Cryptoasset Regulation in the UK: a Changing World
 

The Existing UK Regime

 

This section decribes how cryptoassets are currently regulated in the UK. 

​

Regulated Products

 

Certain digital tokens are already within the regulatory perimeter in the UK:

​

• Security tokens: certain security tokens may amount to a ‘specified investment’ under the Regulated Activities Order (RAO), excluding e-money. These may provide rights such as ownership, repayment of a specific sum of money, or entitlement to a share in future profits. They may also be transferable securities or other financial instruments under MiFID II. These tokens are likely to be inside the FCA’s regulatory perimeter.

• E-money tokens: These are tokens that meet the definition of e-money under the Electronic Money Regulations (EMRs). These tokens fall within regulation.

 

Investment products such as derivatives contracts that reference cryptoassets are likely to be within the regulatory perimeter. The FCA considers these products to be unsuitable for retail investors.

 

Unregulated Tokens

 

Any tokens that are not security tokens or e-money tokens are unregulated tokens – i.e. they fall outside the regulatory perimter. This category includes utility tokens which can be redeemed for access to a specific product or service that is typically provided using a DLT platform.

​

The category also includes tokens such as Bitcoin, Etherium, Litecoin and equivalents, which are often referred to as ‘cryptocurrencies’, ‘cryptocoins’ or ‘payment tokens’. These tokens are sometimes called ‘exchange tokens’ in regulatory jargon, as they are used as a means of exchange or for investment.

​

MLRs

​

Additionally, cryptoasset businesses need to be registered with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), and comply with the requirements of the MLRs, if they intend to provide certain cryptoasset services by way of business, and if this service will be in the course of business carried on by them in the United Kingdom. The types of service which are within scope of the MLRs include:

​

• Cryptoasset exchange provider, including cryptoasset automated teller machine (ATM), peer to peer providers, issuing new cryptoassets, e.g initial coin offering (ICO) or initial exchange offerings; and

• Custodian wallet provider.

 

Providers of these services need to be registered with the FCA before they start. The key consequences of registration include the following:

​

• Requirements to notify the FCA of a change of control;

• Supervisory requirements, including for the firm to show it has policies, controls and procedures to manage money laundering and terrorist financing risks proportionate to the size and nature of its business;

• Certain disclosure requirements (i.e. that the cryptoasset service is not subject to the scope of the UK Financial Ombudsman or the FSCS); and

• Reporting requirements - all registered cryptoasset businesses must submit a REP-CRIM return on an annual basis to the FCA.

 

Financial Promotions

 

All cryptoasset firms marketing to UK consumers, including firms based overseas, have had to comply with the UK financial promotions regime since 8 October 2023. The definition of a ‘financial promotion’ is broad, and covers inducements and invitations. It applies to a wide range of communications made by a firm including its website, mobile apps, social media posts and online advertising. Invitations include any communications where there is an element of persuasion or request. Inducements will include giving bonus crypto-assets as a reward for opening an account or investing a certain amount, and other bonuses such as “refer a friend”.

​

There are four routes to lawfully communicate a cryptoasset financial promotion to consumers in the UK:

​

1. The promotion is communicated by an FCA authorised person.

2. The promotion is made by an unauthorised person but approved by an FCA authorised person.

3. The promotion is communicated by a cryptoasset business registered with the FCA under the MLRs.

4. The promotion otherwise complies with the conditions of an exemption in the Financial Promotion Order.

 

The FCA has published a guidance document regarding how to comply with the financial promotion rules for cryptoassets  – see FG23/3.

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

The New Regime

 

This section decribes all the recent proposals from the UK government and FCA regarding how the regulation of cryptoassets in the UK will change. 

​

Regulatory Roadmap

​

In November 2024, the FCA published a “roadmap” setting out certain key milestones on the journey towards a full-scope UK regulatory framework for cryptoassets. These milestones including the publication of consultations on stablecoins, custody and prudential requirements, which have now been published, and are covered in more detail below. The FCA expects to consult on rules relating to trading platforms, intermediation, lending and staking and on outstanding elements of the Prudential Sourcebook later in 2025 or early next year, with the regime expected to go-live during 2026.

