Between now and 25 October 2027, every UK cryptoasset business faces a sequencing question: register under the Money Laundering Regulations, apply for FSMA authorisation, or both. The answer depends on launch timing, business model and the FCA’s transitional arrangements. This guide works through the decision — and the people implications that follow from each route.
The UK cryptoasset sector is living through an unusual regulatory moment: two gateways, run by the same regulator, operating in parallel. The existing gateway — registration under the Money Laundering Regulations 2017 — remains a legal requirement for firms providing in-scope cryptoasset services before the new regime starts. The incoming gateway — authorisation under the Financial Services and Markets Act — opens for applications on 30 September 2026, with the regime expected to go live on 25 October 2027. Between those dates, firms must navigate both, and the FCA has published specific guidance on how the two interact.
Get the sequencing right and a firm launches on time, spends one application fee where it might have spent two, and arrives at the regime start with authorisation in hand. Get it wrong and a firm can find itself mid-registration when the rules change under it, paying for an application with a shelf life measured in months, or — the worst case — unable to trade lawfully when the new regime begins. This guide sets out the framework for the decision, drawing on the FCA’s published position, and then turns to the dimension we advise on daily: the hiring sequence each route demands.
The two regimes side by side
Our broader guide to FCA authorisation versus registration covers the general distinction across financial services; here is how it applies specifically to cryptoassets.
MLR registration: the current requirement
Since 10 January 2020, the FCA has been the AML/CTF supervisor of UK cryptoasset businesses under the MLRs. Firms providing in-scope services — cryptoasset exchange and custodian wallet provision, defined under Regulation 14A — must register before trading. The FCA’s guidance on who needs to register covers scope, including the financial promotions dimension: cryptoasset businesses wishing to market to UK customers generally need MLR registration unless their promotions are approved by an authorised person or fall within an exemption.
Registration assesses the firm’s financial crime framework: the business-wide risk assessment, policies and controls, customer due diligence arrangements, and the fitness and propriety of the MLRO appointed under Regulation 21(3). The FCA’s determination deadline is three months from receiving a complete application, though requests for further information reset the clock in practice. Registered firms face no SMCR obligations, no regulatory minimum capital requirement (though the FCA expects adequate financial resources), and a lighter ongoing supervisory touch than authorised firms.
FSMA authorisation: the incoming requirement
Under the new regime, firms carrying out regulated cryptoasset activities need authorisation under FSMA — the full financial services gateway, testing threshold conditions across governance, resources, suitability and business model. Authorised firms come within SMCR (approved senior managers holding SMF functions), the prudential regime for cryptoasset firms finalised on 30 June 2026 (the COREPRU and CRYPTOPRU sourcebooks, setting own-funds and liquidity requirements), FCA Handbook conduct standards, and full supervision. The requirement applies to firms already registered under the MLRs: registration does not carry over, and — as the FCA states plainly — being registered under the MLRs does not guarantee authorisation under FSMA. Our complete guide to cryptoasset FSMA authorisation covers the new regime in depth.
The FCA’s transitional guidance: the rules of the road
The FCA’s published position on registration under the MLRs ahead of the new FSMA regime contains the operative rules every firm should internalise:
Registration remains mandatory until the regime starts. Firms providing in-scope cryptoasset services in the UK must register before trading, and must continue to comply with the registration requirement until the FSMA regime begins. There is no option to skip registration and simply wait for authorisation while trading.
New firms may still apply for registration — with a health warning. The FCA recognises that some new cryptoasset firms will want to start trading before the new regime begins and may seek MLR registration beforehand. Firms may apply at any time before the regime starts — but the FCA advises they should only do so if confident they can be registered early enough for it to be worthwhile before the new regime renders registration obsolete.
After 30 September 2026, the applications can be combined. Where a firm can make a case for applying for registration after the FSMA gateway opens, the FCA will accept the information contained in the firm’s FSMA authorisation application as information relevant to its MLR registration application — subject to the firm confirming it wants this treated that way. The firm pays a single application fee, set at the higher of the MLR registration fee and the FSMA authorisation fee.
