Open navigation
Search
Search
All expertise
Explore our breadth of expertise.
International Desks
Helping you access overseas markets with support from our country and region-specific experts.
Sectors View all
Practice Areas View all
Offices
Discover the scope of our presence in the jurisdiction.
Global Reach
Learn about our capabilities beyond borders.
CMS United Kingdom
All insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Topics in Focus View all
Insights by type
CMS Spotlight: join our events and webinars!
CMS News
Stay up to date with our growth, evolution and our many successes.
CMS Press Office
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Legal Update

The UK’s new Cryptoassets Regime – Consultations on Stablecoins, Custody and the Prudential regime

30 May 2025 United Kingdom 17 min read

On 28 May 2025, the Financial Conduct Authority (“FCA”) published two separate consultation papers: CP 25/14 on stablecoin issuance and cryptoasset custody (“the Stablecoins & Custody CP”), and CP 25/15 on prudential regulation for cryptoassets (“the Prudential CP”). These consultations follow the FCA’s discussion paper (DP 25/1) on Regulating Cryptoasset Activities and also build upon HMT’s draft legislative framework, discussed in our article here. This article focuses on the key issues arising from these two consultation papers which will be likely to affect the cryptoassets industry.

1. THE LEGISLATIVE FRAMEWORK

The Stablecoins & Custody CP focuses on two of the new regulated activities to be introduced under the Financial Services and Markets Act (“FSMA”) through amendments to the Regulated Activities Order (“RAO”), namely (1) issuing “qualifying stablecoin” and (2) safeguarding of “qualifying cryptoassets” and relevant specified investment cryptoassets. The geographical scope of the activity of issuing qualifying stablecoins is limited to the UK, whereas firms safeguarding qualifying cryptoassets are permitted to carry out this activity in the UK or for UK consumers.

A “qualifying cryptoasset” is defined as a cryptoasset which is fungible and transferable, and which is distinct from existing “specified investment cryptoassets” such as security tokens.

A “qualifying stablecoin” (“QS”) is defined as a “qualifying cryptoasset” referencing one or more fiat currencies that seeks or purports to maintain a stable value by the issuer holding fiat currency or fiat currency and other assets.

HMT has been clear that it does not intend to bring stablecoins within the scope of UK payments regulation – although it may revisit this position as use-cases develop over time. 

Stablecoins used for payments may also be designated as “systemic” stablecoins, which will be subject to a separate Bank of England regulatory regime and therefore dually-regulated, with a separate complementary consultation expected later this year.

2. STABLECOIN ISSUANCE

The FCA’s objective is to ensure that QS can operate as “trusted money-like instruments” (rather than investment products). To achieve this objective, the FCA has proposed rules for stablecoin issuers to protect holders which we have summarised below.

What are the requirements for backing asset composition?

The issuer of QS must fully back them at all times with secure, liquid assets of equivalent value, held on a statutory trust for QS holders, with the issuer acting as trustee. To achieve this, the pool of backing assets may only include certain asset classes. By default, this should only be on-demand deposits and short-term government treasury debt (“core backing assets”). If the issuer notifies the FCA and demonstrates adequate risk management measures, it may also hold longer-term government debt, repurchase agreements or reverse repurchase agreements (subject to CASS 16) and public debt CNAV money market funds (“expanded backing assets”). 

The composition of backing assets is subject to two key rules. Firstly, the On-Demand Deposit Requirement (“ODDR”) requires that a minimum of 5% of the assets in the pool are on-demand bank deposits. Secondly, where a firm makes use of expanded backing assets, the pool must meet the Backing Asset Composition Ratio (“BACR”), which is effectively a minimum proportion of core backing assets to ensure there is sufficiently liquidity in the backing pool to meet redemptions within the T+1 timeframe. On-demand assets can count simultaneously towards ODDR and BACR.

The BACR will be calculated as the sum of the peak estimated daily redemption amount (“DRA”) and a ‘core backing asset requirement’ (“CBAR”) which is based on the variance between estimated and actual redemptions; divided by the total value of assets in the backing pool, and then expressed as a percentage.  

