Authorise or Exit: The FCA’s Crypto Regime is almost here – are you ready?
Introduction
The UK’s long awaited cryptoasset regulatory regime is no longer a distant prospect, it will go live on 25 October 2027. The Financial Conduct Authority (FCA) is moving the sector from its current, narrow anti-money laundering and financial promotion focus to a more comprehensive and proportionate regulatory framework. This shift is anchored in the principle of same risk, same regulatory outcome, aligning cryptoasset with traditional securities regulation while accounting for unique, on-chain risks.
With the implementation date now confirmed, the FCA has accelerated its work to translate the statutory framework into practical, day-to-day rules for cryptoasset firms that will soon fall within the FCA’s regulatory perimeter. Most recently, it has published a series of consultation papers setting out how those firms will be expected to operate once the new regime takes effect.
In our previous article, Navigating the FCA’s latest crypto consultation: Key regulatory insights for firms, we outlined the new regulated activities introduced by HM Treasury (HMT) for cryptoasset firms and summarised the FCA’s proposals in CP25/25 for applying cross-cutting Handbook rules to this sector. This latest wave of consultations represents the next phase of the UK’s regulatory build out, moving from high-level perimeter design to the detailed requirements that firms will need to comply with from October 2027.
In this article, we summarise the key elements of this next stage of policy development and highlight the practical steps firms should now be taking.
Key contacts
Sushil Kuner
Partner & Head of Financial Services Regulation
The crypto roadmap: Where we are now
In recent months, the FCA has shifted decisively from conceptual policy design to the practical mechanics of supervision. Following CP25/25, the regulator has now published a coordinated suite of consultation papers that define how cryptoassets firms will actually conduct business, manage market integrity and meet prudential expectations under the new regime. These consultations form the regulatory backbone of the new framework and set out core behavioural, structural and financial obligations that will apply to firms entering the FCA perimeter. What follows is an overview of the FCA’s recent proposals – and what firms should be preparing for.
CP25/40: Regulating cryptoasset activities
This consultation marks a major shift; it embeds crypto activity firmly within a conduct regime analogous to traditional financial markets. It sets detailed conduct rules for the core market roles: Cryptoasset Trading Platforms (CATPs) (i.e. exchanges), intermediaries (dealing/arranging), staking and elements of lending/borrowing and DeFi. The FCA’s direction is principles-led but more prescriptive where retail protection or market integrity demands it. Expect material operational uplift around execution quality, transparency and client reporting.
The FCA’s proposals for each area are detailed and prescriptive, but set out below are highlights of key proposals.
UK retail = UK nexus: Platforms serving UK consumers are expected to operate through a UK-authorised presence (with a branch model for global groups under development alongside location guidance laid out in CP26/4 (see later)). While firms would have a degree of choice on the form of their UK presence, the FCA considers that UK retail customers should always have a direct relationship with a UK legal entity.
Fair platform access and non-discriminatory rules for order execution: UK CATP operators will be required to define and implement non-discriminatory rules and procedures for platform access and operation.
Systems and controls: Operators will need to ensure adequate, effective and appropriate systems and controls for the scale and nature of the business transacted on the platform, with a particular focus on operational resilience.
Neutral-venue model: CATPs must function similarly to Multilateral Trading Facilities (MTFs), with robust conflict controls where the venue or affiliates deal on their own account, and set/disclose algorithmic-trading rules and surveillance appropriate to crypto market dynamics. CATPs will likely be prohibited from charging spreads where they act as a matched principal.
Strong gatekeeper role: The FCA has made clear the effective functioning of the Market Abuse Regime for Cryptoassets (MARC) depends on CATPs acting as strong gatekeepers (see further below).
Issuer/house-token conflicts: Rather than outright bans, the FCA leads on disclosure and governance to manage token listings where platforms have interests, with Admissions & Disclosures (A&D) and MARC duties picking up ongoing transparency.
Cryptoasset ‘intermediaries’ refers to any person dealing in qualifying cryptoassets as principal or agent and arranging deals in qualifying cryptoassets.
