Crypto Regulation in the UK

Market abuse regime for cryptoassets (“MARC”) and admissions & disclosures (“A&D”) rules  

Documents: CP 25/41 (16 December 2025) updated from DP 24/4 (16 December 2024).

CP 25/41 on Regulating Cryptoassets: Admissions & Disclosures and Market Abuse Regime for Cryptoassets (see our full analysis here).

MARC will apply to qualifying cryptoassets admitted to, or seeking admission on, a cryptoasset trading platform (“CATP”), regardless of geographic location. The regime covers the use and disclosure of inside information and market manipulation and applies to issuers, offerors, and CATPs.

While the cryptoasset tailored MARC proposals are broadly based on the UK Market Abuse Regime, MARC is not intended to replicate UK MAR due to structural differences in cryptoasset markets.

Key proposals include:

1. Inside information - Disclosure responsibilities for inside information are broadened beyond issuers to include offerors and CATPs for information that directly concerns them. The FCA has provided guidance on the different types of inside information, including what inside information is and when the information is considered public, as well as when delayed disclosure is possible.
2. Safe Harbours - Legitimate market practices will be available in certain circumstances, including; coin burning, cryptoasset stabilisation, and legitimate conduct reasons.
3. Market Abuse Systems and Controls - All CATPs and intermediaries must, at a minimum, implement systems and controls that cover existing UK MAR rules. Additional CATP specific requirements include platform specific rules and tools to prevent abusive activity. The FCA will not handle the receipt and assessment of suspicious transaction and order reports, or introduce the “persons discharging managerial responsibilities” disclosure obligations.
4. On Chain Monitoring - Only large CATPs need to monitor on chain activities, using appropriate tools and methods, including blockchain analytics, wallet clustering, and anomaly detection. Smaller CATPs and intermediaries should carry out proportionate off chain monitoring.
5. Insider Lists - Issuers, offerors, and CATPs must maintain insider lists, and are responsible for lists maintained by third parties working on their behalf. 
6. Cross Platform Information Sharing - The FCA proposes that large CATPs share information to prevent, detect, and disrupt market abuse and must share information with other Large CATPs without unnecessary delay if they have reasonable grounds to suspect market abuse and disclosure is happening. 

The proposed requirement under the MARC regime to disclose inside information will work in conjunction with the A&D rules’ admission document requirements to give investors sufficient information regarding a cryptoasset at the point of admission.

A&D (see our full analysis here)

The A&D regime will apply CATPs that allow retail participation, and to public offers to retail investors made under the new cryptoasset regulations proposed by the FCA (see our summary here). The regime will apply to the following designated activities:

• Offering a qualifying cryptoasset to the public in the UK;
• Disclosing information about an offer of a qualifying cryptoasset;
• Disclosing information relating to a qualifying stablecoin offered to the public in the UK;
• Requesting or obtaining the admission of a qualifying cryptoasset to trading on a CATP;
• Disclosing information about an admission, or proposed admission, of a qualifying cryptoasset to trading on a CATP; and
• Admitting a qualifying cryptoasset to trading on a CATP.

The majority of A&D rules will apply directly to the operators of CATPs which are authorised in the UK. There will also be a separate regime for UK-issued stablecoins. The proposed regime will implement the below requirements:

1. Eligibility and Admission to Trading -Instead of prescriptive rules, CATPs must set risk based, objective admission criteria to assess whether admitting qualifying cryptoassets (excluding UK-issued qualifying stablecoins) could harm retail investors. These criteria must be board approved, published on the CATP’s website, and regularly reviewed and updated.
2. Due Diligence Requirements - CATPs must conduct due diligence and include the factors listed in their admission criteria. 
3. Qualifying Cryptoasset Disclosure Documents (“QCDD”) - CATPs can only admit or offer a qualifying cryptoasset on a CATP if a QCDD is in place, summarising the asset’s governance and features, resilience and tech, ownership, and trading history/performance.
4. Filing and Publication - CATPs must file approved QCDDs and Supplementary Disclosure Documents (“SDD”) with centralised repository and on their own websites.
5. Responsibility and Liability - A person seeking admission of a qualifying cryptoasset will be responsible and liable for its content, along with those accepting responsibility in these documents. If there is no identifiable issuer, the liability for disclosure attaches to the party that is responsible for the QCDD/SDD.
6. Consumer Duty and Protected Forward Looking Statements - The Consumer Duty will not apply to activities relating to public offers and admissions to trading of qualifying cryptoassets. In relation to protected forward looking statements, these will now be voluntary for QCDDs and SDDs, as opposed to mandatory. 
7. Disclosures for UK-Issued Qualifying Stablecoins - UK issued qualifying stablecoin issuers must provide two forms of disclosures: disclosures in the form of information on the issuer’s website, available to holders, prospective holders, and the general public; and a UK-issued qualifying stablecoin QCDD, available on the issuer’s website and on an FCA-owned centralised repository.

