Home | Thought Leadership

Thought Leadership

CP25/14: Stablecoin Issuance and Cryptoasset Custody

By Eleanor Furlong Justin Barrow

30 Mar 2026 13 min read

Overview

The FCA has concluded that the Consumer Duty alone is not sufficient to achieve regulatory objectives for qualifying stablecoin issuers and qualifying cryptoasset custodians, and that additional specific requirements are necessary to provide sufficient clarity to firms on expected standards. CP25/14 sets out additional proposed rules and guidance for the activities of issuing a qualifying stablecoin and safeguarding qualifying cryptoassets.

The FCA aims to ensure a well-functioning market for consumers by promoting products that meet their needs, offer fair value, and provide clear information, alongside robust protections and orderly resolution when issues arise.

It seeks to foster effective competition by encouraging innovation, high-quality offerings, and international competitiveness, positioning the UK as a leading jurisdiction for cryptoasset firms, while maintaining consumer trust through strong standards.

Additionally, the FCA prioritises market integrity by preventing criminal activities such as fraud, terrorism financing and money laundering, enforcing rigorous supervision, and ensuring stablecoins are fully backed by secure liquid assets with next-day redemption and adequate safeguarding of client assets.

Risks

Some of the risks associated with cryptoassets are common to other features of the financial ecosystem including to more well-known or traditional financial products and services.

However, there are novel risks distinct to cryptoassets and the regulators are looking closely at how these risks can be addressed to create the most appropriate regulatory framework within which firms active in the space can effect appropriate systems, controls and processes, hold the right kinds of levels and quality of capital, be held to appropriate standards of conduct and have the right levels of expertise – ultimately, the goal of the regulators is to ensure that if something does go wrong, the markets and consumers are appropriately protected.

Regulation will not remove all risk, and consumers of these products will need to be appropriately informed about them and sufficiently aware of the risks associated with them.

It will be necessary for firms to provide clear and comprehensive information to consumers to enable individuals to understand the nature of the risks associated with cryptoassets. Risks to be specifically addressed include those relating to:

Governance and conduct (i.e. the risks associated with poor systems and controls and lack of senior accountability)
Financial crime (i.e. the risks of appeal that cryptoassets provide to bad actors)
Consumer understanding (i.e. the risks of individual consumers not being adequately informed, or misinformed about the way in which cryptoassets work)
DLT (i.e. mitigating novel risks relating to data recorded on digital ledgers with the use of technology and coding controls)
Operational resilience (i.e. mitigating the risks associated with operational disruptions suffered by qualifying stablecoin issuers or qualifying cryptoasset custodians)

Authorisations, Supervision and Enforcement

Under final legislation amending the Regulated Activities Order (RAO), firms engaged in issuing qualifying stablecoins, or safeguarding qualifying cryptoassets, will be required to obtain FCA authorisation and comply with clear regulatory standards. These proposals aim to give consumers and markets confidence that qualifying stablecoins are 1:1 backed, issuers can meet redemption obligations, and client cryptoassets are properly protected.

In addition, firms authorised to carry out these activities will be subject to ongoing supervision under FSMA. The FCA intends to apply the same regulatory approach as for other authorised firms, requiring applicants to meet minimum threshold conditions. Supervision is intended to be flexible, predictable and proportionate, focusing on regulatory priorities (supporting growth, fighting financial crime, protecting consumers and being a smarter regulator) and on areas where the risk of harm is greatest.

The FCA’s enforcement approach emphasises less intensive supervision for firms that demonstrate a genuine commitment to compliance.

However, for firms or individuals that fail to follow the rules, or cause harm to consumers or markets, the FCA will impose meaningful consequences, with enforcement action aimed at achieving impactful deterrence.

FCA’s Proposed Requirements for Issuers of Qualifying Stablecoins

The FCA set out detailed proposals to ensure the stability, transparency and integrity of qualifying stablecoins.

