Rules Navigator

Register

FCA proposals to promote good business practices amongst crypto firms

Physical crypto coin tokens on UK sterling notes.
Photo: Matt Cardy/Getty Images

Sam Robinson | CMS, Justin Kwik | CMS

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

The FCA plans to extend the High-Level Standards in the FCA Handbook to cryptoasset firms in line with FSMA-authorized entities.

Following the inclusion of cryptoassets into the Regulated Activities Order (RAO) this Consultation Paper (CP 25/25) consults on how the existing FCA Handbook rules and guidance will apply to cryptoasset firms that carry on regulated activities under the new regulatory regime that will apply to cryptoassets firms.

The FCA has split this CP into two sections, each with different timelines for responses. The regulator is consulting on its proposed approach of applying the “crosscutting” sections of the FCA Handbook (for example, those that apply across different types of firms and activities) to cryptoasset firms. These include the following sourcebooks:

  • Principles for Business (PRIN);
  • Supervision (SUP);
  • Senior Management Arrangements, Systems and Controls (SYSC);
  • Environmental, Social, and Governance (ESG).

In these consultation chapters, the FCA is also consulting on their proposed application of rules relating to operational resilience, financial crime controls, and the Senior Manager and Certification Regime (SMCR) to cryptoasset firms.

Discussion chapters

Separately, the FCA has set out the following points for discussion:

  • whether it should apply the Consumer Duty to cryptoasset firms or whether more specific rules (such as those in the Product Governance sourcebook (PROD)) would be more appropriate;
  • whether the Financial Ombudsman Service should be extended to customers of cryptoasset firms; and
  • how the Conduct of Business Sourcebook (COBS) should apply to cryptoasset firms.

Interestingly, although this is a consultation paper, the FCA has stated that it is only inviting discussion-level feedback for these areas and will consult further on each in separate consultations.

High-level standards and supervision

The FCA’s “High-Level Standards”, or core principles that apply to all regulated firms, are set out in the PRIN, COND, GEN, and SUP sourcebooks. The FCA plans to extend the rules and guidance in each of these sourcebooks to cryptoasset firms, bringing them in line with the same supervisory framework that applies to other FSMA-authorized entities.

Crypto-specific updates to these rules include:

  • Stablecoin issuers and cryptoasset custodians will be required to obtain an annual CASS audit to test client-asset protections.
  • The definition of “customers” and “clients” under PRIN will include holders of qualifying stablecoins.
  • Certain PRIN principles will not be applied to CATPs in certain circumstances (for example, when interacting with professional clients).

Governance and controls

The FCA has proposed applying the following SYSC chapters directly to cryptoasset firms:

  • SYSC 1: Application to firms.
  • SYSC 4: General organisational requirements.
  • SYSC 5: Skills and knowledge requirements for personnel.
  • SYSC 6: General compliance and financial crime.
  • SYSC 7: Risk controls.
  • SYSC 9: Record keeping.
  • SYSC 10: Conflicts of interest.
  • SYSC 18: Whistleblowing.

The rules in SYSC are supplemented by the Code of Conduct (COCON), Fit and Proper Test (FIT), and the Financial Crime (FCG and FCTR) sourcebooks, which will also apply directly to cryptoasset firms.

The FCA has flagged that it intends to consult separately on updating the rules relating to conflicts of interest in SYSC 10 at the end of 2025, as well as on how the Training and Competence (TC) sourcebook should apply to cryptoasset firms before the policy note for this CP is published.

Notably, the FCA has also stated that the rules and guidance on financial crime controls (currently set out in SYSC 6) go beyond those currently required under the MLRs 2017. This means that even where firms are already authorized to operate as cryptoasset service providers under the MLRs, they may need to review and, where necessary, consider updating their financial crime controls to obtain and maintain authorisation under FSMA.

Senior Managers and Certifications Regime (SM&CR)

The SMCR will be applied in full to cryptoasset firms. The FCA noted that most CASPs will be considered “core” firms, with “around 1%” potentially being caught by the “enhanced” regime. Cryptoasset firms that are SMCR core firms will be required to have up to six types of Senior Management Functions (SMFs) depending on which SMF roles are relevant to the firm, and 5 Prescribed Responsibilities (PRs).

