Executive Summary
- What’s new: The FCA published a consultation paper outlining how existing rules and proposed regulations will apply to cryptoasset activities in the UK, with feedback sought by 12 November 2025.
- Why it matters: The consultation sets out standards for governance, supervision, financial crime, consumer protection and dispute resolution, impacting firms carrying out regulated cryptoasset activities such as issuing stablecoins, safeguarding assets and operating trading platforms.
- What to do next: Crypto firms can prepare for the application of the SMCR, review internal governance, compliance and reporting systems for SYSC and SUP obligations, and monitor whether the Consumer Duty regime will apply in full or be tailored.
__________
On 17 September 2025, the Financial Conduct Authority (FCA) published a Consultation Paper on the Application of FCA Handbook for Regulated Cryptoasset Activities (CP25/25). CP25/25 sets out how the existing rules in the FCA Handbook (the Handbook) will apply to firms carrying out the cryptoasset activities of issuing qualifying stablecoins, safeguarding qualifying cryptoassets and specified investment cryptoassets, operating a qualifying cryptoasset trading platform (CATP), intermediation and staking (Crypto Firms). The FCA also invited feedback on the proposed application of a range of regulatory regimes to cryptoasset activities, including the Consumer Duty, Conduct of Business Sourcebook (COBS), Product Intervention and Product Governance Sourcebook (PROD), and Dispute Resolution provisions and access to the Financial Ombudsman Service.
The deadline for responses is 12 November 2025, with the FCA intending to publish final rules in 2026. The consultation continues the work of the FCA to provide for how cryptoassets should be regulated in the UK, either by introducing new rules or adapting or extending the scope of existing financial regulation.
High-Level Standards
The FCA proposes applying the following high-level standards to Crypto Firms:
- Threshold Conditions (COND) and General Provisions (GEN): These are proposed to apply in the same manner as for traditional Financial Services and Markets Act 2000 (FSMA)-authorised entities.
- Principles for Businesses (PRIN): The FCA proposes applying the same principles as for other authorised firms, subject to disapplication of certain principles (including Principles 1 (Integrity), 2 (Skill, Care and Diligence), 6 (Customers’ Interests) and 9 (Customers: Relationships of Trust)) in respect of transactions entered into on a CATP by members to reflect the supervisory role of platform operators over trading rules of the relevant platform. For professional clients, Principles 6 and 9 would similarly be disapplied where a firm provides CATP services.
- Supervision (SUP): A range of SUP provisions are proposed to apply, including information-gathering powers, requirements for CASS audits of stablecoin issuers and custodians (as previously proposed in CP25/14), appointment of skilled persons, variation/cancellation of Part 4A permission, notification obligations, and the FCA’s powers to grant waivers or provide individual guidance.
Senior Management Arrangements, System and Controls (SYSC)
The FCA intends to apply SYSC requirements to Crypto Firms to ensure appropriate governance, systems and controls, whistleblowing procedures, management of conflicts, and adherence to related frameworks such as the Code of Conduct (COCON), Fitness and Propriety (FIT) and the Senior Managers and Certification Regime (SMCR). The FCA recognises that Crypto Firms may not pose the same systemic risks as banks and investment firms; however, where a bank or investment firm also undertakes cryptoasset activities, the applicable SYSC standards would apply to each activity separately.
This means that individuals performing senior management functions within Crypto Firms will need to be approved by the regulator, including the CEO, executive directors, the chair of the board, compliance oversight personnel and the MLRO. In addition, although there is separate consultation on the removing of the certification regime element, the FCA has confirmed that the SMCR will apply on an as-is basis to Crypto Firms for now. As for traditional firms, the SMCR regime will apply on a tiered basis depending on the size and complexity of the business (i.e., Limited, Core or Enhanced). Crypto Firms will be categorised as Limited where their principal purpose is carrying on activities other than regulated activities, and they are not a MiFID investment firm. The proposed criteria for Enhanced Crypto Firms are (i) CASS large firms (£1 billion to £100 billion); (ii) assets under management (AUM) of £50 billion or more calculated on a three-year rolling average; or (iii) the Crypto Firm opting to be categorised as an Enhanced firm. All other Crypto Firms will be categorised as Core firms.
