VASP Registration in the United Kingdom: What Crypto Businesses Must Do Now

alt Dec, 4 2025

VASP Registration Compliance Checklist

This checklist helps you verify if your crypto business meets all FCA VASP registration requirements. Based on the latest UK regulations effective since September 1, 2023.

Compliance Status

0/9 requirements completed
KYC Verification System

You must verify every customer's identity with government-issued ID, proof of address, and ongoing monitoring. No exceptions. No shortcuts.

AML Monitoring System

Your platform must flag unusual transactions like sudden large transfers, rapid deposits/withdrawals, or activity from high-risk countries. These get reported to the National Crime Agency.

Travel Rule Compliance

Every crypto transfer over £1,000 must include sender and receiver full name, address, and account number. Must collect and record info even for unhosted wallets.

Financial Strength

You need to show sufficient capital to cover losses. Firms with under £100,000 in liquid assets have been turned down.

Cybersecurity Measures

Systems must be audited for vulnerabilities. Two-factor authentication, encrypted data storage, and regular penetration testing are mandatory.

Asset Segregation

Client crypto and fiat funds must be kept separate from company money. No mixing. No using customer funds to pay rent.

Corporate Documentation

Articles of incorporation, shareholder details, ownership structure, business plan, and AML policies must be submitted.

Senior Management Compliance

All senior managers must pass a Fit and Proper Test. FCA checks past bankruptcies, regulatory bans, criminal records, or associations with shady projects.

UK Presence

You need a physical UK presence with local staff, a UK bank account, and physical address. Companies claiming UK presence without real presence get rejected immediately.

Compliance Summary

Eligibility for UK VASP Registration: Unknown
Required Requirements Met: 0/9
Estimated Registration Cost Range: £150,000+ (varies based on business size)
Next Steps: N/A

If you’re running a crypto business and want to reach customers in the UK, you must register with the Financial Conduct Authority (FCA). It’s not optional. It’s not a suggestion. Since September 1, 2023, any company advertising, selling, or offering crypto services to UK residents has to be registered - or risk being shut down, fined, or even prosecuted.

Who Needs to Register?

You don’t need to have an office in London to need a VASP registration. If you’re marketing crypto services to people in the UK - even just through a website in English, accepting GBP payments, or running ads on Google targeting UK postcodes - you’re considered to be doing business here. The FCA doesn’t care if your servers are in Estonia or your team works from Bali. If UK customers are using your service, you’re in scope.

The rule is simple: if you’re doing any of these, you need to register:

  • Operating a crypto exchange or trading platform accessible to UK users
  • Selling or distributing crypto tokens to UK residents
  • Running crypto ATMs located in the UK
  • Providing custodial wallet services to UK customers
  • Offering crypto-to-fiat conversion services
  • Marketing your crypto product through social media, Google Ads, or influencer campaigns aimed at the UK
The FCA has been clear: even if you think you’re just a foreign company with a few UK clients, if you’re actively promoting your service here, you’re required to register. And if you’re not registered? You can’t legally operate in the UK. Period.

What Does VASP Registration Actually Mean?

VASP stands for Virtual Asset Service Provider. It’s the official term the FCA uses for any business handling crypto assets - whether it’s trading, storing, or transferring them. But registration isn’t just a form you fill out and forget. It’s a full compliance overhaul.

To get approved, you need to prove you’ve built systems that match the standards of a bank. That means:

  • Know Your Customer (KYC): You must verify every customer’s identity with government-issued ID, proof of address, and ongoing monitoring. No exceptions. No shortcuts.
  • Anti-Money Laundering (AML) Monitoring: Your platform must flag unusual transactions - like sudden large transfers, rapid deposits and withdrawals, or activity from high-risk countries. These get reported to the National Crime Agency.
  • Travel Rule Compliance: Since September 2023, every crypto transfer over £1,000 must include the sender’s and receiver’s full name, address, and account number. If you’re sending to an unhosted wallet (like a personal MetaMask), you still have to collect and record that info - even if the other party doesn’t cooperate.
  • Financial Strength: You need to show you have enough capital to cover losses. The FCA doesn’t specify an exact number, but firms with under £100,000 in liquid assets have been turned down. They want to know you won’t vanish if the market crashes.
  • Cybersecurity: Your systems must be audited for vulnerabilities. Two-factor authentication, encrypted data storage, and regular penetration testing aren’t nice-to-haves - they’re mandatory.
  • Segregation of Assets: Client crypto and fiat funds must be kept separate from your company’s money. No mixing. No using customer funds to pay your rent.
This isn’t just paperwork. It’s a complete rebuild of how you run your business.

The Application Process: What They Ask For

You apply through the FCA’s online portal called Connect. It’s not user-friendly. It’s not fast. And it’s not forgiving.

You’ll need to submit:

  • Corporate documents: Articles of incorporation, shareholder details, ownership structure
  • Business plan: How you’ll operate, who your target customers are, how you’ll grow
  • AML and CTF policies: Written procedures for every step of customer verification and monitoring
  • Organizational chart: Showing roles, responsibilities, and reporting lines
  • Details of all senior managers: Their CVs, criminal background checks, and proof of experience
  • Proof of IT security: Audit reports, firewall configurations, data breach response plans
Every person in a senior role - even if they’re just a director - must pass a Fit and Proper Test. That means the FCA will check their past: any bankruptcies, regulatory bans, criminal records, or even associations with shady crypto projects. One bad link can sink your whole application.