Best execution: Firms must take all sufficient steps to obtain the best possible results for their clients when executing orders for them in crypto. This duty applies wherever the firm owes contractual or agency obligations to the client when executing orders. Firms must consider execution factors including price, costs, speed, likelihood of execution and settlement, size and nature of the order. Best execution will be owed by default whenever a firm serves retail clients and for orders in respect of retail, the best possible result for the client must be determined in terms of the total consideration including the price of the cryptoasset and the costs involved in execution. Costs will include expenses incurred by the client which are directly linked to the execution of the order including venue fees, gas fees, settlement fees and any other fees paid to third parties involved.
Venue expectations for UK retail: The FCA signals a strict territorial approach to curb regulatory arbitrage. Firms serving UK retail or elective professional clients should expect to route flow to UK-authorised venues, subject to targeted exemptions/transitional arrangements as consulted.
Admissions pre-condition: Intermediaries buying or selling a cryptoasset from/to a UK retail client, or arranging deals with retail clients, should ensure those assets are admitted on a UK CATP with a Qualifying Cryptoasset Disclosure Document (QCDD) under the A&D regime, or withdraw them from retail access.
Proportionate pre-trade transparency: For UK CATP operators and intermediaries dealing as principal, subject to some exceptions, there will be pre-trade transparency obligations to the market only for firms above a revenue threshold of £10 million per annum.
Post-trade transparency obligations: Will apply to all UK CATP operators and intermediaries dealing as principal. They should make available, as close to real time as technically possible and in any case within one minute of execution, information about the transactions concluded by them.
Record keeping: Minimum five year record keeping of client orders and transactions.
Fast client confirms: Unless clients opt out, UK CATP operators and intermediaries should report to their immediate clients on the execution of their orders promptly and by the end of the day (T+0) when the order was executed or the information received at the latest.
Staking is where cryptoassets are used and locked for proof-of-stake blockchain validation. Participants typically ‘stake’ a given amount of their cryptoassets for a period of time in exchange for financial rewards.
Disclosures: Firms conducting the new regulated activity of arranging staking will be required to give retail clients plain-language information about the firm, its staking service and associated risks each time a client wishes to stake cryptoassets.
Informed consent and resilience: Retail staking requires plain-language, per-event disclosures and explicit consent to key terms, plus alignment with the FCA’s existing operational resilience standards (governance, outsourcing, incident response) for traditional financial services.
Safeguarding: Regulated staking firms subject to safeguarding requirements.
The same rules that apply to Intermediaries will apply to cryptoasset L&B businesses who will likely be conducting the new regulated activities of dealing in qualifying cryptoassets as agent or principal and/or arranging deals in qualifying cryptoassets.
Cryptoasset lending is the disposal of a qualifying cryptoasset from a person to or via a qualifying cryptoasset firm subject to an obligation or right to reacquire the same or equivalent qualifying cryptoasset from the qualifying cryptoasset firm, typically with compensation paid by the qualifying cryptoasset firm in the form of yield.
Cryptoasset borrowing is the disposal of a qualifying cryptoasset from or via a qualifying cryptoasset firm to a person, subject to an obligation or right to reacquire the same or equivalent qualifying cryptoasset from the person which may include the provision of qualifying cryptoasset borrowing collateral and/or payment of interest from the person to the qualifying cryptoasset firm.
Retail access permitted with strict safeguards: The FCA has proposed that cryptoasset L&B pose significant consumer harm risks and may be restricted for retail clients. Where such services are permitted, strict safeguards will need to be put in place, including clear, per-transaction disclosures/consent and strengthened appropriateness checks.
Ban on use of proprietary tokens: Firms are banned from using proprietary tokens in connection with their L&B services due to heightened risks of conflicts of interest and price manipulation. This would prohibit the use of proprietary tokens as cryptoassets being lent or borrowed by retail clients, as collateral provided by retail clients for cryptoasset borrowing, to pay yield to retail clients, or offering more favourable yield or interest rates to retail clients who hold or own proprietary tokens.
Over-collateralised positions for retail: Where L&B services are permitted for retail clients, the FCA proposes stringent safeguards, including full over collateralisation, conservative valuation, margining and limits on the use of client collateral.
Consumer credit considerations: Persons undertaking both regulated credit and/or debt activities and providing regulated L&B services must ensure they are appropriately authorised and comply with the Consumer Credit Act 1974 as well as FCA rules applying to consumer credit-related regulated activities.
