For a crypto exchange deciding where to register, the choice between the European Union under MiCA (the Markets in Crypto-Assets Regulation) and the United Kingdom under FCA supervision is not a branding question. It is a revenue question. The wrong call delays market access by months, strains banking relationships and, in the worst case, puts the business in the cross-hairs of a regulator whose enforcement posture is tightening across both jurisdictions. Operating without the right authorisation risks frozen payment rails, suspended accounts and – in both the EU and the UK – criminal liability for unlicensed provision of regulated services.
This comparison works through the two regimes across six decision axes: regulatory structure, licence categories, the application process and timing, substance and compliance obligations, AML and the Travel Rule (the obligation to pass originator and beneficiary data with a virtual-asset transfer), and the tax and banking environment. A decision matrix by operator profile closes the analysis. No blanket verdict is offered, because the right answer depends entirely on where the business operates, who its users are and what it does with their assets.
Regulatory Structure: One Rulebook vs a Mosaic in Motion
MiCA creates a single, directly applicable authorisation regime across all EU and EEA member states. A CASP (Crypto-Asset Service Provider) authorised by any national competent authority supervised by ESMA may passport its services into every other member state without a separate application in each. That is a structural advantage that no prior EU regime offered digital-asset businesses. The UK, by contrast, operates a narrower registration-based regime under the Money Laundering Regulations administered by the FCA, with a separate and more demanding financial-services authorisation track for businesses whose activities engage regulated financial instruments.
The divergence matters most for issuers and exchanges. Under MiCA, the token classification scheme – distinguishing between asset-referenced tokens (ARTs), e-money tokens (EMTs) and other crypto-assets – determines the regulatory track, the whitepaper obligations and the capital requirements. The UK currently operates without an equivalent comprehensive token taxonomy. A stablecoin issuer, for instance, faces a clearer, if more demanding, path under MiCA than under the UK's evolving financial-promotion and stablecoin frameworks, which remain subject to further HM Treasury and FCA rulemaking.
In our practice, operators frequently underestimate the coordination cost of the UK mosaic. The FCA cryptoasset register, the financial-promotion rules, the stablecoin issuer regime and, for securities-adjacent tokens, the existing regulated-activities framework can all apply simultaneously – and they do not always align.
For a scoped regulatory mapping of your activities in both jurisdictions, contact OBOLUS at info@oboluslaw.com. The process above describes the standard structural comparison. Your facts – the token type, the user base and the service model – change the analysis materially. Map your options
What Licences Actually Cover – and What They Do Not
MiCA's CASP authorisation covers a defined list of crypto-asset services: operation of a trading platform, exchange against fiat or other crypto-assets, execution of orders, custody and administration, reception and transmission of orders, portfolio management, advice, and transfer services. The scope is broad. Importantly, it does not automatically cover activities that would constitute regulated investment business under national law – structured token offerings with profit-rights can still engage the Prospectus Regulation or national securities regimes in parallel.
The UK's FCA regime is currently layered. The MLR cryptoasset registration is an AML/CFT gateway, not a full authorisation – it does not confer a right to conduct regulated activities. Businesses offering services touching regulated investments additionally require FCA authorisation under the Financial Services and Markets Act. The financial-promotion restriction bites separately: UK-facing crypto promotions must be approved by an authorised person or issued under an exemption, regardless of where the business is licensed.
One practical consequence we observe regularly: a business that registers in the UK for AML purposes but misses the financial-promotion gateway faces enforcement action that is fully independent of its registration status. The two tracks are not bundled.
For custody specifically, MiCA treats it as a discrete CASP activity requiring explicit coverage in the authorisation. The UK's evolving regime is moving in the same direction. Neither jurisdiction presently permits a single entity to offer custody as an ancillary activity without regulatory visibility – a point that catches group structures off-guard when the custody entity sits in a lower-regulation subsidiary.
How Does the Application Process Compare in Practice?
