Summary

The new regime will be incorporated into the existing Financial Services and Markets Act 2000 (FSMA) framework requiring firms to obtain authorisation from the FCA (unless an exclusion applies) and implement policies, procedures, and controls to comply with prescriptive regulatory standards developed by the FCA.

The authorisation gateway window is expected to open in September 2026, with the new regime scheduled to apply from 25 October 2027.

In the private funds context, the new regime will be of most interest to those pursuing strategies involving qualifying cryptoassets. The extra-territorial regime also means that overseas firms providing services to retail clients will be brought within scope of the requirements, and owners or controllers including private funds that acquire or increase control of authorised cryptoassets firms will need to be pre-approved by the FCA.

This alert provides a high-level summary of the new regime along with guidance on next steps.

Activities that will be subject to regulation

The following activities will be brought within the scope of the regulatory perimeter:

1. Issuing qualifying stablecoin in the United Kingdom: Offering, redeeming, and maintaining the value of the qualifying stablecoin (but not creating or minting, and clarifying that stablecoin is not e-money).

2. Safeguarding of qualifying cryptoassets and relevant specified investment cryptoassets: Capturing not only the custody of qualifying cryptoassets but also specified investment cryptoassets that are securities (e.g., tokenised versions of equities, bonds) or contractually based investments (e.g., tokenised versions of options, futures and CFDs). There is an exclusion for qualifying cryptoassets that are held on a temporary basis and specifically for the purpose of settling trades.

3. Operating a qualifying cryptoasset trading platform (CATP): Operating a system which brings together or facilitates the bringing together of multiple third-party buying and selling interests in qualifying cryptoassets in a way that results in a contract for the exchange of qualifying cryptoassets for money (including electronic money) or for other qualifying cryptoassets. Helpfully, CATPs will be permitted to engage in matched principal trading activities provided that: (a) both legs are executed simultaneously, (b) the CATP does not charge a spread, but only a fee or commission, and (c) the CATP manages settlement risk. In addition, CATPs will be permitted to issue their own tokens and admit to trading tokens in which they arrange the issue or have a financial interest subject to careful management of conflicts of interest. However, CATPs will not be allowed to act as a market maker, engage in principal dealing activities, extend credit to counterparties beyond credit exposure arising from settlement, or execute client orders on affiliated non-FCA authorised CATPs.

4. Dealing in qualifying cryptoassets as principal: Buying, selling for, or underwriting qualifying cryptoassets and extends to capture cryptoasset lending and borrowing services.

5. Dealing in qualifying cryptoassets as agent: Buying, subscribing for, or underwriting qualifying cryptoassets as agent and extends to capture cryptoasset lending and borrowing services.

6. Arranging deals in qualifying cryptoassets: Making arrangements for another person (whether as principal or agent) to buy, sell, subscribe for, or underwrite a qualifying cryptoasset; and making arrangements with a view to a person who participates in the arrangements buying, selling, subscribing for, or underwriting qualifying cryptoassets. It is intended to capture operating a lending platform.

7. Qualifying cryptoasset staking: Making arrangements for qualifying cryptoasset staking (i.e., the use of a qualifying cryptoasset in blockchain validation), including liquid staking, although the issuance of liquid staking tokens will fall within the scope of the dealing activity.

It is important to note that the FCA has banned the use of proprietary tokens when firms provide lending and borrowing services (e.g., collateral, loaned assets, or yield payments). Additional protections will apply to protect retail clients from significant losses due to fluctuations in the value of their collateral.

Firms will need to carefully consider whether they are undertaking any of the above referenced activities and/or whether an exclusion applies, noting the introduction of certain unhelpful restrictions.

In addition, firms that undertake payment services activities relating to stablecoins will be required to assess whether they fall within the scope of the cryptoasset regime, the existing UK payment services regime, or in certain cases, both regimes.

Further guidance from the FCA is expected to address some of the complexity and uncertainty introduced in the legislative provisions as it applies to the scope and availability of exclusions.