The FCA doesn’t give you a timeline. Some applications get approved in 4 months. Others sit for over a year. Why? Because they’re looking for perfection. If your AML policy has a typo, or your cybersecurity report is vague, they’ll send it back. No warning. No second chance.

Remote founder surrounded by UK market icons, blocked bank logos, and a looming FCA rejection notice in geometric cartoon style.

What Happens After You Apply?

Once you hit submit, you’re not done. The FCA may:

  • Request additional documents - sometimes weeks after your initial submission
  • Call your team for interviews - often with multiple people, including your CTO and compliance officer
  • Ask for a live demo of your KYC system
  • Send an inspector to your office (even if you’re remote)
They’ve started doing surprise visits to companies that claim to be UK-based but are actually operating from overseas. If you say you have a London office but your staff works from home in Poland? You’ll be flagged.

And if you get approved? That’s not the end. You’re now under ongoing supervision. The FCA can:

  • Request monthly transaction reports
  • Require quarterly financial audits
  • Order you to freeze customer accounts if they spot suspicious activity
  • Revoke your registration at any time - no appeal needed
Many firms think registration is a one-time task. It’s not. It’s a permanent compliance burden.

Why So Many Applications Get Rejected

The FCA has rejected over 80% of applications since 2023. Why? Three reasons dominate:

  1. Weak KYC systems: Many firms use third-party tools that don’t meet FCA standards. The FCA wants direct access to identity verification logs - not just a checkbox from a vendor.
  2. No real UK presence: Companies that say they’re “based in the UK” but have no local staff, no UK bank account, and no physical address get rejected immediately.
  3. Banking access issues: Most banks still won’t work with crypto firms. If you can’t open a business bank account, the FCA assumes you’re not serious. You need to show a signed agreement with a UK bank or a licensed payment processor.
There’s a growing trend: firms that get rejected once, fix their systems, and reapply - often succeed on the second try. The FCA doesn’t hold grudges. But they do notice patterns. If you’ve been rejected before, they’ll scrutinize your new application even harder.

What About Banks and Payment Processors?

This is the silent killer for many crypto businesses. Even if you get FCA approval, you still need to move money. And most UK banks refuse to work with crypto firms - registered or not.

You’ll need to find a licensed payment service provider (PSP) that’s willing to handle crypto transactions. Options are limited. Companies like Wirecard, Stripe, and Revolut have pulled out of crypto. Some niche providers like Coincover, Salt Edge, and BitPay offer services, but they charge high fees and demand strict controls.

Many firms end up using offshore payment processors - but that’s risky. The FCA doesn’t care where your bank is. If your customers are in the UK and your money flows through a shell company in the Caymans, you’re still in violation.

Split scene: compliant London VASP office vs. collapsing unregistered crypto operation, balanced by a symbolic scale.

What’s Next for VASPs in the UK?

The FCA isn’t slowing down. In autumn 2025, they’re holding information sessions in Edinburgh, Manchester, and London. They’re not just updating rules - they’re expanding them.

Look for new requirements in 2026:

  • Real-time transaction reporting (not just monthly summaries)
  • Public disclosure of registered VASPs on the FCA website
  • Stricter rules on advertising crypto as an “investment”
  • Potential licensing tiers: Basic, Enhanced, Full - based on business size and risk
The message is clear: the UK wants to be a global leader in crypto regulation - not by banning it, but by making it so hard to operate that only serious, well-funded players survive.

Can You Do This Alone?

Some firms try to handle registration themselves. Most fail.

The paperwork is complex. The rules change often. And one mistake - a missing signature, a vague policy, a mislabeled form - can cost you months.

Companies like Buckingham Capital Consulting, Regulus Compliance, and others specialize in helping crypto firms navigate this. They’ve seen hundreds of applications. They know what the FCA looks for. They know how to write policies that pass. They’ve even helped clients prepare for interviews.

If you’re serious about operating in the UK, hiring a regulatory consultant isn’t an expense - it’s insurance.

Final Reality Check

VASP registration isn’t about compliance. It’s about survival.

If you’re a small crypto startup with a team of three and no legal budget, the UK market is closed to you. The cost of registration - legal fees, compliance software, audits, staff training - can easily hit £150,000. And that’s before you even start marketing.

But if you’re a serious player with funding, structure, and a long-term plan? The UK is one of the most transparent, stable markets in the world. Once you’re registered, you can operate legally. You can open bank accounts. You can partner with traditional finance firms. You can build trust.

The FCA isn’t your enemy. They’re the gatekeeper. And if you’re ready to meet their standards, the UK is still open for business.

Do I need to register if I only have a few UK customers?

Yes. The FCA doesn’t care how many UK customers you have. If you’re marketing your service to UK residents - even through a website, social media, or ads - you’re considered to be operating a business in the UK and must register. Having just a few customers doesn’t exempt you.

