If you're running a crypto business in the UK, you’re not just selling digital assets-you’re operating under one of the strictest anti-money laundering (AML) regimes in the world. The rules aren’t suggestions. They’re legal requirements enforced by the Financial Conduct Authority (FCA), and failing to follow them can mean fines, shutdowns, or criminal charges. As of 2026, the landscape has changed again. The old registration system is fading. A new licensing regime is taking over. And if you haven’t adjusted yet, you’re already behind.
Who Needs to Comply?
You don’t need to be a giant exchange to fall under UK AML rules. If your business handles cryptoasset exchanges or custodial wallet services, you’re covered. That means if you let customers trade Bitcoin for Ethereum, or you hold their private keys-even temporarily-you must register with the FCA. Payment service providers that convert crypto to fiat also count. But if you’re just running a personal wallet or a non-custodial DeFi app with no on-ramp/off-ramp, you’re likely outside the scope. The FCA’s 2025 register listed only 147 active firms, down from 184 in early 2024. That drop isn’t because the market shrank. It’s because 20% of firms couldn’t meet the bar.
The Core Rules: What You Can’t Skip
There are five non-negotiable pillars in the UK’s AML framework for crypto:
- Customer Due Diligence (CDD): You must verify every customer’s identity using at least two independent, reliable sources. That means government-issued ID plus a utility bill or bank statement. No selfies with IDs. No AI-only verification. The FCA rejected 62% of initial applications for weak CDD systems.
- Enhanced Due Diligence (EDD): If a customer is from a high-risk country (like Iran, North Korea, or Venezuela), or is a Politically Exposed Person (PEP), you need extra checks. The FCA says 37.8% more EDD is required for crypto than traditional finance-because crypto transactions are harder to trace.
- The Travel Rule: Any transaction over £1,000 must include originator and beneficiary details: full names, account numbers, and addresses. This applies whether you’re sending Bitcoin to another exchange or cashing out to a bank. The rule kicked in in 2022, but many firms still get it wrong. The FCA found 41% of firms couldn’t properly transmit this data in 2024.
- Ongoing Monitoring: You can’t just check a customer once and forget them. You need real-time transaction monitoring systems that flag unusual activity-like sudden large transfers, rapid cycling between wallets, or transactions with blacklisted addresses. False positives are common, averaging 28.7% compared to 12.3% in banks. But ignoring them is riskier.
- Record Keeping: Save everything. Customer IDs, transaction logs, risk assessments, training records. All for five years. The FCA doesn’t ask for them often-but when they do, you have 48 hours to produce them.
The New FSMA Regime: What’s Changing in 2026
The current system-based on the 2017 Money Laundering Regulations-is being replaced. Starting Q1 2026, the Financial Services and Markets Act (FSMA) 2000 Order will take full effect. This isn’t just an update. It’s a full overhaul.
- Dual registration ends: Under the old rules, firms had to register under both MLR and potentially other regimes. Now, FSMA becomes the single gateway. If you’re licensed under FSMA, you’re automatically compliant with AML rules.
- 10% control threshold: If any person or entity buys just 10% of your company’s shares or voting rights, you must notify the FCA. Previously, it was 25%. This change is designed to catch hidden owners-especially those trying to bypass sanctions.
- Counterparty Due Diligence (CPDD): You now need to verify not just your own customers, but the entities you transact with-even if they’re not your direct clients. If you send Bitcoin to an exchange in the US, you must check that exchange’s AML status. This is new, and it’s hard. Most firms haven’t built systems for it yet.
The FCA says the goal is to create a “cleaner, tougher” market. But the transition is messy. In Q1 2025, UK crypto venture capital investment dropped 17.3% year-over-year. Some firms are relocating to Singapore or Dubai. Others are shutting down.
Real Costs: What It Actually Costs to Comply
Let’s be clear: this isn’t cheap.
According to FCA data from March 2025, the average crypto firm spent £287,500 just to get registered. That includes legal fees, compliance software, staff training, and external consultants. Once approved, ongoing costs hit £142,300 per year. That’s not inflation-it’s the price of staying legal.
One firm on Reddit, ‘CryptoComplianceUK’, reported spending £500,000 and 14 months just to get approved. Another, ‘BlockchainComply’, said the process was brutal-but once they passed, their international clients trusted them more. That’s the trade-off: high upfront cost for long-term credibility.
Technical costs are the biggest surprise. Integrating blockchain analytics tools (like Chainalysis or Elliptic) with traditional KYC platforms can cost over £185,000 in customization alone. Real-time sanctions screening against 12+ global lists? That’s another £50,000+ per year in licensing fees.
