Crypto is legal in the UK, but it is not legal tender and it is not governed by a single standalone crypto law. In 2026, UK crypto regulation operates through three layers: AML registration under MLR 2017, the financial promotions regime for qualifying cryptoassets, and a new FSMA-based authorisation regime with an application window from 30 September 2026 to 28 February 2027 and commencement on 25 October 2027.
Crypto is legal in the UK, but it is not legal tender and it is not governed by a single standalone crypto law. In 2026, UK crypto regulation operates through three layers: AML registration under MLR 2017, the financial promotions regime for qualifying cryptoassets, and a new FSMA-based authorisation regime with an application window from 30 September 2026 to 28 February 2027 and commencement on 25 October 2027.
This page is an information resource, not legal advice. UK crypto rules are evolving; firms should verify the latest FCA, HM Treasury, Bank of England and legislation.gov.uk materials before launch, onboarding UK customers or communicating promotions.
Key regulatory facts, timeline markers, and practical next steps for a fast initial read.
The FCA's ban on the sale, marketing and distribution of certain cryptoasset derivatives and ETNs to retail consumers became a defining product-perimeter rule.
Qualifying cryptoasset promotions to UK consumers became subject to a dedicated promotions framework.
The regulator confirmed the application window and commencement timetable for the incoming FSMA-based regime.
Firms intending to continue carrying on in-scope cryptoasset activities should prepare well before the window opens.
This is the planned start date for the new UK cryptoasset regulatory regime.
The direct answer is that the UK does regulate crypto, but through several overlapping legal layers rather than one single code. First, cryptoasset exchange providers and custodian wallet providers within scope of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 must address AML registration, customer due diligence, ongoing monitoring, suspicious activity reporting, sanctions screening and recordkeeping. Second, promotions of qualifying cryptoassets to UK consumers are already restricted under the UK financial promotions framework. Third, the UK is moving to a broader FSMA-based cryptoasset regime that will treat specified cryptoasset activities as regulated activities, with the FCA confirming an application period from 30 September 2026 to 28 February 2027 and commencement on 25 October 2027. The practical mistake most firms make is to treat these layers as interchangeable. They are not. A business can be outside one layer and still be caught by another.
The UK moved from a narrow AML-focused crypto perimeter to a more layered regime with direct conduct and market-entry consequences. In 2021, many guides described UK cryptocurrency regulation mainly through FCA AML registration and the retail derivatives ban. By 2026, that description is incomplete because UK crypto regulation now also includes the live financial promotions regime and a scheduled transition into a broader FSMA authorisation framework. Another material change is institutional clarity: the FCA has publicly set the application window for the new regime at 30 September 2026 to 28 February 2027, with commencement on 25 October 2027. That timeline matters for budgeting, product sequencing and investor communications.
| Topic | Legacy Approach | Current Approach |
|---|---|---|
| Regulatory architecture | Crypto was often described mainly as an AML-registration issue plus isolated product restrictions. | Crypto in the UK is analysed through three layers: AML registration, financial promotions compliance and future FSMA authorisation. |
| Marketing to UK consumers | Promotions were often treated as a general advertising-risk issue. | Promotions of qualifying cryptoassets are subject to a dedicated regime with prescribed warnings, onboarding friction and communication-route rules. |
| Authorisation analysis | Many articles blurred FCA registration and authorisation. | AML registration ≠ FSMA authorisation. The future regime introduces a separate authorisation perimeter for specified cryptoasset activities. |
| Stablecoins | Stablecoins were discussed as a future concept without clear institutional split. | UK policy now more clearly distinguishes qualifying stablecoins and the possible split between FCA oversight and Bank of England/PRA involvement for systemic payment use cases. |
| Implementation timetable | Most commentary lacked concrete transition dates. | The FCA has confirmed the 2026-2027 application window and 25 October 2027 commencement date. |
There is no single ‘UK Crypto Act’. The legal framework is a stack of existing statutes, secondary legislation and FCA rules that apply differently depending on activity, token features and customer targeting. The key instruments are MLR 2017 for AML supervision, FSMA 2000 and the Regulated Activities Order 2001 for the broader regulated-perimeter architecture, the financial promotions regime for qualifying cryptoassets, and the UK transfer-of-funds framework implementing Travel Rule-type information requirements. A second-order but operationally important layer includes UK sanctions rules, UK GDPR/data protection, suspicious activity reporting to the NCA, and product-specific restrictions such as the FCA’s retail crypto-derivatives ban. Firms that reduce UK crypto regulation to token labels alone usually miss the real issue: UK law is primarily activity-based, with token classification acting as one input rather than the whole answer.