Same risk, same regulatory outcome: Where an identifiable controlling entity exists, centralised-like obligations apply; truly decentralised arrangements without a controlling person stay outside scope, pending further FCA guidance on how ‘degrees of decentralisation’ are assessed.
CP25/41: A&D and MARC
Under the proposals, the A&D regime will apply to public offers of qualifying cryptoassets in the UK and to the admission (and proposed admission) of qualifying cryptoassets to trading on CATPs, including platforms that permit retail participation. The regime applies to a range of designated activities, including: offering a qualifying cryptoasset to the public; disclosing, other than in an advertisement, information relating to such offers (including for qualifying stablecoins); requesting or obtaining admission of a qualifying cryptoasset to trading on a CATP; disclosing information relating to an admission or proposed admission; and admitting a qualifying cryptoasset to trading on a CATP.
MARC will incorporate core elements of the UK Market Abuse Regulation (MAR), adapted to the specific characteristics of cryptoasset markets. MARC will apply to insider dealing (including the unlawful use of inside information) and market manipulation in relation to qualifying cryptoassets.
Public offers of qualifying cryptoassets would be prohibited unless the offer is: (i) tied to admission to a UK-authorised CATP; (ii) for a token already admitted; or (iii) a UK-issued qualifying stablecoin. Where retail clients can access an asset, admission must be supported by a QCDD (except in a limited range of circumstances) that meets a material-information baseline and gives investors a concise key-information summary. Supplementary Disclosure Documents (SDDs) will be required if material facts change before trading. If a platform cannot verify certain technical characteristics or developer details, it must publish a summary warning of these unverified elements. A statutory liability/compensation route would apply to untrue or misleading disclosures. QCDDs are point-in-time documents; ongoing news will be handled through MARC’s inside-information rules.
Platforms must set risk-based, objective listing criteria, perform and retain due diligence records and keep robust admissions documentation for regulatory inspection. Transitional arrangements are envisaged to help firms stand up these processes.
Purchasers in public cryptoasset offers would benefit from enhanced consumer protections, including withdrawal rights (for example, a short cooling off period following provision of an SDD). For public offers and admissions to trading, the FCA proposes a bespoke A&D regime designed to deliver Consumer Duty equivalent outcomes, rather than applying the Consumer Duty directly. An exception applies where a qualifying stablecoin is issued by a UK authorised firm to retail customers, in which case the Consumer Duty would continue to apply to the issuer’s disclosures.
To avoid duplication, most A&D mechanics apply to qualifying cryptoassets other than UK-issued qualifying stablecoins, which follow issuer-specific Handbook rules; by contrast, MARC would apply in a similar way to both qualifying cryptoassets and qualifying stablecoins.
Once a token is admitted or applying for admission to a CATP, MARC would (i) prohibit insider dealing, unlawful disclosure and manipulation; (ii) require timely public disclosure of inside information; and (iii) mandate insider lists. Calibrations for crypto include: routing suspicious-activity reports to CATPs (with safe harbour for good-faith reporters) rather than directly to the FCA; broadening disclosure duties to offerors and CATPs (limited to information that directly concerns them); and no PDMR1-style dealing disclosure requirement. The FCA also outlines examples of legitimate market practices (e.g. certain coin-burns and market-making activities) where conditions are met and disclosures are appropriate.
1: *Persons Discharging Managerial Responsibilities
CP25/42: A prudential framework for crypto firms
The FCA proposes a two-layer prudential regime modelled on the Investment Firms Prudential Regime (IFPR) a cross-cutting COREPRU rulebook plus a sector-specific CRYPTOPRU for cryptoasset firms (e.g. CATPs, dealers, arrangers, stakers). Together, they set capital, liquidity, governance, wind-down planning and disclosure requirements calibrated to cryptoasset firms business models.
A firm’s minimum capital would be the highest of:
- the Permanent Minimum Requirement (PMR) (graduated by activity); or
- the Fixed Overhead Requirement (FOR), being one quarter of the previous year’s fixed expenditure; or
- a set of K-factors that scale with business volumes (e.g. client orders, trading flow and staked assets/positions).
Beyond the formulaic OFR, firms must always maintain resources adequate in amount and quality for their risks and orderly wind-down (OFAR). Supervisory assessment pivots on the own-funds threshold requirement (OFTR) and the liquid-asset threshold requirement (LATR), both informed by the firm’s Overall Risk Assessment (ORA) and potentially set above minima where the firm's risk profile or business model warrants it.