The MiCA CASP authorisation process is conducted before the national competent authority of the chosen member state, with ESMA providing supervisory convergence. The process involves a formal application, a completeness review, and a substantive assessment of governance, capital, policies and key personnel – all within a timeline set by MiCA itself, though member states' practical processing speeds vary. Some NCAs have built dedicated crypto desks; others are still scaling. Pre-application engagement with the NCA is advisable and, in several member states, expected.
The FCA's cryptoasset registration process has historically been demanding in ways that surprised many applicants. The FCA rejected a significant proportion of early applications and required substantial remediation from many others. Processing times stretched well beyond initial guidance in a number of cases. As of the time of writing, the FCA has been vocal about the standard it expects for AML systems, governance documentation and business model disclosure. Applicants who approach the process with a completed application pack – policies finalised, governance mapped and a nominated MLRO in place – fare materially better than those who treat it as exploratory.
In both regimes, the substance of the application is the rate-limiting factor. A well-prepared applicant with the right team and a coherent business model will move faster than one with structural gaps that require iteration.
Cross-border operators face an additional timing layer: a business targeting both EU and UK users typically needs two parallel processes, since UK registration does not substitute for EU CASP authorisation and vice versa. Planning the sequencing – which jurisdiction first, where banking is anchored, how the group structure supports both – materially affects the timeline to full operational readiness.
Substance, Governance and Ongoing Compliance Obligations
Both regimes require genuine substance – a real office, accountable senior management locally present, and operational decision-making that is not a fiction. MiCA articulates this through its governance and organisational requirements for CASPs; the FCA applies equivalent expectations through its approved-persons regime and, increasingly, through scrutiny of operational resilience.
Under MiCA, ongoing compliance obligations include maintenance of own funds at the required level by service category, adherence to client-asset safeguarding rules, complaint handling, conflict-of-interest management and periodic reporting to the NCA. CASPs with significant market presence face heightened scrutiny. ESMA's regulatory technical standards set a detailed floor that NCAs cannot undercut.
In the UK, FCA-registered cryptoasset businesses must satisfy ongoing AML and systems obligations, update the FCA on material changes and comply with the financial-promotion regime. Authorised firms face the full Senior Managers and Certification Regime (SMCR), which creates personal accountability for designated senior managers – a point that some founders discover late in the process.
A common mistake we see: structuring the holding company in one jurisdiction and the operating entity in another, without considering where regulatory substance actually resides. Regulators on both sides have become adept at identifying substance gaps, and a hollow operating entity in a licensed jurisdiction rarely survives supervisory inspection.
AML, the Travel Rule and Cross-Border Compliance Posture
Both the EU and the UK apply the FATF Travel Rule, requiring virtual-asset service providers to obtain, hold and transmit originator and beneficiary information alongside transfers above a defined threshold. The specific threshold and the technical implementation standards differ between the two regimes, and operators running a bifurcated EU/UK business must implement Travel Rule compliance that satisfies both sets of requirements simultaneously – which is not trivial when the counterparty VASP operates under a third regime with its own standards.
Under MiCA's companion Transfer of Funds Regulation as amended, the Travel Rule applies to all crypto-asset transfers regardless of amount, including transfers to unhosted wallets (with specific due-diligence requirements). The UK's implementation has proceeded on a parallel but not identical track. The practical effect for a business operating across both jurisdictions is a dual compliance architecture: policies, procedures and technology that can route transactions through the correct Travel Rule protocol depending on the transfer's jurisdictional footprint.
AML/KYC baseline obligations in both regimes trace to the FATF Recommendations, including Recommendation 15 on virtual assets. However, the supervisory style differs. The FCA has demonstrated a willingness to use public censure and registration withdrawal as AML enforcement tools. EU NCAs are converging toward a similarly muscular posture under the forthcoming EU AML Authority (AMLA) framework, which will bring direct supervisory authority over the largest CASPs.
In our cross-border practice, operators who treat Travel Rule compliance as a one-time implementation project – rather than an ongoing operational discipline – consistently encounter friction at the banking layer: correspondent banks and payment processors increasingly conduct their own Travel Rule due diligence on VASP clients.