| Law / Regime | Scope | Applies To | Why It Matters |
|---|---|---|---|
| Money Laundering Regulations 2017 (MLR 2017) | AML/CTF supervision, customer due diligence, ongoing monitoring, suspicious activity escalation, recordkeeping and registration for certain cryptoasset businesses. | Most directly relevant to cryptoasset exchange providers and custodian wallet providers carrying on business in the UK. | This is the current legal backbone for many UK crypto firms. It imposes operational obligations but does not create a full prudential and conduct regime equivalent to full FSMA authorisation. |
| Financial Services and Markets Act 2000 (FSMA) | Core UK financial-services statute used to create regulated activities, authorisation requirements, conduct obligations and enforcement architecture. | Authorised firms and, under the new cryptoasset regime, firms carrying on specified cryptoasset activities within scope. | FSMA is the legal bridge from a narrow AML perimeter to a broader cryptoasset regulatory framework. |
| Regulated Activities Order 2001 (RAO) | Defines regulated activities and exemptions. The UK crypto regime uses RAO-style activity framing rather than relying only on token labels. | Firms whose business models involve in-scope cryptoasset activities such as dealing, arranging, safeguarding or operating a trading platform. | The practical question is not merely 'what token is this?' but 'what activity are you carrying on in relation to it?' |
| Financial promotions regime for qualifying cryptoassets | Restricts how qualifying cryptoassets may be marketed to UK consumers and through which lawful communication routes. | Any firm communicating or approving in-scope crypto promotions to UK consumers, including certain overseas firms with UK-facing marketing. | Marketing itself is regulated. A firm can breach UK law through promotions even before the broader FSMA crypto regime fully commences. |
| UK Travel Rule / transfer of funds information framework | Requires collection and transmission of originator and beneficiary information for cryptoasset transfers between relevant firms. | In-scope cryptoasset businesses transmitting or receiving cryptoasset transfers. | Travel Rule compliance is now an operational design issue involving data fields, interoperability, screening and exception handling. |
| Sanctions, SAR and data protection overlay | UK sanctions compliance, suspicious activity reporting and UK GDPR/data protection obligations. | All crypto firms with UK exposure handling onboarding data, transaction monitoring or sanctions-sensitive flows. | A technically compliant onboarding stack can still fail if sanctions screening, SAR escalation or data-governance controls are weak. |
The UK does not have a single crypto super-regulator. HM Treasury sets policy direction and legislative architecture, the FCA is the main supervisor for AML registration, promotions and the new cryptoasset regime, and the Bank of England and PRA become especially relevant where stablecoins intersect with payments, systemic risk or prudential supervision. The NCA receives suspicious activity reports, OFSI is central for UK financial sanctions compliance, and the ICO matters because KYC, Travel Rule and blockchain analytics programs involve large-scale processing of personal data. This institutional split matters in practice: a founder planning UK market entry may need one workstream for FCA perimeter analysis, another for sanctions controls, and a separate data-governance review for Travel Rule messaging and wallet-screening architecture.
Primary operational regulator for cryptoasset AML registration, crypto financial promotions supervision and the incoming FSMA-based cryptoasset authorisation regime.
You exchange crypto for fiat or crypto, provide custodian wallet services, market qualifying cryptoassets to UK consumers, or plan to carry on newly regulated cryptoasset activities.
Policy-maker that designs the legislative framework and consultation responses shaping UK crypto regulation.
You need to understand the direction of travel for stablecoins, staking, market perimeter and implementation sequencing.
Relevant for payment-system and systemic-stablecoin architecture, especially where a stablecoin could create broader financial-stability implications.
Your model involves payment stablecoins, systemic scale or infrastructure relevant to settlement and monetary stability.
Prudential supervisor within the Bank of England group for certain regulated firms and prudential questions connected to systemic structures.
Your business intersects with prudentially regulated entities or systemic payment structures.
Receives suspicious activity reports and is central to UK AML enforcement intelligence.
Your monitoring identifies suspicious transactions, sanctions-evasion indicators, layering patterns or fraud-linked wallet behaviour.
Administers and enforces UK financial sanctions compliance expectations.
You screen customers, counterparties, wallet addresses or payment flows for sanctions exposure.
