Home | Thought Leadership

Thought Leadership

FCA Consults on the Handbook’s Application to Regulated Cryptoassets

By Eleanor Furlong Justin Barrow

30 Mar 2026 12 min read

Overview

On 4 February 2026, the government published The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026 (the “Regulations”), which will come into force on 25 October 2027.

The Regulations define the main categories of cryptoassets as “qualifying cryptoassets”, “qualifying stablecoin” and “specified investment cryptoassets”. The Regulations also bring certain cryptoasset activities into the regulatory perimeter. The new regulated activities will include:

issuing “qualifying stablecoin”;
safeguarding of “qualifying cryptoasset” trading platform;
dealing in “qualifying cryptoassets” as principal or agent;
arranging deals in “qualifying cryptoassets”; and
“qualifying cryptoasset” staking.

When the Regulations come into force any firm carrying out these activities will require authorisation.

In light of these changes, the FCA consulted on the impact of bringing certain cryptoasset activities within its regulatory remit. There have been two consultation papers on how the FCA Handbook will apply to regulated cryptoassets.

Part 1 of the consultation CP25/25 Application of FCA Handbook for regulated Cryptoasset Activities, was published on 17 September 2025, providing an initial exploration of how the core sections of the FCA Handbook should extend to regulated cryptoassets.

Part 2 of the consultation CP26/4 Application of FCA Handbook for Regulated Cryptoasset Activities II, was published on 23 January 2026 and closed on 12 March 2026.

We summarise the key points highlighted in both consultation papers below.

CP25/25 – Application of FCA Handbook for Regulation Cryptoasset Activities (Part 1)

Part 1 of the consultation focused on exploring how core sections of the FCA Handbook should extend to cryptoasset firms entering the future regulated perimeter with the FCA’s central approach being “same risk, same regulatory outcome”.

The objective was to ensure consistency with existing financial services regulation, while tailoring requirements for the unique features of crypto markets. A brief summary of the key sections of CP25/25 is set out below.

High-Level Standards

The FCA proposed applying its High‑Level Standards to cryptoasset firms in broadly the same way as for traditional investment service providers, reflecting the FCA’s outcomes and risk-based approach. The High-Level Standards include: Threshold Conditions (COND), Principles for Business (PRIN), General Provisions (GEN), and Supervision (SUP).

A couple of key examples where the FCA proposed to tailor the application of the Handbook for cryptoasset firms are as follows:

PRIN definition of ‘customer’ and ‘client’ is proposed to include a holder of a qualifying stablecoin; and
PRIN principles 1 (Integrity), 2 (Skill, Care and Diligence), 6 (Customers’ Interests) and 9 (Customers: Relationships of Trust) are proposed to not apply to transactions entered into on a cryptoasset trading platform (“CATPs”) by its members. This mirrors the approach taken with multilateral trading venues in traditional finance. The FCA also proposed that CATPs owe obligations to retail investors under PRIN, where applicable, recognising that retail customers have direct market access to CATPs, which is typically not the case in other traditional financial sectors.

Senior Management Arrangements, System and Controls (SYSC)

The FCA proposed applying SYSC and the SM&CR regime in a broadly similar way to how it applies to most FSMA-authorised firms. CP 25/25 suggested that cryptoasset firms will generally be classified as “other firms” under SYSC noting that cryptoasset firms are less likely to pose systemic risk. The FCA also consulted on the SM&CR thresholds, for example when a firm should be considered “enhanced”.

A central focus is operational resilience. The FCA proposed extending the “technology agnostic” operational resilience framework (SYSC 15A) to cover all cryptoasset firms which would extend the scope of SYSC 15A beyond its current application to FSMA-authorised firms. This change would result in FSMA-authorised firms that conduct cryptoasset activities being brought within the scope of SYSC 15A. This extension is based on the FCA position that there are “specific technological considerations unique to cryptoassets” as well as stakeholder feedback and identified vulnerabilities and risks in the sector.

CP25/25 includes a chapter providing guidance to assist firms in implementing operational resilience requirements.

Financial Crime

CP25/25 proposed applying the FCA's financial crime framework to cryptoasset firms, including the rules and guidance in SYSC 6, the Financial Crime Guide (FCG) and Financial Crime Thematic Reviews (FCTR). This reflects the FCA's view that the financial crime framework applying to traditional finance firms adequately addresses the risks seen in the cryptoasset market, including fraud, money laundering, terrorist financing, proliferation financing and sanctions evasion.

Cryptoasset firms will need to have adequate policies, procedures, systems and controls to identify, assess, monitor and manage money laundering risks, in addition to their existing obligations under the Money Laundering Regulations (MLRs). The 2025 National Risk Assessment raised the money laundering risk rating for cryptoasset service providers from 'Medium' to 'High', underscoring the importance of robust financial crime controls in this sector.

Business standards

The FCA proposed to apply the ESG Sourcebook in the same way as it applies to all FSMA-authorised firms and did not propose extending the ESG provisions or introducing new cryptoasset ESG requirements at this stage.