The two applications remain legally distinct. An MLR registration form cannot be treated as a FSMA authorisation application. Refusal of one does not determine the other: a firm refused MLR registration could still later be authorised under FSMA if it subsequently meets the required standards.
Four scenarios, four answers
The right sequencing depends on where a firm sits today. Four common scenarios cover most of the market.
Scenario 1: already registered under the MLRs
The path is clear: continue complying with the registration regime, and prepare a FSMA authorisation application for submission as early as practicable after 30 September 2026. Registered firms carry real advantages into authorisation — a supervisory track record, an assessed MLRO, an operating financial crime framework — but should not mistake those for a head start on the parts of the application the MLR gateway never tested: governance, prudential resources, the regulatory business plan, and SMF-ready senior managers. The preparation gap for most registered firms is precisely in those areas, and the hiring lead times for SMF16/17-calibre candidates (typically three to six months including notice) mean recruitment should begin well before drafting does.
Scenario 2: new entrant intending to launch before late 2027
This firm needs MLR registration to trade lawfully — there is no alternative route to market before the regime starts. The FCA’s three-month determination deadline is a floor, not a forecast; realistic planning allows six months or more from submission to registration, and the FCA’s own health warning about late applications applies. A firm submitting a registration application in early 2027 is betting the registration arrives in time to be worth having. For firms whose launch can wait, the combined-application route after 30 September 2026 becomes attractive: one preparation exercise, one fee, and an authorisation that outlives the transition.
Scenario 3: new entrant able to launch after the regime starts
Skip registration entirely and target FSMA authorisation from the outset. The preparation is heavier, but it is spent on the regime that will actually govern the firm. The key planning variable is FCA processing time after the gateway opens: an entire sector applying at once will stretch determination timelines, so early, complete submissions win. The hiring sequence for this route front-loads the compliance leadership — the FCA will expect the MLRO (and under FSMA, the SMF16/17 candidates) to have shaped the application, a point covered fully in our crypto MLRO guide.
Scenario 4: overseas firm serving UK customers
The territorial questions are the hardest in the transition. The current regime captures firms carrying on cryptoasset business in the UK, with the FCA weighing factors including UK office presence and the nature of activity carried on here; the financial promotions regime separately restricts marketing to UK customers. The FSMA regime continues and in some respects extends the territorial reach, particularly for firms dealing with UK retail customers. Overseas firms should take the FCA’s known scrutiny of non-UK-based MLROs as a signal of the broader expectation: a genuine UK presence, with UK-based senior management, is the safe planning assumption for any firm that wants UK customers under the new regime. Independent legal advice on perimeter questions is worth its cost here; the FCA itself advises firms unsure of their registration obligation to seek it.
The cost dimension
The direct fees are the smallest part of the calculation, but the structure matters. MLR registration carries a one-off application fee (banded by cryptoasset income) plus annual periodic fees. FSMA authorisation carries its own application fee plus ongoing fees under the FCA’s fee blocks. The combined-application route after 30 September 2026 collapses the two application fees into one — the higher of the two — which for most firms represents a genuine saving on the double-application alternative.
The indirect costs dominate. Each application consumes senior management time measured in months; professional adviser fees for a well-supported FSMA application commonly reach six figures; and the people costs — the compliance officer, MLRO and finance leadership the application requires — run through both routes. A firm that registers in early 2027 and then applies for authorisation months later pays much of the preparation cost twice. That, more than the fee arithmetic, is the argument for the combined route wherever launch timing allows it.
The hiring sequence each route demands
Whichever scenario applies, the applications are carried by people, and the FCA’s expectations set the hiring order.
The MLRO comes first on every route. Registration requires an appointed MLRO before application, with the FCA expecting deep involvement in preparation and continuity through determination. Authorisation converts the role to SMF17 with individual approval. Firms running the combined route get particular value from an MLRO who has been through the FCA process before — the individual is assessed once but carries the firm through both regimes. Fractional appointments suit pre-launch firms; see our fractional MLRO service.
