Ashurst | Jamie Jefferson Ng | Anya Brown
United Kingdom
A. TL;DR
On 17 September 2025, the Financial Conduct Authority (FCA) published Consultation Paper CP25/25, outlining a comprehensive regulatory framework that will bring cryptoasset activities in the UK under the same standards as traditional financial services. This marks a significant transition from the previous regime, which focused primarily on anti-money laundering (AML) and financial promotions, to a much broader oversight encompassing governance, operational resilience, conduct, and consumer protection.
Under the proposals, all firms wishing to carry out regulated cryptoasset activities will be required to obtain FCA authorisation, regardless of any existing registration under the Money Laundering Regulations. The new regime is designed to protect consumers, enhance market integrity, and support the growth and competitiveness of the UK’s crypto sector, while also addressing the unique risks and characteristics of cryptoassets. The consultation period runs until November 2025, with final rules anticipated in 2026.
B. Top 10 Things to Know
1. To recap – what activities will be regulated?
As set out in the Treasury’s statutory instrument published 29 April 2025 (see our article here), the regime will cover a broad range of cryptoasset activities, including operating trading platforms, custody and safeguarding of cryptoassets, dealing as principal or agent, arranging transactions, and providing staking services. These largely mirror ‘traditional’ regulated financial activities with nuances owing to the nature of DLT products and services.
2. FCA Handbook rules apply—with tweaks
The FCA proposes to extend its core Handbook rules—including high-level standards, governance, operational resilience, and business conduct obligations—to all cryptoasset firms seeking authorisation under the new regime. This means crypto firms will be subject to the same minimum standards as traditional financial services firms, such as the Threshold Conditions and the Principles for Businesses (i.e. PRIN), which require acting with integrity, exercising skill, care, and diligence, maintaining financial prudence, ensuring proper market conduct, treating customers fairly, and managing conflicts of interest. These foundational principles have historically been the basis for significant enforcement actions in traditional finance, and their application to crypto is expected to drive up standards of behaviour and market structure in the sector.
However, the FCA recognises the unique features and risks of cryptoassets and is therefore proposing certain modifications. For example, there are specific carve-outs: Principles 1 (integrity), 2 (skill, care and diligence), 6 (customers’ interests), and 9 (relationships of trust) will not apply to transactions between members on a CATP, and Principles 6 and 9 will not apply when a CATP is servicing professional clients. This mirrors the approach for multilateral trading venues in traditional finance, recognising the different dynamics of direct platform trading. some conduct rules and principles (such as those relating to integrity and fair treatment) will be disapplied for transactions between professional clients on cryptoasset trading platforms (CATPs), mirroring the approach taken with traditional trading venues.
3. Senior Managers & Certification Regime (SM&CR)
All cryptoasset firms will be subject to the SM&CR from day one. This means relevant senior managers must be FCA-approved, with clear accountability and personal responsibility for key areas such as compliance, technology, and operational resilience. Firms will be categorised as either Core or Enhanced, with Enhanced firms typically the largest subject to stricter requirements. The Certification Regime requires firms to certify the fitness and propriety of employees in key roles, and the Fit and Proper Test applies to all relevant staff, focusing on honesty, integrity, competence, and financial soundness.
Only about 1% of all authorised firms fall into the Enhanced category, which is reserved for the largest or most complex firms and comes with stricter regulatory requirements. The criteria for Enhanced status will be similar to those used for other firms regulated by the FCA. Firms also have the option to voluntarily “opt up” to Enhanced status.
The FCA is considering setting a new threshold for Enhanced status based on the total value of client cryptoassets held, with the range currently under consultation between £1 billion and £100 billion. For stablecoin issuers, the FCA intends to introduce new reporting requirements. These will allow the management of stablecoin backing assets to be used as a basis for determining Enhanced status, in a way that is similar to the existing Assets Under Management (AUM) test for other types of firms.
