.svg)
2026 will be a decisive year for the UK crypto-asset sector, as the Financial Conduct Authority (FCA) looks to finalise a comprehensive regulatory regime that will go live in October 2027, subject to parliamentary approval and final rule-making timelines.
In December 2025, HM Treasury laid before parliament the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025, a statutory instrument that will empower the FCA to establish rules and guidance for a fully regulated crypto-asset sector.
The move will significantly expand the FCA’s supervision and oversight of crypto-asset activities, which is currently limited to how firms communicate promotions and how they maintain anti-money laundering and counter-terrorism financing (AML/CTF) standards.
One day after the draft statutory instrument was introduced, the FCA published three interlocking consultation papers (CPs) outlining its latest proposals for the forthcoming regime:
- CP25/40 – Crypto-asset trading platforms (CATPs); intermediaries; lending and borrowing; staking; and decentralised finance (DeFi)
- CP25/41 – Admissions and disclosures (A&D); and market abuse
- CP25/42 – Prudential requirements for crypto-asset firms
Under its Crypto Roadmap, the regulator is aiming to publish all of its final rules and guidance as policy statements by the end of 2026.
The three CPs therefore offer one of the final chances that firms will have to provide feedback that could shape the incoming regime.
For each of the CPs, the deadline for firms to submit feedback is February 12, 2026.
The bigger picture
Across the three consultations, the FCA said its proposals seek to align with the principle of “same risk, same regulatory outcome”.
In so doing, the regulator wants its rules and guidance to be as consistent as possible with those that currently apply to traditional financial service firms that are authorised under the Financial Services and Markets Act 2000 (FSMA).
The FCA will therefore seek to use these existing regulatory approaches where possible, rather than create new bespoke regimes for crypto-asset firms and activities.
However, where this is not possible, the FCA will create bespoke rules and guidance intended to mitigate risks that are specific to the crypto-asset sector.
Several examples of these are highlighted below, but these are not exhaustive, and firms should refer to the consultation material directly for more information.
CP25/40: Who can operate and how
The first consultation paper, CP25/40, is primarily about market structure and specific regulated activities within the UK crypto-asset sector.
Its proposals are designed to establish what firms can operate in the market, under what permissions, and with what corporate structure and governance expectations.
In future, almost all firms and individuals that wish to carry out any of the activities designated in CP25/40 will need to apply for FCA authorisation before doing so.
These activities include operating a CATP, operating an intermediary, offering crypto-asset lending and borrowing services and offering DeFi services.
CP25/40 confirms that the FCA will proceed with most of its earlier proposals on these activities.
In practical terms, this means:
- UK authorisation will be required for all firms offering regulated crypto-asset services to UK retail customers.
- UK legal entities will generally be required, particularly for CATPs.
- Hybrid structures (e.g., a UK entity with an overseas branch) may be possible, but will be scrutinised at authorisation.
- Firms that serve only UK institutional clients can “potentially” do so from overseas without needing FCA authorisation.
Where CP25/40 does adjust previous proposals, it does so with clearly defined safeguards.
For example, in a previous discussion paper, the FCA proposed prohibiting UK CATP operators from trading as principal on their own CATP, from trading as principal off-platform and from having group affiliates trade on a group CATP.
In the latest CP, the FCA proposes new rules that would permit some principal dealing activities by operators of a UK CATP, and would allow group affiliates to trade on a group CATP (subject to conflict-of-interest and financial-risk safeguards).
Similarly, the regulator previously discussed whether to prohibit UK CATPs from admitting tokens to trading in which they have an interest.
The FCA has now confirmed that it will not move forward with this proposal, and instead proposes allowing admission of proprietary tokens to a proprietary CATP, provided that A&D, market abuse and conflicts of interest rules are abided by.
On lending and borrowing, the FCA has scrapped a previous proposal that would have prohibited retail customers from accessing these services.
However, it has introduced a new proposal that prohibits firms from using their own proprietary tokens in lending and borrowing services.
The regulator has also scrapped a proposal that would have required firms offering borrowing services to retail customers to comply with elements of the Consumer Credit (CONC) Sourcebook.
This would have included creditworthiness assessments and types of client risk profiling, but this proposal has been dropped due to negative feedback from industry on its “effectiveness and practicality”.
Finally, the FCA has clarified that firms may only provide over-collateralised crypto-asset borrowing services to retail customers.
CP25/41: A&D and market integrity
CP25/41 outlines the FCA’s latest proposals on how crypto-assets are admitted to trading, how risk information is disclosed and how market abuse is prevented.
The FCA’s position is that authorised firms should act as “responsible gatekeepers” to crypto-asset services, and that retail access should be conditional on compliant disclosures.
The FCA’s proposed A&D requirements and its Market Abuse Regime for Cryptoassets (MARC) are two examples of bespoke rule sets for the crypto-asset sector.