Operational Resilience
In view of the technology-based nature of cryptoassets and the vulnerability to cyber attacks, the FCA’s existing operational resilience framework in relation to risk management and control, and outsourcing arrangements, is proposed to be extended apply to all Crypto Firms.
The FCA has also provided guidance on how this framework will apply to the Crypto Firms, including the expectations for outsourcing, identification of important business services within the Crypto Firms’ activities and communication strategies during operational disruptions.
Crypto Firms must ensure that each important business service is identified, mapped and tested in accordance with the operational resilience framework. Impact tolerances on each important business service should also be defined, taking into account the demand during heightened market activity. Further, Crypto Firms are expected to put in place effective communication strategies in the event of disruptions to ensure the dissemination of timely, transparent and technically informed communications.
The FCA has also recognised the challenges of applying its outsourcing rules to permissionless distributed ledger technology, and as a result has proposed that the use of this should not be treated as outsourcing under SYSC.
Financial Crime
While cryptoasset exchange provides or custodians are currently required to register with the FCA under the Money Laundering Regulations (MLRs), once they are required to be authorised under FSMA rather than subject to separate MLRs registration, Crypto Firms will additionally be subject to the FCA Handbook rules on financial crime. This includes the application of SYSC 6 (which mandates the implementation of systems to assess, monitor and manage money laundering risks), the Financial Crime Guide and the Financial Crime Thematic Reviews.
Environmental, Social and Governance Sourcebook (ESG Sourcebook)
The FCA proposes applying the ESG Sourcebook as it is already applied to existing FSMA-authorised firms. However, Crypto Firms will not be required to produce climate-related or sustainability disclosures at this stage, given challenges in sourcing data and limited demand.
Consumer Duty
The Consumer Duty already applies to certain cryptoasset-related activities, such as authorised firms approving financial promotions for qualifying cryptoassets and offering exchange-traded notes to retail customers. The FCA has not yet determined whether Consumer Duty should apply to all cryptoasset activities, and is consulting on two options: (i) to apply Consumer Duty, supplemented by sector specific guidance where needed; or (ii) not to apply Consumer Duty and rather introduce tailored rules for consumer protection.
The FCA highlights challenges in applying Consumer Duty to decentralised products, where there may be no clear issuer, and is seeking views on the appropriate balance. Importantly, breaches of Consumer Duty do not give rise to a private right of action.
Conduct of Business (COBS)
Currently, COBS applies only to Crypto Firms’ financial promotions. The FCA proposes extending the definition of “designated investment business” in the Handbook to include cryptoasset regulated activities, thereby bringing them within scope of relevant COBS provisions. Tailored rules would be developed for new activities, while certain chapters (e.g., those relating to MiFID-only products or outdated communication methods) would be excluded.
Product Governance (PROD)
The FCA is considering whether to adapt or disapply existing PROD provisions. Given the decentralised issuance of many cryptoassets and the fungibility of certain cryptoassets, the FCA suggests that applying PROD in its current form may be impractical. Instead, Consumer Duty and supplementary guidance are expected to be sufficient to address product governance concerns.
Dispute Resolution and Access to the Financial Ombudsman Service
Although further consultation on complaint handling is expected later this year, in this CP the FCA is consulting on whether consumers should be able to escalate complaints about cryptoasset activities to the Financial Ombudsman Service where Crypto Firms cannot resolve them directly.
Next Steps and Key Points for Crypto Firms
The FCA continues to progress along the crypto roadmap, seeking to build confidence in the UK as a jurisdiction for cryptoasset activity.
Key points for Crypto Firms to consider are:
- Preparing for the application of the SMCR to their business.
- Reviewing their own internal governance, compliance and reporting systems in anticipation of SYSC and SUP obligations.
- Continuing to monitor whether Consumer Duty regime will apply in full or whether a tailored regime is developed.
We will continue to provide updates on the consultation and related developments as the consultation progresses.
This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.