If a prior compliance gap has stalled your application or triggered a banking review, a second assessment can identify the structural issue and the path forward. Write to info@oboluslaw.com or message us on Telegram. Map your options
Tax Environment and Banking Access: the Invisible Decision Layer
The licence is the headline. Banking and tax are the infrastructure that determines whether the licensed business can actually operate. Both the EU and the UK offer access to regulated banking, but the quality of that access varies by jurisdiction within each bloc and by the business model of the applicant.
Within the EU, member states differ considerably in banking appetite for crypto businesses. Some NCAs sit in jurisdictions where local banks have developed crypto-specific onboarding processes; others sit in markets where every CASP applicant must bank in a different member state, adding complexity to the group structure. The passporting benefit of MiCA does not automatically extend to banking relationships: a CASP passporting into Germany does not thereby gain a German bank account.
In the UK, the FCA registration provides a regulatory basis, but UK banks have historically been cautious about crypto businesses. The FCA's own guidance and industry engagement have encouraged banks to adopt risk-based rather than category-exclusionary approaches, but the practical reality in our practice is that banking access for UK-registered crypto businesses requires dedicated relationship development, often with e-money institutions or specialist payment firms as a bridge.
Tax treatment of digital-asset businesses varies by entity type and activity across both jurisdictions. In the EU, member states retain tax sovereignty – there is no harmonised corporate tax treatment of crypto-asset businesses under MiCA. In the UK, HMRC's published guidance on cryptoassets provides a framework, but complex activities (staking, lending, synthetic positions) generate open questions that require specific advice. Transfer pricing rules apply to intra-group arrangements in any multi-entity structure, and both EU and UK tax authorities are increasingly attentive to value-chain analyses for crypto groups.
In a recent structuring matter, a token-issuing group sought to centralise its IP and operational functions in an EU member state while servicing UK users through a subsidiary. The licensing, tax and banking analysis had to run concurrently: the CASP authorisation in the chosen member state, the financial-promotion position for the UK-facing entity and the transfer-pricing documentation for the intra-group service arrangement. No single workstream could be finalised without the others.
Decision Matrix: Which Profile Points Where
No blanket verdict applies. The right jurisdiction for a crypto business depends on its operating profile, its user base and its capital position. The following matrix works through four common profiles in prose form.
Profile A – Exchange targeting retail EU users. The EU CASP authorisation is the primary track. Passporting eliminates the need for separate national filings across member states. The key variables are the choice of NCA (based on processing speed, supervisory dialogue and banking access in the member state) and the capital position required for exchange operations. UK registration may be layered on if the business intends to serve UK-resident users, but it does not substitute for EU authorisation.
Profile B – Exchange targeting retail UK users only. FCA registration is necessary. The financial-promotion rules impose obligations from day one of UK-facing marketing. The business should plan for a demanding application process and ensure that its AML framework is fully documented before submission. EU CASP authorisation is not required unless the business intends to expand into the EU – but the structural decision to remain UK-only closes the passporting option and should be made deliberately.
Profile C – Stablecoin issuer targeting both blocs. This profile faces the most complex regulatory path. MiCA's ART or EMT regime applies to EU issuance and, depending on scale, may require ESMA-level engagement in addition to NCA authorisation. The UK's stablecoin issuer regime is under active development; HM Treasury and the FCA have both published consultations, and the framework is not yet fully settled. An issuer targeting both markets should map the regulatory path in both jurisdictions simultaneously and build the legal structure with the flexibility to satisfy both regimes as they finalise.
Profile D – Custodian serving institutional clients across both jurisdictions. Custody is a discrete CASP activity under MiCA, requiring explicit authorisation coverage. In the UK, custody of cryptoassets for clients is a regulated activity under the existing framework for most institutional-grade models. A custodian serving clients in both markets typically needs both authorisations and must manage the asset-segregation and safeguarding obligations of each. The substance requirements for custody – operational infrastructure, insurance, governance – tend to be the most demanding of any single CASP activity category.