Common Reasons Firms Get Rejected
The FCA doesn’t give vague rejections. They list exact failures. Here’s what most firms get wrong:
- Weak risk assessments (62.1% of failures): Many firms just copy-paste templates. The FCA wants customized, living documents that reflect your actual business model.
- No senior management oversight (48.7%): The CEO or CFO must be actively involved. You can’t outsource compliance to a junior staffer and call it done.
- Broken transaction monitoring (39.4%): Systems that flag every small transfer are useless. Systems that miss large, suspicious patterns are illegal.
- Advertising violations (63.2%): Saying “guaranteed returns” or hiding risk disclosures gets you flagged fast. The FCA has a 10-point checklist for crypto ads.
There’s no appeal process. If you fail, you reapply. And you pay again.
How the UK Compares to the Rest of the World
The UK isn’t the easiest place to launch a crypto business-but it’s one of the most respected.
| Region | Registration Success Rate | Travel Rule Threshold | Change in Control Threshold | Primary Regulator |
|---|---|---|---|---|
| United Kingdom | 12.7% | £1,000 | 10% | FCA |
| United States | Varies by state | $1,000 | 25% | FinCEN, SEC, CFTC |
| Singapore | 38.4% | S$1,000 | 20% | MAS |
| European Union | Not applicable (MiCA license) | €1,000 | 20% | National authorities |
The UK’s 10% control threshold is the strictest in the world. The EU and US use 20%. Singapore is more lenient and faster. But the UK’s advantage? Once you’re registered, you’re seen as credible globally. Banks in Europe and Asia are more willing to work with UK-licensed firms.
What Happens If You Don’t Comply?
Non-compliance isn’t a slap on the wrist. The FCA can:
- Issue unlimited fines
- Shut down your website and payment processors
- Block your directors from running any financial business in the UK
- Refer you to the National Crime Agency for criminal investigation
In 2024, the FCA took action against 19 unregistered crypto firms. One was fined £2.1 million for allowing unverified users to trade over £180 million in crypto. Another had its directors banned for life.
And it’s not just the FCA. HMRC tracks crypto taxes. OFSI watches for sanctions breaches. If you’re sending crypto to a sanctioned Russian entity-even unknowingly-you’re at risk.
What Should You Do Right Now?
If you’re already registered: review your systems. Are you ready for the 10% control rule? Can your software handle CPDD? Schedule a gap analysis with your compliance team before March 2026.
If you’re applying: don’t rush. The average processing time is 9.2 months. Start early. Hire a specialist. Use the FCA’s guidance documents-not third-party blogs. The FCA publishes all their expectations online. Read them. Then read them again.
If you’re thinking of starting a crypto business in the UK: ask yourself if you can afford the £300k+ upfront cost and the 6-9 month wait. There are easier places to launch. But if you’re serious about long-term growth, the UK’s reputation is worth the pain.
The UK isn’t trying to kill crypto. It’s trying to clean it up. The firms that survive this transition won’t be the flashiest. They’ll be the most careful. The most transparent. The ones who treat compliance not as a cost-but as a competitive advantage.
Do I need to register with the FCA if I run a crypto exchange in the UK?
Yes. Any business that exchanges crypto for fiat or other crypto, or holds customer funds (custodial wallets), must register with the FCA under the AML rules. This applies even if you’re a small startup. The only exceptions are non-custodial DeFi platforms with no on-ramp/off-ramp. If you’re unsure, consult the FCA’s official guidance on cryptoasset activities.
What is the Travel Rule and how does it affect my crypto business?
The Travel Rule requires you to collect and share the names, account numbers, and addresses of both the sender and receiver for any crypto transaction over £1,000. This applies to transfers between your customers and other crypto firms. You need systems that automatically capture and transmit this data. Most firms fail this requirement because their software can’t handle it. The rule has been active since 2022 and is strictly enforced.
How long does FCA registration take in 2026?
As of 2025, the average processing time is 9.2 months. Some firms get approved in 6 months. Others take over a year. The FCA doesn’t rush. They review every document. To speed things up, hire a compliance consultant with proven FCA experience. Submit a complete application the first time-revisions delay everything.
What happens if my crypto business fails FCA registration?
If you fail, you can reapply-but you’ll need to fix the exact issues the FCA identified. Common reasons include weak risk assessments, poor customer verification, or lack of senior oversight. You can’t operate legally while waiting to reapply. Continuing to trade without registration is a criminal offense and can lead to fines or prosecution.
Is the UK’s AML regime stricter than the EU’s?
