Does your business deal in crypto? Priority cryptoasset registration applications deadline fast approaching

Share this post

The 30 June deadline for crypto asset applications to receive a priority review from the FCA is fast approaching.

As you may be aware, cryptoasset exchange providers and custodian wallet providers have been included in the AML supervisory regime by virtue of 5MLD. This inclusion was implemented in the UK by virtue of The Money Laundering and Terrorist Financing (amendments) Regulations 2019 which came into force on the 10 January this year.

Cryptoasset exchanges and custodian wallet providers are now therefore subject to the full range of AML obligations under the Money Laundering Regulations 2017 (MLRs), including customer due diligence, suspicious activity reporting, transaction monitoring obligations, etc.

Furthermore, the UK government has given the FCA powers to supervise and enforce the requirements laid out within the MLRs. As such, these firms must now register with the regulator.


The FCA gateway opened for businesses to submit applications for entry to the register on 10 January 2020. While new businesses must register prior to their launch, businesses that carried on cryptoasset activity before 10 January 2020 have a grace period until the 10 January 2021 to complete the registration process.

In order to facilitate this, the FCA provided a priority review system which would ensure that firms already providing cryptoasset services could meet the requirement of being registered by January 2021. In order to make use of this, firms must make an application prior to the 30 June. In the event firms were to miss this date, they would potentially be subject to the FCA’s case management queue. Due to the large number of firms registering this year (the FCA have estimated 150 firms), there is likely to be a large backlog and therefore firms submitting after 30 June run the risk that they will have to cease trading between the 10th January 2021 and the time at which they have been successfully registered.

With the 30 June deadline fast approaching, we take a look below at the application process and its requirements.

Application Process

The application process follows a similar format to applications for authorisation and as such firms will be expected to provide detailed documents and information pertaining to their operational structure, business plans, structural organisation, systems and controls as well as the governance and internal control mechanisms.

Firms should complete applications using the Connect system by starting a new application. Below we provide an overview of the various sections of the application.

  1. Programme of operations

While the programme of operations is less detailed than that of an e-money or payments application, it still requires a high-level outline of the relevant services the firm will offer, including those not related to cryptoassets. A high-level funds flow and details of the expected volume and value of the activities must also be provided.

  1. Cryptoasset supplement

A) Business Plan
Like other applications, the business plan is intended to provide an understanding of the ‘types’ of customers you want to attract. This will include the firm’s placement within the existing cryptoasset market, unique selling points, an outline of the marketing plan and distribution channels and an explanation of the main lines of income and expenses, the financial debts, and the capital assets. In addition, three years of financial forecasts with accompanying stress tests should be provided. These are intended to provide the FCA with a breakdown of the types of assets the firm deals with and how they intend to become and remain profitable even in the event of economic downturn or similar situation.

Corporate structure charts clearly showing ownership holdings and voting rights of all shareholders over 25% should also be provided, as well as a list of all cryptoasset public keys and addresses associated with the firm.

B) Governance arrangements and internal control mechanisms
In this section the FCA will want to see the firm’s assessment of the money laundering and terrorist financing risks associated with its business. This should include an overview of the risks associated with the applicant firm’s customer base, the services provided, transactions, the delivery channels used and the geographic areas of operation.

You must also include the identity of your MLRO and provide evidence that their anti-money laundering and counter-terrorism expertise is sufficient to enable them to fulfil this role. You must also demonstrate the procedures implemented to mitigate risks of breach under their obligations under the Money Laundering Regulations 2019. This should detail the policies and procedures the firm has to monitor fiat currency transactions and cryptoassets and an outline of the systems put in place to train staff and ensure that policies and training is constantly reviewed and kept up to date.

You must also include the anti-money laundering and counter terrorism manual for the firm’s staff.

C) Systems and controls

The FCA ask about the firm’s IT systems. This will include administrative systems, transaction analysis systems, AML tools and any other off the shelf products or platforms that form a part of your IT framework. Where the company uses bespoke internal IT systems, the FCA will want evidence of this in the form of the firm’s IT security policy.

D) Structural organisation
This section should include a detailed organisational chart, an overall forecast of the staff numbers for the next three years and a description of relevant operational outsourcing arrangements including a copy of all outsourcing agreements.

Key details on outsourcing providers are required, including their location and the functions they will perform on the firm’s behalf. 

  1. Individuals, Beneficial Owners and Close Links

Lastly firms are required to disclose the details of all individuals, beneficial owners and close links of the firm i.e parent or sister companies, subsidiaries or firms with shared ownership of over 20%.

Fit and Proper assessments

Applications for a fitness and propriety assessment for any person who is an officer, manager or a beneficial owner as per Regulation 58A of the MLRs must be submitted alongside the above application. While many of these individuals may have already been vetted by the FCA where the firm provides other regulated activities, it is important to ensure that this process has been replicated for cryptoasset supervision.

In making its assessment, the FCA will consider:

  • Convictions;
  • Failure to pay a penalties;
  • Information that would suggest the individual may fail to comply with the MLRs, Terrorism Act or POCA;
  • The risk of the business being used for money laundering or terrorist financing; and
  • The individual’s honesty and integrity, skills and experience, financial soundness


With 30 June deadline approaching fast, firms providing cryptoasset activity prior to 10 January have just over a week left to apply or run the risk of having to stop their cryptoasset activity after 10 January 2021. If you have any queries regarding the process or would like guidance in compiling your application, please do not hesitate to get in contact with me or one of my colleagues.

Get in touch with fscom today!

[1] Which amended regulation 8(2) of the Money Laundering Regulations 2017 to include cryptoasset exchange providers and custodian wallet providers.

This post contains a general summary of advice and is not a complete or definitive statement of the law. Specific advice should be obtained where appropriate.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?