FCA publishes further information on its approach to the UK’s new cryptoasset regime

The FCA has released new guidance to help cryptoasset firms prepare for the UK’s incoming regulatory framework - another step in the FCA Crypto Roadmap and a major marker on the path to full crypto regulation.

As covered in our analysis of the various new FCA crypto consultations as part of our Emerging Themes series, HM Treasury’s draft legislation will bring a wide suite of crypto activities within the FCA perimeter. The regime is expected to commence on 25 October 2027, when firms undertaking in‑scope activities will require authorisation under FSMA.

The FCA’s new guidance highlights what firms - especially those entering regulation for the first time - should understand now. This article distils the key points: scope, standards, and what authorisation and transition will look like.

FSMA and the FCA Handbook: Updated for crypto

Under FSMA, firms need FCA authorisation to carry out “regulated activities”, primary set out in the Regulated Activities Order (RAO). The Treasury’s draft Statutory Instrument expand the RAO to include new regulated cryptoasset activities, including:

• Issuing qualifying stablecoins in the UK
• Safeguarding qualifying cryptoassets
• Operating a qualifying cryptoasset trading platform
• Dealing in qualifying cryptoassets (as principal or agent)
• Arranging, or making arrangements for, cryptoasset transactions
• Qualifying cryptoasset staking

These activities form the core of the UK’s new regime. The FCA will also introduce a cryptoasset sourcebook to complement existing Handbook rules and map how conduct, prudential and governance standards apply to crypto businesses. Firms expecting to fall in scope should begin familiarising themselves with the Handbook now.

FCA Standards: What firms must demonstrate

Threshold Conditions

To obtain and maintain authorisation, firms must satisfy FSMA’s Threshold Conditions, including:

• A viable and suitable business model
• Ability to be effectively supervised
• UK head office for UK‑incorporated firms
• Appropriate financial and human resources
• Fitness and propriety (considering all relevant factors per Schedule 6 of FSMA)

To clear the FCA gateway, firms will need to evidence a credible and resilient business model – one that moves beyond opaque tokenomics (economic models), offshore liquidity, or unsustainable yield structures. Demonstrating that the business can be effectively supervised will be critical, including clear lines of control over technology, decision‑making and any decentralised operations or affiliates.

In practice, firms will need auditable data, adequate financial resources, and accountable senior managers who prioritise compliance, risk and governance. Systems for client asset protection, market surveillance and reporting must be robust and demonstrably fit for purpose. Many crypto businesses will need to restructure operating models and appoint senior managers who can own risks end‑to‑end under FSMA.

The uplift is significant: the FCA expects transparent business models, strong governance, reliable systems and complete supervisory visibility. Decentralised or opaque structures will attract scrutiny.

Fit and proper requirements

The FCA will assess individuals against the Part V FSMA “fit and proper” standards, focusing on honesty, integrity, reputation, financial soundness and role‑specific competence. Any history of regulatory breaches, misconduct, unresolved debts or bankruptcy will be scrutinised, alongside whether senior personnel have the skills and experience required for their functions.

For many crypto founders and technologists, this represents a meaningful uplift. Individuals who have operated in lightly regulated environments will now need to demonstrate professional credibility, governance awareness and the ability to discharge regulated responsibilities. Firms should anticipate deeper vetting and ensure senior personnel can evidence competence supported by clear documentation, training and governance frameworks.

High‑level standards

In addition to these threshold conditions (COND) and fit and proper requirements (FIT), cryptoasset firms will be subject to additional core Handbook requirements, including