Supervises data-protection compliance under UK GDPR and the Data Protection Act framework.
You process identity data, blockchain analytics outputs, Travel Rule payloads, biometric onboarding data or beneficial ownership information.
The central legal distinction is simple: AML registration under MLR 2017 is not the same as authorisation under FSMA. Registration is primarily about AML supervision for specific cryptoasset business types, especially exchange and custody. Authorisation under the new regime is about carrying on specified regulated cryptoasset activities within the wider FSMA framework. A firm may therefore be registered for AML purposes and still need separate analysis for promotions compliance now and authorisation readiness for the future regime. This distinction affects governance, capital planning, customer terms, outsourcing, complaints handling, systems controls and the legal basis on which the firm communicates with UK consumers.
Operating a UK cryptoasset exchange within current MLR scope
Needs case-by-case analysis
Providing custodian wallet services within current MLR scope
Needs case-by-case analysis
Communicating qualifying cryptoasset promotions to UK consumers
Needs case-by-case analysis
Operating a qualifying cryptoasset trading platform under the new regime
Usually requires authorisation
Dealing in qualifying cryptoassets as principal or agent under the new regime
Usually requires authorisation
Safeguarding or arranging safeguarding of qualifying cryptoassets under the new regime
Usually requires authorisation
Issuing qualifying stablecoins in scope of the new regime
Usually requires authorisation
Carrying on qualifying cryptoasset staking activities in scope
Usually requires authorisation
| Business Model | MiCA Relevance | Adjacent Regimes | Practical Answer |
|---|---|---|---|
| UK-facing spot exchange with fiat on/off-ramp and hosted wallets | Not applicable to UK perimeter analysis; MiCA may matter separately for EU operations only. | MLR 2017, promotions rules, sanctions, Travel Rule, future FSMA regime. | Assume AML registration analysis now, promotions review if marketing to UK consumers, and future authorisation planning if the model maps to new regulated activities. |
| Overseas app allowing UK users to buy tokens without UK entity presence | Irrelevant to whether UK rules apply. | Promotions regime, territorial scope analysis, sanctions, consumer-risk controls. | Do not assume offshore status removes UK exposure. UK-facing promotions and customer targeting can still trigger legal issues. |
| Token issuer promoting a utility-style token to UK retail users | Irrelevant for UK-only analysis. | Financial promotions, unfair marketing risk, possible future FSMA perimeter depending on activity design. | Token labels alone do not decide scope. Review the promotion route, rights attached to the token and post-issuance activities. |
| Institutional desk offering crypto derivatives to professional counterparties | Separate EU question only. | Derivatives rules, client categorisation, perimeter analysis, professional-client controls. | The key issue is not whether derivatives are 'legal' in the abstract, but whether the product is offered to retail or professional clients and under what permissions. |
UK cryptocurrency regulation is better understood through activities than through token labels. The common shortcut ‘security tokens are regulated, utility tokens are not’ is too crude for 2026. The real perimeter question is whether the firm is exchanging, safeguarding, arranging, dealing, operating a platform, issuing a qualifying stablecoin, or carrying on another specified cryptoasset activity. Token characteristics still matter, but they matter because they affect whether the activity falls within an existing or incoming regulated category. This activity-based approach is one of the main differences between superficial crypto commentary and usable UK perimeter analysis.
| Category | Core Feature | Typical Trigger |
|---|---|---|
| Cryptoasset exchange activity | Buying, selling or exchanging cryptoassets for fiat or other cryptoassets. | Current AML scope is often engaged; future FSMA analysis may also be required depending on platform and dealing functions. |
| Custody / safeguarding | Holding, controlling or safeguarding users' cryptographic keys or assets. | Current custody-related AML scope is relevant; the new regime separately focuses on safeguarding and arranging safeguarding. |
| Trading platform operation | Running infrastructure that brings together buying and selling interests in qualifying cryptoassets. | This is a core candidate for the incoming FSMA authorisation perimeter. |
| Dealing as principal or agent | Transacting on own account or on behalf of clients in qualifying cryptoassets. | Relevant under the new regime; client classification and market-conduct design become more important. |
| Arranging deals / making arrangements with a view | Intermediation, broking or facilitating transactions without necessarily taking principal risk. | Frequently overlooked by platforms and affiliate-style models; can still be in scope. |
| Qualifying stablecoins | Cryptoassets designed to maintain stable value and used in payment or settlement contexts. | Stablecoins receive separate policy attention, especially where payment-system or systemic issues arise. |
| Qualifying cryptoasset staking | Providing staking arrangements or related services within the defined perimeter. | Staking is specifically identified in the new UK regime architecture and should not be treated as a regulatory afterthought. |
Yes: Move to activity-based perimeter analysis under current AML rules, promotions rules and the future FSMA regime.