Whilst the extension of backing assets is welcome, the additional burden on a firm to notify the FCA and demonstrate adequate risk management processes adds another level of complexity. This is particularly the case given that the default core backing assets requirement still limit firms to using only short-term cash deposits and short-term government debt, which means that a number of issuers will need to seek permission from the FCA to use a wider pool of assets. This could potentially be restrictive.

Additionally, consistent with the FCA’s objective that QS should operate as “trusted money-like instruments” rather than investments, issuers must not pass on any interest earned on backing assets to QS holders. This remains one of the most controversial issues for the industry which may arguably make the stablecoin market less attractive.

How should backing assets be safeguarded?

Two key requirements apply. Firstly, the backing assets must be held under a statutory trust for the benefit of the QS holders, with the issuer acting as trustee, and under separate trusts in respect of each QS product (where the issuer issues more than one QS product). Secondly, the backing assets must be segregated from the issuer’s own assets and be held by an independent third-party custodian unconnected to the issuer or its group. Helpfully, the FCA no longer requires the issuer to appoint a third party custodian who would be responsible for the safeguarding and administration of the backing assets. Instead, the issuer would remain legally responsible for the assets as trustee which broadly mirrors the position under the CASS regime.

Additionally, the issuer must complete reconciliations on at least a daily basis to ensure the backing assets accurately reflect the value of all minted stablecoins. Qualifying stablecoins must be minted or burned to ensure parity if necessary, and the issuer must notify the FCA if any discrepancies (shortfalls or excesses) are not resolved within 1 business day. While this is an improvement on the FCA’s previous proposals, we note that this may still be operationally burdensome for some firms to comply with.

Do Qualifying Stablecoin holders have a right to redemption?

To ensure the value of QS held by customers is maintained and QS are treated as money-like instruments, issuers of QS must provide all holders the right to redemption of any amount of QS at par value with the reference currency.

Issuers must process payment orders for redeemed funds promptly, namely by the end of the next business day following a valid redemption request, unless this would breach financial crime legislation or currency exchange is requested and this would take longer.

Redemption fees are permitted (in contrast to the position for “e-money tokens” under MiCAR), but must be commensurate with the operational costs incurred in executing redemption, and must never exceed the value of the stablecoins being redeemed; issuers must also never pass on any losses arising from the sale of backing assets.

Issuers should only suspend or delay redemption where there are exceptional circumstances which threaten the integrity of the QS or the interests of holders, and must notify the FCA immediately when it does so. 

Importantly, when QS is transferred from one holder to another, the other contractual obligations that the issuer owes to the holder are effectively transferred in law to the new holder. While the FCA’s proposals in relation to redemptions will provide legal certainty for customers, we note that they may be operationally burdensome for some firms to comply with.

Can issuers use third parties in relation to qualifying stablecoins?

Issuers may use third parties for selling or redemption of QS, or management of QS backing assets. Where this is the case, the issuer will remain fully responsible for compliance, and must subject third parties to adequate due diligence and ongoing monitoring.

In case of sale by a third party, the issuer must receive funds directly into an account in its own name, to reduce counterparty risk. In case of redemption by a third party on behalf of the issuer, only the issuer can decide to suspend redemption.

What disclosures are required by issuers?

Issuers of QS must publish and keep up to date information available online for holders, or potential holders, to enable informed decisions when buying, selling, or requesting redemption of QS. Issuers must provide the following key information on a quarterly basis:

  • Total number of stablecoins minted and issued.
  • Backing asset composition – value and percentage breakdown.
  • Confirmation that the firm is meeting the 1:1 backing requirement.

The issuer must also arrange an annual independent review of published statements.

3. CRYPTOASSET CUSTODY

The FCA’s proposed custody rules aim to ensure the protection of clients’ cryptoassets where a qualifying cryptoasset custodian is responsible for them, and that those assets are returned as quickly as possible if the custodian enters insolvency. 