• Principles for Businesses (PRIN): requiring firms to embed integrity, good governance, proper market conduct and fair treatment of clients. For crypto firms, this signals a shift from growth‑first models to consumer‑focused, risk‑managed operations. Expectations around financial prudence, market conduct and client asset safeguarding will challenge informal or token‑driven structures. Coupled with the Consumer Duty, firms must design products and processes that deliver fair value and good outcomes — not just technical innovation. Embedding these principles into culture, decision‑making and product development from the outset will be critical to long‑term success under FSMA.
• Senior Management Arrangements, Systems & Controls (SYSC): setting expectations for governance, risk management and operational resilience. Crypto firms will need enhanced systems and controls tailored to the specific risks of custody, trading infrastructure, operational dependencies and client asset protection. Clear responsibility mapping and effective oversight mechanisms will be essential for demonstrating supervisory readiness.
• Senior Managers & Certification Regime (SM&CR): requiring clearly defined individual accountability. This includes Senior Management Functions (SMFs) with specific responsibilities and firm‑wide Conduct Rules establishing minimum behavioural standards. Leadership capability and documented ownership of risks will be key areas of FCA focus.
• Prudential Requirements (CRYPTOPRU): a new prudential sourcebook setting capital, liquidity and risk‑management expectations aligned to the operational and market risks of crypto activities.

Authorisation, supervision and enforcement

All firms undertaking newly regulated cryptoasset activities will require FSMA authorisation by commencement in October 2027. Registration under the Money Laundering Regulations 2017 or authorisation under payment/e‑money rules will not convert automatically. Existing FSMA firms must vary their permissions; firms relying on s.21 approvers will need direct authorisation to continue marketing to UK customers.

To support readiness, the FCA will provide information sessions and access to its Pre‑Application Support Service (PASS), although firms should also obtain independent regulatory advice to ensure applications meet expectations.

The FCA expects to open applications in September 2026, closing at least 28 days before commencement in October 2027.

Firms applying during this window may continue operating under a “saving provision” until their application is decided (including any appeal). Firms that miss the window will fall into the transitional provision, limiting them to servicing existing contracts and prohibiting new regulated activities until authorised.

Once authorised, firms will be subject to continuous, risk‑based supervision, with enhanced scrutiny of custody, client assets, trading infrastructure and financial promotions. The FCA’s enforcement powers under FSMA, including financial penalties, prohibitions, and criminal sanctions, will apply fully to crypto activities.

Transitional provision for controlled wind-down

The Treasury’s draft Statutory Instrument introduces a transitional provision to prevent firms from breaching FSMA’s general prohibition when the new regime goes live. It is designed solely to enable a controlled wind‑down, not ongoing business.

The provision applies to firms already serving UK customers that have engaged with the authorisation process but have not secured approval by October 2027. To rely on it, firms must meet the following conditions:

• Pre‑existing contracts only: Firms may service existing agreements but cannot enter new contracts with existing or new UK clients.
• Valid engagement with the authorisation process: Firms must submit a valid application during (or before) the application window. Even if an application is refused, withdrawn or still under review, the firm may enter the transitional provision by operation of law. Firms that do not apply, or submit invalid or incomplete applications, will not qualify and must exit the UK market at commencement.
• Regulatory notifications and customer disclosures: Firms must notify the FCA on entry and exit, and clearly inform customers that they are not authorised under FSMA during the transitional period.
• FCA oversight and intervention: The FCA may impose conditions, restrict activities or cancel transitional status where necessary to protect consumers or market integrity.

The transitional period can last for up to two years, providing firms time for an orderly exit or transition to authorisation. It does not permit firms to continue normal UK operations or expand their activities.

Getting ready for the new crypto regime

• Assess scope early: Determine whether your activities fall within the expanded RAO and which permissions you will need under FSMA.
• Map regulatory expectations: Benchmark your current capabilities against the Threshold Conditions and core Handbook requirements, including PRIN, SYSC and SM&CR.
• Design for authorisation now: Begin building governance, systems and controls that can withstand FCA scrutiny, with clear accountability and auditable processes.
• Plan for the September 2026 application window: Prepare high‑quality materials and consider early engagement with the FCA’s PASS service to avoid bottlenecks.

The FCA’s latest crypto publication sends a clear message: the UK’s crypto regime will be rigorous, supervision‑led and aligned with traditional financial standards. Firms that act early - by strengthening governance, documenting controls and preparing applications - will be best placed to secure authorisation and operate with confidence under the new framework.

Please do not hesitate to get in touch with us if there are any questions about this or the proposed regime.