On 17 September 2025, the Financial Conduct Authority (FCA) published Consultation Paper CP25/25: Application of FCA Handbook for Regulated Cryptoasset Activities (the Paper). The Paper outlines how the FCA intends to apply existing cross-cutting Handbook provisions to firms that will be undertaking newly regulated cryptoasset activities once the Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025 (Draft SI) comes into effect.
The consultation period remains open until 12 November 2025 (for responses to Chapters 1 to 5) and until 15 October 2025 (for the discussion topics in Chapters 6 and 7). Final rules are expected in 2026.
Background
In April 2025, HM Treasury issued the Draft SI. This instrument will amend the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 and bring within scope a number of cryptoasset activities, including the issuance of qualifying stablecoins, the safeguarding of qualifying cryptoasset trading platforms, intermediation, and staking. Once the Draft SI comes into force, any firm that wishes to carry out these activities by way of business in the UK will need to seek authorisation from the FCA.
Existing firms that are currently only registered under the Money Laundering Regulations will also be required to apply for Financial Services and Markets Act 2000 (FSMA) authorisation and become subject to the requirements of the Handbook as they apply to cryptoasset firms.
The FCA’s stated objective is to align cryptoasset firms with the standards that already apply to other FSMA-authorised entities, following the principle of “same risk, same regulatory outcome”. The regulator nonetheless acknowledges that certain adaptations are necessary to reflect the unique characteristics of cryptoassets and the particular risks they pose.
The FCA’s overall approach
The FCA proposes to apply a wide range of cross-cutting Handbook provisions to cryptoasset firms, but recognises the need for certain modifications. For example, the Principles for Businesses (PRIN) will be modified such that Principles 1 (integrity), 2 (skill, care, and diligence), 6 (customers’ interests), and 9 (relationships of trust) will not apply to transactions between members on a cryptoasset trading platform (CATP), and Principles 6 and 9 will not apply when a CATP is servicing professional clients. This is consistent with the approach that the FCA takes when applying the Principles to trading platforms in traditional finance.
The FCA identifies three main areas of harm that it wishes to address: (i) the prevalence of poor governance and conduct in cryptoasset firms, which undermines consumer protection and market integrity, (ii) the attraction of cryptoassets to criminals, and (iii) the risks arising from weak operational resilience in a sector heavily reliant on technical infrastructure. The regulator states that its proposals aim to mitigate these harms, though they will not remove the underlying risks of investing in volatile and high-risk assets.
The FCA’s approach to governance, systems, and controls
The Paper sets out the FCA’s proposals on governance, systems, and controls. Cryptoasset firms will become subject to rules and requirements in relation to organisational arrangements, risk management, compliance, internal audit, record-keeping, management of conflicts of interest, and whistleblowing procedures. The FCA acknowledges that this will impose new and additional obligations on firms that have not previously been authorised under the FSMA.
The FCA also confirms that it intends to apply the Senior Managers and Certification Regime in full to cryptoasset firms from day one. The FCA expects firms to be categorised as Limited, Core, or Enhanced under the existing framework, with only a small proportion of large firms likely to fall into the Enhanced category. The regulator points to the collapse of the FTX exchange as a case study demonstrating the need for clear apportionment of responsibilities and independent governance, noting that concentrated decision-making and unmanaged conflicts of interest contributed to consumer harm.
Operational resilience
Operational resilience is a key area of focus. The FCA proposes that Senior Management Arrangements, Systems and Controls (SYSC) 15A should apply to all cryptoasset firms. This means that cryptoasset firms will need to apply the framework when, for example, identifying important business services (IBS), defining impact tolerances, mapping vulnerabilities for each IBS, conducting regular scenario testing to assess the firm’s ability to remain within the impact tolerances, and determining effective communication strategies. The Paper provides illustrative example scenarios involving cryptoasset business models to demonstrate how each can be applied in practice.
The FCA recognises the unique risks posed by cryptoasset businesses, such as increased technological risks and vulnerability to transaction disruptions and cyberattacks, and warns that cryptoasset firms should take the particular risk profile of their business models into account when applying the operational resilience framework.
In implementing the guidance, the FCA also expects firms to consider the outsourcing requirements under SYSC 8, in particular ensuring that appropriate skill, care, and diligence are applied to outsourcing arrangements. The use of permissionless distributed ledger technologies (DLTs) will not itself be considered outsourcing, but cryptoasset firms will be expected to evaluate their internal operational controls for permissionless DLTs in line with the framework in SYSC 15A, and will remain responsible for managing risks associated with third-party providers, such as cloud and IT vendors.
Application of the Consumer Duty and access to the Financial Ombudsman
The FCA is seeking feedback on applying the Consumer Duty (Duty) to cryptoasset firms, and whether customers should have access to the Financial Ombudsman Service (FOS) for complaints.
The FCA proposes to apply the Duty to newly regulated cryptoasset activities with additional sector-specific guidance where necessary, noting that the Duty’s outcome-focused approach would afford cryptoasset firms flexibility in assessing the needs of their customers and how to tailor their products and communications accordingly. The Duty would not apply to trading between participants of UK-authorised cryptoasset trading platforms, as is the case for multilateral trading facilities. The Paper seeks feedback on whether this approach is appropriate or if tailored rules are needed for cryptoasset activities.
The FCA is also considering applying the complaint-handling rules in the Dispute Resolution: Complaints Sourcebook Chapter 1 (DISP 1) – which outlines rules and guidance on how firms should manage customer complaints arising from regulated activities – to cryptoasset firms, and extending FOS access to consumers with complaints about newly regulated cryptoasset activities.
Application of COBS and PROD
The FCA is requesting input on how the Conduct of Business Sourcebook (COBS) should apply to cryptoasset firms offering newly regulated cryptoasset activities. Its current proposal is to apply core COBS chapters to cryptoasset firms with adaptations, including rules on fair treatment of clients, conflicts of interest, disclosures, client categorisation, communications and financial promotions, client agreements, appropriateness, reporting, and cancellations.
The FCA is not planning to apply the existing Product Governance Sourcebook (PROD) provisions to firms providing cryptoasset products or services because of the challenges associated with applying the framework to decentralised products, such as Bitcoin. In this regard, the FCA has sought feedback on whether, and if so when, it might be appropriate to rely on the Duty instead of applying PROD or certain aspects of COBS.
Next steps
The FCA has welcomed feedback on the impact of the proposals and has encouraged suggestions on any other market developments that have not been considered or other unintended consequences of the proposals. Responses for the discussion proposals (Chapters 6 and 7) are required by 15 October 2025, and responses for the consultation proposals (Chapters 1 to 5) by 12 November 2025.
The FCA has also expressed its intention to consult on proposals for charging cryptoasset firms as part of its annual consultation on fees policy, which it plans to publish in November 2025.
Client Alert 2025-242