Products in scope

Each of the above referenced activities are only regulated to the extent that they relate to ‘qualifying cryptoassets,’ a defined term which also encompasses certain categories of stablecoins.

A cryptoasset is: ‘any cryptographically secured digital representation of value or contractual rights that: (a) can be transferred, stored or traded electronically, and (b) that uses technology supporting the recording or storage of data (which may include distributed ledger technology (DLT)).’

Within that definition, the following three new concepts are introduced to underpin the new regime:

• Qualifying cryptoassets: This includes cryptoassets which are ‘fungible and transferable but will exclude tokenised electronic money, central bank digital currencies and fiat currencies.’
• Specified investment cryptoassets: Any cryptoasset that is already itself a specified investment (e.g., a token on a blockchain that represents an interest or right to an equity, or bond, or a derivative).
• Qualifying stablecoins: ‘A qualifying cryptoasset that references a fiat currency; and seeks or purports to maintain a stable value in relation to that referenced fiat currency by the issuer holding or arranging for the holding of that: (a) fiat currency; or (b) fiat currency and other assets.’ This means that a cryptoasset that only references real estate assets or commodities will not be treated as a qualifying stablecoin, although it could still be a qualifying cryptoasset.

The UK Government has confirmed that: (a) arrangements for qualifying cryptoasset staking do not amount to a collective investment scheme (CIS). This is intended to apply to assets used in the blockchain validation or DLT networks; and (b) assets used to back or stabilise a qualifying stablecoin are expressly excluded as a CIS or alternative investment fund (AIF). This will ensure that the stabilisation mechanism for stablecoins is not captured by the existing UK AIF and CIS regimes.

Territorial application

The regime will apply to firms conducting in-scope cryptoassets activities from a place of business in the UK, and stablecoin issuers should only fall within scope if they are physically located in the UK. However, the new regime will have extensive extraterritorial application subject to the availability of an exclusion, including as follows:

• International firms serving UK retail clients will be brought within the scope of the regulatory perimeter.
• The FCA’s baseline expectation is that overseas firms should operate via a UK legal entity (subsidiary), although they are considering allowing international firms to operate through a branch for trading platforms. This will be assessed on a case by case basis.
• International firms serving only UK professional clients should generally not require authorisation.
• International firms may not need to be authorised if they are acting through a UK-authorised intermediary.

The UK Government has signalled that equivalence style or substitutive compliance mechanisms may be deployed where overseas regimes are assessed as sufficiently comparable, in order to avoid unnecessary market fragmentation and enable cross border firms to continue operating without duplicative compliance burdens. Although the details have not yet been finalised, this approach suggests that international firms subject to robust home state regulation could rely on an equivalence determination to meet certain UK requirements.

Ongoing oversight

Firms that are authorised will be subject to ongoing supervision by the FCA and will be expected to have policies, procedures and controls in place to ensure that the business is run in an orderly and effective manner, clients are protected and treated fairly, and the integrity of the financial market is observed. This will require compliance with rules relating to:

• Regulatory capital: Minimum capital requirements, embedding the internal capital adequacy and risk assessment (ICARA) process, and ensuring compliance with public disclosure requirements.
• Governance and under the FCA senior management arrangements, systems and controls rules (SYSC): Embedding individual accountability under the senior managers and certification regime, risk management, conflicts of interest, outsourcing, operational resilience, financial crime, internal audit, whistleblowing, telephone recording, and record keeping.
• Client asset and money rules (CASS): Segregation, reconciliations, agreements, oversight, record-keeping, and reporting.
• Conduct rules: Client communications, client categorisation, appropriateness assessments, best execution, order handling, inducements, disclosures, and record-keeping.
• Regulatory reporting including under the FCA supervisory reporting sourcebook (SUP): Notification to the FCA, obtaining necessary approvals, and transaction reporting.
• Market standards: Compliance with the market abuse regulation (MAR), market surveillance, and orderly trading rules.

The application of the rules will be activity-based and proportionate based on the scale and complexity of the activities undertaken.