No: You may still face promotions, sanctions or consumer-law issues, but the core licensing analysis may differ.
Yes: Assume UK crypto regulation analysis is required; do not rely on token labels alone.
No: Check whether your UK exposure arises through promotions, referrals, wallet tooling or payment integrations.
Yes: Review the specific stablecoin and staking workstreams in the new regime.
No: Continue with general activity mapping and promotions review.
The UK is moving from a partial crypto perimeter to a fuller authorisation model with a defined implementation path. The operational point is that firms should not wait for 25 October 2027 to begin readiness work. Governance, systems, outsourcing, complaints handling, promotions controls, product mapping and documentation usually take longer than founders expect, especially where a group serves both UK and non-UK users. A second practical point is that legacy AML registration does not automatically solve future authorisation readiness. The data room, control framework and board evidence needed for a robust authorisation application are materially broader.
Retail-facing derivatives strategies became structurally constrained.
Marketing, onboarding UX, risk warnings and approval routes became immediate compliance priorities.
Firms gained concrete planning dates for application and go-live sequencing.
Firms intending to continue in-scope activities should prepare submissions, governance evidence and operating-model documentation before the window opens.
Specified cryptoasset activities are expected to move into the live FSMA-based perimeter from this date.
Being on the FCA’s AML cryptoasset register is not a substitute for analysing whether your business will require authorisation under the new regime. The two regimes serve different legal purposes and impose different expectations.
Preparation should start with perimeter mapping, not with form-filling. In UK crypto projects, the fastest way to lose time is to draft policies before deciding which legal layer actually applies. The most efficient sequence is activity mapping, customer/jurisdiction mapping, promotions review, governance design, then documentation and control testing.
Identify whether the business is exchanging, safeguarding, arranging, dealing, operating a trading platform, issuing stablecoins or offering staking. Separate current MLR 2017 exposure from future FSMA exposure.
Test website language, app-store targeting, onboarding geography, referral channels, influencer use, affiliate structures and customer terms against the UK promotions regime.
Allocate board oversight, MLRO responsibilities, compliance ownership, outsourcing oversight, complaints handling and escalation routes. Document how legal, product and marketing teams interact.
Implement CDD/EDD, risk scoring, wallet screening, transaction monitoring, SAR escalation, sanctions controls and Travel Rule data handling across both inbound and outbound transfers.
Prepare policies, risk assessments, governance papers, outsourcing schedules, customer journey maps, financial model assumptions and control-testing evidence for the relevant FCA process.
The file should read like one operating model, not like disconnected policy appendices.
| Document | Purpose | Owner |
|---|---|---|
| Business model and activity map | Shows exactly which services are offered, to whom, from where and through which legal entities. | Legal / founders |
| Enterprise-wide AML risk assessment | Documents product, customer, geographic, delivery-channel and transaction risks under MLR expectations. | MLRO / compliance |
| AML/CTF policy suite | Covers CDD, EDD, ongoing monitoring, SAR escalation, sanctions and recordkeeping. | Compliance |
| Travel Rule operating procedure | Defines data fields, transmission logic, exception handling, unhosted wallet treatment and record retention. | Compliance / operations / engineering |
| Financial promotions approval workflow | Shows who drafts, reviews, approves, archives and monitors UK-facing crypto promotions. | Legal / marketing / compliance |
| Outsourcing and vendor oversight register | Evidence for third-party KYC, analytics, custody, cloud and messaging dependencies. | Operations / compliance |
There is no credible single cost figure for UK crypto compliance because the cost base depends on activity mix, transaction volume, outsourcing choices, customer geography and whether the firm is preparing only for AML registration or also for future FSMA authorisation. The useful way to budget is by control bucket, not by headline number. Founders also routinely underestimate the hidden cost of remediation: redesigning onboarding, rewriting promotions, replacing analytics vendors or retrofitting Travel Rule interoperability after launch is usually more expensive than building the controls early.