The CP process for these proposals was completed in February 2026. The FCA will consider feedback and publish their final rules in 2026.

CP25/40 on Regulating Cryptoasset Activities sets out its proposed rules for CATPs (and their operators), intermediaries, lending and borrowing, staking, and decentralised finance. See our full analysis here.

Key proposals include:

In relation to CATPs:

1. Location, incorporation and authorisation - An operator of a CATP based in the UK, must seek authorisation. Overseas CATP operators that wish to provide services to UK consumers must also be UK authorised, and establish either a UK subsidiary and/or a UK branch.  Overseas firms only serving UK institutional clients will not require authorisation.
2. Platform access and operation requirements - CATPs must ensure fair access to non-discriminatory trading and orderly market access. Each CATP must establish objective criteria for platform access and non-discretionary rules for order execution. 
3. Market making arrangements - Operators of CATPs are required to identify and monitor users who carry out market making strategies on the CATP, and must document and disclose incentive schemes or other arrangements with market makers or liquidity providers. 
4. Algorithmic or automated trading - The FCA will adopt a principles based approach, setting out high level principles firms need to comply with. CATPs must define their own rules on algorithms and monitor compliance with those rules, along with publishing their approach publicly. 
5. Mitigating harm and consumer duty - Operators of CATPs will be responsible to mitigate harm where they allow direct retail access. The Consumer Duty will not apply between trading participants on the CATPs.
6. Principal dealing - Operators of CATPs are allowed to hold principal dealer permissions and conduct matched principal or own account dealing on their own venue, subject to rules that mitigate prudential and execution risks, and conflicts of interest. 
7. CATPs issuing their own tokens - Admission of own tokens is allowed, provided the operator of the CATP discloses this to users and complies with general rules on conflicts of interest.
8. CATPs managing market and counterparty risk - Operators of CATPs are prohibited from extending credit to counterparties, beyond credit exposure arising from settlement. 
9. Transparency and reporting requirements - CATPs are required to meet pre-trade and post-trade transparency standards and retain records for 5 years. There is no mandate to report transaction data to the FCA. 
10. Settlement - high level expectations for settlement to be efficient and effective. Firms can internalise or externalise settlement. They must ensure clients understand the firm’s settlement responsibilities.

In relation to Intermediaries

1. Best execution, clients instructions and total consideration - Firms must execute orders promptly and fairly, with retail outcomes based on total consideration (price and costs). Firms should check at least three reliable UK authorised price sources.
2. Dealing or arranging deals with UK retail clients - Intermediaries serving UK consumers must only execute transactions on UK authorised execution venues. Intermediaries may also only serve retail clients in relation to cryptoassets which have already been admitted to trading on at least one CATP and complies with the relevant disclosure and document requirements, subject to an exemption for UK issued qualifying stablecoins. Placing client orders on venues outside of the UK is not permitted.
3. Conflicts  of interest - Intermediaries require a functional separation, including separate governance structures between proprietary trading and client order execution, as a minimum. The personal account dealing rules for traditional finance firms applies to all cryptoasset intermediaries.
4. Transparency requirements - Intermediaries that deal as principal are subject to the same pre-trade and post-trade transparency obligations as CATPs, as well as the same record keeping requirements and the same requirement to report to immediate clients on order execution. Pre-trade transparency obligations do not apply to certain kinds of business models.
5. Record keeping and client reporting - Intermediaries are required to record and store the details of their clients’ transactions for up to 7 years and make them available to the FCA when requested. The FCA has confirmed that it will not systematically receive or assess Suspicious Transaction and Order Reports or other individual cryptoasset transaction records.

Cryptoasset lending and borrowing (“L&B”) activities

L&B activities will not be new regulated activities, but may fall within the regulated dealing or arranging activities.

1. Retail access to L&B - Retail clients will be permitted to access L&B services relating to qualifying cryptoassets or stablecoins, subject to new consumer understanding, express prior consent, and operational risk requirements. 
2. Consumer understanding - An extensive list of specified information must be provided to retail clients each time they engage with L&B services and before they are bound by any L&B related agreements or services begin. 
3. Operational risks - Firms must not use their own proprietary tokens in connection with L&B services. Cryptoasset L&B firms must also conduct appropriateness assessments, comply with prudential requirements, and will be subject to record keeping requirements.
4. Cryptoasset borrowing - The FCA will not apply the Consumer Credit Sourcebook to cryptoasset borrowing for retail clients. Firms must obtain the retail client’s consent prior to supplementing the collateral on the retail client’s behalf.