Qualifying stablecoins are cryptoassets which seek, or purport, to maintain their value with reference to a single fiat currency by holding fiat currency, or a combination of fiat currency and other assets. The consultation also sought views on how rules should apply to issuers of qualifying stablecoins referencing more than one fiat currency (recognising the additional complexities around foreign exchange and liquidity risks, and the challenge of determining 'par' value for currency baskets), but does not address this in full in CP 25/14.

Under the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026 (FSMA 2026), a new Chapter 2 of the RAO introduces Article 88G, which defines a qualifying stablecoin as a stablecoin referencing one or more fiat currencies and maintaining a stable value by holding those fiat currencies, or a combination of fiat currencies and other permitted assets, as backing assets.

These measures aim to protect consumers, maintain market confidence and provide clarity for firms operating in this space with proposals covering technical design, backing asset management, safeguarding, redemption rights, governance, and disclosure obligations.

1. Technical Design and Operational Resilience

Issuers may create qualifying stablecoins on any form of distributed ledger technology (DLT), including public, private, permissioned or permissionless blockchains, but the technical design must be robust, enable functionality and allow compliance with regulatory requirements.

Issuers must identify and manage risks associated with the design and build of the stablecoin, including risks from the underlying DLT and potential disruptions. A robust operational resilience framework is required, aligned with FCA’s Systems and Controls rules and Consumer Duty.

2. Backing Assets and Liquidity Requirements

Stablecoins must be backed 1:1 by high-quality, liquid assets equal to the value of all minted tokens, whether or not in circulation. Core permitted assets include:

Short-term government debt instruments (maturity of one year or less) issued by the UK or Zone A countries (OECD members, or countries with IMF lending arrangements).
On-demand deposits.

To reduce reliance on market liquidity, at least 5% of backing assets must be held in on-demand UK bank deposits (the On-Demand Deposit Requirement, or ODDR).

Issuers may opt to include expanded backing assets, such as:

Longer-term government debt (maturity > 1 year).
Units in Public Debt CNAV Money Market Funds.
Assets held under repurchase or reverse repurchase agreements (subject to conditions in CASS 16).

Issuers wishing to use expanded assets must notify the FCA and demonstrate appropriate systems, controls and expertise. They must also comply with the Backing Asset Composition Ratio (BACR), calculated every 14 redemption days to ensure sufficient liquidity for timely redemption. BACR is based on peak estimated daily redemptions and historical error adjustments over a 180-day look-back period. Transitional requirements apply for new entrants without 180 days of data.

Issuers must also maintain a backing asset risk management framework, including:

Liquidity risk management policy.
Contingency funding plan (tested annually).
Custody policy to ensure prompt access and prudent diversification of custodians.

Finally, backing assets must be denominated in the same currency as the reference currency, although the FCA is consulting on whether diversification across currencies could be permitted without undermining the 1:1 backing. Tokenised versions of permitted assets also remain under consideration but are not yet confirmed.

3. Safeguarding and Statutory Trust

Backing assets must be held in a statutory trust for the benefit of stablecoin holders, segregated from the issuer’s own funds. Separate trusts are required for each stablecoin product to prevent co-mingling and contagion risk. Issuers must appoint independent third parties to safeguard backing assets and obtain signed acknowledgements confirming assets are held on trust. However, issuers remain legally responsible for safeguarding and managing redemption requests at all times.

4. Record-Keeping and Daily Reconciliations

Issuers must maintain accurate records of minted stablecoins and backing assets, conduct daily internal and external reconciliations, and perform daily valuations of backing assets in the reference currency. Excesses in the backing pool must be removed or matched by minting additional stablecoins within one business day and shortfalls must be topped up within one business day or reported to the FCA.

Where stablecoins are redeemed but not burned, they must either be re-backed within 24 hours or permanently burned to maintain parity between the backing asset pool and stablecoins in circulation.

5. Redemption Framework

Issuers must offer redemption at par value in the reference currency to all holders (retail and institutional, UK or overseas) with payment orders placed by the end of the next business day.