A Common Assumption: One Licence Is Enough
A common assumption among early-stage operators is that a single offshore or low-friction registration covers global operations. It does not. Both the EU and the UK apply their regimes based on where services are provided and where clients are located – not merely where the operating entity is incorporated. A Cayman-registered exchange serving EU retail users is, in MiCA terms, providing services into the EU. A BVI entity marketing to UK consumers is subject to the FCA's financial-promotion rules. The licensing obligation follows the service, not the entity's domicile.
The enforcement consequence is not abstract. Both the FCA and EU NCAs have the power to issue public warnings, block access to payment systems and refer matters for criminal prosecution. Banking relationships are typically the first casualty: correspondent banks and payment processors conduct their own licensing checks on VASP clients, and a business without the right authorisation in its key markets will find its banking options contracting before any formal regulator action arrives.
Operators we advise regularly discover this dynamic at the point of a banking review rather than at the point of a regulatory inquiry. By that stage, the remediation timeline is compressed and the options are narrower.
Related at OBOLUS
- Licensing and Registration for Digital-Asset Businesses – how we map the full licence stack across operating, custody and payment layers
- Kazakhstan (AIFC) vs Hong Kong: Where to License a Crypto Business – a head-to-head comparison for operators targeting Asian and Central Asian markets
- Transfer Pricing for Crypto Groups: A Cross-Jurisdiction Comparison – how intra-group arrangements are scrutinised across the leading tax regimes
FAQ
How long does a crypto licence take to obtain?
Timelines vary by jurisdiction and by the completeness of the application at submission. In the EU, MiCA sets a statutory review period for CASP applications, though practical processing times depend on the national competent authority and the complexity of the business model. The FCA's cryptoasset registration process has taken considerably longer than initial estimates in many cases. A well-prepared applicant with documented AML policies, governance and key personnel in place consistently moves faster than one who submits iteratively. In both regimes, pre-application engagement reduces the risk of a stop-the-clock information request.
Which jurisdiction is best for licensing my crypto business?
There is no universal answer. The right jurisdiction depends on where your users are, what services you provide, your capital position and your banking relationships. An exchange targeting EU retail users needs MiCA CASP authorisation. A business serving UK clients needs FCA engagement regardless of where it is incorporated. Many operators need both. We map the licence, banking and tax stack for each client's specific profile before recommending a structure – because the wrong choice at the licensing stage creates compounding problems across banking, tax and regulatory compliance.
Do I need a separate custody licence?
Under MiCA, custody and administration of crypto-assets on behalf of clients is a discrete CASP service that must be explicitly covered by the authorisation – it is not bundled with an exchange or transfer-service authorisation. In the UK, custody of client cryptoassets similarly engages regulatory obligations that are separate from the AML registration track. A group that provides custody through a subsidiary – rather than through the primary licensed entity – must ensure that the subsidiary is itself appropriately authorised. This is one of the most common structural gaps we identify in cross-border group reviews.
OBOLUS is an independent digital-asset law boutique acting only for businesses. We advise exchanges, custodians, token issuers and funds on licensing across 70+ jurisdictions, on disputes and on-chain asset recovery across 25+ forums, and on the tax, banking and compliance that sit around them. We structure licensing, banking and tax as one mandate rather than three disconnected workstreams – mapping the full licence stack across operating, custody and payment layers before our clients commit. Digital assets are the whole of our practice. To discuss your situation, contact info@oboluslaw.com or message us via t.me/oboluslaw. Map your options
By Aisha Tan, Licensing & Jurisdictions Analyst – specialising in cross-border CASP and VASP authorisation strategy across EU, UK and offshore financial centres.
This publication is general information about the law and does not constitute legal advice. It is not a substitute for advice tailored to your circumstances. OBOLUS accepts no liability for action taken or not taken on the basis of this material. For advice on your situation, contact info@oboluslaw.com.