Crypto regulations pick up pace with recent FCA consultations

Cryptoassets are currently subject to limited regulation in the UK, including the anti-money laundering regime and financial promotion rules. Unlike the EU –and other international jurisdictions that have created new regimes to regulate cryptoassets –the UK has opted to expand and tailor existing regulatory frameworks. To facilitate that, the UK government will recognise digital assets as ‘personal property’, offering greater legal certainty and protection to individuals and businesses. Meanwhile, HM Treasury (HMT) published legislation in December 2025, to bring qualifying cryptoassets within the scope of the Financial Services and Markets Act 2000 (FSMA) from October 2027.

The proposed regime is expected to offer stronger customer protection, ultimately building greater trust and confidence in this innovative and growing sector. While the FCA is committed to supporting innovation and growth in the UK, firms wishing to undertake qualifying cryptoasset regulated activities will need to adapt and demonstrate the required standards.

Regulating cryptoasset activities 

The first FCA paper is ‘Regulating cryptoasset activities’ (CP25/40), which builds on DP25/1 and sets out proposed rules and guidance for many of the new cryptoasset activities, introduced through the change in the legislation.

Cryptoasset trading platforms  

Firms that operate a UK cryptoasset trading platform (UK CATP), or that serve UK consumers, must be authorised by the FCA – with some form of UK presence. This presence must be via UK legal entity as either an authorised subsidiary or, in some instances, a branch.  

The FCA is also introducing a range of requirements around data sharing, cross-platform identification and conflict management to prevent market abuse and mitigate the risk of consumer harm.  

Intermediaries

To protect retail customers, intermediaries can only deal, or arrange deals with, cryptoassets admitted to trading on a UK CATP. The FCA is moving forward with a range of general execution and dealing rules (with expanded proposals on disclosures and reporting); conflict management rules to reflect COBS 11.7; and more tailored reporting requirements.  

CATP and intermediaries

Recognising the fragmented nature of the crypto market, the FCA is introducing new transparency requirements to support pricing, with improved record keeping and reporting obligations. This includes public pre- and post-trade information for some firms, with guidance over transaction data reporting.  

Lending and borrowing

The FCA has changed its stance and will allow lending and borrowing to retail clients, with key mitigants in place, including appropriate information to support consumer understanding, and express consent. Firms are not expected to be able to use proprietary tokens for their lending and borrowing services.  

Staking

The FCA has outlined key information that regulated staking firms should share with customers, and key terms for express consent. Further related considerations have more recently been outlined in CP26/4.

Decentralised finance

The above rules will apply to so-called DeFi firms, where there is an identifiable controlling entity. The FCA will consult on indicators of control, and provide guidance for how FSMA-authorised firms can mitigate operational resilience and financial crime risks when working with DeFi firms. Notably, the FCA has reiterated in CP26/4 its intention to categorise cryptoasset firms as ‘enhanced’ under the Senior Manager & Certification Regime (SM&CR).

Admissions, disclosures and market abuse

CP25/41 builds on DP24/4 and looks at two distinct regimes, which collectively aim to improve information when a qualifying cryptoasset is admitted to trading, maintain market integrity, and support effective competition.

Admissions and disclosures regime

Under the proposed admissions and disclosures (A&D) rules, CATPs must carry out due diligence on assets to be admitted to trading, and prevent admission of any cryptoassets that are likely to be detrimental to retail customers. They also need to produce and publish qualifying cryptoasset disclosure documents (QCDD) and supplementary disclosure documents (SDD), with appropriate record keeping.

Market abuse regime for cryptoassets  

Building on the UK Market Abuse Regime (MAR), the FCA will tailor a Market Abuse Regime for Cryptoassets (MARC) to reflect the unique features and complexities of cryptoassets. The regulator notes that it will evolve over time as the market matures.  

Key features of the regime include: disclosure of inside information; clarification of legitimate market practices; preventing market abuse; effective systems and controls; information sharing; and maintaining insider lists.

Prudential regime for crypto firms

The FCA will oversee prudential requirements for solo-regulated crypto firms. As per CP25/15, the FCA is considering an overhaul of its overarching approach to prudential regulations as outlined in CP25/42. It intends to simplify the existing structure with a core sourcebook (COREPRU) and sector-specific sourcebooks. The design will roll-out to cryptoasset firms first, then apply to other sectors (most notably to MiFID investment firms).  

This implies that in the initial stage:

• firms that are purely delivering crypto-related activities, will be subject to COREPRU and CRYPTOPRU
• firms that are ‘hybrid’, for example a MIFIDPRU firm that also delivers crypto-related activities, the MIFIDPRU, COREPRU and CRYPTPRU will apply.

The FCA also plans to introduce a process comparable to the internal capital adequacy and risk assessment (ICARA) for cryptoasset firms, to ensure that there is a comprehensive assessment of the business model, material harm, adequacy of financial resources and wind-down planning.

Key changes from CP25/15

Building on CP25/15, the FCA has highlighted two key changes. The first regards a change in terminology from the internal capital adequacy and risk assessment (ICARA) to the overall risk assessment. The second change asks firms to consider group risk within their overall risk assessment – removing the need for tailored requirements for groups.

CP25/42 also introduces the following:

• Permanent minimum requirements (for remaining activities not covered in CP25/15), with K-factor requirements aligned with traditional finance equivalents (where appropriate).
• Overall risk assessment – to include:
  • a cross-sector requirement in COREPRU covering risks that could cause material harm, own funds threshold, overall risk assessment and how it’s embedding into the business model
  • a sector-specific requirement for CRYPTOPRU covering business model planning and forecasting, stress testing, recovery and wind-down planning and adequacy of financial resources.
• Public disclosure of prudential information via a new, tailored framework to cover risk management, own funds, own funds requirements and group arrangements – disclosures must be easily accessible, easy to understand and consistent.

Next steps 

In a recent update, the FCA has confirmed how the gateway for cryptoasset regulated activities will operate, and has brought together related publications for ease of reference.  

The application window is likely to open in September 2026. In the meantime, the FCA is offering a range of pre-application support options including information sessions and a free pre-application support service (PASS).  

Current approvals for cryptoasset activities (via registration for money laundering regulations, or authorisation under existing Payment Services Regulations and E-money Regulations) won’t automatically convert and firms will need to apply for FCA authorisation, or a variation of permissions, under FSMA 2000. Crypto firms currently using an s.21 approver to support financial promotions will also need FCA authorisation moving forward.  

Existing cryptoasset firms that are unsuccessful in securing FCA authorisation will be subject to the FCA’s run-off transitional provisions to allow for an orderly exit from the UK market.  

To prepare for a successful application for FCA authorisation, key activities for applicable firms include:

• a readiness assessment and gap analysis against the expected regulatory frameworks (including market abuse, personal account (PA) dealing, conflicts, appropriateness considerations and operational structures)  
• review the current legal, governance and management structure to identify any changes to the business model to support successful authorisation
• evaluate existing resource requirements and expertise required, including compliance, risk and operational  specialisms in line with expectations of a fully authorised firm
• prepare and engage with the FCA’s PASS
• assess current compliance standards against existing money laundering and financial promotions regulations, as a baseline for wider regulatory requirements.

For further information contact Paul Staples.