Key takeaways from FCA Consultation Paper 26/4 on the application of the FCA handbook for regulated cryptoasset activities

The CP considers the following issues:

• Application of the Consumer Duty

  The Consumer Duty is a set of high-level principles and obligations that apply to regulated firms when they are dealing with consumers (as opposed to institutional customers).  The FCA had said it would consult in 2026 on whether the Consumer Duty should apply in the context of the new crypto activities.

  In the CP, the FCA is proposing that the Consumer Duty will apply to crypto firms in the same way as it applies generally to all FSMA-authorised firms (including payments firms).  The Consumer Duty will not, however, apply to (i) trading between participants of a UK authorised qualifying cryptoasset trading platform (QCATP), or (ii) Admissions and Disclosure activities, as in each case the FCA believes that its other rules applying in those situations will provide sufficient protection. 

  The CP also includes the text of draft guidance which aims to clarify how the Consumer Duty applies to crypto activities and to give examples of good and bad practice.  Among the points of interest in the draft guidance are the following:

  • The FCA gives examples of who it considers to be a manufacturer (as opposed to a distributor) in the context of cryptoassets – namely: an issuer of qualifying cryptoassets or stablecoins, a firm operating a crypto lending and borrowing service, and a UK qualifying Cryptoasset Trading Platform (CATP) providing a service of trading on its platform. 
  • The FCA acknowledges that some manufacturers will be outside the scope of UK regulation but says that the Consumer Duty will still apply to UK distributors in that situation.  For some aspects of the Consumer Duty, that is likely to mean an additional burden for distributors – for example, to make their own assessments about the products they distribute and to ensure that the product is properly suited to retail customers.  A particular issue will be ensuring that consumers understand the product features, risks and limitations (even where those matters are beyond the distributor’s control).
  • The Consumer Duty will require firms to be transparent about products and to avoid features that could mislead or disadvantage consumers.
  • The Consumer Duty requires that products offer fair value.  The FCA notes that crypto prices are largely driven by global supply and demand and are often outside a firm’s control.  The FCA says it will expect firms to consider the value of the charges that they do control in relation to the services they are offering, including any ongoing charges, within the context of overall costs for customers.
  • The Consumer Duty obligation to provide consumer support means that firms should offer timely and effective support across all channels, especially during incidents such as wallet freezes, staking failures, or protocol upgrades.  Support should also be accessible to customers with characteristics of vulnerability, including those with limited digital literacy or a lack of financial resilience.
• Dispute resolution and compensation

  Complaints handling

  The FCA proposes to apply its usual complaints handling requirements (as contained in DISP 1 of the FCA handbook) to crypto firms.  This will mean that crypto firms will need to put formal complaints procedures in place and deal with complaints within time limits prescribed by the FCA.

  Financial Ombudsman Service (FOS)

  The FCA proposes that firms carrying on any of the new regulated crypto activities will become subject to the jurisdiction of the FOS. 

  The FOS provides a complaints resolution mechanism for consumers and certain small businesses and has the power to make binding financial awards against firms (the maximum amount of which is currently £350,000). 

  In the context of traditional investments, many regulated firms have expressed concern that the FOS is too consumer-friendly and, as the FOS makes decisions based what it considers to be fair and reasonable in the circumstances of each complaint, too unpredictable.  The government is consulting separately on taking steps to try and address these concerns, but fundamentally the decision to include crypto activities within the FOS’s jurisdiction will introduce additional uncertainty for crypto firms.

  Financial Services Compensation Scheme (FSCS)

  The FSCS is a statutory compensation scheme which compensates customers where a regulated firm has failed (typically, where that firm has become insolvent).

  The FCA is not proposing to extend FSCS coverage to the new crypto activities.  This means that customers will not be eligible for compensation from the FSCS in the event of investment losses arising from regulated crypto activities.  The FCA hopes to mitigate the risks to consumers through other safeguards, including requirements regarding conduct, disclosure and firm resilience.

