Navigating the FCA’s Latest Crypto Consultation: Key Regulatory Insights for Firms

For the purposes of the RAO, the following definitions apply:

• Qualifying Cryptoassets: Funigible and transferable cryptoassets, including ‘qualifying stablecoins’, but excluding ‘specified investment cryptoassets’ and tokenised E-money.

• Qualifying Stablecoins: Stablecoins referencing fiat currencies and backed by fiat or other assets to maintain a stable value.

• Specified Investment Cryptoassets: Cryptoassets that also meet the definition of a specified investment under the RAO (i.e. Security Tokens). 

Importantly , overseas persons conducting these activities with UK consumers will also fall within the regulatory perimeter. 

FCA Proposals – Key Regulatory Applications

1: High-Level Standards

• Firms will be required to meet Threshold Conditions. These are the minimum conditions a firm is required to satisfy to obtain and retain authorisation.
• The Principles for Businesses will apply proportionately to address specific risks in the crypto sector.  Limited carve-outs will apply for transactions on Cryptoasset Trading Platforms (“CATPs”) albeit CATPs will owe obligations to retail customers who have direct market access to CATPs. Similarly, certain principles will not apply when a firm operates a CATP for professional clients, consistent with trading venues in traditional finance markets. At present, the FCA is also not proposing to apply the Consumer Duty (Principle 12) to any regulated cryptoasset activities and will consult on the application of the Consumer Duty at a later date. 
• General Handbook Provisions (for example use of FCA name, status disclosures, etc.) will extend to cryptoasset firms.
• Firms will be required to comply with relevant provisions of the FCA’s Supervision Manual (“SUP”), including notification and reporting obligations. This will necessitate stablecoin issuers and cryptoasset custodians to appoint auditors to conduct annual audits assessing compliance with the Client Assets Sourcebook (“CASS”), with reports being submitted to the FCA.

2: Senior Management and Governance

• The FCA’s Senior Management Arrangements, Systems and Controls Sourcebook (“SYSC”) and related sourcebooks (e.g. Senior Managers and Certification Regime (“SM&CR”), Fit and Proper and Financial Crime) will apply proportionately. For example, operational resilience rules will be applied in full to all cryptoasset firms given the sector’s reliance on technical infrastructure.
• The SM&CR will apply in full, with most cryptoasset firms expected to fall under the ‘Core’ regime.  
• Firms must designate senior management functions with clear prescribed responsibilities, including oversight of custody and stablecoin reserves). The prescribed responsibility for the firm’s compliance with CASS will only be relevant to stablecoin issuance firms and cryptoasset custodians.
• Robust systems and controls must be in place for compliance, risk management, whistleblowing and conflicts of interest.
• The FCA’s Conduct Rules, which set out expected standards of behaviour for individuals working in financial services, will apply to cryptoasset firms in the same way as they do for other authorised firms. Additionally, cryptoasset firms will be required to follow FCA guidance on Fitness and Propriety when assessing Senior Managers and certified staff, ensuring individuals are competent, honest, and financially sound. 

3: Operational Resilience

• Application of SYSC operational resilience rules, requiring all cryptoasset firms to identify critical business services, plan for disruption, and maintain effective systems and controls to prevent, adapt, respond to, recover and learn from operational incidents and disruptions.
• All cryptoasset firms will need to demonstrate a clear understanding of the people, processes, technology, facilities and information necessary to deliver each important business service. This includes mapping dependencies and testing within defined impact tolerances.
• Strong cyber resilience measures must be implemented to protect consumers against the threat of cyber-attacks, aligned with internationally recognised risk management standards. 

4: Business Conduct Standards

• Cryptoasset firms will be expected to treat customers fairly, communicate in a clear and not misleading way, and effectively manage conflicts of interest.
• Firms will be subject to audit, record-keeping, and compliance oversight obligations.
• The Environment, Social and Governance Sourcebook will apply to cryptoasset firms as it does to all FSMA-authorised firms. Notably, the FCA does not propose introducing cryptoasset-specific climate or sustainability disclosure requirements at this stage. 

5: Expansion of “Designated Investment Business” (DIB)

• The FCA proposes to expand the definition of Designated Investment Business to include cryptoasset activities.
• This would bring cryptoasset firms within scope of existing rules applicable to investment businesses, including client asset protections under CASS and potentially Conduct of Business Sourcebook (“COBS”) requirements.

6: Supervision and Enforcement

• Firms will be subject to ongoing supervision and must promptly notify the FCA of material events.
• Audit requirements will extend to key areas such as safeguarding of custody assets.
• The FCA intends to adopt a proportionate supervisory approach with more intensive oversight for firms deemed higher risk.

Areas for Further Consultation

The FCA is seeking stakeholder views on several key issues, including:

• whether and how the Consumer Duty should apply to cryptoasset firms;
• the scope of COBS and Product Governance (PROD) rules;
• access to the Financial Ombudsman Service for cryptoasset-related disputes; and
• thresholds for categorising cryptoasset firms under the Enhanced SM&CR regime.

What This Means For Crypto Firms

• Authorisation will be mandatory: firms engaging in qualifying cryptoasset custody, exchange, intermediation, staking, or stablecoin issuance must be authorised under FSMA.
• Governance expectations will rise: senior managers must be clearly accountable and meet fitness and propriety requirements.
• Client protections will strengthen: application of CASS and DIB rules will have significant operational and compliance implications.
• Operational resilience will be tested: firms must demonstrate robust systems and risk management capabilities.

Next steps

• The consultation closes on 12 November 2025.
• The FCA intends to finalise rules in 2026, aligned with the commencement of the statutory cryptoasset regime.
• Firms should begin assessing governance, systems, and client asset frameworks now, in anticipation of full authorisation requirements.

How Freeths can help

Freeths’ Financial Services team advises cryptoasset firms, exchanges, custodians, and fintech businesses on regulatory change, compliance, and structuring. We can assist you in:

• Preparing for FCA authorisation under FSMA.
• Mapping existing operations to FCA Handbook requirements.
• Designing governance and SM&CR frameworks.
• Advising on custody, consumer duty, and product governance obligations.

Footnotes

1: S417 of the Financial Services and Markets Act 2000