Yes, in key areas. The UK’s 10% threshold for change in control is stricter than the EU’s 20%. The UK also requires counterparty due diligence on all external partners, while the EU’s MiCA framework focuses more on licensing than ongoing monitoring. The UK’s approach is more granular and reactive. The EU’s is broader but less detailed. Both are tough-but the UK has a higher failure rate for new applicants.
Can I use AI tools to automate AML compliance in the UK?
You can use AI for screening and monitoring, but not as your only system. The FCA requires human oversight at every stage. AI can flag transactions, but a qualified compliance officer must review and document each decision. Relying solely on AI has led to multiple rejections. The regulator wants transparency-not automation.
Do I need to train my staff on AML rules every year?
Yes. The FCA requires at least 35 hours of AML training per compliance staff member annually. This includes updates on new regulations, red flags, and internal procedures. Training records must be kept for five years. Many firms use specialized platforms like Know Your Customer (KYC) Academy or Compliancely to manage this. Skipping training is a top reason for registration failure.
Rod Petrik
January 18, 2026 AT 09:19They're using AML to kill crypto one compliance form at a time lol
Next they'll make you file a tax return for every satoshi you move
Who the hell thought this was a good idea
We're not banks we're pioneers
They don't want freedom they want control
Sarah Baker
January 18, 2026 AT 17:54Okay but imagine if you actually did this right
Imagine a crypto world where you didn't have to worry about scams or rug pulls because everyone was verified
Yeah it's expensive
But think of the trust you build
It's not just compliance-it's credibility
You're not just surviving
You're setting the standard
And that's worth every penny
Liza Tait-Bailey
January 20, 2026 AT 06:25so like... you're telling me i gotta pay 300k just to let people buy dogecoin?
bruh i just wanted to make memes and trade
why does everything have to be so serious now
the vibe is gone
nathan yeung
January 22, 2026 AT 02:11India is going the same way but slower
Here we still have crypto ATMs and no one asks for your utility bill
But i get it
UK wants to be the Switzerland of crypto
Not the wild west
Even if it costs more
Bharat Kunduri
January 23, 2026 AT 22:22147 firms left outta 184
thats a 20% drop
so basically 1 in 5 people got kicked out
and they wonder why no one wants to start a crypto biz here
its not the tech
its the bureaucracy
fuck this
Bill Sloan
January 25, 2026 AT 02:54Wait wait wait
you mean you can actually build something legit here?
Not just pump and dump?
That’s wild
I thought the UK hated crypto
Turns out they just hate criminals
And honestly
That’s kind of cool
Let’s make this work
Who’s with me?
:D
Callan Burdett
January 26, 2026 AT 16:03Look i get the need for rules
But £287k just to register?
That’s more than most startups make in their first year
And you’re telling me i need to verify not just my customers
but the exchanges they send money to?
That’s not compliance
That’s a full-time job for a team of 10
And i’m just a small dev with a laptop
Anthony Ventresque
January 27, 2026 AT 10:25Is anyone else noticing how the FCA is basically forcing crypto to become banking?
Like… if you have to do all this KYC and travel rule nonsense
Why not just use a bank?
What’s the point of crypto if it’s just fiat with extra steps?
Are we building decentralized finance
or just a new version of Chase?
Katherine Melgarejo
January 28, 2026 AT 04:49so the UK wants clean crypto
but they charge more than a Tesla to get in?
and then act shocked when people leave for Dubai?
bruh
you can’t tax the dream and then wonder why no one shows up
also
who approved the 10% ownership rule?
somebody’s got a spreadsheet with ‘control freak’ written on it
Alexis Dummar
January 29, 2026 AT 00:30There’s a deeper question here
Is compliance the price of legitimacy
or the death of innovation?
Because if you make every startup spend half a million to prove they’re not laundering money
you’re not filtering out bad actors
you’re filtering out everyone who isn’t already rich
And that’s not regulation
That’s gatekeeping
And the gatekeepers aren’t the FCA
they’re the venture capitalists who can afford it
Deb Svanefelt
January 30, 2026 AT 02:10I’ve seen this play out before.
When banks were first forced to adopt KYC after 9/11, everyone screamed it was impossible.
Then, five years later, it became standard.
And guess what? The industry didn’t die.
It got stronger.
Because customers trusted it more.
Compliance isn’t the enemy.
Complacency is.
And if your business can’t survive this,
maybe it shouldn’t have survived at all.
Telleen Anderson-Lozano
January 31, 2026 AT 12:50Wait, let me get this straight: you’re telling me that if someone buys 10% of my company-even if they’re just a passive investor-I have to notify the FCA? And if I don’t, I’m in trouble? And I have to monitor every counterparty I transact with-even if they’re not my customer? And I have to keep everything for five years? And I have to train my staff 35 hours a year? And I can’t use AI without human oversight? And I can’t say ‘guaranteed returns’? And I can’t use a selfie for ID? And I have to spend over £500,000 to even apply? And if I fail, I pay again? And there’s no appeal? And if I do all this… I still might not get approved? And if I don’t do it? I go to jail? Are you serious? Are you kidding me? This is not a business environment. This is a horror show.
