Regulatory March 2026 9 min read

UK Cryptoasset
Regulation:
What Firms Need to Know

The UK's comprehensive cryptoasset regime is taking shape under FSMA, with the application gateway opening in September 2026 and the full regime commencing in October 2027. Here is what the framework looks like — and where firms need to act now.

By Georgios Petropoulos  |  LINXS Advisory
10+
New regulated cryptoasset activities under FSMA
Oct '27
Full regime commencement date
Application gateway opens 30 September 2026
£75K
Minimum permanent capital requirement
Up to £750K for dealing as principal

01 The FSMA Framework

Unlike MiCA, which created an entirely new regulatory rulebook, the UK has integrated cryptoassets into its existing Financial Services and Markets Act 2000 (FSMA) architecture. The Cryptoassets Regulations 2025, passed into law in February 2026, expand the Regulated Activities Order to bring a wide range of cryptoasset activities within the FCA's authorisation remit. Carrying on regulated cryptoasset activities without authorisation is a criminal offence under FSMA.

Qualifying Cryptoassets
Any fungible, transferable digital token not already regulated as a traditional financial instrument or e-money. The definition is intentionally broad, capturing the vast majority of tokens traded today.
Qualifying Stablecoins
A subset pegged to fiat currency and backed by reserve assets. Issuing or managing stablecoins is itself a regulated activity, with requirements aligned to existing payment and e-money standards.
Specified Investment Cryptoassets
Cryptoassets that also meet the definition of traditional financial instruments under the RAO — such as tokenised securities — which may attract dual obligations under both regimes.
DeFi Activities
Where there is an identifiable controlling entity, DeFi arrangements fall within scope and are subject to the same regulatory outcomes as centralised firms. Fully decentralised arrangements remain out of scope for now.

02 Regulated Activities

The Cryptoasset Regulations designate a broad range of activities as regulated, covering both the core services most firms already provide and newer activities such as staking and lending. Each activity requires a specific FCA Part 4A permission and attracts its own conduct, prudential and consumer protection obligations.

Cryptoasset Trading Platforms (CATPs)
Operating a multilateral system for the exchange of qualifying cryptoassets. CATPs face the most comprehensive rulebook — governance, conflicts of interest, fair and orderly trading, market surveillance, and admission criteria.
Custody & Safeguarding
Safeguarding qualifying cryptoassets or stablecoins on behalf of clients. Full client asset segregation, hot/cold wallet infrastructure, and reconciliation obligations aligned to the FCA's CASS Sourcebook.
Dealing as Principal
Buying or selling qualifying cryptoassets as principal, including firms operating OTC desks or offering lending and borrowing products. Attracts the highest capital requirements in the prudential framework.
Dealing as Agent & Arranging
Executing orders on behalf of clients on an external CATP, or introducing clients to an authorised firm. Lower capital floor but full conduct and AML/CFT obligations apply.
Staking
Providing staking services on behalf of clients is a regulated activity. Retail participation is permitted, subject to enhanced risk disclosures and express client consent requirements under CP25/40.
Stablecoin Issuance
Issuing a qualifying stablecoin in or to the UK. Issuers must back stablecoins with reserve assets held in a statutory trust with a third-party custodian, and offer redemption to all holders.

03 Capital Requirements

The FCA's prudential framework — set out across CP25/15 and CP25/42 — introduces a risk-based, scalable capital regime inspired by the Investment Firms Prudential Regime (IFPR), but tailored to cryptoasset business models. Firms must hold capital equal to the highest of their Permanent Minimum Requirement, Fixed Overhead Requirement, or activity-based K-factor capital requirement.

£75K
Arranging deals & dealing as agent
Permanent minimum
£150K
Operating a cryptoasset trading platform (CATP)
Permanent minimum
£750K
Dealing as principal (includes lending & borrowing)
Permanent minimum
K-Factors
Activity-based scalers covering client assets safeguarded, transaction volumes, counterparty exposure, and principal trading positions
Scales with business
40%
Capital charge for Category A cryptoassets — regulated venue, adequate liquidity and low volatility
Net position
100%
Capital charge for Category B cryptoassets — higher volatility, unlisted, or failing Category A criteria
Net position

04 Authorisation Timeline

The application gateway opens on 30 September 2026 and closes 28 February 2027. Firms currently registered under the MLR regime must transition to a full FSMA Part 4A authorisation. Missing the window means being unable to carry on regulated cryptoasset activities when the regime commences in October 2027.

1
Preparation Phase
Now — September 2026
Conduct a regulatory gap analysis, map activities to proposed FCA permissions, model capital and liquidity requirements against CP25/42, and build governance documentation. Firms under MLR registration should assess transitional obligations and begin SM&CR mapping.
2
Application Gateway Opens
30 September 2026
The FCA begins accepting Part 4A applications for cryptoasset regulated activities. Well-prepared firms with complete documentation, experienced management teams, and demonstrated operational readiness will move fastest through review.
3
Gateway Closes
28 February 2027
Last date to submit a Part 4A application. Clock stops apply during FCA information requests. Firms that have not applied will not be able to rely on transitional provisions once the regime commences.
4
Regime Commencement
25 October 2027
The full UK cryptoasset regime enters into force. Carrying on regulated cryptoasset activities without FCA authorisation from this date constitutes a criminal offence under FSMA 2000.