Compliance oversight follows immediately for FSMA-bound firms. The SMF16 candidate — often combined with SMF17 at smaller firms — owns the regulatory business plan and the policy suite. For firms targeting the first application window, this hire needs to be in progress now: our guide to SMF16 and SMF17 for cryptoasset firms covers the combined-versus-split decision.
Finance leadership joins for the prudential build. The FSMA application’s financial projections, capital plan and adequate-resources case sit with the CFO or FD — a regulated-firm finance skillset covered in our crypto CFO regulatory guide. Interim engagement for the application period, converting to permanent after grant, is the established pattern; see interim CFOs for tech and crypto.
A worked timeline: the registered firm targeting the first window
Abstract guidance lands better as a calendar, so here is the planning shape we are walking registered firms through in mid-2026, working backwards from an autumn 2026 submission.
July–August 2026: mobilise. Gap assessment against the threshold conditions — governance, prudential position, business plan, senior team — honestly scored. Board sign-off on the authorisation budget and the hiring plan. Searches launched for any missing SMF16/17 and finance leadership; with three-to-six-month hiring timelines, this is the last realistic start point for candidates to be in post and shaping the application before submission.
September–November 2026: build. Gateway opens 30 September. Regulatory business plan drafted by the compliance lead; financial projections, capital plan and wind-down costing built by the finance lead; perimeter analysis mapping every activity to the new permissions; policies uplifted from registration-standard to authorisation-standard. Firms whose hires landed in the summer draft in parallel; firms still hiring draft nothing that will survive.
December 2026–Q1 2027: submit and respond. Application filed via Connect with SMF candidates named. The requisition cycle begins — case officer questions, information requests, possible interviews. Response speed and quality here move determination dates by months.
Through 2027: determination and transition. Authorisation granted, SMCR machinery switched on (certification population mapped, conduct rules training delivered, Statements of Responsibilities finalised), and the firm crosses the 25 October 2027 regime start already authorised — the whole point of the exercise.
The striking feature of this calendar is how little of it is legal drafting and how much of it is people: the two long-lead items are hires and the FCA’s own queue, and only the first is within the firm’s control.
Common sequencing mistakes
Five patterns recur in firms that get the transition wrong, all avoidable. First, treating registration as a head start on authorisation — it is a head start on the financial crime chapter and nothing else, and firms that discover the governance and prudential gap after the gateway opens have donated their queue position to competitors. Second, hiring after drafting: commissioning consultants to write the application and recruiting the SMF holders afterwards, in defiance of the FCA’s stated expectation that the accountable individuals shape the submission. Third, the late registration gamble — filing an MLR registration in 2027 for a regime with months to live, paying full preparation cost for a wasting asset instead of taking the combined-application route. Fourth, ignoring notice periods: the strongest SMF candidates are employed at regulated firms with three-to-six-month notice, and a hiring plan that assumes immediate starts is a fiction. Fifth, missing the savings-provision window — the FCA’s final rules let firms already operating keep trading while assessed only if they apply between 30 September 2026 and 28 February 2027; a firm that drifts past that deadline loses the transitional protection and may have to stop trading until authorised.
The decision, distilled: seven questions
For boards working through the sequencing choice, seven questions resolve most cases. First, when do we need to be trading? Before late 2027 forces the registration route; after it makes authorisation-only viable. Second, how confident are we in a registration being granted quickly enough to be worth its cost — honestly scored against the FCA’s own health warning about late applications? Third, does our business model survive contact with the new permissions map, or does the perimeter analysis change what we are actually building? Fourth, do we have — or have we started hiring — an MLRO and compliance lead who can carry both gateways, given that the FCA assesses the individuals as much as the firm? Fifth, what does the prudential regime imply for our capital position, and does a funding round belong in the authorisation plan? Sixth, if we are an overseas group, are we genuinely prepared to build a UK-managed entity, because the alternative is a recognised application weakness? Seventh, if our application were still pending at regime start, could the business survive a trading pause — and if not, how early must we file to make that scenario remote?
