Insights

The FCA's Final Crypto Regime: What Firms Need to Know and Do Next

The FCA's Final Crypto Regime: What Firms Need to Know and Do Next

Jul 01, 2026
Download PDFDownload PDF
Print
Share

Summary

The FCA has now published the final UK cryptoasset regime, completing its Crypto Roadmap and confirming that crypto activities will be brought fully within the existing FSMA framework from 25 October 2027. The headline messages are contained in the accompanying FCA press release and new overview webpage, which together provide a useful guide through what is a substantial package of policy statements, guidance and consultations. While much of the architecture was already visible through earlier consultations, firms now have something they have lacked throughout much of the process: certainty.

The significance of today's package is not that it changes the direction of travel, but that it finalises the framework and provides a clear route to implementation. Firms have three months until the authorisation gateway opens and less than sixteen months until the regime comes into force. That is a comparatively short implementation period given the governance, operational, and prudential changes many firms will need to make. The challenge is no longer understanding what regulation might look like. It is demonstrating readiness to operate within it.

The FCA has also used the final package to reinforce a broader message running through much of its recent work: the UK's crypto regime is intended to support innovation, growth and competitiveness while maintaining high standards of consumer protection and market integrity. The final framework reflects a regulator that has listened to industry feedback in several key areas, while remaining firmly committed to bringing crypto firms within mainstream financial services regulation.

What has been published?

On 30 June 2026, the FCA published the final package of policy statements implementing the UK’s cryptoasset regime and confirmed that the package completes its Crypto Roadmap. The framework establishes the UK’s comprehensive regulatory regime for cryptoasset activities ahead of commencement on 25 October 2027.

Together, these publications create the core framework that crypto firms will need to navigate over the next 16 months as they prepare for authorisation and implementation.

Policy Statements

Guidance

New consultations

The FCA has simultaneously launched two consultations on non-handbook prudential guidance, with responses due by 30 July 2026:

How does this compare to the December 2025 consultation package?

Much of the final framework will be familiar to firms that have followed our Emerging Themes in Financial Regulation & Disputes coverage and the FCA’s progress along its Roadmap.

Looking back at our Emerging Themes coverage from early 2025, it is striking how quickly the UK’s crypto framework has moved from a series of consultations and policy proposals to a fully developed regulatory regime. Over that time, our thought leadership has tracked milestones on the Crypto Roadmap, analysing the details of the consultation papers and draft legislation.

Our analysis included detailed coverage of the three main consultation papers published in December 2025:

In short, the broad architecture remains intact. The UK’s decision to regulate cryptoasset activities within the existing FSMA framework, rather than create a standalone crypto regime, remains unchanged. And that remains one of the defining features of the UK approach. In contrast to some jurisdictions that have developed bespoke crypto-specific frameworks, the UK has largely chosen to adapt existing regulatory concepts to crypto activities. That decision should help firms navigate a more familiar supervisory environment and may ultimately prove one of the UK’s competitive advantages.

Rather than creating a bespoke crypto rulebook, the FCA has largely adapted existing financial services concepts – including governance, prudential requirements, market abuse controls, operational resilience, and the Consumer Duty – to cryptoasset activities where the risks are comparable. This should provide firms with a more familiar regulatory environment, particularly those already operating within regulated financial services markets.

However, the final package introduces some important refinements – we highlight three headline changes below.

3 headline changes

1. Prudential requirements have become more proportionate

The most significant policy adjustment appears in PS26/12. The FCA has:

  • reduced the stablecoin issuer capital coefficient from 2% to 1%;
  • moved away from the proposed Category A / Category B classification model;
  • introduced a simplified market risk framework for qualifying cryptoassets;
  • reduced certain prudential disclosure obligations; and
  • introduced additional proportionality measures throughout the prudential regime.

This is probably the clearest example of the FCA responding to industry feedback. Rather than signalling a retreat from regulation, the changes reflect an attempt to balance resilience, consumer protection and market integrity with concerns around competitiveness, scalability and barriers to entry.

