CryptoMist Logo
Login
FeaturedJuly 9, 2026

UK FCA Previews Its Crypto Application Forms

UK FCA crypto application forms previewed ahead of the September 2026 window, here's what crypto firms must prepare before the February 2027 deadline.

UK FCA Previews Its Crypto Application Forms

What to Know

  • 30 September 2026, the FCA opens its cryptoasset authorisation application window for unregulated crypto firms
  • Firms must file by 28 February 2027 to keep operating under transitional provisions before the full regime kicks in on 25 October 2027
  • Even a single regulated activity triggers a layered documentation exercise, custody firms alone face four distinct evidence categories just to get started

The FCA crypto application forms are here, or close enough, anyway. This week, the UK's Financial Conduct Authority handed unregulated crypto firms their first detailed look at what an authorisation application actually involves. The two-layer structure, the custody documentation requirements, the ambiguous definition of 'ready', the sheer volume of it is going to rattle some boardrooms before the September 2026 window even opens.

What's Inside the FCA's Two-Layer Application Framework?

The FCA has structured its authorisation process around two distinct tiers. The first, the 'core' layer, pulls the same basic information the regulator asks of most firms seeking any kind of licence: details on senior management, controllers, IT arrangements. Crypto firms also have to add a cryptoasset records management policy on top of that. Table stakes.

Second layer, that's where it gets firm-specific. Applicants complete crypto-focused modules based on their particular business model and which regulated activities they're applying for. Need a FCA crypto application forms licence to operate a cryptoasset trading platform? There's a module for that. Offering crypto staking? Different module. The selection of activities you're going after determines what gets stacked into your file.

This modular approach sounds clean on paper. In practice, applying for even a single regulated activity triggers what the FCA itself describes as a 'substantial documentation exercise.' A firm going after one activity can still find itself buried under a thick stack of supporting docs before it ever submits a single page.

Pause on what 'regulated activities' actually covers here, because it's broader than some firms realise. The FCA's new cryptoasset regime brings into scope activities that were previously unregulated: operating a trading platform, providing custody, facilitating staking, executing crypto transactions, and more. Each activity a firm wants to offer requires its own module. Four activities means four modules stacked on top of the core application, each carrying its own documentation burden. That's the mechanic behind the compliance warnings the FCA is effectively issuing.

The Custody Documentation Burden Is No Joke

The safeguarding, custody, requirements illustrate just how granular the FCA intends to get. Firms that want to hold client cryptoassets must show the regulator they've thought through every layer of the custody chain, from daily reconciliation to private key access to third-party liability. The documentation requirements break into at least four distinct categories, each requiring its own evidence package:

  • A records and reconciliation policy showing how the firm maintains accurate books and records, with checks performed each business day
  • Proof of trust arrangements, including a draft trust agreement and disclosure documents explaining to clients exactly how their cryptoassets are held on trust
  • A means of access policy covering private key management, security controls, and key-mapping record templates
  • Where third-party custodians are used: written agreements, proof of due diligence, and governance documentation spelling out how liability is assigned between the firm, the custodian, and the client

The February 2027 Deadline and What 'Ready' Actually Means

Four distinct evidence categories for a single regulated activity. If your business touches more than one function, say, operating a trading platform and offering custody simultaneously, the requirements stack accordingly. Fast. The FCA is not, by any stretch, offering an easy on-ramp.

Here's the part that deserves more attention than it's getting. Under FCA cryptoasset authorisation rules, firms wanting access to transitional provisions, essentially a grace period that lets them keep operating while their application is assessed, must submit by 28 February 2027. The full crypto regime doesn't switch on until 25 October 2027, but waiting until then to apply means losing those transitional protections entirely.

What that transitional period actually buys firms is time. Without it, a firm that hasn't received FCA authorisation by 25 October 2027 would need to stop providing regulated cryptoasset services altogether, no grace window, no continued operation, just a hard stop. The transitional framework lets qualifying firms keep going during the assessment period, as long as they filed before the 28 February 2027 cutoff. Missing that cutoff isn't just an administrative inconvenience. It potentially means months of forced inactivity while waiting for a licence decision.

So firms are being asked to demonstrate they're 'ready, willing and organised' to comply with the FCA's rulebook, months before those rules actually apply. The FCA's information document suggests it expects a mixture of draft documents alongside binding commitments, not everything needs to be finalised at submission, but the regulator wants genuine readiness, not placeholder text.

One more wrinkle: the application form itself isn't finished yet. The FCA says the final version will be available from the end of September, and details may change from what's been previewed. Build that uncertainty into your planning timeline.

Treat the Preview Alongside the Final Rules

The FCA published its FCA crypto rules final rulebook the week before this preview landed. Both documents together, the rules and the application guidance, should be read as the official starting pistol. Compliance teams still in monitoring mode should know: the gun has already fired.

Applications open 30 September 2026. Firms have roughly three months from now to inventory their current documentation, map it against the FCA's two-layer framework, and decide exactly which regulated activities they intend to apply for. Each additional activity adds a module, and another pile of supporting evidence.

Already-authorised FCA firms wanting to vary their permissions to cover new cryptoasset activities face the same requirements. The preview is equally relevant to both camps.

The compliance arms race in UK crypto is officially underway. Whether your deadline is February 2027 or not, the clock is running.

Frequently Asked Questions

What are the FCA crypto application forms?

The FCA crypto application forms are the documentation package UK firms must submit to receive cryptoasset authorisation. Structured in two layers, a core information set covering senior management, controllers, and IT arrangements, plus crypto-specific activity modules, applications are accepted from 30 September 2026.

When does the FCA cryptoasset application window open?

The FCA begins accepting cryptoasset authorisation applications from 30 September 2026. Firms that apply by 28 February 2027 can use transitional provisions allowing continued operation during assessment. The full cryptoasset regulatory regime takes effect on 25 October 2027.

What documents do crypto firms need for FCA authorisation?

Requirements vary by activity. Custody firms must produce a records and reconciliation policy, proof of trust arrangements, a means of access policy covering private key management, and, where third-party custodians are used, written agreements and governance documentation specifying liability allocation between all parties involved.

What happens if a firm misses the 28 February 2027 FCA deadline?

Firms missing the 28 February 2027 deadline lose access to transitional provisions, meaning they cannot continue operating regulated cryptoasset services during the assessment period. They would need to cease those activities until receiving full authorisation, which only takes effect under the regime from 25 October 2027.