• Conduct of business

  The conduct of business requirements for cryptoassets will largely follow those for “designated investment business” – that is, traditional investments such as stocks and shares and insurance-based investment products.

  The CP contains a table setting out how the current requirements of the FCA’s Conduct of Business (COBS) handbook will apply to cryptoassets.  The table shows a number of changes to COBS that would apply specifically to crypto activities – including, for example, specific rules relating to crypto lending and borrowing and a new rule specifying what matters firms must cover when assessing appropriateness in relation to cryptoassets.

  In some cases, the usual provisions of COBS will not apply because provisions in the FCA’s new CRYPTO handbook will apply instead.

• Safeguarding client cryptoassets and specified investment cryptoassets

  With crypto-related activities now being regarded as a form of investment business, a firm which deals or arranges deals in qualifying cryptoassets, operates a CATP, arranges staking or issues qualifying stablecoins will potentially be subject to the rules in the FCA’s Client Assets (CASS) Handbook.  In particular, any money that the firm receives from, or holds for on behalf of, its clients in the course of or in connection with those activities will have to be treated as client money in accordance with the CASS rules.  The CASS rules include that the firm must keep client money separate from its own money and must hold it in a segregated account with a third party bank, where it will be subject to a statutory trust to protect it from the firm’s creditors.

  The FCA had previously made proposals in CP25/14 (May 2025), which included two new chapters of CASS: a new chapter 16 relating to stablecoin backing assets and a new chapter 17 relating to the activity of safeguarding qualifying cryptoassets.  The chapter 17 rules included a requirement that the firm must act as the trustee of any cryptoasset that it is safeguarding and rules regarding the means of access to the cryptoassets.

  In the new CP, the key new proposal is that the CASS 17 rules for safeguarding should apply to both:

  • qualifying cryptoasset custodians; and
  • specified investment cryptoasset custodians.  “Specified investment cryptoassets”, which are also known as security tokens, are cryptoassets that are linked to a security or contractually based investment. 

  This approach means that cryptoassets which are already within the scope of UK regulation (e.g. because they already come within the definition of a security) will be governed by the new rules instead of the rules that the firm is already subject to. 

  This is intended to reflect the fact that cryptoassets raise different questions when compared to traditional investments.  For example, the question of how the asset is “controlled” – e.g. through private key management - is a key consideration for cryptoassets, but is a lesser concern in the context of traditional investments. 

  More broadly, the CP also includes more detail on the proposed application of the CASS rules that the FCA consulted on previously, including details of various exceptions to the proposed requirements that will apply in the context of cryptoassets.

• Training and competence

  The FCA is proposing that firms conducting certain new crypto activities for retail clients will need to follow similar training and competence (TC) requirements to those that apply to traditional finance.  The crypto activities in question will be: dealing (as principal or agent), including crypto lending and borrowing, safeguarding and the new staking activity.  The FCA regards this approach as consistent with the principle of ‘same risk, same regulatory outcome’. 

  The TC requirements will only apply to firms when they are dealing with retail clients; they will not apply where firms only carry out wholesale activities.  In addition, within firms that are able to deal with retail clients, the TC requirements will not apply to those employees who deal exclusively with non-retail clients.

  The FCA is not proposing that there will be any particular qualification requirements for crypto activities – which is aligned with how TC applies, in traditional finance, to dealing securities.

• Regulatory reporting

  As the crypto activities and products are newly regulated, the FCA is not proposing a full set of detailed regulatory returns that all crypto firms should report on from the first day the regime goes live.  Instead, the FCA is proposing an iterative approach, under which it introduces reporting metrics gradually and refines them, based on feedback ,to ensure a proportionate and balanced approach.

  The CP identifies certain returns that currently apply to regulated firms doing traditional finance and which will be applied to crypto firms.  The FCA also identifies certain new returns that will apply specifically to crypto firms (e.g. metrics relating to new activities, such as staking), which will be introduced in phases over the first 2-3 years of the regime.  The FCA also notes that the new returns will be delivered using a different platform to that currently used for traditional finance, with the suggestion that the new software will be more flexible.