Under the proposed A&D requirements, qualifying crypto-asset disclosure documents (QCDDs) will be used to provide information about crypto-assets to clients before they buy.
Other than for UK-issued qualifying stablecoins, CATPs will need to conduct appropriate checks to prevent or reduce the admission to trading of crypto-assets that could cause consumers harm (e.g., scam tokens).
Similarly, the proposed MARC regime aims to ensure consumer protection by requiring firms to detect, prevent and disrupt market abuse.
These proposals are also dependent on firm size. For example, large CATPs (those with an annual average revenue of £10m or more over the past three years) will face enhanced market abuse obligations.
Large CATPs will be required to monitor on-chain activities relevant to their operations, such as wallet interactions, token flows and transaction patterns of their platform or users.
These activities should complement off-chain surveillance and enable large CATPs to detect and respond to suspicious behaviours.
Further, large CATPs will be required to disclose information to other large CATPs when the following criteria are met:
- They have reasonable grounds to suspect that crypto-asset market abuse has occurred, is occurring or is likely to occur.
- It is necessary to disclose the information to detect, prevent or disrupt the market abuse.
The FCA does not prescribe the frequency of information sharing, but notes that information should be shared “without unnecessary delay” once a platform has identified the suspicious behaviour.
It also does not prescribe specific data fields that must be shared in every case, but defers to Handbook guidance to ensure that information shared is “relevant and proportionate”.
CP25/42: Prudential regulation arrives
CP25/42 introduces new prudential proposals to ensure that firms are financially resilient, capable of absorbing shocks and able to wind down without causing consumer or market harm.
In a previous consultation paper, CP25/15, the FCA introduced two new prudential sourcebooks – COREPRU (cross-sector) and CRYPTOPRU (crypto-specific).
The latest CP builds on these proposals with several additional proposals:
- Permanent minimum requirements (PMR) based on activity type.
- K-factor capital requirements tied to operational, market and counterparty risk.
- A new overall risk assessment covering stress testing, recovery and wind-down planning.
The FCA proposes to stagger the PMR based on the regulated activity a firm engages in, noting that if a firm engages in more than one of these activities, it must meet the highest PMR.
|
Regulated Activity |
Permanent Minimum Requirement (PMR) |
|
Dealing as agent in qualifying crypto-assets |
£75,000 |
|
Arranging deals in qualifying crypto-assets |
£75,000 |
|
Operating a crypto-asset trading platform |
£150,000 |
|
Qualifying crypto-asset staking |
£150,000 |
|
Dealing as principal in qualifying crypto-assets |
£750,000 |
Finally, through an overall risk assessment process, crypto-asset firms are expected to consider and account for all risks that may cause material harm to consumers and counterparties, as well as to the markets they operate in.
The assessment will place emphasis on a firm’s own risk management practices to determine their non-financial and financial resources necessary on an ongoing basis and during wind down.
The FCA proposes to add these additional rules to the COREPRU sourcebook.
Why should you care?
Taken together, CP25/40, CP25/41 and CP25/42 show that the FCA has moved beyond experimentation.
The architecture of the new crypto-asset regime is now largely fixed, even where consultation language remains.
For firms with limited compliance budgets, 2026 should be treated as a design and prioritisation year, not as a waiting period.
Three areas require early mobilisation:
- Permissions mapping and business model rationalisation.
- Map each activity to the relevant regulated permission, including borderline or supporting functions.
- Identify activities that will require UK legal-entity restructuring, particularly for CATPs and hybrid operating models.
- Test whether current governance arrangements would satisfy operator-as-gatekeeper expectations.
- Market integrity and disclosure capabilities.
- Assess the ability to produce and maintain QCDDs to evidential standards, including ownership of data sources and update cycles.
- Evaluate whether surveillance tooling can integrate on-chain and off-chain signals.
- Establish data-sharing and escalation protocols with peer platforms ahead of MARC implementation.
- Prudential readiness and wind-down realism.
- Model capital needs under the highest PMR that could apply across group activities.
- Run early stress-testing and wind-down scenarios and identify operational choke-points.
- Decide which prudential and risk functions will be built internally and which will require specialist external support.
Where existing compliance capabilities are lacking, firms should decide in advance how to build, buy or outsource those capabilities.
For payments firms engaging with crypto-asset activities such as custody-adjacent services, fiat-on/off-ramps or tokenised settlement flows, the key strategic question is whether crypto-facing functions will sit inside an FCA-authorised perimeter or remain adjacent to it.
Organisations should evaluate the compliance, capital and operational consequences of that decision now, not after rule finalisation.
Next steps
The FCA has indicated that feedback quality rather than volume will be a priority consideration in assessing consultation feedback. Affected firms should respond to the regulator by the deadline of February 12, 2026.