For many firms, particularly stablecoin issuers, these changes may be commercially significant because they affect the amount of regulatory capital that must be held and therefore the overall cost of operating in the UK.

2. Stablecoin requirements remain robust

The FCA has broadly maintained its proposed stablecoin framework while simplifying several operational requirements.

Key changes include simplified backing asset requirements, revised redemption arrangements, confirmation of trust structures, limited intragroup custody permissions and a permitted 5% excess backing asset pool. At the same time, the overall framework remains firmly focused on redemption rights, safeguarding and financial resilience.

3. Market abuse and disclosure rules remain largely unchanged

The FCA has preserved the core structure of the Admissions & Disclosures (A&D) and Market Abuse Regime for Cryptoassets (MARC) consulted upon in CP25/41.

The final framework continues to rely heavily on disclosure obligations, due diligence requirements imposed on cryptoasset trading platforms (CATPs) (including due diligence on cryptoassets before admission to trading), admission controls, insider dealing restrictions, market manipulation rules and information-sharing obligations for larger trading platforms. Although the FCA has made targeted refinements – including narrowing certain monitoring obligations and clarifying aspects of the disclosure framework – the overall architecture remains largely unchanged. No doubt, firms will need to carefully work their way though each Policy Statement, but we flag some additional points worth noting:

Additional Points to Note from the Policy Statements

No doubt, firms will need to carefully work their way though each Policy Statement, but we flag some additional points worth noting: 

1. Admissions & Disclosures

  • Under earlier proposals, an issuer could rely on an existing Qualifying Cryptoasset Disclosure Document (QCDD) where a newly admitted token was fungible with one already trading. That carve-out has been removed in the final rules for A&D purposes. A fresh QCDD will generally be required per asset, regardless of fungibility, a material change for issuers with large existing token catalogues.
  • Investors who suffer loss by relying on an untrue or misleading statement in a QCDD or Supplementary Disclosure Document (SDD), or a required omission, have a right to seek compensation from the person responsible. That will be whoever requested admission, or the UK Qualifying Cryptoasset Trading Platform (QCATP) itself where it admitted the asset on its own motion.
  • Supplementary disclosure documents arise only where a significant new factor, material mistake or inaccuracy emerges after the QCDD is published but before admission. They are not an ongoing updating obligation post-admission. Investors have a two working day withdrawal window from SDD publication, and intermediaries must notify investors on the day the SDD is published.

2. Market Abuse

  • The prohibitions on insider dealing, unlawful disclosure of inside information and market manipulation apply regardless of whether the relevant conduct occurs in the UK or overseas. International firms should not assume domestic location provides shelter.
  • The FCA removed a broadly drafted “legitimate reasons” legitimate market practice from the final rules due to concern it was too susceptible to abuse. Coin burning qualifies as a legitimate market practice only where the mechanism is automatic or non-discretionary and the burning plan is publicly disclosed before it is activated.

3. Stablecoins

  • Interest and income generated on backing assets must not be distributed to tokenholders. Rewards funded from the issuer’s own account or a third party’s remain permissible, but the prohibition is a hard rule and not subject to opt-out.

Why this matters now

The most important practical point is simple. The debate is no longer about the shape of the regime. The debate is now about implementation.

The FCA has confirmed the following timetable:

Milestone

Date
Pre-application support meetings available July 2026
Authorisation window opens 30 September 2026
Authorisation window closes 28 February 2027
Regime goes live 25 October 2027

Firms therefore have three months until the authorisation gateway opens and less than sixteen months until the regime comes into force.

For firms currently operating under the Money Laundering Regulations, this is particularly significant. Existing registrations will not convert automatically into FSMA permissions. Firms that fall within scope of the new regime will need to secure FCA authorisation.

Where the real risk sits

The biggest risks are unlikely to arise from firms who are focused on obtaining authorisation, engage early with the regulator, and (where appropriate) appoint counsel, simply misunderstanding the rules.