​

The key elements of the new regime are set out below. This page will be updated as developments progress.

​

FCA Discussion Paper on Cryptoasset Admissions, Disclosures, and Market Abuse

 

On 16 December 2024, the FCA published Discussion Paper DP24/4, seeking input on proposed regimes for cryptoasset admissions, disclosures, and market abuse. The feedback period closed on 14 March 2025. A formal consultation on the proposed rules is expected in Q3 2025.

​

The FCA’s proposals align with the government’s intention to regulate cryptoasset markets more comprehensively, moving beyond anti-money laundering and promotions oversight (see “The Existing Regime” above). The Discussion Paper focuses on spot cryptoassets like Bitcoin and stablecoins, excluding tokenised financial instruments already regulated under existing law.

​

The paper draws on global standards, including IOSCO’s 2023 recommendations, and marks a shift away from the government's earlier “phased” approach to crypto legislation.

​

The Discussion Paper covers three main areas:

​

1) Admissions & Disclosures Regime

 

Key Proposals:

​

• Admission Documents: Entities applying to list a cryptoasset must prepare disclosure documents; CATPs (crypto trading platforms) must conduct due diligence and publish summaries

• Disclosure Requirements: Detailed information would be required, including governance, risk, underlying technology, and sustainability impacts

• Standardisation: The FCA suggests industry-led standards to ensure consistency across CATPs

• Liability: Disclosure accuracy would be subject to the FSMA 2000 negligence standard; forward-looking statements would receive reduced liability under specific conditions

• Due Diligence: CATPs must verify the legitimacy of issuers and technology, including any third-party audits

• Admission Criteria: CATPs should reject listings where significant consumer harm is likely and disclose rejection criteria publicly

• Filing: Accepted listings must be recorded in the National Storage Mechanism (NSM)

 

2) Market Abuse Regime for Cryptoassets (MARC)

 

Scope:

 

Modeled after the UK’s Market Abuse Regulation (MAR), MARC would apply to regulated cryptoasset trading venues and cover:

​

• Insider trading

• Market manipulation

• Unlawful information disclosure

 

Issuer Obligations:

 

Disclosure of inside information would typically fall on the issuer, unless no issuer exists—in which case, responsibility may shift to the applicant or the CATP.

 

Dissemination:

 

The FCA seeks views on possible methods to share inside information:

• Industry-led “crypto PIPs” (Primary Information Providers)

• Use of existing PIPs

• Website and social media publication

 

3) Additional Regulatory Measures

 

Safe Harbours:

 

The FCA proposes tailored exemptions for legitimate activities (e.g., coin burning), provided they support market integrity and minimize harm.

 

Systems & Controls:

 

Firms must implement measures to monitor and prevent abuse, including:

​

• On-chain transaction monitoring

• Insider lists

• PDMR (manager) transaction tracking

 

Unlike traditional markets, CATPs—not the FCA—would handle suspicious transaction reporting and internal enforcement.

Cross-Platform Cooperation:

 

The FCA supports industry-led solutions to share abuse-related data across CATPs and welcomes input on governance models and RegTech tools to support this.

​

Regulatory Regime for Cryptoassets – HMT Draft Statutory Instrument

​

In April 2025, the UK Treasury (HMT) published the “Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025” (the Draft SI). The Draft SI amends the UK Regulated Activities Order to introduce new specified activities for qualifying cryptoassets which would bring the following activities within the regulatory perimeter in the UK for the first time:

​

1. Stablecoin issuance: the issuance of a qualifying stablecoin in the UK

2. Trading platforms: operating a qualifying cryptoasset trading platform

3. Dealing as principal: dealing in qualifying cryptoassets as principal

4. Dealing as agent: dealing in qualifying cryptoassets as agent

5. Investment intermediary: arranging deals in qualifying cryptoassets

6. Safeguarding (custody) services: safeguarding qualifying cryptoassets and relevant specified investment cryptoassets

 