Staking proposals

1. Consumer understanding - Firms must provide customers with information on the risks of staking, and notify them in good time of any material changes. 
2. Technological, cyber, and third party risk - Operational resilience rules and prudential requirements apply to staking firms, as explained further in CP25/25 and CP25/42. The FCA do not require automatic compensation for retail losses arising from preventable operational or technological failures.

Decentralised Finance ("DeFi")

DeFi activities are not covered by the incoming UK cryptoasset regulatory regime where they are truly decentralised.

The CP process for these proposals was completed in February 2026. The FCA will consider feedback and publish their final rules in 2026.

Document: CP25/14

Various issues in relation to the stablecoin and safeguarding proposals were subsequently discussed in the CP25/25 and CP26/4. The FCA will consider feedback and publish their final rules in 2026.

This CP focuses on two of the new regulated activities to be introduced into the existing FSMA authorisation regime, namely the (i) issuance of “qualifying stablecoins” and (ii) the safeguarding of “qualifying cryptoassets”.

The CP defines a “qualifying stablecoin” as a “qualifying cryptoasset” referencing one or more fiat currencies that seeks or purports to maintain a stable value by the issuer holding fiat currency or fiat currency and other assets). On top of needing to seek authorisation and comply with the conduct of business standards applicable to authorised financial services firms, qualifying stablecoin issuers will be required to:

• back qualifying stablecoins with secure, liquid assets in a statutory trust for qualifying stablecoin holders; 
• offer redemption of qualifying stablecoins at par value in exchange for money to all holders; and
• clearly disclose their policy for redemption and the composition of backing assets to consumers.

This CP also introduces a new safeguarding regime for cryptoassets and includes the draft rules for a new CASS 17. This introduces new rules that apply to cryptoasset custodians in relation to qualifying cryptoassets (“QCAs”). Rules governing the safeguarding of specified investment cryptoassets (“SICs”) are included in CP26/4.

Under CASS 17, qualifying cryptoasset custodians will be required to:

• segregate client cryptoassets from their own; 
• hold those qualifying cryptoassets on behalf of clients in a trust; 
• have accurate books and records of clients’ cryptoassets holdings; and 
• have adequate controls and governance to protect clients’ cryptoasset holdings.

These new rules largely mirror the existing custody rules in CASS 6 (which relate to “traditional” safe custody assets).

The consultation process for these proposals was completed on 31 July 2025.  

CP 25/15 introduces a new prudential regime for cryptoassets, covering own funds, liquid assets, and concentration risk requirements. It seeks to align broadly with existing prudential frameworks but tailors them to crypto-specific risks. Please see our analysis here.

The FCA proposes to introduce an integrated prudential sourcebook that brings together core prudential requirements ("COREPRU"), along with a sourcebook setting out sector specific requirements for firms doing regulated cryptoasset activities ("CRYPTOPRU"). Both COREPRU and CRYPTOPRU will apply to CRYPTOPRU firms.

The COREPRU will include rules on: 

• overall financial adequacy; 
• definition of own finds;
• own funds requirement (overall calculation);
• fixed overhead requirement;
• concentration risk monitoring; and 
• basic liquid asset requirement.

The CRYPTOPRU will include rules on: 

• permanent minimum requirement; 
• K-factor requirement; and 
• issuer liquid asset requirement.

The FCA has since built on these proposals in CP25/42 (see our full analysis here), and have added the following proposals:

1. Permanent minimum requirement (“PMR”) - A PMR of £350,000 for firms issuing qualifying stablecoins; £150,000 for CATPs and firms safeguarding qualifying cryptoassets; £75,000 for firms with dealing permissions.
2. K-factor expansion - Crypto firms must calculate K-factors (activity/exposure-based capital charges). CP25/15 set K-SII (stablecoin issuance) and K-QCS (safeguarding), and CP25/42 adds further operational and exposure K-factors for other activities (e.g., orders/trading flow/staking, market and counterparty risk, and concentration risk), broadly mirroring MiFIDPRU concepts.
3. Fixed overhead requirements (“FOR”) – This is calculated as one quarter of the firm’s relevant expenditure during the preceding year, reflecting fixed costs for crypto trading, including 100% or 80% deductions for pass-through venue/broker/CCP fees (with limits) and a deduction for trading losses, while excluding membership fees and loss-sharing obligations. 
4. Overall risk assessment (thresholds and group risk) – non-MIFIDPRU firms - Ongoing overall risk assessments requiring firms to set and monitor firm specific capital and liquid asset thresholds (covering risks beyond baseline requirements, including stress and wind down planning) and to identify and manage group risks, holding additional capital or liquidity where those risks cannot be mitigated.
5. Disclosure and reporting - Where a cryptoasset firm is subject to other prudential regimes (e.g. MIFIDPRU and COREPRU/CRYPTOPRU), disclosure requirements must be met across both regimes but firms may publish a single, consolidated set of prudential disclosures.