4. Operational Resilience: what does readiness look like?
The FCA is introducing operational resilience requirements for all cryptoasset firms. Under the proposals, cryptoasset firms will be required to identify and map critical business services, set clear impact tolerances for disruptions, and regularly test their ability to remain within these limits through scenario planning for events such as cyber-attacks or system failures. Firms must address risks unique to cryptoassets, including private key security, validator risks, code vulnerabilities, and decentralised network disruptions, while also implementing robust cyber resilience measures and effective incident communication strategies. Strong governance, risk management, record-keeping, conflict management, and whistleblowing procedures are also expected to underpin firms’ operational resilience.
5. Consumer Protection: will the Consumer Duty apply to crypto firms?
The FCA is consulting on whether to apply the Consumer Duty to regulated cryptoasset activities or to introduce tailored, sector-specific rules, recognising that the Duty’s requirements—such as acting in good faith, avoiding foreseeable harm, and supporting customers’ financial objectives—may be difficult to implement given the decentralised nature of many cryptoassets and the lack of clear product manufacturers.
As an alternative, the FCA is considering bespoke investor protections for firms distributing cryptoassets, particularly where traditional distribution chains do not exist. The regulator is seeking feedback on whether the Duty, with additional guidance, would suffice or if a standalone framework is needed, and notably proposes not to apply the Duty to trading between participants on UK-authorised CATPs, instead favouring a tailored approach for admissions and disclosures.
6. Conduct of business requirements
The FCA plans to extend key parts of its Conduct of Business Sourcebook (COBS) to regulated cryptoasset firms, requiring them to meet standards akin to those in traditional finance—such as acting honestly and fairly, providing clear communications, categorising clients, and assessing appropriateness for retail customers. Firms must also disclose their regulatory status, safeguarding arrangements, and issue client agreements and periodic statements. However, certain COBS chapters, including those on distance communications, insurance, and pensions, will not apply. For CATPs, specific exemptions will apply: some conduct principles will not cover transactions between professional clients, and CATPs will not need to offer cooling-off periods or cancellation rights, reflecting the sector’s unique risks and market structure.
7. Product governance
The FCA is consulting on how to apply product governance requirements to cryptoasset firms, given the challenges posed by decentralised and often anonymous cryptoassets that lack clear manufacturers or distribution chains. Traditional rules in the Product Intervention and Product Governance Sourcebook (i.e.PROD) may not fit this sector, so the FCA is considering whether to adapt existing rules, introduce bespoke requirements, or rely on the Consumer Duty with tailored guidance. The regulator’s emerging preference is for a flexible, outcomes-based approach that ensures robust consumer protection while accommodating the unique features of the cryptoasset market.
8. Complaints and redress: what about the ombudsman?
The FCA proposes to apply standard complaints handling rules (DISP) to crypto firms. It is also considering whether customers should be able to refer complaints to the Financial Ombudsman Service (FOS), potentially extending access to redress for retail clients.
9. Environmental, Social, and Governance (ESG) Requirements
The FCA’s ESG Sourcebook will apply to cryptoasset firms, requiring that any sustainability-related claims are fair, clear, and not misleading. While the FCA is not introducing new climate-related or sustainability disclosure obligations at this stage, the inclusion of ESG requirements is not unexpected given the history of crypto issuances that have made specific sustainability claims. This approach reflects the regulator’s intent to ensure that such claims are substantiated and managed with the same rigour as in traditional financial services, promoting transparency and responsible conduct. The FCA’s focus is on preventing misleading statements and ensuring that ESG considerations are properly integrated into firms’ governance and business practices, rather than imposing additional reporting burdens at this time.
10. Transitional arrangements
The FCA state they will provide further guidance on helping AML registered firms transition to the full FCA regime under FSMA – possible transitional relief? To be confirmed.
C. Next Steps
The consultation on the main proposals will close on 12 November 2025, with discussion chapters closing on 15 October 2025. The FCA will consider feedback and publish final rules in 2026. Further consultations are planned on activity-specific rules, prudential requirements, and market abuse regimes for cryptoassets, as set out in the FCA’s crypto roadmap.
Watch this space!
Authored: Jamie Jefferson Ng, Senior Associate; Anya Brown, Trainee Solicitor
This article first appeared on Lexology | Source