Consumer Duty and Conduct Standards (Discussion Elements)

CP25/25 included a discussion chapter on the Consumer Duty. Whilst the FCA was not fully consulting on the application of the Duty to cryptoassets in CP25/25, it provided a high-level examination of the potential ways in which the Duty might apply to cryptoasset firms and sought feedback on whether to apply the Duty with additional guidance or to introduce tailored rules instead. CP26/4, discussed below, confirms the FCA's decision to apply the Consumer Duty.

Overall, Part 1 served as the conceptual framework for bringing cryptoasset activities into the regulatory perimeter by identifying areas where existing rules required adaptation.

CP26/4 – Application of FCA Handbook for Regulation Cryptoasset Activities II (Part 2)

Part 2 provides more detail on certain sections of the FCA Handbook and it explains how specific FCA Handbook modules would apply to firms carrying out regulated cryptoasset activities, reflecting feedback from earlier consultations. A brief summary of the key sections of CP26/4 is set out below.

Consumer Duty

CP26/4 confirms the FCA’s intention to apply the Consumer Duty (PRIN 2A) to cryptoasset firms in the same way as it applies generally to all FSMA-regulated firms noting the Consumer Duty’s “flexible nature”. As a reminder, this would require firms to deliver good outcomes for retail customers, including the cross-cutting obligations to act in good faith, avoid causing foreseeable harm, and to enable and support retail customers in pursuing their financial objectives.

The FCA proposed certain exceptions, including that the Consumer Duty would not apply to designated activities relating to public offers and admission to trading of qualifying cryptoassets.

However, the Duty will apply to all activities carried out in relation to UK-issued qualifying stablecoins, including activities relating to public offers and admissions to trading.

The FCA also consulted on proposed additional guidance on how the Consumer Duty applies in a cryptoasset context, reflecting operational differences between the cryptoasset market and traditional financial sectors.

Dispute Resolution and compensation

The FCA proposed applying its complaints handling requirements under DISP rules to the new regulated cryptoasset activities. Firms will be expected to have effective processes to deal with complaints promptly and fairly.

The proposals include extending the Financial Ombudsman Service’s compulsory jurisdiction to cover all new regulated cryptoasset activities, giving consumers access to impartial and free assessment of eligible complaints.

The Financial Ombudsman will only be able to consider complaints arising from acts or omissions on or after the day the new regime goes live, subject to existing time limits in DISP.

Importantly, the compulsory jurisdiction covers complaints about activities carried on from an establishment in the UK; consumers will not be able to refer complaints to the Financial Ombudsman where an authorised cryptoasset firm does not carry on regulated activities from a UK establishment. Additionally, the FCA proposed that acts and omissions in relation to which complaints can be made include those of third parties authorised to act on behalf of the firm. Regarding complaints reporting, cryptoasset firms will initially only need to report total complaints received and total complaints upheld, rather than using the full FCA complaints reporting return.

Crucially, however, any Financial Services Compensation Scheme (FSCS) protection will not be extended to cryptoasset activities. As a result, customers will not be eligible for compensation in respect of investment losses from regulated cryptoasset activities if a firm fails.

Conduct of Business Standards (COBS)

The FCA has proposed applying key parts of COBS to regulated cryptoasset activities by extending the definition of ‘designated investment business’ to include cryptoasset regulated activities. The FCA notes that COBS will need to be considered alongside the requirements to be set out in the CRYPTO sourcebooks (consulted on separately in CP25/40).

Client Categorisation and Appropriateness

CP26/4 confirmed that COBS 3 client categorisation rules will apply to cryptoasset firms, requiring them to categorise clients as retail, professional or eligible counterparties. The FCA also proposed to expand the definition of 'per se eligible counterparty' to include qualifying cryptoasset firms. On appropriateness assessments under COBS 10, the FCA proposed converting COBS 10 Annex 4G from guidance into a rule, meaning firms will be required to design appropriateness test questions covering all the matters currently set out in that annex. This follows FCA observations that many firms' assessments did not adequately cover all relevant topics. Firms would still be able to include additional questions where necessary to reflect the specific risks of the cryptoasset product or service being offered.

CP26/4 includes a table setting out where a number of exceptions or changes to COBS would be proposed for regulated cryptoasset activities. For example, COBS 5 (Distance communications) would not apply for cryptoasset firms as the FCA considers that it does not reflect how cryptoasset firms conduct their distance marketing activities. Similarly, COBS 11 (Dealing and managing) would not apply to qualifying cryptoasset activities, which will instead be subject to execution and order handling rules in CRYPTO 5. COBS 15 (Cancellation) rights for distance contracts would also be disapplied for cryptoasset products or activities.