One question which has attracted commentary in relation to the Draft SI is the question of territorial scope. Most cryptoassets are not issued in the UK, but overseas. The regulated activity must be carried out in the UK in order to engage UK regulation. The Draft SI makes amendments to the relevant part of the Financial Services & Markets Act 2000 in order to set the territorial boundaries for particular activities:

​

• For activity 1 (stablecoin issuance), firms will be required to be authorised if they are issuing qualifying stablecoin from an establishment in the UK;

• For activities 2 – 5, firms that are dealing directly or indirectly with a UK consumer will need to be authorised in the UK regardless of whether the firm is based in the UK or overseas. Where a firm is serving only institutional customers, they will not need to be authorised; and

• For activity 6, firms will need to be authorised in the UK if they are carrying on the activity in the UK or on behalf of a consumer in the UK.

 

FCA Discussion Paper setting out Approach to Regulated Cryptoasset Activities

 

Following HMT’s release of the Draft SI, the FCA issued a Discussion Paper in early May 2025 seeking feedback on its preliminary regulatory approach. The paper explores key aspects such as crypto trading platforms, intermediaries, lending and borrowing, staking, and decentralised finance (DeFi). This forms part of its broader regulatory roadmap (see above).

Although the Discussion Paper does not include draft rules, it outlines the FCA’s early thinking on various issues and seeks input from stakeholders to guide the development of its regulatory strategy. Feedback is requested by 13 June 2025, and the FCA intends to use it to shape future proposals, with a formal consultation paper and draft Handbook rules expected to follow.

 

The Discussion Paper covers six key areas:

​

1) Cryptoasset Trading Platforms (CATPs)

 

The FCA proposes that entities seeking to operate crypto trading platforms under the new regime must meet specific requirements, such as:

​

• Controls around retail client access and algorithmic trading

• Operating non-discretionary trading systems and other trading and execution requirements

• Managing risks when dealing as principal, especially matched-principal trades

• Handling conflicts of interest, including when platforms issue their own tokens

• Ensuring transparency through detailed record-keeping and trade data publication

 

The FCA draws heavily from existing regulations for traditional markets (e.g., those applying to securities platforms) and suggests that UK retail users should only engage with UK-registered entities. Overseas platforms wishing to serve UK retail clients may need to set up both a UK branch and subsidiary, which could be cumbersome and potentially discourage cross-border engagement.

​

2) Cryptoasset Intermediaries​

​

The proposed rules for intermediaries—defined as those dealing (as principal or agent) or arranging deals in cryptoassets—mirror those in existing traditional finance. Key regulatory focus areas include:

​

• Order execution: Emphasis on best execution standards, particularly when serving retail clients

• Conflict of interest: Separation of client and proprietary trading; prohibition of payment for order flow (PFOF)

• Transparency: Public real-time / near real-time trade data and pre-trade quotes for principal transactions

• Client categorisation: Potential re-evaluation of how retail, professional, and eligible counterparties should be classified in the crypto context

 

In line with its broader regulatory strategy, the FCA will apply its Consumer Duty obligations to crypto intermediaries, requiring them to promote informed decision-making among clients. Details will be explored in an upcoming consultation expected in Q3 2025.

​

3) Cryptoasset Lending and Borrowing

 

The Discussion Paper includes crypto lending (transferring ownership of assets for yield) and borrowing (receiving crypto or fiat under repayment obligations) under the new regulatory scope.

​

To protect consumers, the FCA is considering restricting these services to institutional investors. Retail participation may be permitted in the future, subject to risk-reduction measures such as:

​

• Applying creditworthiness standards from consumer credit rules (CONC)

• Enhancing transparency and informed consent

• Limiting services to certain stablecoins

 

4) Use of Credit for Crypto Purchases

 

The FCA is evaluating restrictions on the use of credit to buy cryptoassets, including credit cards and credit lines from e-money firms. The goal is to limit unsustainable debt among retail users. However, purchases involving qualifying stablecoins may be exempt from such restrictions.