| Cost Bucket | Low Estimate | High Estimate | What Drives Cost |
|---|---|---|---|
| Legal perimeter and structuring | Variable | Variable | Depends on group complexity, token design, cross-border scope and whether stablecoins or derivatives are involved. |
| AML/KYC/KYB tooling | Variable | Variable | Includes identity verification, beneficial ownership, PEP/sanctions screening and case management. |
| Blockchain analytics and sanctions screening | Variable | Variable | Cost rises with wallet-screening depth, alert volumes and need for forensic attribution. |
| Travel Rule infrastructure | Variable | Variable | Often overlooked. Integration, exception handling and interoperability standards can materially affect engineering scope. |
| Governance and personnel | Variable | Variable | Includes MLRO, compliance support, legal review, board reporting and training. |
| Promotions compliance and recordkeeping | Variable | Variable | Includes approvals, archiving, website changes, cooling-off logic and appropriateness-related UX. |
The main budgeting error is assuming FCA AML registration is the whole project. For many UK-facing firms, the bigger spend sits in promotions controls, Travel Rule implementation, sanctions governance and future authorisation readiness.
UK crypto AML compliance starts with risk-based controls, not with document collection for its own sake. A firm in scope of MLR 2017 should be able to explain its customer-risk model, product-risk model, sanctions exposure, wallet-risk methodology, transaction-monitoring scenarios, escalation routes and recordkeeping logic. The baseline control set usually includes appointment of an MLRO, business-wide risk assessment, CDD/EDD, beneficial ownership checks for legal entities, ongoing monitoring, sanctions screening, suspicious activity reporting and retention of relevant records for at least 5 years after the end of the business relationship or the date of the occasional transaction, subject to applicable legal limits. The Travel Rule adds an additional operational layer: firms must capture and transmit originator and beneficiary information for relevant cryptoasset transfers, and they need a documented process for incomplete data, rejected transfers, unhosted wallets and sanctions-sensitive counterparties. A recurring implementation mistake is to treat Travel Rule compliance as a messaging problem only. In reality it is a combined legal, data, screening and operations problem.
| Workflow Step | Control | Owner |
|---|---|---|
| Customer onboarding | CDD/KYB, beneficial ownership, sanctions and PEP screening, risk scoring. | Compliance / operations |
| Wallet intake | Address screening, exposure analysis, wallet attribution checks and source-of-funds triggers. | Compliance / blockchain analytics team |
| Transfer initiation | Capture required Travel Rule originator and beneficiary data; validate completeness before release where applicable. | Operations / engineering |
| Ongoing monitoring | Scenario-based transaction monitoring, sanctions rescreening and behavioural anomaly review. | Compliance / MLRO |
| Escalation | Case management, internal suspicion review, SAR decisioning and account restrictions where justified. | MLRO / legal |
| Record retention | Archive onboarding, transaction, Travel Rule and investigation records for at least 5 years where required. | Compliance / data governance |
Overseas status does not automatically remove UK regulatory exposure. The practical analysis turns on whether the firm carries on in-scope activity in the UK, targets UK customers, communicates UK-facing promotions, maintains local operational substance, or otherwise creates a sufficient UK nexus. Firms often over-focus on incorporation and under-focus on distribution. In UK crypto regulation, the way a product is marketed, localised and onboarded can be as important as where the parent company is incorporated.
Reverse solicitation is not a reliable default strategy for UK crypto distribution. If the wider customer journey shows active UK targeting, regulators are unlikely to be persuaded by a formalistic disclaimer alone.
UK crypto regulation reduces certain risks, but it does not eliminate fraud, impersonation scams or unauthorised operators. Even after the new regime begins, consumers may still encounter cloned brands, fake approval claims, spoofed domains, romance-investment scams and offshore platforms misrepresenting their UK status. For firms, the main legal risk is not only direct enforcement for carrying on regulated activity without the right permissions. It also includes promotions breaches, sanctions failures, weak AML controls, misleading risk disclosures, poor outsourcing oversight and inadequate handling of suspicious flows. The honest compliance position is that regulation improves market discipline, but it does not guarantee legitimacy or customer redress in every case.
Legal risk: Promotions breach, FCA intervention, customer remediation exposure and reputational damage.
Mitigation: Implement a promotions approval framework, archive communications and test UK-facing distribution channels before launch.
Legal risk: Operating-model mismatch, perimeter breach and flawed customer disclosures.
Mitigation: Run separate analyses for AML registration, promotions and future FSMA authorisation.
Legal risk: AML control failure, audit findings, transfer delays and enforcement attention.