Can I operate while my application is being reviewed?

No. You cannot legally offer crypto services to UK customers while your application is pending. Operating without registration is a criminal offense. Many firms pause UK marketing entirely until approval is granted.

What happens if I don’t register?

The FCA can block your website, freeze your UK bank accounts, and refer your case to the National Crime Agency. You could face fines, criminal charges, or a permanent ban from operating in the UK. Many unregistered firms have been publicly named and forced offline.

Is the Travel Rule enforced in the UK?

Yes. Since September 1, 2023, all VASPs in the UK must collect and transmit originator and beneficiary information for transfers over £1,000. This includes names, addresses, and account numbers. Even transfers to unhosted wallets require you to record the recipient’s details - and you must keep that data for at least five years.

How long does VASP registration take?

There’s no fixed timeline. Applications can take between 3 months and over a year. Processing time depends on how complete and accurate your submission is. Incomplete applications are returned, resetting the clock. Firms with strong legal teams and polished documentation typically get approved faster.

Can I use a third-party KYC provider?

You can use third-party tools, but the FCA requires direct access to your KYC logs and verification processes. You can’t just rely on a vendor’s certificate. You must prove you’re actively monitoring, reviewing, and updating customer data yourself - and that your system is auditable by the FCA.

Do I need a UK bank account to register?

Not technically, but practically, yes. The FCA expects you to demonstrate financial stability and operational legitimacy. Without a UK bank account or a licensed payment processor, your application will likely be rejected. Most approved VASPs have a UK banking relationship.

Can I reapply if I’m rejected?

Yes. You can reapply after addressing the FCA’s specific reasons for rejection. Many firms succeed on their second attempt after fixing KYC gaps, strengthening policies, or hiring experienced compliance staff. But the FCA will review your new application with extra scrutiny.

Tags:

10 Comments

  • Image placeholder

    Ankit Varshney

    December 4, 2025 AT 16:05

    The FCA’s requirements are brutal but fair. If you’re serious about crypto in the UK, you need to build like a bank, not like a startup. No shortcuts. No hacks. Just clean, auditable systems. I’ve seen too many teams burn through cash trying to wing it. Don’t be one of them.

  • Image placeholder

    Ziv Kruger

    December 6, 2025 AT 05:46

    They’re not regulating crypto. They’re burying it under paperwork. Welcome to the future where innovation is measured in compliance forms and not in code. The FCA doesn’t want to lead-they want to control. And control is just another word for fear.

  • Image placeholder

    Heather Hartman

    December 7, 2025 AT 16:27

    Hey everyone-just wanted to say if you’re feeling overwhelmed by this, you’re not alone. I’ve helped three crypto founders through this process and I promise-it’s doable. Take it step by step. Get a good compliance partner. Breathe. You’ve got this 💪

  • Image placeholder

    Catherine Williams

    December 8, 2025 AT 00:00

    Let’s be real-this isn’t about protecting consumers. It’s about protecting legacy finance. The FCA knows crypto is the future. That’s why they’re making it so expensive and slow to enter. They’re not trying to regulate-they’re trying to eliminate competition. And the worst part? It’s working.

  • Image placeholder

    Mohamed Haybe

    December 8, 2025 AT 19:55

    UK thinks it's the center of the world. India and Russia don't need your permission to run crypto. You want to be a police state? Fine. But don't pretend you're setting global standards. Your rules are a joke. We'll build elsewhere and laugh as you lose talent and capital

  • Image placeholder

    Marsha Enright

    December 10, 2025 AT 01:09

    One thing I always tell founders: don’t wait until the last minute. Start your KYC documentation NOW. Even if you’re not ready to apply, build your AML policy draft. Get your team trained. The FCA rewards preparation-not panic. And yes, you can use third-party tools-but only if you own the logs. No excuses.

  • Image placeholder

    Andrew Brady

    December 11, 2025 AT 07:36

    Did you know the FCA is secretly working with the NSA? All those 'KYC requirements'? They’re not for money laundering-they’re for surveillance. Your wallet address, your IP, your device fingerprint-all fed into a central database. This isn’t regulation. It’s digital authoritarianism disguised as compliance. Wake up.

  • Image placeholder

    Sharmishtha Sohoni

    December 11, 2025 AT 14:54

    Travel Rule is the real killer. No way to verify unhosted wallets. No way to force strangers to give info. The system breaks at the edges. They know this. They still enforce it anyway. That’s not regulation. That’s theater.

  • Image placeholder

    Althea Gwen

    December 12, 2025 AT 11:03

    So... we're just supposed to pay $150k to play a game where the rules change every 3 months? 🤡 I mean, I get it. The FCA wants to be the Vatican of crypto. But why should we bow down? We’re not peasants. We’re builders. Let’s just move to Switzerland or Dubai and let them have their paperwork graveyard 🙃

  • Image placeholder

    Durgesh Mehta

    December 13, 2025 AT 05:08

    I applied last year got rejected because my bank account was with a non UK provider. Fixed it with a Wise business account. Submitted again. Got approved in 5 months. Took a lot of work but it was worth it. UK market is huge if you can get in. Just don't rush it

Write a comment