All firms must meet a Basic Liquid Asset Requirement (BLAR), typically one third of FOR held in core liquid assets such as cash or UK gilts. Stablecoin issuers and custodians face an additional LATR which applies on top of the BLAR, reflecting redemption and safeguarding risks.
The proposals hard-wire IFPR-style expectations: a documented ORA covering business model, concentration and operational/technology risks, wind-down planning sized to an orderly exit; and governance systems to evidence continuous compliance.
The FCA has limited appetite for broad transitional relief, emphasising early readiness and the primacy of OFAR/ORA over mere formula compliance. Firms should plan on meeting steady-state standards of authorisation.
Prudential Resourcing is often the most demanding part of an application and firms must demonstrate they have modelled their K-factor projections based on realistic business plans, evidence FOR calculations, pre-position BLAR-eligible assets and use the ORA to justify (or anticipate) capital/liquidity above minima, especially for CATPs with on-chain operational risk and for issuers/custodians with redemption rights and safeguarding risk.
A note on stablecoins
The regime for stablecoins is distinct and the FCA proposals for issuing qualifying stablecoins and custody are outlined in CP25/14; with venue/intermediary touchpoints picked up in CP25/40 and admissions/ongoing disclosure handled through CP25/41 (A&D/MARC). In brief, issuers may issue directly to retail under the stablecoin proposals and must meet issuer-specific backing, redemption and disclosure standards set out in CP25/14, while CATPs can rely on issuer QCDDs (e.g. by linking) when admitting such assets, subject to their gatekeeper duties.
On consumer protection, CP26/4 proposes applying the Consumer Duty to cryptoasset firms generally, with carve-outs for CATP participant-to-participant trading and designated A&D activities except where UK-issued qualifying stablecoins are involved in retail business (the Duty would still apply – see below).
CP26/4: The day one requirements
The FCA’s latest consultation (CP26/4) sets out how cross-cutting Handbook rules will apply to cryptoasset firms from day one of the new regime. It covers consumer protection, complaints and redress, conduct standards, credit for crypto purchases, Senior Managers and Certification Regime (SM&CR) tiering, training and competence, regulatory reporting, and the safeguarding framework.
The FCA proposes applying the Consumer Duty (Principle 12 and PRIN 2A) to all cryptoasset firms in line with other FSMA-authorised firms, supported by non-Handbook guidance tailored to crypto activities. The FCA also signals that the Product Intervention and Product Governance sourcebook (PROD) would not apply; instead, Duty outcomes (e.g. products and services, price and value) would deliver equivalent protections on target market identification and product design. The Duty would not apply to trading between participants on a UK authorised CATP (mirroring MTFs), but it would continue to apply to retail business involving UK-issued qualifying stablecoins, including designated public offers and admissions. The FCA plans to consult in early 2026 on territorial scope refinements to exclude non-UK business.
The FCA proposes to apply requirements in chapter 1 of the Dispute Resolution: Complaints Sourcebook (DISP) to the new regulated cryptoasset activities (free of charge complaint handling; a named senior individual; three-year record keeping). It also proposes a phased complaints reporting approach via chapter 16 of the Supervision Manual (SUP) (aggregate counts of received and upheld complaints initially, rather than full DISP reporting returns). Access to the Financial Ombudsman Service (FOS) would extend to crypto complaints arising from a UK establishment; the FOS does not currently intend to extend its voluntary jurisdiction to pre-regulation acts or firms based in the EEA or Gibraltar. Crucially, the FCA does not propose to extend Financial Services Compensation Scheme (FSCS) protection to new regulated cryptoasset activities. This means customers will not be eligible for FSCS compensation for investment losses. The regulator acknowledges this creates inconsistencies, as a claim for safeguarding a traditional share would be covered by the FSCS, but a claim for its tokenised equivalent, a specified investment cryptoasset (SIC), on a blockchain would not.
