FCA CP25/40 explained: What the UK’s new crypto regulations mean in practice

This is the first in a series of three articles examining the UK’s emerging regulatory framework for cryptoassets. Together, the series explores the expansion of the regulatory perimeter for cryptoasset activities, the new admissions, disclosure and market abuse regime, and the prudential requirements designed to strengthen the resilience of cryptoasset firms.

The UK is rewriting the rulebook for cryptoassets. On 15 December 2025, HM Treasury published the final draft of the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 (the Regulations), accompanied by three FCA consultation papers, setting out a vision for a market that is both innovative and secure.

Rather than inventing a parallel regime, the Regulations fold crypto into the existing FSMA framework, applying the principle of “same risk, same regulatory outcome.” Trading platforms, intermediaries, and certain lending and staking activities will all be categorised as Regulated Activities, and therefore be brought within the regulatory perimeter. Businesses providing these products and services will therefore require authorisation and need to comply with conduct, disclosure, prudential and market integrity rules. 

Additionally, the reforms include the establishment of a Designated Activities Regime (DAR), which will govern public offers of qualifying cryptoassets, admissions to trade such assets and related market abuse. A qualifying cryptoasset is defined as a fungible and transferable cryptoasset that is not merely a record of value or contractual rights and is not excluded as electronic money, currency, specified investments, or restricted-use tokens (as defined in Article 88F of the Regulated Activities Order within the Regulations). In simpler terms, it is a tradeable digital token that works like a currency or asset, rather than just being a record or a voucher. 

Under this framework, the FCA can impose rules and take enforcement action for associated breaches, notwithstanding that full FSMA authorisation is not required for such activities. Public offers of qualifying cryptoassets will be prohibited unless an exemption applies. The framework establishes disclosure standards, about which the FCA is responsible for specifying content and format in due course. It also creates civil and criminal liability for breaching specified requirements. . The Regulations also align cryptoasset oversight with existing regimes, including financial promotions and anti-money laundering (AML). They amend the Money Laundering Regulations, so firms offering newly regulated cryptoasset services will need full FCA authorisation under FSMA, instead of just AML registration.  

Most provisions come into force on 25 October 2027, though early implementation will allow the FCA to issue rules, guidance and authorisations ahead of full commencement. 

The FCA’s three-pronged approach to crypto regulation 

The FCA has laid out its strategy through three consultation papers, each targeting a different aspect of crypto oversight. Together, they form a core part of the Crypto Roadmap, which sets out a phased plan to bring cryptoassets fully under FSMA rules by 2027.  

1. CP25/40: Regulating Cryptoasset Activities: Covers trading platforms, intermediaries and certain lending and staking services, setting conduct, disclosure and prudential standards. 

1. CP25/41: Admissions, Disclosures and Market Abuse: Focuses on public offers of cryptoassets, market abuse controls and disclosure requirements to protect investors and maintain market integrity. 

1. CP25/42: A Prudential Regime for Cryptoasset Firms: Outlines capital, risk management and operational standards for regulated entities. 

To help firms transition, the FCA has also launched a portal with practical guidance, including standards, transitional provisions and how the gateway for undertaking regulated crypto activities will operate.  

Bringing core crypto activities into the regulatory fold 

Building on its principle of "same risk, same regulatory outcome", the FCA has designed its proposals around existing regulatory frameworks, adapted for the unique characteristics of crypto. CP25/40 outlines how four key activities – Cryptoasset Trading Platforms (CATPs), intermediaries, lending and borrowing, and staking – will operate under the new rules. 

Cryptoasset Trading Platforms (CATPs) 

CATPs serving the UK market will require FCA authorisation and a UK presence. Retail CATPs must contract through a UK legal entity, though a combination of a UK subsidiary and an offshore branch may sometimes be allowed. Platforms can no longer rely solely on remote access: they must have real operations in the UK. 

CATPs will operate more like traditional exchanges, with clear, rule-based access, trade‑matching systems, and greater transparency around algorithmic trading and market‑making incentives. The aim is to establish a well‑structured market environment that fosters user confidence and reduces risks associated with cryptoasset operations. By adopting a principles‑based framework, the Regulations seek to prevent the disorder and instability that can arise from poor market practices. 

Only assets with a Qualifying Cryptoasset Disclosure Document (QCDD) can be sold to retail clients, creating a two-tier market: “approved” assets for retail investors and broader options for professionals. CATPs must publish admitted assets and QCDDs, in accordance with FCA standards, and act as gatekeepers to protect consumers and promote transparency. Pre-and post-trade reporting, restrictions on staff trading and other conduct rules further mirror traditional finance. Consequentially, this requirement introduces a disclosure standard akin to securities markets ensuring retail investors only access assets with verified information. 

CATPs can list their own tokens, but only with enhanced disclosure and governance under the Market Abuse Regime for Cryptoassets (CP25/41).   