• SM&CR tiering

  Under the Senior Manager and Certification Regime (SM&CR), some large firms are categorised as “enhanced” firms, which means that they are subject to additional requirements.  In a previous consultation, the FCA had proposed criteria for stablecoin issuance firms and cryptoasset custodian firms. 

  The FCA is now proposing that the “enhanced” criteria will be:

  • Stablecoin issuers:  total value of the backing asset pool is more than £65bn, calculated as a rolling three year average.
  • Cryptoasset custodians:  sum of total value of “client assets” and “safe custody assets” in the last calendar year is more than £100bn in any given month (or where the firm is project to hold such amounts).
• Use of credit cards to purchase cryptoassets

  Having raised the issue in a previous discussion paper, the FCA has concluded that it does not need to restrict firms from accepting credit card payments or lines of credit from electronic money institutions (EMIs) for crypto purchases. 

• The FCA’s Approach to International Cryptoasset Firms (AICF)

Annex 4 of the CP contains the FCA’s proposed location policy for cryptoasset firms. 

The FCA says all firms who are applying to be authorised in the UK and who wish to serve UK clients will be expected to have a UK legal entity.  This principle will apply to firms servicing both retail and wholesale clients. 

However, the FCA acknowledges that some overseas firms who are dealing with UK clients may not need to be authorised in the first place – depending, in particular, on the activity they are undertaking and the type of customer they are doing it for.  (As a result of the wording of the Cryptoasset Regulation, anyone who is involved in the sale or subscription of a qualifying cryptoassets to, or by, a “consumer” in the UK will require authorisation – and thus, under the principle set out by the FCA, will be required to have a UK entity.)

The approach that the FCA is proposing for overseas crypto firms appears to be less flexible than the approach it currently has to overseas non-crypto firms.  The current FCA guidance allows for the possibility of an overseas non-crypto firm being granted authorisation for a UK branch instead of having to set up a UK legal entity – whereas this appears to be off the table for overseas crypto firms.  That said, the FCA has historically shown a strong preference for overseas non-crypto firms to establish UK entities as well, and so the position for overseas crypto firms may not be much different in practice.

The FCA has said that it can see a case for allowing the activity of operating a CATP to be carried out through a UK branch where this can facilitate access to global liquidity.  In the CP, it gives the example of an international crypto firm that has both a UK branch and a UK legal entity – with the branch handling functions which are central to the CATP’s operation (i.e. giving UK investors the ability to interact with the orders of overseas investors) and with the UK legal entity handling other functions (such as providing the service of safeguarding).

The FCA’s position only applies to firms that the FCA would be responsible for authorising.  It does not cover the PRA, which is responsible for authorising banks, insurance companies and certain types of investment firm.  The PRA has a more well-established practice of granting authorisation to the UK branches of overseas firms. 

The PRA has not published any guidance on its approach to the authorisation of overseas firms generally.  In its November 2025 consultation on systemic stablecoins, the PRA said that it proposed that non-UK based sterling-denominated systemic stablecoin issuers, irrespective of their location, would be required to establish a subsidiary in the UK to carry out business and issuance activities in the UK and with UK-based consumers.  The PRA has not made any statements about its approach to overseas firms (or existing UK branches of overseas firms) who are doing other types of crypto activity.

Next steps

The FCA is asking for comments on the CP by 12 March 2026.  Following consideration of the response, the FCA will publish policy statements later in 2026 containing its final rules and guidance.

In relation to its approach to international cryptoasset firms, the FCA says it will consider feedback to this guidance before publishing final guidance alongside its final rules.

The FCA has announced that it will open its gateway for cryptoasset permissions on 30 September 2026 and that the regime will go live on 25 October 2027. 

Authored by Dominic Hill.