The FCA proposes to expand the definition of “designated investment business” to include cryptoasset regulated activities, brining firms into scope of COBS with targeted calibrations:
- COBS 4 (financial promotions): UK-issued qualifying stablecoins will be reclassified so promotions are not treated as Restricted Mass Market Investments. This means that the financial promotion rules for high risk investments, such as the 24-hour cooling-off period, will not apply. However, promotions for non-UK stablecoins must include additional risk warnings
- COBS 6 & 8 (information to clients/conflicts): Trust-based safeguarding cryptoassets requires plain language disclosures on trust structures, shortfall allocation, the firm’s access and security arrangements, and the use of third parties
- COBS 10 (appropriateness): The FCA is upgrading appropriateness assessment requirements from guidance to a rule, with firms covering at least the 12 knowledge areas set out in COBS 10 Annex 4G and performing product-specific checks for L&B
- COBS 15 (cancellation rights): The FCA proposes to disapply distance-contract cancellation rights where immediate on-chain execution makes such rights impracticable for services like staking and safeguarding
- COBS 16 (reporting/statements): Safeguarding firms must offer an online system with up-to-date client asset statements (by quantity per asset)
The FCA does not propose an outright restriction on credit card or Electronic Money Institution credit used to buy crypto, citing existing creditworthiness rules and the role of the Consumer Duty in mitigating harms; it emphasises informed decision-making by consumers.
The consultation proposes rules on how retail collateral must be held and protected in borrowing arrangements – covering segregation, restrictions on reuse, clear disclosures, and alignment with the Consumer Duty and safeguarding standards, so customers understand how their posted crypto (or cash) can be used and returned.
CP26/4 consults on thresholds for classifying crypto firms as Enhanced under the SM&CR, scaling accountability to potential impact (e.g. large stablecoin issuers and large custodians by reference to backing-asset size and assets held in trust/safe custody). The current proposed thresholds for Enhanced firms are as follows:
- Stablecoin issuance firms: Total value of the backing asset pool exceeds £65 billion (calculated as a three-year rolling average)
- Cryptoasset custodians: The sum of client cryptoassets held on trust plus any safe custody assets exceeds £100 billion in any given month (initially based on projections for new applicants)
The Training and Competence Sourcebook would apply to retail-facing activities (e.g. dealing, safeguarding, staking). While the FCA is not yet proposing mandatory qualification requirements because the professional training market is still developing, firms must still ensure employees have appropriate skills and expertise.
The FCA proposes an iterative reporting build-out:
- Existing returns: All qualifying cryptoasset firms will be required to submit established returns from Day One (e.g. Annual Controllers Report, Annual Close Links Report, Reports and Accounts, Financial Crime Report, and the Baseline Financial Resilience Report)
- Operational resilience reporting: Firms must also comply with proposed reporting rules for material outsourcing and non-outsourcing third-party arrangements
- New baseline crypto returns: Core new returns will focus on customer bases, activity volumes/values, stablecoin mint/redemption and backing composition, and total complaints received/upheld. These will be quarterly returns, save for safeguarding which will be monthly
- Prudential reporting: Firms will be required to submit prudential returns covering income statements, balance sheets and (where applicable) K-Factor values
CP26/4 proposes applying amended rules from chapter 17 of the Client Assets Sourcebook (CASS) to both qualifying cryptoassets and SICs, replacing CASS 6 for on-chain custody to address private-key reconciliation risks. Drafts also contemplate a tightly controlled operational float for CATP settlement (with informed client consent and risk disclosures), and allow firms to hold an operational surplus in client trusts (e.g. to meet minimum staking denominations) only where the firm’s claim is subordinated to client claims. Expect explicit key-management controls (daily access-record reviews; lifecycle management of cryptographic keys).
Further consultation
Areas flagged for continued engagement include: (i) the territorial scope of the Consumer Duty (potential exclusion for non-UK customers); (ii) whether to introduce mandatory professional qualifications once the training market matures; (iii) the extent of custody exemptions for SICs; and (iv) potential reuse/securities-financial permissions for SICs/qualifying cryptoassets – if so, how current custody rules should adapt.
The authorisation gateway
The regime is expected to commence on 25 October 2027. All in-scope firms, whether currently registered under the Money Laundering Regulations (MLRs), already FSMA-authorised (for other activities) and authorised payment institutions, or new entrants, will need to obtain Part 4A authorisation or apply for a variation of permission for the new cryptoasset activities; there is no automatic grandfathering. There will be no appointed representative regime for regulated cryptoasset activities.