Redemption requests must be processed fairly and objectively, with no preferential treatment based on size or holder type. Limited exceptions apply for legal restrictions or currency conversions. Fees must be commensurate with operational costs and never exceed the value of the stablecoins being redeemed. Issuers must provide clear contractual terms and transparent information on redemption timelines and methods.

Issuers may suspend redemptions only in exceptional circumstances, such as insolvency, technological failure or a sudden loss of confidence causing extreme redemption volumes, where suspension is necessary to protect holders. The FCA must be notified immediately, and issuers must provide updates on when and how redemption will resume.

6. Use of Third Parties

Issuers may appoint third parties to carry out elements of the issuance activity (such as selling stablecoins, processing redemptions or managing backing assets), but remain fully responsible for compliance and liable for any failures. Key requirements include:

Due diligence on third parties to ensure competence and reliability.
Written contracts setting out roles, responsibilities and information-sharing arrangements.
Annual reviews of third-party arrangements and record-keeping of these reviews.
Incoming funds from stablecoin sales must flow directly to the issuer’s account to reduce counterparty risk.
Decisions to suspend redemption must always be reserved to the issuer.

7. Financial Crime Compliance

Issuers must comply with AML, CTF and CPF obligations under UK law, including customer due diligence (CDD) and enhanced due diligence (EDD) during onboarding and redemption. The one-business-day redemption timeframe starts only after all required information for CDD/EDD has been received. Issuers must also have systems to detect suspicious activity and report to law enforcement as required.

8. Governance and Oversight

Issuers will be required to:

Appoint a CASS oversight officer.
Conduct an annual client asset audit.
Submit CMAR-style regulatory reporting.
Maintain policies for liquidity risk, contingency funding and custody arrangements.

9. Disclosure Obligations

Issuers must publish clear, fair and not misleading information online, including:

Technology used for the stablecoin.
Redemption process and fees.
Names of third parties involved in issuance or safeguarding.
Backing asset composition and total number of minted stablecoins.
Confirmation of 1:1 backing.

Disclosures must be updated whenever inaccurate and at least every three months for key metrics. Issuers must also undertake an annual independent review verifying the 1:1 backing ratio and publish the outcome, including the reviewer’s name, independence and findings.

10. Remuneration Restrictions

Interest or other benefits from backing assets cannot be passed to holders, to preserve the money-like nature of stablecoins and avoid blurring the line with investment products.

These proposals set a high bar for operational resilience and consumer protection. Issuers should review their technical design, liquidity planning, trust arrangements, reconciliation processes, governance frameworks and disclosure practices to prepare for compliance.

It should also be noted that the proposals interact with the Bank of England's regime for systemic payment systems using stablecoins, with some stablecoin issuers potentially subject to dual regulation by both the FCA and Bank of England. See our article [NAME] for further details on the Bank of England’s proposals. In addition, the Payment Systems Regulator also has powers over designated payment systems using stablecoins.

FCA’s Proposed Requirements for Custodians of Qualifying Cryptoassets

The FCA has outlined a comprehensive framework to strengthen the safeguarding of qualifying cryptoassets and minimise risks of loss, misuse or operational failure.

FSMA 2026 introduced a definition of “qualifying cryptoassets” under Article 88F of the RAO as a subcategory of cryptoassets (as defined in FSMA 2023) that are fungible and transferable, and which includes qualifying stablecoins. This definition expressly excludes “specified investment cryptoassets” and other instruments that may otherwise fall within the broader FSMA definition of a cryptoasset, such as tokenised e-money, or tokenised deposits.

The proposals for custodians aim to provide clarity on ownership rights, improve resilience and enhance consumer protection. The FCA aims to address risks identified in the failures of Celsius Network LLC and Mt. Gox, including inaccurate recordings of entitlements, delays in the return of assets, additional costs to clients, and the loss of clients’ assets.

1. Segregation and Trust Arrangements

Custodians must segregate client cryptoassets from their own holdings and place them in non-statutory trusts for the benefit of clients.

Assets can be stored in either individual wallets or omnibus wallets, provided they remain distinct from the firm’s own assets.

