FCA tailors how its rulebook will apply to cryptoasset activities

A new consultation from the Financial Conduct Authority shows more clearly the extent of the compliance burden to come for crypto businesses under the UK’s cryptoasset regulatory regime. The FCA’s Principles, systems and controls requirements and individual accountability regime for senior management are among the existing rules which will apply to all crypto firms but in a tailored way to reflect different business models. The consultation closes on 12 November 2025 but views on the application of key consumer-facing rules, such as the Consumer Duty, are due by 15 October 2025.

Context

The FCA is working through a crypto roadmap to set the rules that would apply to firms under the UK’s future cryptoasset regulatory regime. Under the draft legislation, cryptoasset activities such as issuing stablecoins, safeguarding cryptoassets, arranging cryptoasset staking and operating a cryptoasset trading platform will be regulated and businesses will need to apply for FCA authorisation (or appropriate permissions if they already authorised) before carrying them out in the UK. In CP25/25 the FCA is consulting on how existing rules in its Handbook will apply to cryptoasset businesses once they are licensed.

High-level rules

The FCA is proposing to apply a wide range of its existing rules to cryptoasset businesses. This includes:

• Its high-level Principles for Businesses (PRIN), subject to some modifications. For example, the FCA proposes that Principle 6 (treating customers fairly) will not apply to a cryptoasset trading platform when providing services to professional clients.
• The General Provisions sourcebook (GEN), which contains for example a ban on firms claiming or implying that the FCA has endorsed their business. 
• The FCA’s Supervision rules (SUP), meaning that the FCA will expect cryptoasset firms to notify the FCA of significant changes to their business. 

The majority of the FCA’s Systems and Controls (SYSC) rules. Firms that only carry on cryptoasset activities will be treated as “other” firms, meaning that several elements of the FCA’s expectations will apply as guidance rather than rules. Firms already carrying on regulated activities will be expected to meet the “common platform” requirements across their entire business, including cryptoasset activities.

Importantly, draft guidance explains that crypto firms are not expected to regard use of a permissionless DLT as an “outsourcing” under its SYSC 8 rules because of the absence of a centralised operator with which an outsourcing agreement could be executed.

Rules for senior management

The FCA does not only regulate firms but also individuals at regulated firms under the Senior Managers and Certification Regime. The FCA proposes to apply the SMCR to cryptoasset businesses.

Becoming subject to the SMCR will be a significant change for currently unregulated crypto firms. This will mean, among other things, that: 

• senior management will require FCA approval, as will other individuals such as the Head of Compliance;
• prescribed responsibilities will need to be allocated between senior managers, with the FCA indicating that for stablecoin issuers the person allocated responsibility for compliance with the client asset rules (CASS) will be required to be responsible for oversight of the backing assets pool;
• crypto firms will need to certify staff as being fit and proper, with the FCA proposing that the “proprietary trading” function will be extended to capture individuals involved in dealing in cryptoassets as principal and issuing qualifying stablecoins in the UK.

A more onerous version of the SMCR applies to larger firms. The FCA will consult in a future paper on which firms will be subject to this “enhanced” SMCR regime, with the remainder falling into the “core” requirements.

The FCA is separately consulting on simplifications to the SMCR which may impact its proposals.

Operational resilience

A significant element of the proposals is that the FCA wants to apply its Operational Resilience rules (SYSC 15A) to all cryptoasset firms. Crypto firms will likely query whether this is an even-handed approach, given that “core” SMCR firms are not currently required to comply with the operational resilience regime. The FCA’s rationale is that it has particular concerns about poor operational resilience in the cryptoasset sector. 

The consultation supplements the rules with cryptoasset sector-specific guidance. This seeks to explain how crypto firms might comply with the SYSC 15A requirements across several different business models, with helpful examples. This guidance also indicates, however, that the FCA will have high expectations of crypto firms, notwithstanding the difficulties that may be caused in complying with the FCA’s traditional operational resilience expectations by use of technologies such as permissionless distributed ledgers.

The FCA also indicates that it expects to make crypto firms subject to its proposed rules concerning reporting of operational incidents and maintenance of a register of third-party relationships, which is currently subject to consultation.

Consumer focus

CP25/25 asks for views on the Consumer Duty as part of an earlier-stage Discussion Paper. The Consumer Duty requires firms to act to deliver good outcomes for retail customers, supported by extensive rules and guidance on how to achieve this.

The FCA is considering two options:

1. applying the Duty, supplemented by crypto-specific guidance, or
2. not applying the Duty, but introducing dedicated rules that will achieve an appropriate standard of consumer protection.

The cryptoasset industry will likely agree with the FCA’s suggestion that applying aspects of the traditional Duty would be difficult given the nature of the market. The FCA suggests that it could take a different approach for issuers of qualifying stablecoins and other crypto firms.

Conduct of business

Similarly, the FCA discusses the potential application of its Conduct of Business (COBS) rules. If cryptoasset activities become “designated investment business”, the majority of the FCA COBS rules would apply in principle but key elements, such as client categorisation, will be subject to consultation. The FCA indicates that it expects not to apply COBS to transactions between a cryptoasset trading platform and professional clients. 

The FCA is minded to remove UK-issued qualifying stablecoins from its existing financial promotion rules for high-risk investments. Currently cryptoassets are treated as Restricted Mass Market Investments and subject to tighter marketing restrictions. The FCA would, however, set new warning language for non-UK issued stablecoins.

The FCA is also considering translating existing guidance about appropriateness assessments into rules, with a view to raising standards.

Other points to note

Although the FCA says that it will expect crypto firms to comply with its ‘anti-greenwashing’ rule, it does not intend to apply ESG reporting requirements to crypto firms.

The FCA has already indicated that it will not extend cover under the Financial Services Compensation Scheme to crypto firms, but it is considering the possibility of extending its complaints-handling rules and access to the Financial Ombudsman Service (FOS) to crypto activities.

The FCA does not plan to apply its Product Governance (PROD) rules given the difficulties that will likely be caused by the absence of clear manufacturers for several cryptoassets.

Next steps

The FCA requests comments on the discussion proposals by 15 October 2025. This leaves only a few weeks for firms to respond on the application of the Consumer Duty, COBS and the FOS.

The deadline for other aspects of the consultation paper is 12 November 2025. The FCA will publish the final rules in 2026.

In the meantime, the FCA is expected to consult on rules relating to admissions and disclosures and market abuse in the coming weeks. The Government is also due to lay its draft crypto legislation before Parliament.