Market abuse, admissions and disclosures

The regulations will, for the first time, introduce a dedicated market abuse regime for qualifying cryptoassets, aligning standards of market integrity in the cryptoasset sector with those long applied in traditional financial markets.

In addition, the new regime introduces strict requirements for the admission of assets to trading and disclosure which closely mirror the requirements that apply to traditional financial products, with a view to enhancing consumer protection and market integrity.

In practice, this means that firms operating in qualifying cryptoassets will be required to implement comprehensive market‑abuse surveillance and reporting frameworks, akin to those used in traditional securities markets. Trading platforms and intermediaries will need to monitor for suspicious behaviour, maintain detailed audit trails, and establish clear escalation procedures for potential insider dealing, manipulation, or other abusive practices. Firms should also expect increased regulatory scrutiny of their systems and controls, including the robustness of their data‑monitoring tools, governance structures, and staff training.

Ultimately, firms must be able to demonstrate that they can detect, prevent, and report market abuse effectively, ensuring the integrity of the cryptoasset markets in which they operate.

The admissions and disclosure regime can be summarised as follows:

• Persons seeking to admit a cryptoasset to trading will be required to produce a qualifying cryptoasset disclosure document (QCDD) or a supplementary disclosure document (SDD).
• CATPs will be required to publish both QCDDs and SDDs on their website and file the documents with a central FCA repository before trading begins. This is intended to ensure a clear, auditable record is retained.
• QCDDs/SDDs must be clear, fair, and not misleading. The FCA will provide finalised guidance on the structure, language, and prominence of required key information.
• CATPs will be required to establish robust, risk-based criteria for admitting cryptoassets to trading on their platform. The rules applicable to the listing of their own tokens will be tougher.

When will the authorisation gateway open?

The FCA has confirmed that the authorisation gateway window will open from 30 September 2026 to 28 February 2027. Firms must submit their application within this window to secure FSMA authorisation ahead of the 25 October 2027 deadline. The FCA has confirmed that it will provide information sessions and pre‑application support in advance of the opening of the window.

Change of control requirements

Owners and controllers of UK authorised cryptoasset firms will be required to obtain approval from the FCA when they acquire control. We would generally expect that firms operating exclusively as cryptoasset firms would fall within the FCA’s definition of a ‘non-Directive firm’ for FSMA change of control purposes. They would therefore be subject to notification requirements where 20% or more of the shares or voting power of the non-Directive firm or parent undertaking of the non-Directive firm (where applicable) were acquired.

Owners and controllers will normally be approved as part of the initial authorisation process. The FCA has up to 60 working days to approve any new owners and controllers, although, in practice, such approvals are normally granted within 20 – 30 working days.

Next steps

The consultation closed on Thursday 12 February.

Firms should begin preparing for the forthcoming regulatory framework without delay by:

• Continuing to engage actively with the FCA, either directly or through relevant industry bodies, to ensure that sector‑specific issues and practical considerations are reflected in the final rules.
• Assessing whether current or planned activities fall within the scope of the new regulatory perimeter, including any extra‑territorial elements that may bring overseas operations into scope.
• Evaluating readiness to seek FCA authorisation within the required timelines, ensuring that applications can be submitted during the gateway window and that business operations continue uninterrupted during the transition to the new regime.
• Identifying the governance, policy, procedural, and control enhancements that will be required to be implemented to ensure compliance with the new framework, including updates to surveillance systems, market abuse controls, and operational risk frameworks.
• Reviewing external communications and disclosures, including marketing materials and public documentation, to confirm that they remain accurate, compliant, and appropriately aligned with the enhanced regulatory expectations.
• Assessing capital, liquidity, governance, and recovery and wind‑down arrangements to ensure they meet the new prudential requirements and support long‑term operational resilience.
• Ensuring senior management are fully engaged and informed, with clear accountability for implementation planning, regulatory engagement, and oversight of the firm’s transition to the new regime.

If you would like to discuss the UK’s new cryptoasset regulatory regime, please reach out to Karen Butler, Josh Dambacher, Christopher Hilditch, Stuart Axford, Michal Chajdukowski and Nicholas Hunt who are key contacts in this area.