Firms may choose to operate separate trusts for each client, each class of cryptoasset, or all assets safeguarded, depending on their business model. Custodians must ensure the correct amount of assets is held for each client at all times.

2. Reuse of Client Assets

Client cryptoassets cannot be reused for activities such as staking, lending or collateral unless the client has given explicit prior consent. Where reuse occurs, assets may exit the trust environment, and enhanced disclosures will be required. The FCA intends to consult further on rules for these activities.

3. Accurate Records and Ownership Evidence

Custodians must maintain independent, client-specific records separate from the blockchain or third-party systems. These records must include:

Type and quantity of each cryptoasset.
Blockchain address where the asset is held.
Nature of the client’s claim.
Details of any parties with control over transfers.

In addition, records must provide a clear audit trail and be maintained in a way that enables the firm to evidence ownership at any time.

4. Daily Reconciliations and Shortfall Management

Firms must conduct daily reconciliations, comparing internal records with wallet contents and any third-party records. Where shortfalls occur, custodians must:

Resolve them promptly or notify the FCA if resolution is unlikely before the next reconciliation.
Provide details of the cause, extent, affected clients and expected timeframe. If neither the custodian nor a third party is responsible, firms must notify both the FCA and affected clients and update balances accordingly.

5. Organisational Controls and Private Key Security

Custodians must implement robust systems and controls to prevent misuse, fraud or operational failures. This includes:

Secure generation, storage and lifecycle management of private keys.
Accurate key-mapping records linking wallets, access credentials and client holdings.
Strategies to mitigate loss or compromise, including encrypted back-ups.
Documented policies and procedures for wallet and access management.

6. Use of Third Parties

Third-party appointments for safeguarding services are permitted but subject to strict conditions:

Appointments must be in clients’ best interests and necessary for safeguarding.
Firms must conduct due diligence, review third parties periodically and obtain governing body approval.
Written agreements must include liability provisions, acknowledgment of trust status and prohibition on set-off rights.

7. Client Disclosures and Statements

Custodians must provide clear disclosures on wallet structures and safeguarding arrangements, and issue periodic statements (at least annually) confirming:

Holdings and their value.
Wallet type (hot, cold, individual or omnibus).
Confirmation that assets are held in trust.

Online access to real-time statements is encouraged and firms must disclose any changes to custody arrangements since the last disclosure.

8. Governance and Oversight

Firms will be required to appoint a CASS oversight officer to monitor compliance and third-party arrangements. Annual independent audits of custody arrangements will also be required, alongside regular regulatory reporting (similar to CMAR in traditional finance).

9. Liability and Safeguarding Obligations

Custodians must clearly set out their safeguarding responsibilities and liability terms in client agreements. While full, uncapped liability is not proposed, firms may still be held accountable for negligence, breaches of contract or FCA rules.

10. Client Money Safeguards

Where fiat currency is held (e.g., for on/off ramping), CASS 7 rules will apply to ensure adequate protection of client money.

These proposals set a high standard for operational resilience and consumer protection in cryptoasset custody. Firms should review their trust arrangements, record-keeping, reconciliation processes, private key security and governance frameworks now to prepare for compliance.

Timeline and Next Steps

The FCA has announced that the authorisation gateway will open on 30 September 2026, with the application period running to 28 February 2027.

The FCA has also indicated that a pre‑application support service (PASS) will open in July 2026. The new cryptoasset regime commences on 25 October 2027, firms that apply within the gateway window are expected to benefit from transitional arrangements while their applications are determined.

Final rules and related Policy Statements are expected later this year.

This article forms part of our series exploring the UK’s new crypto‑asset regime. You can read related content from us by clicking the below links:

The information provided in this article is intended for general information purposes only and does not constitute legal advice. Firms should seek specific legal and regulatory advice based on their individual circumstances. For more information or to discuss anything in this article, please contact our Digital Assets team by emailing [email protected].

You can also subscribe to our monthly financial services regulation update for ongoing insights on cryptoasset regulation and other regulatory developments here.