The CP process for these proposals was completed in February 2026. The FCA will consider feedback and publish their final rules later in 2026.

Application of FCA Handbook for Regulated Cryptoasset Activities II 

Document: CP26/4

CP26/4 builds on a number of previous papers, including CP25/25.

1. Approach to authorising overseas cryptoasset firms - The FCA has clarified that, in limited circumstances, an overseas firm may be authorised to operate a CATP through a UK branch where this supports access to global liquidity and improves pricing and execution (including matching UK and overseas orders within the same legal entity). However, other cryptoasset activities (such as safeguarding) should carried out via a separate UK legal entity. 
2. Consumer Duty - FCA has now published draft non-Handbook guidance in its “Application of the Consumer Duty to cryptoasset firms - GC26/2” and clarifies the application of various aspects of the Duty, including the cross cutting rules and Outcomes, and the application of the concepts of “manufacturer” and “distributor” to different cryptoasset firms and business models. The Duty will not be applied to trading between participants of a CATP, but would apply to how CATP operators interact with retail customers more broadly. The Duty will not apply to the designated activities relating to public offers and admissions to trading of qualifying cryptoassets, but will apply to public offers and admissions to trading of UK issued qualifying stablecoins.
3. Complaints handling, FOS and FSCS - The FCA will apply DISP 1 complaints handling rules to the newly regulated cryptoasset activities from the go live date, with complaints reporting phased in initially. FOS compulsory jurisdiction will extend to complaints about the newly regulated cryptoasset activities, but only where the activity is carried on from a UK establishment (likely capturing UK branches). FSCS coverage will not be extended to regulated cryptoasset activities.
4. Application of COBS - The FCA extends the Handbook definition of “designated investment business” to include the newly regulated cryptoasset activities, meaning any COBS requirements will apply to these firms. Qualifying cryptoassets will fall under the financial promotions regime and need to comply with the requirements for appropriateness tests, a 24-hour cooling-off period, client categorisation requirements, and risk warnings. This does not apply to UK authorised stablecoins.
5. Client reporting - The FCA will disapply most COBS 16 reporting for trading/execution and lending/borrowing, with similar requirements moving into the CRYPTO sourcebooks, but will apply and enhance COBS 16 reporting for safeguarding and staking. 
6. Use of credit to purchase cryptoassets - cryptoasset purchases using credit cards or credit lines will be permitted.
7. SM&CR Tiering and Training Competence - Threshold requirements for categorising stablecoin issuers and cryptoasset custodians apply to SM&CR Enhanced firms as well as applying its training and competence regime to cryptoasset firms servicing retail clients.
8. Regulatory reporting - There will be a phased approach to regulatory reporting requirements. Only the existing returns in SUP 16 will apply to all qualifying cryptoasset firms from Day 1, and a new core set of regulatory returns specific to regulated cryptoasset activities will be introduced over the first 2-3 years of the regime. 
9. Safeguarding - Custodians must generally hold client cryptoassets on trust, but the FCA proposes limited exceptions. Amended CASS 17 rules apply to custody of both qualifying cryptoassets and specified investment cryptoassets. Firms combining custody with staking, or CATP integrated custody, must comply with the relevant CASS 17 requirements. Lent assets are generally excluded and retail borrowing collateral must be safeguarded.
10. Reconciliation and shortfalls - Firms must maintain safeguarding records to allow them to establish the entitlement of each client to the client cryptoassets held by the firm, as well as allowing the firm's own cryptoassets to be distinguished from client cryptoassets. The firm will also need to carry out reconciliation checks once every business day. Where the firm identifies a shortfall, it must resolve this within 24 hours.
11. Private key management and security - Private key management applies to client cryptoassets held in trust and any operational surplus held on trust. The rules will apply where a firm has control over the “means of access” to a client cryptoasset, including both private keys and “shards”.
12. Third-party custody arrangements - CASS 17.6 only applies to third parties appointed to safeguard client cryptoassets where they are being held on trust.

The CP process for this paper will complete in March 2026. The FCA will consider feedback and publish their final rules later in 2026.