Key dates
- July 2026: Launch of the Pre-application Screening Service (PASS). While optional, PASS allows firms to test their readiness and introduce their business models to the regulator
- 30 September 2026 – 28 February 2027: Application window (“gateway”) open. Applications will be assessed in order of receipt; the FCA aims to determine in-window applications before commencement of the regime
- 28 February 2027: The application period finishes. After this date applications for authorisation or variation of permissions may still be submitted but the FCA will not endeavour to determine them before the regime commences
- 25 October 2027: New regime takes effect. The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 and corresponding FCA rules are expected to come into force on this date
Regulatory expectations
The FCA encourages early, well-prepared submissions, including a credible business plan, clear operating model, governance and systems evidence and has indicated a pragmatic approach for start-ups, acknowledging that not every operational aspect will be in place at the time of application. Shell applications will be rejected.
Saving vs Transitional Provisions (critical for incumbents)
Saving provision: Firms that apply within the application window and their application is under review at go-live, may continue serving customers, including new business, until the FCA decides.
Transitional provision: Firms that apply after the window closes may generally serve existing customers only until determination (no new business).
No application/refused: Firms must run off UK cryptoasset activities before commencement of the regime to avoid breaching the UK Financial Services perimeter.
What’s next and what firms should do now
The FCA’s first wave of crypto consultations (including CP25/40, CP25/41 and CP25/42) has closed and the FCA is now feeding into policy statements due in 2026. CP26/4 is in train, with the FCA signalling additional guidance and follow-on consultations as the regime is finalised. The regulator continues to encourage stakeholder engagement (including webinars and roundtables) to shape final rules ahead of the authorisation gateway.
In parallel, Parliamentary and wider policy scrutiny of stablecoins is ongoing, with committees and authorities exploring whether the emerging FCA/Bank of England frameworks are proportionate and effective. Firms should expect further calibration, rather than assume the current proposals are the endpoint.
Practical actions to progress now
- Map the perimeter: identify which new regulated cryptoasset activities your business will carry on and where you need permissions
- Plan prudentially: model own-funds (PMR/FOR/K-factors) and liquidity (BLAR) and start your ORA/Wind-down analysis
- Update promotions strategy: align with the crypto promotions framework and prepare for in-house approval capability where needed. Firms will need specific permission to approve their own cryptoasset related promotions and can no longer rely on third-party approvers
- Build market-integrity readiness: design A&D and MARC workflows and standards, particularly focusing on on-chain surveillance if you are a larger platform
- Prepare for authorisation: use the PASS from July 2026 and target an early submission in the gateway window. This includes drafting a credible business plan and identifying senior managers who will meet the fit and proper test for the SM&CR
- Establish a Consumer Duty implementation programme: map customer journeys against the Duty's four outcomes (noting CATP trading/A&D carve-outs and the approach to UK-issued stablecoins)
- Embed DISP capabilities: implement free-of-charge complaint handling, assign senior oversight and prepare for phased reporting via SUP 16
- Make safeguarding CASS-ready: update trust documentation, shortfall-allocation language and key-management controls consistent with CASS 17 protocols. Ensure disclosures are in plain-language
- Upgrade data & reporting: ensure systems can produce crypto-specific baseline metrics for SUP 16 (e.g. stablecoin mint/redemption and backing composition, activity volumes/values, complaints)
How we can help
Freeths’ Financial Services team advises cryptoasset, FinTech and payment service firms on regulatory change, compliance and structuring.
We can assist you in:
- FCA authorisation/variation of permission strategy and submissions
- Perimeter mapping and handbook application
- Governance and SM&CR frameworks
- Custody, consumer duty and product governance obligations
If your business may be impacted by the new rules, or you would like to discuss any aspect of the new requirements, feel free to reach out direct to Sushil Kuner, Partner and Head of Financial Services Regulation, or Josh Bates, Managing Associate.
The content of this page is a summary of the law in force at the date of publication and is not exhaustive, nor does it contain definitive advice. Specialist legal advice should be sought in relation to any queries that may arise.
Contact us today
Whatever your legal needs, our wide ranging expertise is here to support you and your business, so let’s start your legal journey today and get you in touch with the right lawyer to get you started.
Get in touch
For general enquiries, please complete this form and we will direct your message to the most appropriate person.