset exchange provider or custodian wallet provider without FCA registration under the MLRs 2017 is a criminal offence. The FCA can apply to court for an injunction to stop the business, and the directors and senior managers of the unregistered firm may be prosecuted personally. Beyond criminal liability, the FCA maintains a public warning list of unregistered firms, which effectively destroys the business';s reputation and banking relationships. The risk of inaction is immediate - there is no grace period once the business has commenced registrable activities.
How long does FCA AML registration take, and what does it cost?
The FCA';s statutory assessment period is three months from receipt of a complete application, but in practice the process has taken six to twelve months for many applicants due to the FCA';s detailed scrutiny of AML frameworks and the volume of applications. The FCA charges an application fee that varies by the size and type of the business. Legal fees for preparing a comprehensive FCA application - including the AML risk assessment, policies and procedures, and fit and proper submissions - typically start from the low tens of thousands of GBP. Submitting an incomplete or inadequate application does not pause the clock on the statutory period, but the FCA will issue information requests that effectively extend the process. A well-prepared application submitted with complete documentation is materially faster than an iterative process of responding to FCA queries.
When should a crypto business choose full FCA authorisation over AML registration?
AML registration under the MLRs 2017 is sufficient for businesses that only operate as cryptoasset exchange providers or custodian wallet providers and do not carry on regulated activities under FSMA 2000. Full FCA authorisation is required where the business model involves regulated activities - such as managing a cryptoasset fund, operating an MTF for security tokens, providing investment advice on security tokens, or dealing in security tokens as principal or agent. The strategic choice between the two tracks should be made at the business planning stage, not after the business model has been built. Restructuring a business model to avoid full authorisation after the fact is possible but costly and time-consuming. Where the business model is genuinely ambiguous, the FCA';s Innovation Hub offers a pre-application engagement process that can provide informal guidance on the regulatory perimeter.
---
Setting up and structuring a crypto and blockchain company in the United Kingdom is a multi-layered legal exercise that combines corporate law, financial regulation, AML compliance, tax planning, and intellectual property considerations. The UK';s regulatory framework is demanding but navigable for businesses that engage with it systematically from the outset. The most significant risks arise from underestimating the scope of the FCA';s perimeter, misclassifying tokens, and treating AML compliance as a one-time exercise rather than an ongoing operational obligation. Businesses that invest in proper legal structuring and regulatory engagement at the formation stage avoid the far greater costs of enforcement action, remediation, and reputational damage later.
To receive a checklist on FCA registration and compliance requirements for crypto and blockchain companies in the United Kingdom, send a request to info@vlolawfirm.com.
Our law firm VLO Law Firms has experience supporting clients in the United Kingdom on crypto and blockchain regulatory and corporate matters. We can assist with corporate structure selection, FCA AML registration applications, token classification analysis, financial promotions compliance, AML/CTF policy drafting, and ongoing regulatory support. To receive a consultation, contact: info@vlolawfirm.com.