​

5) Staking

 

Intermediated staking—where a third party stakes assets on behalf of users—will fall within the FCA’s purview under the draft legislation. Regulatory proposals address:

​

• Technology and operational risk: Firms must manage third-party dependencies and may be liable for losses if safeguards are inadequate

• Consumer understanding: Requirements for clear consent and disclosure of terms (e.g., un-staking timelines)

• Safeguarding: Proposals for segregated accounts and robust recordkeeping

 

A further consultation on broader safeguarding rules for crypto is expected later in the year.

​

6) Decentralised Finance (DeFi)

 

According to the FCA, DeFi activities will fall under regulation if there is a clearly identifiable controlling entity. Fully decentralised services without central oversight are unlikely to be included.

​

The FCA is planning additional guidance and will launch a stakeholder forum to gather expert input. Feedback is sought on how to assess the centralisation of DeFi platforms and implement compliance requirements accordingly.

​

FCA Prudential Regime for Cryptoasset Firms

​

On 10 May 2025, the FCA published Consultation Paper CP25/15, titled “A Prudential Regime for Cryptoasset Firms.” This paper outlines proposed rules on capital adequacy, liquidity, and risk management for firms intending to undertake newly regulated cryptoasset-related activities. The consultation is open for industry feedback until 31 July 2025.

​

The prudential proposals in CP25/15 apply primarily to firms that will carry out two core functions:

​

1. Issuing qualifying stablecoins, and

2. Safeguarding qualifying cryptoassets on behalf of customers.

 

However, the FCA notes that many of the standards proposed may be applicable to other types of cryptoasset businesses as well, particularly as the framework evolves.

 

There are three key components of the proposed prudential regime

 

1) Regulatory Capital Requirements

 

Cryptoasset firms will be expected to maintain sufficient financial resources at all times under the proposed Overall Financial Adequacy Rule (OFAR). This requirement mirrors similar obligations for traditional financial institutions and is intended to ensure these firms can operate safely and absorb financial shocks.

 

The FCA’s capital requirement will be calculated as the highest of three potential figures:

​

• A permanent minimum amount:

  • £350,000 for stablecoin issuers

  • £150,000 for firms providing custodial services

• A fixed overheads requirement, equal to 25% of the previous year’s relevant operating expenses

• A K-factor requirement, which considers specific operational and risk-based factors related to the firm’s business model. This metric is adapted from the regime already applied to investment firms under the Investment Firms Prudential Regime (IFPR)

 

Firms will need to hold qualifying capital, such as fully paid ordinary shares or other approved financial instruments. Notably, cryptoassets issued by the firm or its affiliates cannot be included in the capital calculation, to prevent overreliance on volatile or illiquid assets.

​

2) Liquidity Requirements

 

To further enhance financial stability, the FCA proposes minimum liquidity standards for cryptoasset firms.

​

All firms will be subject to a Basic Liquid Assets Requirement (BLAR), calculated as one-third of the fixed overheads

requirement. This is designed to ensure firms have readily accessible resources to support orderly wind-downs if needed.

 

For stablecoin issuers, the FCA proposes an additional Issuer Liquid Asset Requirement (ILAR). This ensures that issuers can swiftly replenish the reserve pool backing their stablecoins within one business day (T+1) in the event of a shortfall.

​

Eligible liquid assets include:

​

• Physical currency (cash and coins)

• Short-term deposits with UK banks

• UK government securities (gilts, Treasury bonds)

• Units in FCA-regulated money market funds or equivalent overseas funds

 

Cryptoassets are excluded from these liquid reserves, reinforcing the FCA’s cautious stance toward relying on digital assets for prudential buffers.

