The countdown begins: what cryptoasset firms must do now to secure FCA authorisation

The FCA application period runs from 30 September 2026 to 28 February 2027. Whether a firm is already authorised under FSMA or currently operating under the Money Laundering, Terrorist Financing, and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), it should start preparing now to submit a timely, good-quality application during that window.

From 11 May 2026, cryptoasset firms preparing for the new FSMA regime will be able to request a pre-application meeting with the FCA via its Pre-Application Support Service (PASS). Pre-application meetings are free of charge and give firms the opportunity to discuss their plans with the FCA and ask questions before submitting a formal application for authorisation or variation of existing permissions. The meetings themselves will take place from July 2026, with scheduling arranged as requests come in, meaning firms should submit their request promptly to secure an early slot.

The FCA expects firms to develop a clear and credible plan demonstrating that they have considered the new regime's requirements and their readiness to meet them. The implementation plan should be agreed at board level and set out who is accountable, what needs to change, how changes will be delivered, and when they will be completed.

Firms should carry out a gap analysis against expected FSMA requirements and identify where current arrangements need strengthening. Firms should also review the new cryptoasset regulated activities, determine the authorisation type required, and align the proposed scope of permissions with their business model and risk profile.

Firms should assess the resources and costs of preparation, authorisation, and ongoing compliance and, where appropriate, invest in legal, compliance or regulatory advice. This is particularly important for firms that may be underestimating the scale of change required to meet FSMA-standard expectations for the first time.

The FCA encourages firms to apply as soon as possible within the application period to avoid disruption to their business. Consequences of a late or poor-quality application include rejection for lacking minimum information, delays in assessment, refusal of authorisation, and – for existing cryptoasset firms – the inability to continue carrying on cryptoasset activities when the new regime comes into force.

Current systems and controls will help MLR-registered firms demonstrate compliance with FSMA, but firms should carefully assess what needs to change, including in market conduct, customer treatment, and senior leadership. The step up from MLR registration to full FSMA authorisation is significant and firms should not assume their existing frameworks will be sufficient without meaningful enhancement.

FSMA-authorised firms should consider how the new cryptoasset activities and requirements affect their current permissions, business model, governance, and systems and controls. This may require a variation of permission rather than a new standalone application, but the readiness and quality expectations are the same.

The FCA will continue to support firms through data requests to understand their business and how it is organised, direct engagement with registered firms to understand their preparations and help them understand FCA expectations, and targeted support such as the PASS to help firms understand the authorisation process. Firms should treat the opening of the PASS request window on 11 May 2026 as an immediate action point, and should not rely on FCA support as a substitute for early internal preparation.