William Lee explores the FCA’s new cryptoasset authorisation gateway, setting out the confirmed timelines, practical challenges and what firms should be doing now to prepare.
With the FCA’s latest webinar outlining the forthcoming cryptoasset authorisation regime, firms finally have greater visibility on how the transition from the Money Laundering Regulations (MLR) registration regime to full Financial Services and Markets Act (FSMA) authorisation will unfold. While the session offered valuable clarity on process and expectations, it also raised a number of practical questions that firms now need to consider.
1. Key Timeframes: Application Windows and the Road to Go-Live
The FCA confirmed that the new scope of the FSMA regime is scheduled to go live on 25 October 2027, subject to finalisation of the statutory instrument currently in Parliament. Firms fall into three broad categories:
- For firms already authorised under FSMA or registered under the MLRs, the FCA has set a defined application window running from 30 September 2026 to 28 February 2027;
- Those holding FSMA permissions will need to apply for a Variation of Permission (VoP);
- MLR-registered firms will need to apply for FSMA authorisation for the first time.
Applications will be assessed strictly in the order they are received, meaning there is no prioritisation for firms with existing permissions. This creates a clear commercial imperative:
Early submission is advantageous, not only to secure a place in the assessment queue but also to avoid operating restrictions at go‑live.
However, the FCA has been clear that firms should not rush to submit their applications; prioritising an early but poorly prepared submission over a well‑developed application later in the window is likely to result in rejection. Importantly, if a firm submits within the window but remains under review at regime commencement, it will fall into a “saving period”, enabling continued servicing of customers. Conversely, firms that do not apply in time may rely only on a limited transitional arrangement, where they can serve existing customers only, effectively a “no new business” restriction that could present financial and operational challenges.
2. PASS Meetings: What to Expect and How to Prepare
The FCA’s Pre‑Application Support Service (PASS), expected to open in July 2026, is intended to help firms engage early and stress‑test their readiness. PASS meetings are not mandatory, but the FCA strongly encourages participation. The FCA is not looking for perfect firms, but for credible, capable leadership teams who understand how regulations apply to their business, how roles integrate within the governance framework, and how operational risks are managed. The FCA emphasised that PASS meetings may occur in a series rather than as a single touchpoint, depending on the depth and clarity of information required. Firms should also expect the FCA to release the new application forms around the time PASS begins, offering insight into the level of detail required.
3. Some clarity is still needed
For firms still progressing MLR applications, the webinar left one practical question open: should firms continue with their MLR application now? The FCA did not explicitly answer this, but the logic suggests:
- Securing MLR approval before the new application window opens remains valuable; it enables firms to start serving customers sooner.
- If a firm enters the new regime without MLR approval, it risks being unable to onboard new customers until its full authorisation is granted.
- The MLRs will form a critical part of the FSMA authorisation process, so we expect no duplication of work to be undertaken for such firms.
Another area requiring further clarity relates to CP25/41’s exemption for firms using stablecoins purely to facilitate the transfer of funds. It remains unclear whether such firms will require:
- Only an EMI/API authorisation,
- Or an EMI/API authorisation plus an MLR registration.
Both depend on whether their activities fall outside the scope of the full FSMA cryptoasset permissions. The FCA has signposted that future webinars will take place to address emerging queries from the industry. Until then, firms should assume a dual‑track preparation approach, ensuring readiness for both MLR and FSMA pathways where uncertainty remains.
How Thistle Initiatives Can Help
Regulatory Advice - Thistle continues to provide clients with an overview of relevant guidance as the regime starts to take shape, with extensive experience across the MLRs, FSMA and wider digital asset landscape.
Gap Analysis – Thistle undertakes gap analyses for firms, assessing current license arrangements, business models and control frameworks against the upcoming regime.
Readiness Assessments - Thistle is already supporting firms preparing for the new FSMA cryptoasset gateway, offering end‑to‑end readiness across the full assessment spectrum.
PASS Preparation - We will deliver tailored PASS‑meeting preparation sessions, helping senior managers articulate their governance, controls and business model with confidence.
Application Submission - When it comes to the submission itself, Thistle provides comprehensive application advice which includes drafting, structuring and FCA‑engagement support to maximise the likelihood of a smooth authorisation journey.
William Lee, Manager 
William has joined our Payment Services Consulting team as a Manager. He brings experience from Revolut’s Regulatory Affairs team and his previous role as Policy Advisor at UK Finance, where he worked on financial policy for digital assets and payments.
He has led industry working groups, engaged with regulators, and written on emerging trends in payments and innovation. William is passionate about supporting the UK fintech ecosystem and promoting a secure, competitive financial services sector.