​

3) Concentration Risk Management

 

The FCA emphasizes the need for firms to manage concentration risk—the risk associated with excessive exposure to a single counterparty or asset type. This is particularly important in the context of cryptoasset reserves, where a lack of diversification could amplify systemic vulnerabilities.

​

Firms will be expected to implement sound governance frameworks, risk controls, and recordkeeping systems. The FCA references past incidents, such as the destabilization of the USDC stablecoin following the collapse of Silicon Valley Bank, to underscore the potential consequences of poorly managed exposure.

​

Stablecoin issuers, in particular, will need to assess and address concentration risks in their asset backing pools to ensure resilience in the event of market stress.

​

A New Framework: COREPRU and CRYPTOPRU

 

As part of its long-term strategy, the FCA aims to establish an integrated prudential rulebook across all sectors it supervises. The new framework is based on two components:

​

• COREPRU: A central, cross-sector prudential rulebook applicable to all FCA-regulated firms

• CRYPTOPRU: A crypto-specific module tailored to the risks and activities of cryptoasset businesses

 

The cryptoasset regime outlined in CP25/15 will be the first to adopt this dual-structure format, making it a test case for the FCA’s future regulatory architecture. This modular approach is intended to create consistency across sectors while allowing for flexibility to address sector-specific risks.

​

Future Developments and Additional Consultations                      

 

The FCA notes that CP25/15 does not represent the final stage of consultation on prudential matters. Further consultations, expected in late 2025 or early 2026, will cover:

​

• Prudential standards for other cryptoasset activities beyond stablecoin issuance and safeguarding

• Requirements for cryptoasset groups (i.e., consolidated oversight across related entities)

• The introduction of a tailored Internal Capital Adequacy and Risk Assessment (ICARA) process, similar to what is required for investment firms under IFPR

 

FCA Consultation Paper on Stablecoin Issuance and Cryptoasset Custody

 

On 28 May 2025, the FCA published Consultation Paper CP25/14, which sets out draft regulatory rules and guidance for the issuance of qualifying stablecoins and the safeguarding of cryptoassets, including those stablecoins. The proposals include updates to the FCA Handbook, such as new chapters for the Client Assets Sourcebook (CASS 16 and 17) and the introduction of a new Cryptoasset Sourcebook (CRYPTO). Stakeholder feedback is invited until 31 July 2025.

 

Stablecoin Issuance

 

Under the Draft SI (see above), qualifying stablecoins are digital assets that aim to maintain a stable value by referencing fiat currencies like GBP or USD, supported by reserves held by or on behalf of the issuer. CP25/14 outlines additional obligations for such issuers, including rules on asset backing, redemption rights, and required disclosures.

​

While the paper covers key operational and risk management aspects, it does not address the use of stablecoins in payments—nor does it replace prudential guidance, which is handled in CP25/15. Further standards related to conduct, oversight, and audits will be explored in a separate consultation expected in Q3 2025.

​

The proposals in relation to stablecoin issuance cover the following eight areas:

​

1) Stablecoin Design and Risk Management

​

Issuers must ensure the stablecoin’s technical framework supports compliance with regulatory requirements and includes sufficient safeguards. This includes evaluating and managing design-related risks before tokens are issued.

​

2) Backing Asset Requirements

 

Issuers must fully back their stablecoins with appropriate reserves. These include:

​

• At least 5% in on-demand bank deposits (the on-demand deposit requirement or ODDR)

• The remainder in “core” liquid assets, such as short-term deposits or government debt

 

Issuers may use additional asset types (e.g., longer-term government securities or repo agreements) if they meet operational standards and notify the FCA. Those using a broader asset mix must apply and regularly recalculate a “Backing Asset Composition Ratio” (BACR).

​

3) Asset Safeguarding and Fiduciary Duty

 

Backing assets must be held separately from the issuer’s funds under a statutory trust benefiting token holders. Issuers take on fiduciary responsibilities and must use independent third parties (unaffiliated with their corporate group) to safeguard these assets. Legal agreements must confirm the assets are held in trust.

