Building Trust in Digital Markets
The FCA’s Crypto Regulatory Reset
-
July 09, 2026
-
Strengthening governance, consumer protection and financial crime controls in the UK’s expanding cryptoasset ecosystem.
From October 2027, the Financial Conduct Authority (“FCA”) will implement a new regulatory framework for cryptoasset firms, marking a fundamental shift in the UK’s approach to digital asset oversight. As businesses ready themselves to continue operating in the UK market, attention turns towards two key considerations: Which organisations fall within scope of the new framework and what does effective preparation require?
Innovation Within Guardrails
The FCA’s regulatory expansion into cryptoassets reflects a broader effort to bring UK digital asset activity within the same supervisory framework applied to traditional financial services. The regime’s objective is to establish regulatory clarity and consistency, while strengthening protections for consumers. Under the new regime, cryptoasset firms will be held to similar standards as their traditional counterparts, built upon the standards set forth in the Financial Services and Markets Act (“FSMA”) and the FCA Handbook.1
The Treasury’s draft statutory instrument materially expands the regulatory perimeter, introducing a suite of regulated activities including issuing stablecoins, operating trading platforms, dealing and arranging transactions and safeguarding qualifying cryptoassets. The regulatory principle is straightforward: firms seeking access to UK consumers must meet UK regulatory standards.
Time To Act
Firms seeking to carry on newly regulated cryptoasset activities must submit applications to the FCA during the gateway window, expected to be between September 30, 2026 and February 28, 2027.2 This requirement extends beyond new entrants.
Cryptoasset firms registered under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations (“MLR”) or those with other authorisations for other activities will need to undertake a full assessment to determine the authorisation they require to continue their activities. This assessment should not just encompass the procedural aspect of an application, but the underlying frameworks to support robust governance, operational resilience and effective risk management and compliance frameworks. In doing so, firms must also remain mindful of other regulatory changes that will impact their systems and controls environment, for instance, reforms in the UK MLRs.3
Timeline for Action
- Now: Register for FCA information sessions and request pre-application support service meetings. Work with experts to complete scope assessments, gap analyses and begin work to ensure internal systems and controls meet the new standards.
- Q3 2026: Finalise internal reviews and sign-off of material for the application.
- September 2026: Submit applications during the gateway window.
- February 2027: Application deadline; new regime commences October 2027.
Assessing Readiness
Firms should not underestimate the effort required to implement and maintain compliance with the FCA Handbook. Consideration is required to resourcing, internal capabilities and technologies to support efficient and robust systems and controls.
By addressing four key questions, firms can determine if they are adequately prepared for the changes ahead:
- Does the current legal status align with intended regulatory activities and what does the FCA expect? To meet the threshold conditions, UK-incorporated entities require both head and registered offices domestically. Beyond structural compliance, firms must demonstrate adequate resourcing, sufficient capital and systems capable of meeting ongoing supervisory expectations.4 The FCA Handbook will govern operations and familiarity. This is non-negotiable. The regulator has published targeted guidance on FSMA compliance, authorisation pathways and supervisory engagement processes. A series of information sessions for cryptoasset firms that may be in scope of the new regime are also intended to be run by the FCA for additional support.
- Which activities fall within scope? Firms should urgently determine whether current or planned activities fall within scope of the new regulations.5 The complexity of this should not be undermined, especially for firms with business models that straddle multiple activity types or sit close to the regulatory boundary. There will be no automatic conversion for money laundering regulation-registered firms; authorisation under FSMA must be secured before commencement of the new regime. Existing FSMA-authorised firms must vary permissions in advance.
- How effective are existing governance, systems and controls? “Fit and Proper” assessments will scrutinise individuals and organisational structures.6 To strengthen applications, firms should conduct a comprehensive gap analysis, focusing on assessing governance effectiveness. This includes evaluating clear accountability frameworks, transparent reporting lines and robust decision-making processes, complete senior manager fitness and propriety assessments early and verification that individuals in key roles possess demonstrable competence and appropriate qualifications. The FCA’s Principles for Businesses require firms to organise and control their affairs responsibly and effectively.7 This translates to comprehensive compliance monitoring and risk management frameworks tailored to cryptoasset-specific risks. Firms must also maintain robust client asset protection arrangements and implement effective financial crime prevention controls.
- Do financial promotions meet the additional requirements? FSMA’s section 21 approver model is coming to an end with the new authorisation requirements that are being introduced. Cryptoasset firms will no longer be able to rely on section 21 for marketing to UK customers and must ensure their promotional activity meets the additional requirements, such as risk warnings and cooling-off periods for first time investors.8
Consequences of Missing the Window
Some firms will face significant disruption if they fail to meet the deadlines or fail to submit an adequate application. The FCA will not expedite assessments for late submissions or where re-work is required to demonstrate the firm is suitably prepared.
Firms that apply outside of the gateway period will enter a transitional provision and will be limited to performing pre-existing contracts only, with no ability to enter new contracts with UK customers.9
Early Preparation Is Key
The FCA’s new cryptoasset regulatory framework represents a fundamental shift in how cryptoasset businesses will operate in the UK. Preparations should not be looked at lightly; most firms will need to consider investment in terms of resources and technology to support new systems and controls.
Early preparation is essential to ensure regulatory requirements can be met in a timely manner. Firms that wait until the application period opens may struggle to meet the deadline and face significant business disruption as a result. Those unfamiliar with FCA expectations should urgently consider what support is required to submit a successful application.
Footnotes:
1: “FCA Handbook”, Financial Conduct Authority.
2: “Cryptoassets: How the gateway will operate,” Financial Conduct Authority (30 April 2026).
3: “Money Laundering and Terrorist Financing (Amendment) Regulations 2026,” The Stationery Office (March 26, 2026).
4: “Cryptoassets: Our standards,” Financial Conduct Authority (6 Feb. 2026).
5: Applicable activities include stablecoin issuance, cryptoasset safeguarding, operating trading platforms, dealing (as principal or agent), arranging deals or staking.
6: UK Parliament, “Freedom of Information Act 2000, Schedule 6”, legislation.gov.uk (2000). See also: Link.
7: Ibid
8: Ibid
9: “Cryptoassets: The transitional provision,” Financial Conduct Authority (27 February 2026).
Related Insights
Related Information
Published
July 09, 2026