The Financial Conduct Authority (FCA) has published its FSMA Crypto Application Form, providing the clearest indication yet of what firms should expect when applying for authorisation under the UK’s new cryptoasset regulatory regime.
While the Application Form itself is not yet live for submission, it offers valuable insight into the FCA’s supervisory expectations and demonstrates that authorisation will be a rigorous assessment of a firm’s governance, controls and operational readiness, not simply an administrative exercise.
The Application is Effectively a Regulatory Due Diligence Exercise
A review of the Application Form shows that the FCA intends to gain a complete understanding of every aspect of an applicant’s business.
Rather than focusing solely on the cryptoasset services a firm intends to provide, applicants are expected to demonstrate how those activities will be governed, controlled, monitored and supported throughout the organisation.
The form requires firms to explain not only what they do, but also how they do it, who is responsible and how risks are identified and managed.
A Strong Focus on Governance
One of the most notable features of the application is the level of detail required regarding governance.
Applicants should expect to provide comprehensive information on:
- Group structure and ownership;
- Board composition;
- Senior Management responsibilities;
- Individual accountability;
- Governance committees;
- Decision-making arrangements;
- Internal reporting lines; and
- Outsourcing oversight.
The FCA is clearly seeking evidence that governance arrangements are proportionate, well documented and capable of supporting a regulated financial services business.
Demonstrating a Sustainable Business Model
The application goes well beyond requesting a description of the firm’s products or services.
Firms are expected to explain:
- their business model;
- target markets;
- customer journey;
- revenue streams;
- strategic objectives;
- proposed cryptoasset activities; and
- future growth plans.
Applicants should also be prepared to demonstrate that their business model is commercially sustainable and supported by appropriate financial resources.
Risk Management Takes Centre Stage
The breadth of risk-related information requested throughout the application highlights the FCA’s expectation that firms adopt a mature Enterprise Risk Management Framework.
Applicants will need to explain how they identify, assess, monitor and mitigate risks across the business, including:
- operational risk;
- financial crime;
- cyber risk;
- technology risk;
- outsourcing risk;
- conduct risk;
- prudential risk; and
- business continuity.
This information should align with the firm’s governance framework and overall risk appetite.
Technology is Now a Regulatory Matter
Unlike many traditional financial services applications, the crypto application places significant emphasis on technology and operational infrastructure.
The FCA seeks detailed information regarding:
- wallet architecture;
- custody arrangements;
- blockchain infrastructure;
- key management;
- smart contract usage;
- cybersecurity controls;
- system resilience;
- operational monitoring; and
- third-party technology providers.
This reflects the regulator’s recognition that technology sits at the core of cryptoasset businesses and must therefore be subject to appropriate governance and oversight.
Financial Crime Remains a Key Regulatory Priority
As expected, financial crime remains one of the most significant areas of regulatory scrutiny.
Applicants should be prepared to explain their approach to:
- Customer Due Diligence (CDD);
- Enhanced Due Diligence (EDD);
- transaction monitoring;
- blockchain analytics;
- sanctions screening;
- Politically Exposed Persons (PEPs);
- Suspicious Activity Reporting (SAR);
- Travel Rule compliance; and
- ongoing monitoring.
The FCA will expect firms to demonstrate that their financial crime framework is tailored to the specific risks arising from their business model rather than relying on generic policies.
Consumer Protection is Embedded Throughout
The application also reflects the FCA’s increasing focus on customer outcomes.
Firms should expect to explain how they:
- communicate risks to customers;
- manage conflicts of interest;
- handle complaints;
- safeguard customer assets where applicable;
- identify vulnerable customers;
- manage operational incidents; and
- ensure fair treatment throughout the customer lifecycle.
Consumer protection is no longer confined to a single policy, it is expected to be embedded across governance, operations and product design.
Documentation Will Be Critical
The Application Form makes clear that authorisation will require a substantial volume of supporting documentation.
Depending on the firm’s business model, applicants may need to prepare documentation covering:
- Business Plan;
- Regulatory Business Model;
- Governance Framework;
- Risk Management Framework;
- Compliance Monitoring Programme;
- Financial Crime Framework;
- Operational Resilience Framework;
- Outsourcing Policy;
- Information Security Framework;
- Consumer Duty Framework;
- Wind-Down Plan;
- Financial Forecasts;
- Policies and Procedures;
- Board documentation;
- Systems architecture; and
- Organisational charts.
Consistency across all submitted documents will be essential, as the FCA will assess the application holistically.
Preparing Early Will Be a Competitive Advantage
The publication of the Application Form provides firms with an opportunity to begin preparing well before submission.
Rather than waiting for the application window to open, firms can use the form as a practical checklist to identify gaps in governance, documentation and operational readiness.
Those that begin preparation early are likely to be better positioned to submit complete, high-quality applications and respond efficiently to any FCA follow-up questions.
How Complyport Can Help
Preparing an FCA cryptoasset application requires more than regulatory knowledge, it requires a detailed understanding of the FCA’s expectations, extensive documentation, and the ability to present a coherent and consistent regulatory framework.
Complyport supports firms throughout the entire authorisation process, including:
- Regulatory gap analysis against the application requirements;
- Preparation of the full FCA application package;
- Drafting and reviewing governance, compliance and financial crime documentation;
- Business Plan preparation;
- SMCR and governance support;
- Operational resilience and risk management framework design;
- Application project management; and
- Ongoing support throughout the FCA review process.
The publication of the FSMA Crypto Application Form offers firms a valuable opportunity to prepare for the UK’s new cryptoasset regime. Those that invest time in building robust governance, clear documentation and effective control frameworks today will be better positioned to navigate the FCA authorisation process successfully.
Speak to a Compliance Expert
Contact Complyport today to book a meeting with one of our Subject Matter Experts and ensure your cryptoasset regulatory preparations are aligned with the FCA’s expectations.
Ask ViCA, your Virtual Compliance Assistant. Claim your complimentary 20 queries today. Register here: https://vica.chat