Firms that can answer all seven have a sequencing strategy. Firms that cannot have identified their preparation gaps — and most of those gaps, in our experience, close through hiring rather than drafting: the right MLRO answers question four, the right CFO answers questions five and seven, and the pair of them turn the remaining questions from board anxieties into workplans. The transition rewards firms that treat it as a people problem with a legal dimension, not the reverse.
Frequently asked questions
We are MLR-registered. Do we need to do anything before 30 September 2026?
Legally, no — your obligation is continued compliance with the registration regime. Practically, yes: authorisation preparation (governance, senior manager hiring, business plan, prudential planning) takes six to twelve months to do well, and the FCA expects the individuals who will hold SMF functions to shape the application. Starting preparation at the gateway opening is starting late.
If our MLR registration application is refused, can we still apply for FSMA authorisation?
Yes. The FCA has confirmed the applications are independent: refusal of registration does not bar a later successful authorisation if the firm meets the required standards by then. In practice, a refusal identifies the deficiencies — most commonly the financial crime framework or the MLRO assessment — that the firm must fix before either gateway will open to it.
Can we trade while our FSMA authorisation application is pending?
Before the regime starts, only if MLR-registered (or out of scope). Beyond that, the FCA’s final rules provide savings and transitional provisions: a firm already operating that applies within the window (30 September 2026 to 28 February 2027) may continue specified activities until its application is determined. A firm that applies after the window closes cannot rely on these provisions and may need to cease relevant activities until authorised — so the practical protection is applying early within the window.
Does the combined application really save money?
On fees, yes — one fee at the higher of the two rates rather than two fees. The larger saving is preparation effort: one coherent application exercise, one set of adviser costs, and one hiring sequence rather than two overlapping ones. The route does require confirming to the FCA that you want your FSMA application information treated as relevant to the registration, so raise it explicitly with your case officer rather than assuming it applies automatically.
We are a stablecoin issuer — does this analysis apply to us?
Partially. Qualifying stablecoin issuance has its own regime with distinctive requirements around backing assets, redemption and — at systemic scale — Bank of England oversight, informed by the FCA’s stablecoin sandbox. The registration-to-authorisation logic is similar but the substance differs; see our dedicated stablecoin issuer compliance guide.
Related guides and services
- Cryptoasset Compliance Recruitment
- Cryptoasset FSMA Authorisation: The Complete Guide
- The Crypto MLRO: Regulation 21 and FCA Expectations
- FCA Authorisation vs Registration: What Is the Difference
- Compliance Recruitment
- Recruitment for FCA-Regulated Firms
External resources
- FCA — Registration under the MLRs ahead of the new FSMA regime
- FCA — Cryptoassets: who needs to register
- FCA — Cryptoassets: how to apply for registration
- Money Laundering Regulations 2017
- Financial Services and Markets Act 2023
- HM Treasury
About the Author
Adrian Lawrence FCA is the founder of FD Capital Recruitment and a Fellow of the Institute of Chartered Accountants in England and Wales (ICAEW member record). Adrian holds a BSc from Queen Mary College, University of London and an ICAEW practising certificate in his own name.
“The registration-to-authorisation transition catches firms out through hiring lead times more than legal complexity. The FCA expects the MLRO and compliance leadership to build the application they will defend — and those candidates take three to six months to land. Firms sequencing hires against the September 2026 gateway now are the ones who will be authorised when the regime starts.” FD Capital places compliance officers, MLROs and CFOs for firms navigating FCA registration and authorisation. FD Capital Recruitment Ltd (Companies House no. 13329383) is associated with Adrian’s ICAEW registered practice.
Planning your route through the transition? Call FD Capital on 020 3287 9501 or email recruitment@fdcapital.co.uk to map your hiring sequence against the 30 September 2026 gateway.