The FCA has modelled its proposals on the existing CASS provisions (applicable to traditional finance custodians), with amendments to accommodate the unique characteristics of cryptoassets. Whilst this therefore provides a robust regime for the custody of cryptoassets, some of the proposals may be onerous for custodians to implement from a controls perspective. Additionally, for crypto custodian firms without experience of the FCA Handbook, the introduction of CASS style controls, such as the annual audit and a monthly Client Money and Assets Return, may be onerous to implement in practice.

How should custodians segregate client cryptoassets?

Custodians must segregate client cryptoassets from their own and hold them in a non-statutory trust on their behalf (where they act as a bare trustee), providing that the terms of the trust are clearly documented. Firms are entitled to use individual or omnibus wallets for this segregation provided the terms of the trust are followed. Custodians must hold the correct amount of qualifying cryptoasset for the correct clients at all times and keep adequate books and records.

Whilst the proposal for cryptoassets to be held in a non-statutory trust provides custodians with some flexibility in the specific type of trust structure they operate, this does also potentially create risk given that the implementation of these trust arrangements will be left to the firms. It is also interesting to see that the FCA has taken a different approach here in comparison to the statutory trust requirements for backing assets in relation to stablecoin issuers.

What records and reconciliations are required?

Custodians must maintain accurate, client-specific records of cryptoasset holdings, independent of DLT records. For each client, these records must correctly identify the type, quantity, and blockchain of the qualifying cryptoasset, together with the nature of the client’s claim, and the identity of any other parties that have capacity to effect a transfer.

Custodians must conduct reconciliation on a daily basis, identify and resolve any shortfalls, and notify the FCA of any unresolved shortfalls.

How should private keys and security be managed?

Given that custody firms may use a range of methods to mitigate security risks, the FCA has proposed a technology-agnostic approach. Firms will be required to maintain:

  • adequate security and organisational arrangements for generating, storing and controlling private keys;
  • accurate and verifiable ‘key-mapping’ records setting out the qualifying cryptoassets safeguarded, the wallets in which they are held, the means of access, and how they correspond to the relevant clients;
  • strategies to mitigate loss or compromise of the means of access, including secure back-ups; and
  • up-to-date records of policies & procedures for wallet/means of access management.

Will custodians be liable for loss of cryptoassets?

Custodians of qualifying cryptoassets will not be subject to full, uncapped liability for losses. However, firms may still be liable for loss of qualifying cryptoasset due to negligence, breach of contract, or breach of FCA rules.

Can custodians appoint third parties for safeguarding cryptoassets?

The FCA recognises that third parties can improve the security and/or efficiency of cryptoasset custody, for example through “key sharding”, where a private key is divided into “shards” that must be combined to sign transactions, or Hardware Security Modules, which manage private keys and perform encryption and decryption of digital signatures.

Custodians of qualifying cryptoassets will be permitted to appoint third parties for safeguarding cryptoassets, providing that any such appointment is in the client’s best interests, and is subject to proper due diligence.

The custodian’s agreement with the third party must include details of the services; details of the third party’s liability for losses; an acknowledgment that the qualifying cryptoassets are held on trust for the firm’s clients; and an acknowledgment that the third party is not entitled to exercise any right of set-off or counterclaim against the qualifying cryptoassets.

What disclosures are required by custodians?

The FCA is considering requirements to provide access to an online system with up-to-date statements including type and value of assets, the type of wallet, and confirmation of the trust. It may also include requirements to disclose the wallet structures chosen, and why, and to notify any changes to how cryptoassets are held.

What other CASS rules will apply?

The FCA is considering requiring qualifying cryptoasset custodians to appoint a CASS oversight officer, to be responsible for overseeing custody arrangements, including an independent annual audit and a monthly Client Money and Assets Return. The FCA is also considering how CASS 7 will apply where client money is held by a qualifying cryptoasset custodian.

4. PRUDENTIAL REGIME

The FCA’s Prudential CP outlines a new prudential regime for cryptoassets, including own funds, liquid assets, and concentration risk requirements. 