They are more likely to arise from firms underestimating what authorisation and ongoing supervision will require in practice.

The FCA’s final framework repeatedly emphasises governance, accountability, oversight and effective systems and controls. In many respects, crypto firms are being asked to meet standards that increasingly resemble broader financial services regulation rather than a bespoke crypto regime.  Firms seeking authorisation can take some comfort from the familiarity of many of these requirements – and the lessons learned embedded in supervisory guidance and set-out in final notices. However, they should not underestimate the amount of work required to evidence compliance and embed those arrangements in practice.

For some firms, the challenge will be prudential readiness. For others, it will be safeguarding, surveillance, operational resilience or SM&CR governance. However, financial crime is likely to remain a particularly important area of focus. The FCA continues to view financial crime controls as fundamental to market integrity and consumer protection, and firms should expect those arrangements to receive significant scrutiny during both authorisation and ongoing supervision.

The mistake firms can make is treating authorisation as a technical or compliance exercise. Regulators are ultimately assessing how a firm operates day-to-day: how decisions are made, how risks are escalated, who is accountable and whether controls are genuinely effective in practice. Recent experience of firms seeking authorisation in other jurisdictions serves as a useful reminder that authorisation exercises are rarely determined by capital alone. Governance, culture, financial crime controls, and fitness and propriety assessments can be equally important.

Direction of travel – what remains outstanding?

Although the FCA describes today’s package as completing its Crypto Roadmap, significant policy work remains. Perhaps the most important unanswered question concerns DeFi (Decentralised Finance). The FCA has confirmed that the regime will apply where there is an identifiable controlling entity and has committed to publishing further guidance. However, the difficult question is where the boundary between centralised and genuinely decentralised activity will be drawn. That question matters because it will determine which firms, protocols and governance structures ultimately fall within scope of regulation. It is also likely to be one of the most heavily debated aspects of the next phase of the FCA’s crypto work. The FCA has indicated that it will take a case-by-case approach and consult on further guidance, suggesting this area remains very much a work in progress.

Questions around governance rights, protocol upgrades, administrative controls, treasury management and the role of founders or core developers are likely to become increasingly important as firms assess whether activities fall within scope.

Beyond DeFi, the FCA has also committed to further work on:

  • operational resilience guidance for firms using DLT;
  • updates to the Financial Crime Guide;
  • resolution and firm failure arrangements for stablecoin issuers and custodians; and
  • further perimeter guidance, including a policy statement expected in September 2026.

In other words, the crypto regime is substantially complete, but it is not finished.

5 things firms should do now

1. Confirm whether you are in scope 

Not all firms currently operating under the MLR regime will necessarily be carrying on regulated cryptoasset activities under the new framework. Equally, some firms may underestimate the extent to which their activities fall within scope.

Now is the time to revisit perimeter assessments, challenge historic assumptions and consider whether changes to products, services or business models alter the regulatory analysis. Firms should also be monitoring the FCA’s forthcoming perimeter guidance, which may provide further clarity in a number of grey areas.

Where there is uncertainty, obtaining external legal advice early is likely to be considerably cheaper than discovering a perimeter issue during the authorisation process.

2. Prepare for authorisation applications

With the gateway opening on 30 September 2026, firms should be assessing governance arrangements, accountability frameworks, financial resources, operational resilience and systems and controls now rather than waiting for the application window.

The FCA is encouraging firms to make use of its Pre-Application Support Service (PASS), which is now available to prospective applicants. Those engagements are likely to be most effective where firms arrive with well-developed proposals, identified implementation challenges, and specific questions.

As part of that process, firms should:

  • perform a gap analysis against the FCA’s Threshold Conditions;
  • review governance, accountability and SM&CR arrangements;
  • assess whether existing systems and controls are capable of meeting FCA expectations; and
  • identify any areas requiring remediation before submission of an application.