​

Stablecoins must be fully backed at all times, including those held by issuers, and any redeemed tokens must be either re-backed or burned within 24 hours.

​

4) No Interest to Consumers

 

To maintain their classification as money-like instruments, stablecoins must not pay interest or confer financial returns to holders. Interest earned on reserves may be retained by the issuer, but cannot be shared with consumers, preventing them from being treated as investment products.

 

5) Recordkeeping and Reconciliation

​

Issuers must track the number of tokens issued, perform daily reconciliations between minted tokens and backing assets, and resolve discrepancies within one business day.

​

6) Redemption

​

All holders, regardless of location or status (retail / non-retail), must be able to redeem their stablecoins at face value. Fees must be proportionate to operational costs and must not be linked to asset liquidation costs. Redemption payments must be initiated within one business day, barring legitimate exceptions (e.g., legal constraints or currency conversion delays).

Issuers must provide clear contractual terms and disclose redemption procedures, payment timelines, and any limitations. Exceptional circumstances may allow for temporary suspension of redemptions, subject to FCA notification.

​

7) Third-Party Involvement

​

Issuers may delegate specific issuance functions to third parties, but remain fully accountable. Due diligence, clear contractual terms, and oversight mechanisms are required. For example, third parties handling token sales must not accept client funds directly—these must go to the issuer’s account.

​

8) Disclosure Obligations

​

Issuers must publish clear, fair, and non-misleading information online to support informed decision-making by token holders. Some information must be updated continuously, while other data may be refreshed quarterly.

​

An annual audit by a qualified third party is required to verify the 1:1 backing ratio, and findings must be disclosed.

 

Custody of Qualifying Cryptoassets

 

The CP also sets out rules for firms authorised to safeguard qualifying cryptoassets. These rules adapt the FCA’s existing CASS framework and emphasize segregation, reconciliation, and risk mitigation. The proposals cover the following six areas:

​

1) Trust Structure and Wallet Segregation

 

Custodians must hold client cryptoassets via a non-statutory trust and may use individual or omnibus wallets. Client assets must remain distinct from firm-owned assets. In cases where assets are reused (e.g., for staking or collateral), and beneficial ownership is affected, further consultations will determine applicable rules.

 

2) Books and Reconciliation

 

Daily reconciliations must compare internal records to blockchain data and third-party records. Firms must notify the FCA if shortfalls occur or reconciliations cannot be completed. Clients must be informed of revised balances if discrepancies are unresolved.

​

3) Operational Safeguards

 

Firms must ensure secure storage and management of private keys and maintain key-mapping records linking clients, wallets, and assets. Appropriate governance structures must support secure and compliant custody practices.

 

4) Liability and Client Protections

​

While full liability will not be imposed, custodian firms may be held accountable for losses caused by negligence or rule breaches. Clients may seek redress under the Financial Services and Markets Act or through the FCA's dispute resolution process.

 

Future rules will clarify client rights and liability through additional consultation in Q3 2025.

 

5) Use of Sub-Custodians

​

Custodians may delegate custody to third parties under strict conditions, including documented justification, regular due diligence, written agreements, and board-level approval. Agreements must confirm client assets are held in trust.

 

6) Client Disclosures and Oversight

​

The FCA is reviewing rules for client access to account statements, disclosure of wallet structures, and notification of material changes. Appointment of a CASS oversight officer and audit requirements will be addressed in a future consultation.

​

Additional Points

​

• The FCA will not currently require separation of business lines such as trading or brokerage from custody, though this may change following future consultations.

• Custody of client money related to cryptoassets will remain governed by existing CASS 7 rules.

• Stablecoin issuers and custodians under the new regime will require full FCA authorisation under the Financial Services and Markets Act 2000 (FSMA), replacing the need for separate registration under anti-money laundering regulations (MLRs). However, AML obligations under the MLRs will still apply.