Alongside its work on the new cryptoassets regime, the FCA is also introducing an integrated prudential framework. Common requirements will be set out in a new “COREPRU” sourcebook, alongside sector-specific sourcebooks, including “CRYPTOPRU” for firms carrying out cryptoasset activities. The FCA intends that COREPRU will initially only apply to firms carrying out cryptoasset activities and will consult on moving other types of regulated firms into COREPRU in the future.

Many cryptoasset firms may consider that the new prudential rules in COREPRU are excessive and disproportionate. Given that cryptoasset firms generally have different credit risk profiles and operate differently to traditional financial institutions in their approach to prudential management, applying traditional prudential requirements could potentially produce disproportionately high capital requirements which are inconsistent with the risk profiles of these firms.

In particular, the FCA proposals will effectively require firms to invest more in traditional fiat-based assets. This is because the categories of “own funds” capital do not include liquid cryptoassets, and such holdings will also be affected by deductions of intangible assets and firm issued or controlled cryptoassets. Additionally, the proposals include activity-specific capital requirements that are intended to grow with the scale of the business operations. However, in respect of custodians, the operational risks of cryptoasset custody do not scale in proportion to the value of custodied assets. Finally, the proposals do not include any adjustment for smaller, innovative firms. This is in contrast to the adjustments permitted under MIFIDPRU for “SNI” (“small and non-interconnected”) firms.

What capital requirements will apply to CRYPTOPRU firms?

The FCA intends to apply substantially the same rules for CRYPTOPRU firms as for MIFIDPRU firms (which the FCA has separately recently consulted on in CP25/10). In particular, “own funds” are made up of three tiers of capital: Common Equity Tier 1 (“CET1”), Additional Tier 1 (“AT1”) and Tier 2 (“T2”). 

In meeting their total Own Funds Requirement (“OFR”) (outlined below), firms must hold these three tiers in minimum proportions: at least 56% must be CET1, at least 75% CET1 and AT1, and 100% of the total OFR must be CET1, AT1 and T2.

In calculating own funds, firms must also apply a range of prescribed deductions from the different tiers of own funds, including the existing deductions for MIFIDPRU firms, together with any cryptoassets issued by the firm itself or by a connected party, or where the firm controls the supply of the cryptoasset. However, regulated stablecoins that are backed in line with the requirements outlined above do not need to be deducted. 

How will the Own Funds Requirement be calculated for CRYPTOPRU firms?

The OFR for a CRYPTOPRU firm will be the higher of three requirements: (1) the Permanent Minimum Requirement (“PMR”), (2) the Fixed Overheads Requirement (“FOR”), and (3) the K-factor Requirement (“KFR”).  This is based on the requirements for MIFIDPRU firms, with the exception of KFR for stablecoin issuers, which is akin to requirements applicable to e-money issuers.

Where a firm is subject to both CRYPTOPRU and MIFIDPRU:

  • The PMR will be the highest applicable PMR across the 2 sourcebooks;
  • The FOR will be consistent across the different sourcebooks; and
  • The KFR will be the sum total of all K-factor requirements applicable across the different sourcebooks.

How is the Permanent Minimum Requirement calculated?

The PMR is a fixed absolute minimum, which is different for each regulated cryptoasset activity. For issuing qualifying stablecoins, the PMR is £350,000, whereas for safeguarding qualifying cryptoassets, it is £150,000. The PMRs for other regulated cryptoasset activities will be set out in the follow-up consultation paper. Where a firm undertakes multiple activities, the highest applicable PMR will apply.

How is the Fixed Overheads Requirement calculated?

The FOR is a minimum amount of capital required to absorb losses if the firm winds down or exits the market. The FOR for CRYPTOPRU firms will be 25% of the firm’s relevant expenditure from the previous year (not including discretionary spending).

