Decrypting the UK Cryptoasset Landscape

by Jessica Cath, Head of Financial Crime at Thistle Initiatives

Share this post

As the crypto market continues to innovate and grow, governments and regulators around the world are struggling to keep pace. The constantly shifting policy and regulatory landscape is also challenging for crypto businesses to navigate—particularly for firms seeking to operate in the UK where cryptoasset rules remain in flux. On a recent Thistle Initiatives webinar, in conjunction with law firm Fox Williams, Thistle’s Head of Financial Crime Jessica Cath was joined by Fox Williams’ Financial Services Regulatory Partner Mardi MacGregor and Independent Compliance Consultant Lynn McConnell to discuss the latest regulatory developments impacting the UK crypto industry and how businesses can stay ahead of the curve.

The trio not only gives valuable insights on the crypto market, it is also a rare all-female crypto panel—a pertinent reminder on International Women’s Day of the female talent and expertise that is helping shape the crypto landscape and the broader UK fintech ecosystem.

Here are five key takeaways from the webinar.

  1. Balancing policy with regulation

Crypto businesses in the UK face an uncertain operating environment amid policy and regulatory changes. Government rhetoric has been very crypto-positive, while the Financial Conduct Authority (FCA) seems crypto-sceptic, says Mardi. “The two seem to be quite disjointed,” she says. “Until we see the detailed legislation come through from the government, the FCA is left to take a crypto-sceptic approach.” Part of that is down to the FCA having a strong mandate to protect consumers, with anti-money laundering (AML) policies at the centre of it, says Lynn. This gets to the very nub of the tension—the need to balance consumer protections with the commercial objective of encouraging innovation and making the UK an attractive jurisdiction for crypto operators. “It is tricky to get that balance right,” adds Jessica.

  1. Unravelling the UK’s regulatory framework

The regulatory backdrop in the UK is currently a patchwork of different regimes that may or may not apply depending on a firm’s crypto-related activities. Those span AML registration rules, new financial promotions restrictions and upcoming changes to the regulated activities regime that will bring certain cryptoassets under the FCA’s supervision says Mardi. For example, the financial promotions restrictions prevent unauthorised promotion of qualifying cryptoassets to UK consumers regardless if the company is based in the UK or abroad. To promote crypto legally, firms either need to be registered with the FCA under the money laundering regulations (and eligibility for this registration is not universal), authorised by the FCA (a challenge in the crypto context given there is not yet a crypto authorisation regime), the promotion needs to be approved by a third-party that is authorised, or an exemption must apply (but these exemptions are detailed and specific and not generally available when promoting products to consumers), Mardi adds.

  1. Understanding if your business is in scope for AML registration

Crypto firms can’t just proactively register with the FCA for AML purposes, they must be carrying on a specific type of business i.e. they must be either a crypto asset exchange provider or a custodian wallet provider, says Mardi. The definition of a crypto asset exchange provider, however, is wide ranging and will include firms that make arrangements with a view to the exchange of cryptoassets for money or money for cryptoassets – so exchanges and trading platforms where sellers and buyers can interact, as well as certain firms that arrange commercial partnerships. “Because the definition is so broad, there’s a lot of edge cases, so we always suggest companies get a formal legal opinion because it can be very complicated trying to figure out where you sit,” adds Jessica.

  1. Navigating the FCA’s AML registration process

Even if a firm is eligible, registering with the FCA is a rigorous and challenging undertaking, particularly for startups. “It’s a very complex, pretty intense process that you have to go through before you get approved,” says Jessica. That includes developing a strong regulatory business plan and documenting all policies, procedures and risk assessments, which is followed by extensive questioning from the FCA, who want to gauge the level of competency and commitment to AML compliance across the business. To do this, companies need to risk assess all existing products, as well as anything that is likely to be launched over the next six to nine months, so the presentation of the firm’s activities is complete, says Lynn. Those activities must be benchmarked against all money laundering regulations and also need to include risks such as proliferation financing, sanctions compliance and operational risk, she adds.

  1. Clearing the FCA’s high bar for AML registration

Securing FCA approval is not easy—only a small handful of businesses are typically approved every year—so getting the registration process right is critical. This means having a realistic and credible plan that shows the regulator there is a robust governance structure in place that will scale in tandem with the company’s growth, says Jessica. Firms also need to ensure they have suitable expertise for the interview process—hiring a junior MLRO (money laundering reporting officer) to save costs, for instance, is unlikely to help, says Jessica. The good news is that once approved, the FCA will support firms with extra supervision and coaching to help with regulatory reporting, says Lynn. But for firms to get to that point, they need to devote appropriate time and resources to get approved. “The FCA will still be deploying a very high bar when it comes to the registration process,” adds Jessica.

How can we help you?

To learn more about how Thistle Initiatives can help with your FCA registration process, get in touch with our Financial Crime team by sending an email to or download our UK Crypto Top Tips.

Thistle initiatives logo
Article by Thistle Initiatives

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?