Mitigation: Use a documented exception workflow, interoperability testing and counterparty due diligence.
Legal risk: Sanctions breach, AML failure and severe reputational consequences.
Mitigation: Add wallet screening, exposure tracing and escalation rules for indirect sanctions adjacency.
Legal risk: Fraud, consumer harm and brand impersonation issues.
Mitigation: Use the FCA Firm Checker, verify domains, validate promotion approval routes and monitor impersonation risk.
Tax is separate from licensing, but the two interact operationally. A UK-facing crypto business should align its legal perimeter work with transaction reporting, bookkeeping, customer statements, treasury treatment and record retention. The main governance point is that tax, finance and compliance should not run as isolated workstreams. Product design choices such as custody model, staking flows, fee treatment and stablecoin settlement logic can create downstream tax and accounting consequences even where the immediate question appears to be regulatory.
| Topic | Why It Matters | Responsible Team |
|---|---|---|
| Transaction record integrity | Accurate timestamps, wallet identifiers, fee data and asset movements support both compliance investigations and tax/accounting treatment. | Finance / operations / engineering |
| Customer reporting and statements | Poorly structured statements create disputes, complaints and tax-reporting friction for both the firm and users. | Product / finance / legal |
| Treasury and proprietary holdings | House assets, client assets and staking-related balances should be clearly separated for accounting, control and disclosure purposes. | Finance / compliance |
| Cross-border operating model | Entity structure and booking model affect not only regulation but also tax reporting and auditability. | Tax / legal / founders |
Pre-launch / next 90 days
Sequence these after the core perimeter, governance, and launch-control decisions are stable.
Open the key issues founders, compliance teams and legal leads usually need to confirm before launch.
Yes. Cryptocurrency is legal to own, buy and sell in the UK, but it is not legal tender. The legal question is usually not whether crypto exists lawfully in the abstract, but which activity is being carried on and whether that activity falls within AML rules, financial promotions restrictions or the incoming FSMA cryptoasset regime.
Yes, but not through one single statute. In 2026, UK crypto regulation operates through MLR 2017 AML supervision, the financial promotions regime for qualifying cryptoassets, product-specific restrictions such as the retail crypto-derivatives ban, and a broader FSMA-based authorisation regime that is scheduled to begin on 25 October 2027.
It depends on the activity. Some firms need FCA AML registration because they operate as cryptoasset exchange providers or custodian wallet providers under MLR 2017. Other firms must also consider promotions compliance now and future FCA authorisation under the new regime if they carry on specified cryptoasset activities such as trading platform operation, dealing, arranging, safeguarding, stablecoin issuance or staking.
The new regime is the UK’s move to bring specified cryptoasset activities into a broader FSMA framework. The FCA has stated that the application window will run from 30 September 2026 to 28 February 2027, with the regime commencing on 25 October 2027.
AML registration is primarily about compliance with the Money Laundering Regulations for certain cryptoasset businesses. Authorisation under the new regime is broader and relates to carrying on regulated cryptoasset activities within the FSMA perimeter. Registration does not automatically grant permission to perform activities that later require authorisation.
The UK does not treat crypto derivatives as universally illegal, but the FCA has banned the sale, marketing and distribution of certain cryptoasset derivatives and ETNs to retail consumers since 2021. The analysis depends on the product structure, the reference asset and whether the client is retail or professional.
The UK approach does not use a general de minimis threshold for Travel Rule compliance in the same way some firms expect. However, €1,000 remains relevant for additional verification requirements in certain contexts. Firms should design controls around the actual UK legal rules rather than imported assumptions from other jurisdictions.
Stablecoins are a major focus of UK policy and are treated differently from generic cryptoassets because of their potential role in payments and settlement. The regulatory analysis depends on whether the stablecoin falls within the UK’s defined categories and whether it could become systemically important, in which case the Bank of England and PRA may become more relevant alongside the FCA.
Sometimes, but offshore incorporation does not remove UK risk. If an overseas firm targets UK users, communicates UK-facing promotions, builds a UK customer journey or carries on in-scope activity with a sufficient UK nexus, UK rules may still apply.
As a general rule under the UK AML framework, relevant records should be retained for at least 5 years after the end of the business relationship or the date of the occasional transaction, subject to applicable legal requirements and data-protection constraints.
The main compliance question is not whether the UK regulates crypto in general. It is which layer applies to your exact model now, which layer will apply by 2027, and what evidence you need before onboarding UK users or launching UK-facing promotions.