05 Governance, SM&CR & AML

The FCA will apply its Senior Managers and Certification Regime (SM&CR) to authorised cryptoasset firms — named senior managers, documented Statements of Responsibilities, and ongoing fitness and propriety assessment. The current MLR remit is subsumed into the comprehensive FSMA regime, raising the bar materially across AML, governance, and controls.

SM&CR Governance
Named Senior Managers with documented Statements of Responsibilities, appropriate board composition, clear escalation procedures, and a risk appetite statement approved at board level. The FCA assesses governance at authorisation and throughout supervision.
Fit & Proper Assessment
Professional experience in financial services, technology or cryptoassets; clean criminal and insolvency record; demonstrated understanding of regulatory requirements. Assessed at authorisation and on an ongoing basis — not a one-time check.
AML/CFT Framework
Full Customer Due Diligence and Enhanced Due Diligence for high-risk clients, transaction monitoring, sanctions screening against UK and international lists, and Suspicious Activity Reporting to the National Crime Agency.
Travel Rule
The UK's FATF Travel Rule implementation requires collection and transmission of originator and beneficiary information for all cryptoasset transfers, with enhanced requirements for unhosted wallet interactions.

06 Conduct, Consumer Duty & Market Integrity

UK cryptoasset firms will be subject to the FCA's Consumer Duty — an outcomes-based conduct standard that reaches well beyond a disclosure-only baseline. Market integrity requirements are addressed in CP25/41, introducing prohibitions on insider dealing, unlawful disclosure and market manipulation for qualifying cryptoassets.

Consumer Duty
Firms must deliver good outcomes across four pillars: products and services, price and value, consumer understanding, and consumer support. A materially higher bar than the disclosure-based conduct standard familiar to firms from MiCA.
Admissions & Disclosures
CATPs must publish objective, risk-based admission criteria and conduct due diligence before listing. Qualifying Cryptoasset Disclosure Documents (QCDDs) are required at admission to trading, modelled on the UK Prospectus regime.
Market Abuse Regime (MARC)
CP25/41 introduces an FCA-administered regime prohibiting insider dealing, unlawful disclosure and market manipulation for qualifying cryptoassets — with enforcement powers equivalent to traditional financial markets.
Financial Promotions
The UK financial promotions regime for cryptoassets has applied since October 2023. All communications must be fair, clear and not misleading — whether communicated by an authorised firm or an approved third-party promoter.
Assessor Insight
The Consumer Duty requires firms to demonstrate outcomes, not just document policies. The FCA will assess whether customer-outcome thinking is genuinely embedded in product design, pricing, and support — not merely whether the right language appears in a policy document. Firms entering the authorisation process should treat Consumer Duty implementation as a live operational exercise from day one, not a compliance form-fill to be completed on submission.

07 UK vs EU — Key Structural Differences

Firms operating across both the UK and EU must maintain separate authorisations — there is no passporting arrangement post-Brexit. The structural differences between the two regimes have material implications for how cross-border groups should architect their legal and compliance footprint.

UK Regime — FSMA
  • Integrates into FSMA — no standalone cryptoasset legislation
  • FCA-only supervisor; no dual PRA/FCA split for most firms
  • Consumer Duty applies — outcomes-based conduct standard
  • No EU passporting; separate authorisation per jurisdiction
  • DeFi in scope where a controlling entity is identifiable
  • IFPR-inspired K-factor prudential framework
  • SM&CR applies to senior managers at authorisation and ongoing
  • Application gateway Sept 2026; regime live Oct 2027
EU Regime — MiCA
  • Standalone regulation — own rulebook separate from MiFID/AIFMD
  • National Competent Authority supervision; ESMA central register
  • Disclosure-based conduct regime; no Consumer Duty equivalent
  • EU single licence passport across all 27 Member States
  • DeFi largely out of scope under current MiCA text
  • Tiered minimum capital based on service type — up to €150K or % of fixed overheads
  • Fit & proper assessed by NCAs at authorisation stage
  • In full effect from 30 December 2024

08 Post-Authorisation & Ongoing Supervision

Authorisation is the beginning, not the end. Once authorised, firms are subject to the full weight of the FCA's supervisory framework — ongoing reporting, prudential disclosure, and pre-approval obligations for material changes to the business.

Ongoing Supervision
Regular reporting and prudential disclosures, periodic FCA supervisory assessments, incident and breach notification obligations, and pre-approval required for significant changes to business model or ownership structure.
Prudential Disclosure
Firms must publish accessible information at least annually on their risk profile, capital position, key prudential metrics and, where relevant, group relationships — aligned to the CP25/42 public disclosure obligations.
CARF Reporting
From 2026, UK cryptoasset service providers must report user and transaction data to HMRC annually under the Crypto-Asset Reporting Framework — analogous to stock broker reporting obligations in traditional markets.
No UK Passporting
UK authorisation does not carry passporting rights. Firms serving EU clients from the UK must obtain separate MiCA authorisation in an EU Member State. There is no mutual recognition arrangement post-Brexit.

Preparing for UK Cryptoasset Authorisation?

LINXS Advisory works with cryptoasset businesses, fintech firms and institutional participants on regulatory strategy, FCA authorisation readiness, and ongoing compliance. We translate complex requirements into practical action.

Get in Touch Visit LINXS Advisory