3. Focus on implementation

For much of the past 18 months, the debate has centred on consultation responses, lobbying efforts, perimeter questions and policy development. The final package means the focus should now shift from interpreting proposals to implementing them.

Firms should be developing practical implementation plans that address the operational realities of compliance and supervision. Priority areas are likely to include:

  • prudential readiness;
  • safeguarding and custody arrangements;
  • operational resilience;
  • financial crime controls;
  • surveillance capabilities; and
  • reporting infrastructure.

Ultimately, the firms that are likely to be most successful under the new regime will not necessarily be those with the best interpretation of the rules, but those that can evidence robust governance, effective controls and genuine operational readiness.

4. Take a strategic view

One of the clearest themes running through both the FCA’s publications and wider Government policy is the desire to position the UK as a competitive jurisdiction for responsible cryptoasset activity.

Firms should therefore view the UK’s regime as more than a compliance obligation. It should form part of a broader strategic assessment of where businesses are located, where capital is deployed and which jurisdictions are prioritised for growth and regulatory approvals.

In particular, firms should consider:

  • how the UK regime fits within wider international operations and future growth plans;
  • whether group governance arrangements remain appropriate for a regulated crypto business;
  • how UK authorisation interacts with approvals in other jurisdictions; and
  • whether greater regulatory certainty creates new commercial opportunities.

5. Monitor the outstanding policy points

Although the FCA has completed its Crypto Roadmap, important policy questions remain unresolved.

The FCA may have completed its roadmap, but firms should not assume the policy work is finished.

An obvious starting point is the FCA’s webinar on 17 July 2026, which you can register for here and should provide additional insight into the regulator’s expectations and areas of future focus.

Beyond that, firms should monitor:

  • the COREPRU and CRYPTOPRU guidance consultations;
  • further work on DeFi and decentralisation;
  • updates to the Financial Crime Guide;
  • operational resilience guidance for DLT firms;
  • resolution and insolvency arrangements for crypto firms; and
  • the FCA’s September 2026 perimeter policy statement.

For many firms, the biggest regulatory developments over the next 12 months may arise from these remaining workstreams rather than the final policy statements themselves.

Conclusion:

The firms that are likely to benefit most from the new regime will be those that use the next twelve months to prepare early, engage proactively and treat authorisation as a strategic business project rather than a regulatory filing exercise.

The UK now has a comprehensive crypto framework. The question for firms is no longer what the rules might look like, but whether they are ready to operate within them.

We continue to advise firms on the evolving cryptoasset regime, including perimeter analysis, governance, authorisation readiness, prudential requirements, financial crime controls and regulatory implementation. Firms that begin preparing now will be significantly better placed when the authorisation gateway opens in September 2026.

Related Capabilities

  • Financial Regulation Compliance & Investigations

  • Financial Institutions

Meet The Team


Samantha Paul

Samantha Paul
+44 (0) 20 3400 3194
Suhail Mayor, Associate, London
Suhail Mayor, Associate, London
+44 (0) 20 3400 4626

Meet The Team


Samantha Paul

Samantha Paul
+44 (0) 20 3400 3194
Suhail Mayor, Associate, London
Suhail Mayor, Associate, London
+44 (0) 20 3400 4626

Meet The Team


Samantha Paul

Samantha Paul
+44 (0) 20 3400 3194
Suhail Mayor, Associate, London
Suhail Mayor, Associate, London
+44 (0) 20 3400 4626
This material is not comprehensive, is for informational purposes only, and is not legal advice. Your use or receipt of this material does not create an attorney-client relationship between us. If you require legal advice, you should consult an attorney regarding your particular circumstances. The choice of a lawyer is an important decision and should not be based solely upon advertisements. This material may be “Attorney Advertising” under the ethics and professional rules of certain jurisdictions. For advertising purposes, St. Louis, Missouri, is designated BCLP’s principal office and Kathrine Dixon (kathrine.dixon@bclplaw.com) as the responsible attorney.