Dustin Secrest
February 1, 2026 AT 19:27It’s funny how we call this ‘cleaning up’ crypto
But what it really feels like
is the establishment reclaiming control
They didn’t want decentralized finance
They wanted regulated finance
with a blockchain sticker on it
And now we’re just the last holdouts
trying to keep the soul alive
while they turn it into a spreadsheet
Josh V
February 3, 2026 AT 04:29Just move to Singapore
They don't care how you do it
As long as you pay taxes
And don't rob people
That's it
Done
UK can keep their paperwork
I'll take my freedom
Stephen Gaskell
February 3, 2026 AT 17:30UK thinks it's better than everyone
But the truth?
They're just scared
Scared of losing control
Scared of being irrelevant
So they smother innovation with rules
And call it leadership
Pathetic
CHISOM UCHE
February 5, 2026 AT 13:20Counterparty Due Diligence (CPDD) is the real game-changer
It’s not just about your users
It’s about the entire value chain
Now you’re accountable for the AML posture of every exchange, custodian, and DeFi protocol you interact with
That’s systemic risk mapping
Not just compliance
This is the first time a regulator has demanded network-level accountability
It’s revolutionary
And terrifying
But necessary
Ashlea Zirk
February 7, 2026 AT 06:04While the costs are substantial, the FCA’s approach reflects a mature understanding of systemic risk. The 10% control threshold, for example, is a direct response to the increasing use of shell entities and nominee shareholders to circumvent sanctions. The requirement for counterparty due diligence is not burdensome-it is anticipatory. Institutions that treat this as an operational challenge rather than a regulatory burden will emerge as the most resilient. The market will reward those who prioritize integrity over expediency. This is not a restriction; it is a filtration mechanism.
Shaun Beckford
February 9, 2026 AT 00:04Let’s be real
UK is turning crypto into a corporate HR seminar
‘Please fill out form 7B in triplicate, sign with your left pinky, and recite the FCA mission statement while holding a USB drive containing your birth certificate’
Meanwhile, in Dubai, they’re handing out golden visas and free coffee
And you’re telling me the UK is the ‘respected’ one?
Respected? More like the guy who shows up to a rave with a clipboard
Chris Evans
February 10, 2026 AT 19:48The Travel Rule isn’t about money laundering
It’s about surveillance
Every transaction over £1,000 now carries metadata that can be traced back to your identity
That’s not compliance
That’s the end of financial privacy
And if you think this stops at crypto
you’re not paying attention
Next it’ll be bank transfers
Then credit cards
Then your grocery card
They’re building the architecture of total control
And we’re the ones signing the forms
Pat G
February 10, 2026 AT 21:32Oh wow
They’re finally doing something right
For once
Not all crypto is trash
And the UK is the only one with the guts to say it
Let the scammers flee
Let the fraudsters pack up
And let the real builders stay
And build something that lasts
Not just a meme
But a legacy
Alexandra Heller
February 12, 2026 AT 09:10It’s not about the money
It’s about the principle
People think they’re being oppressed
But they’re not
They’re being protected
From themselves
From greed
From the illusion that you can be anonymous and still play in the global financial system
And if you can’t accept that
Then maybe you never belonged here in the first place
myrna stovel
February 12, 2026 AT 23:35Hey, if you're feeling overwhelmed
you're not alone
Everyone here is trying to figure this out
And honestly?
It's okay to ask for help
There are communities, forums, consultants
Even the FCA has webinars
Don't shut down
Don't run
Just breathe
And take one step at a time
You've got this
Hannah Campbell
February 13, 2026 AT 23:57So let me get this straight
you spent £500,000 and 14 months to get approved
and now you're proud?
congrats
you just became a corporate bureaucrat with a crypto logo
what a victory
the revolution is dead
and we buried it in a compliance report
Bryan Muñoz
February 14, 2026 AT 06:31They're not regulating crypto
they're erasing it
Every rule is a brick in the wall
Every form is a lock
Every audit is a surveillance camera
They don't want you to succeed
They want you to disappear
And when you're gone
they'll sell the blockchain to the banks
and call it innovation
:)
Pramod Sharma
February 15, 2026 AT 02:24UK is slow but solid
India will follow
But the real winners?
Those who build compliance into their DNA from day one
Not as a cost
As a feature
Because trust is the only currency that lasts