Rules will further mirror traditional finance restrictions on staff trading, to reduce inside dealing risk, replicating the core requirement of Conduct of Business Rules Sourcebook (COBS) 11.7. Pre-trade transparency will apply only to firms with annual revenues above £10 million (designated as Large CATPs) and require them to publish the best five bids and offers for each cryptoasset pair, while principal dealers must disclose firm quotes. Post-trade transparency will apply to all CATPs and principal dealers, with trade details published within one minute of execution, though large trades may be subject to deferrals of up to three months. 

Intermediaries 

Intermediaries – whether dealing as principal or agent, or arranging deals including lending and borrowing – face similar obligations. A key requirement is best execution. Firms must take all reasonable steps to secure the best outcome for clients, considering total costs such as price, blockchain gas fees (cost per transaction), venue fees, settlement charges and third-party costs.  

Pre-trade disclosures must clarify the intermediary’s role and the type of execution venue. Principal dealers are required to provide firm quotes, including prices, validity periods and fees, and must execute orders at the quoted price or better unless exceptional volatility occurs — in which case clients must give explicit consent. Orders from retail and elective professional clients must only be executed on UK-authorised execution venues, and business. Business models that systematically source liquidity from unauthorised affiliated venues are generally prohibited.  

As with CATPs, only assets with a QCDD may be sold to retail clients, and payment-for-order-flow models will not be permitted. Intermediaries must also meet pre- and post-trade transparency standards, keep detailed records for five years, provide same-day execution reports and make sure retail clients understand their settlement arrangements (and associated risks). Together, these measures promote fair, competitive and transparent markets. 

Lending and borrowing  

The FCA’s proposals allow retail investors to access cryptoasset lending and borrowing, but only within tight limits. Firms must meet enhanced conduct standards, and retail clients’ liability is capped at the value of the collateral they provide. This mirrors the regulatory treatment of high-risk products in traditional regulated finance. 

Before entering into any lending or borrowing arrangement, firms must give retail clients clear, transaction-specific information and obtain explicit consent to the key terms. Over-collateralisation is mandatory, and firms may only supplement collateral with prior client approval. Automatic top-ups are capped at 50% of the initial collateral’s market value (net of fees), preventing borrowers from taking on unlimited leverage. In a market known for sharp price swings, these rules are designed to reduce the risk of sudden liquidations, protect retail investors from hidden risks and help keep platforms stable. 

Staking 

Staking – locking up cryptocurrency in a blockchain network to help validate transactions and earn rewards – will remain available to retail clients, but with a strong emphasis on transparency and informed consent. Firms must clearly explain how any proposed staking works, including the type of assets involved (particularly significant if, for example, liquid or wrapped tokens are used), how assets will be transferred and returned, and any restrictions on access. 

Firms must also spell out the risks. These include technology failures, validator issues and the possibility of “slashing”, where penalties reduce the staked amount if a validator fails to meet network requirements. The identity and role of the validator must be disclosed to the retail client, and they must explicitly agree to these risks before staking begins. Although firms are expected to maintain robust systems and controls, they will not guarantee staking outcomes or be expected to compensate for losses. Liability ultimately sits with the investor, but only after the risks have been made clear. 

Cross-cutting requirements 

Beyond individual activities, the FCA is tightening requirements across the board. Record-keeping and client reporting obligations will increase significantly: firms must maintain detailed order and transaction records for five years and provide same-day execution reports, including price, quantity, costs, and timestamps. Clients may opt out of reporting, but firms must make at least three years of transaction history available on request. Settlement arrangements remain flexible for now. Firms may internalise settlement or outsource it, provided responsibilities are clearly explained to clients. Decentralised finance is also firmly in scope. Where there is an identifiable controlling entity, the FCA will apply the same requirements as for centralised firms carrying out equivalent activities.  

A new era for UK crypto 

Taken together, these proposals mark a decisive shift for the UK crypto market. By embedding crypto within a mature regulatory framework, the FCA is replacing loosely governed practices with structured compliance. That will raise costs and complexity for firms, but it also brings credibility, transparency and clearer protections for consumers. 

The longer-term ambition of these proposals is to attract institutional participation, consolidate liquidity and reduce the dominance of offshore platforms, positioning the UK as a jurisdiction where innovation and accountability go hand in hand. For firms, success will depend on adapting quickly to higher standards while capitalising on the trust dividend that regulation brings. For consumers, the market will feel less speculative and more familiar – closer to traditional finance than frontier experimentation. 

But challenges remain. Stricter rules could create enforcement gaps that overseas firms may exploit, increasing exposure to fraud, terrorist financing and other illicit activity. Even so, the direction of travel is  clear. And for market participants, the time to prepare is now – because compliance will be the price of entry into this new era.