All SMFs holders will need to comply with the COCON conduct rules, and all SMF and Certified Function holders will need to comply with the FIT assessments, with no new requirements added under either for cryptoasset firms. However, future consultation on the training and competence requirements in the TC sourcebook may affect this.

The FCA intends to consult on how it will categorize cryptoasset firms as “enhanced” SMCR firms, and the reporting requirements that would apply to such firms, but at the moment is considering the three following categories:

  • Firms considered a “large firm” under the current CASS rules (for example, firms that hold significant balances of current assets, which at the moment means excess of £1 billion ($1.35 billion) in client money and/or £100 billion ($135 billion) of safe custody assets).
  • Firms with an AUM of £50 billion ($67.5 billion) or more as a three-year rolling average.
  • Firms that “opt-up” into the enhanced category.

Operational resilience

the FCA has also proposed applying the existing operational resilience framework to CASPs. Although the FCA explicitly noted various crypto-specific operational risks, such as private key security and validator risks, and the use of DLT providers, at present the FCA is not proposing any specific changes to the current rules.

The CP also provides various examples of how they expect such rules may apply to various cryptoasset service providers (for example, custodians, CATPs, stablecoin issuers, etc), and the FCA is seeking feedback on the usefulness of those examples.

ESG

The FCA has proposed to apply the ESG sourcebook as currently drafted to cryptoasset firms, with no new climate-related or sustainability disclosures for cryptoasset firms. Activity-specific requirements under the ESG sourcebook, such as those applicable to asset managers, will not apply to cryptoasset firms.

Consumer Duty

The FCA has not proposed a specific approach to applying the Consumer Duty to cryptoasset firms. Instead, the FCA is seeking feedback on whether it should:

  • apply the Consumer Duty to cryptoasset firms, supplemented by sector-specific guidance where needed; or
  • introduce separate consumer protection rules for regulated cryptoasset activities.

The FCA explores the pros and cons of both options in this CP and seeks feedback on both approaches. It is now proposing to introduce bespoke rules and guidance within the A&D regime, and is seeking feedback on this approach, as well as whether it should also apply the Consumer Duty to the A&D regime.

Complaints and the Financial Ombudsman Service (FOS)

The FCA has also invited feedback on whether customers of cryptoasset firms should be able to bring complaints to the FOS where that firm has been unable to resolve their complaint. As with the Consumer Duty chapter, the FCA explores the benefits of both options. Once it has finalized its position on the FOS, the FCA also intends to consult on the application of the Dispute Resolution: Complaints sourcebook to cryptoasset firms, which it has stated will be at the end of 2025.

Notably, the FCA has also stated that it is reconsidering the potential extension of the Financial Services Compensation Scheme (“FSCS”) to the newly regulated cryptoasset activities, despite having stated in the  Discussion Paper that it did not intend to do so.

Conduct of Business Sourcebook (COBS)

At a high level, the FCA is proposing to apply the majority of the existing general conduct requirements in COBS to cryptoasset service firms, albeit with more extensive carveouts and exceptions than with other sourcebooks. Conversely, the FCA has stated they do not intend to apply several sourcebooks to cryptoasset firms, either because they cover activities that do not have a cryptoasset-equivalent, are MiFID related, or relate to distance communications that do not reflect current technology.

A key point to note is that the FCA has proposed amending how qualifying stablecoins are treated under the existing financial promotion rules that have already applied to cryptoassets since 2023 . Specifically, UK-issued qualifying stablecoins would be taken out of scope, while non-UK issued qualifying stablecoins will have a different prescribed risk warning.

The FCA is considering whether the Consumer Duty will be sufficient to achieve its consumer protection and product governance outcomes, or whether bespoke cryptoasset product/service rules should be published under PROD. It is currently considering the former option but has invited feedback on this approach in this CP and will consult on its decided approach in the future consultation covering this CP’s discussion points.

Sam Robinson is a financial services partner and Justin Kwik an associate, with law firm CMS.

, , , , , , , , , , , , , , , , , ,
You may also like