SM&CR tiering

As noted above in relation to CP25/25, the FCA consulted on the tiering and categorisation of firms as “enhanced” under SM&CR. The proposed criteria for enhanced firms are as follows:

Stablecoin issuance firms: total value of backing asset pool is more than £65bn calculated as a rolling three year average; and
Cryptoasset custodians: the highest total value of client cryptoassets (qualifying cryptoassets and specified investment cryptoassets held on trust), in any month of the previous calendar year, added to the highest total value of safe custody assets held in the same month, is more than £100bn. For new firms, this will initially be based on projections for assets held on behalf of clients in the upcoming year.

Safeguarding and Custody Requirements

With cryptoasset activities becoming regulated the FCA considers that firms that provide custody will be subject to the CASS rules. This includes segregation of client money from a firm's own money.

The FCA proposed changes to CASS 17 for firms that safeguard client cryptoassets. The proposals would apply to both qualifying cryptoasset custodians and specified investment cryptoasset custodians.

The FCA proposed that client cryptoassets must generally be held on trust, though there are permitted routes to exit the trust, including: to fulfil a client instruction; to discharge a fee or debt as agreed by the client; to facilitate the settlement of transactions by a CATP using the 'float model' (subject to a 1% limit per class of cryptoasset); or where it is necessary to effect an absolute transfer of title to deliver a product or service.

Custody services will provide access to storage of cryptoassets where clients are not doing this themselves. Firms will fall within scope and therefore need to comply with CASS 17 and the new rules if:

“They have control of the cryptoasset through any means that would enable them to bring about a transfer of the benefit of that cryptoasset (9N(2)(a)); and
They are acting on behalf of another, where their client has:
1. both legal and beneficial title;
2. the beneficial title only;
3. a right against the firm for the return of the cryptoasset (except for in the circumstances where the firm has received the relevant cryptoasset as a result of a title transfer collateral agreement, or under a repurchase agreement with a non-consumer)”

Firms that will be carrying out regulated cryptoasset activities will need to consider how to comply with the CASS requirements and how these interact with other rules. For example, firms conducting custodial staking would under the new proposals follow CASS 17 as well as any other additional rules on staking.

Cryptoasset Trading Platforms and Float Model

Cryptoasset trading platforms (CATPs) often safeguard client cryptoassets to enable operational efficiencies and faster access to services. The FCA proposed that CATPs using a 'float model' for settlement – where cryptoassets are moved from client wallets to a global settlement wallet to settle transactions – may remove cryptoassets from the trust for this purpose, subject to a 1% limit per client per class of cryptoasset.

The FCA noted that cryptoassets in this settlement wallet would not have CASS protections. Overseas-based authorised CATP operators using this float model may be exempt from all CASS 17 rules provided their permission is limited to safeguarding necessary for settlement only.

Cryptoasset Lending and Borrowing

CP26/4 included specific proposals for cryptoasset lending and borrowing services. Firms must conduct appropriateness assessments of a client's knowledge and experience specifically in relation to these activities before offering them. For retail cryptoasset borrowing, the FCA proposed that collateral must be held in compliance with CASS 17 (for qualifying cryptoassets and specified investment cryptoassets) or CASS 6/7 (for securities, contractually based investments, or money), ensuring no full ownership transfer occurs.

Credit for Crypto Purchases

Having reviewed and considered the risks and previous consultation responses, the FCA has not proposed imposing restrictions on firms accepting credit payments for the purchase of cryptoassets.

Location Policy for International Firms

CP26/4 included proposed guidance on the FCA's approach to international cryptoasset firms. The FCA's baseline expectation is that firms requiring FCA authorisation should carry out their regulated cryptoasset activities from a UK legal entity.

However, certain exceptions were proposed: overseas firms operating a CATP may be authorised via a UK branch where this can facilitate access to global liquidity for better price and execution outcomes for clients. In such cases, the FCA expects the home regulator to have comparable levels of regulatory protection. For all other activities, including stablecoin issuance, dealing as principal, and general safeguarding, the FCA expects firms to operate from a UK legal entity.

Training and Competence

The two stages of the FCA’s consultation on the application of the Handbook to the new regulated activities demonstrate the FCA’s “same risk, same regulatory outcome” approach. Relevant sections of the Handbook are proposed to apply largely in a similar way as they currently do to traditional finance firms, with exceptions or additions only where necessary.

Timeline and Next Steps

The FCA has announced that the authorisation gateway will open on 30 September 2026, with the application period running to 28 February 2027.

The FCA has also indicated that a pre‑application support service (PASS) will open in July 2026. The new cryptoasset regime commences on 25 October 2027, firms that apply within the gateway window are expected to benefit from transitional arrangements while their applications are determined.

Final rules and related Policy Statements are expected later this year.

This article forms part of our series exploring the UK’s new crypto‑asset regime. You can read related content from us by clicking the below links:

The information provided in this article is intended for general information purposes only and does not constitute legal advice. Firms should seek specific legal and regulatory advice based on their individual circumstances. For more information or to discuss anything in this article, please contact our Digital Assets team by emailing [email protected].

You can also subscribe to our monthly financial services regulation update for ongoing insights on cryptoasset regulation and other regulatory developments here.

Co-authored with Beth Jewell.