As this is a variable figure, firms will need to keep their FOR under review. In particular:

  • firms must recalculate FOR immediately in case of a material increase (30% or £2m) in relevant expenditures;
  • firms may recalculate FOR in case of a material decrease (30% or £2m) in relevant expenditure, but must secure the FCA’s permission before applying the decreased FOR figure; and
  • firms must calculate the expected impact on their FOR of any significant business changes, such as buying or selling the business, investing in a major upgrade, or a restructuring programme, before proceeding with the project.

How is the K-factor Requirement calculated?

The KFR is intended to capture activity-specific risks, that grow with the scale of business operations. Like the PMR, it is different for each regulated cryptoasset activity. Unlike the PMR, where a firm conducts multiple cryptoassets activities, the overall KFR will be the sum of the applicable K-factors.

The Prudential CP sets out the K-factors for qualifying stablecoin issuers and custodians:

  • for qualifying stablecoin issuers (“K-SII”): this is 2% of the average value of qualifying stablecoins in issuance (“SII”) in the first 6 of the previous 9 months (excluding the last 3 months, to give firms time to plan for changes to their capital requirements); and
  • for qualifying cryptoasset custodians (“K-QCS”): this is 0.04% of the average qualifying cryptoassets safeguarded (“QCS”) in the first 6 of the previous 9 months (excluding the last 3 months). The value of the QCS must include all qualifying cryptoassets safeguarded, and must be based on market value or fair value.

What liquidity requirements will apply to CRYPTOPRU firms?

Liquidity requirements differ from the capital requirements set out above, as they are concerned with meeting liabilities as they fall due, whereas capital requirements concern loss absorption. All CRYPTOPRU firms will be subject to a Basic Liquid Assets Requirement (“BLAR”), which is intended to fund initial wind-down costs. Qualifying stablecoin issuers will also be subject to an Issuer Liquid Assets Requirement (“ILAR”), which is intended to address the price risk in their backing asset pools. Both BLAR and ILAR (if applicable) determine the minimum liquidity expected from CRYPTOPRU firms. They are calculated as follows:

  • BLAR is 1/3 of the firm’s FOR, plus 1.6% of the total amount of guarantees the firm has provided to clients. Firms must hold their BLAR in “core liquid assets”, which include cash, short-term UK bank deposits, UK government debt, and certain short-term regulated money market funds (or comparable third country funds); and
  • ILAR must be met with on-demand deposits, which are immediately available without restrictions and denominated in the stablecoin’s reference currency. This includes deposits with a break clause for early withdrawals, provided the issuer has considered the impact of absorbing such penalties. ILAR is calculated by applying specific charges to the value of each non-cash asset (core and expanded backing assets) in the backing pool.

How are CRYPTOPRU firms required to deal with concentration risk?

CRYPTOPRU firms must monitor and control their concentration risks arising from their assets, off-balance sheet items, location of client money and custody assets, location of the firm’s own cash deposits, and sources of earnings (and if the firm is issuing qualifying stablecoin, the backing assets pool). This should include monitoring and controlling how assets are concentrated in banks and investment firms as well as identifying groups of connected clients.

Will there be further consultation on the prudential regime?

The FCA will later this year publish a further consultation paper to provide additional details on other aspects of its proposed prudential regime, including requirements for cryptoasset firm groups, public disclosure of prudential information, and how the Internal Capital Adequacy and Risk Assessment (“ICARA) process will work for cryptoasset firms.

More insights
Digital Assets & Crypto FinTech TMT - Technology, Media & Telecommunications Financial Services & Regulation Banking & Finance

Explore more

Expert Guide International

CMS Expert Guide to Crypto Regulation in United Kingdom

16 min read
Publication United Kingdom

Crypto Regulation in the UK

11 Mar 2026 2 min read
Event United Kingdom

CMS Update Morning: Media, Sports and Entertainment

29 Apr 2026
Back to top Back to top
You will now find all Law-Now content on CMS.law
Explore more
Law-Now, RegZone, LEXplicite and Blogtt have moved to CMS.law. Law-Now has moved to CMS.law. RegZone has moved to CMS.law. LEXplicite has moved to CMS.law. Blogtt has moved to CMS.law.
Learn more Learn more Learn more Learn more
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.