Rules Navigator

Key facts about the new UK draft rules for stablecoins and crypto custody

UK BTC Cryptocurrency wallet with passport
Photo: Craig Hastings/Getty Images

Etay Katz | Ashurst, Sid Ulker | Ashurst, Jamie Jefferson Ng | Ashurst+1

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

Proposals to bring fiat-referenced stablecoins into the UK regulatory perimeter including custody and a new prudential regime.

On May 28, 2025 the FCA released two consultation papers – CP25/14 (on stablecoin issuance and crypto custody) and CP25/15 (on prudential requirements for crypto firms) – as the latest step toward a comprehensive UK cryptoasset regime (the CPs). These proposals build on HM Treasury’s draft legislation (April 2025) to bring fiat-referenced stablecoins into the regulatory perimeter. See our article The UK’s new cryptoasset legal and regulatory framework explained.

The FCA is coordinating with the Bank of England to ensure a clear regulatory path for stablecoins. The Bank will separately consult in late 2025 on requirements for systemic stablecoins (those at payment-system scale), complementing the FCA’s framework for non-systemic issuers.

Scope of the CPs

“Qualifying” stablecoins (cryptoassets pegged 1:1 to fiat currency) and related activities are the focus. Issuing such stablecoins and safeguarding (custody) of qualifying cryptoassets will become regulated FSMA activities, meaning firms must be FCA-authorized to perform them in the UK.

Key proposals for stablecoin issuers

  • Full reserve backing: Stablecoin issuers must back their tokens with high-quality, liquid assets equal in value to all outstanding stablecoins. Reserves are limited to low-risk instruments – eg on-demand bank deposits and short-term government debt (≤1 year maturity) – with only limited use of longer-term public debt or certain money-market funds. This ensures stablecoins can meet redemption requests and maintain parity with their reference currency.
  • No interest to holders: Firms cannot pass through to stablecoin holders any interest earned on the reserve assets. In other words, although issuers may earn interest on the backing assets, customers holding the stablecoins receive no yield. This rule distinguishes stablecoins from investment funds and reinforces their role as money-like payment instruments rather than interest-bearing products.
  • Safeguarding reserves (statutory trust): All stablecoin backing assets must be held on trust for the benefit of coin holders. The issuer acts as trustee with a fiduciary duty to users, and reserves must be segregated from the issuer’s own funds. In practice, issuers will need to place reserve assets with an independent third-party custodian (unaffiliated with the issuer’s group). They must also reconcile the backing assets at least daily, quickly correcting any shortfalls or excess (e.g. by topping up reserves or burning surplus tokens) to maintain 1:1 asset backing. These measures protect consumers’ funds if an issuer fails, similar to how client money is safeguarded under existing financial rules.
  • Guaranteed par redemption: Stablecoin holders must have an unconditional right to redeem their coins at par value with the issuer. Redemption must be available to all holders (no wholesale-only or minimum redemption thresholds). The FCA proposes that redemption requests be honored promptly – with payment to the holder’s bank account by the end of the next business day following a valid request. Any fees charged for redemption must be reasonable and cost-based; firms cannot impose excessive fees or deduct losses from customers’ redemptions. In short, £1 of stablecoin should reliably convert back to £1 fiat, minus only minimal admin costs.
  • Outsourcing and third parties: Issuers must comply with outsourcing requirements when utilising third party suppliers. This includes conducting due diligence and having comprehensive contracts in place for any outsourced activities. Adequate information-sharing and monitoring is required so the issuer can ensure third parties (eg technology providers, wallet operators) adhere to all rules.
  • Transparency requirements: At least quarterly, stablecoin issuers must publish the number of coins in circulation and a breakdown of the reserve asset composition. They also need to disclose other key information (kept up-to-date) such as the token’s operational model/technology, the identities of any material third parties involved in issuance or redemption, and details of how redemption works . All disclosures must be clear, fair and not misleading. These transparency rules aim to inform users and market participants about the stability mechanics and risks of each stablecoin.

Key proposals for cryptoasset custody

  • Segregation of client assets: Firms providing crypto custody services (i.e. “controlling” client assets via holding customers’ cryptoassets or private keys) must segregate all client assets from the firm’s own assets. Clients’ tokens should be held in clearly identified wallets or accounts separate from any proprietary holdings. As with stablecoin reserves, client cryptoassets should be held on trust for the customer’s benefit – meaning if the custodian becomes insolvent, those assets are legally ring-fenced and returnable to clients rather than claims in the bankruptcy estate.
  • Secure & accessible storage: Custodians are expected to keep customers’ crypto effectively secured against loss, theft, or misuse, and ensure that clients can access their assets at any time. In practice, this means robust cybersecurity, private key management, and possibly insurance or reserve funds to cover incidents. It also means operational processes to return assets promptly on customer request or in an insolvency scenario, minimizing the risk of customers being locked out of their funds.
  • Accurate books and reconciliations: Crypto custodians must maintain accurate, up-to-date records of clients’ holdings at all times . Regular reconciliations should be carried out (including on-chain vs. off-chain records) to quickly identify and correct any discrepancies to prevent or promptly detect any shortfall. This parallels core principles of the FCA’s Client Assets Sourcebook (CASS) applied to digital assets.
  • Governance and controls: Firms need to have internal controls and governance to protect client assets . This includes policies to minimise risks like fraud, cyberattacks, and operational errors. If using sub-custodians or third-party wallet providers, firms must perform due diligence and impose contractual duties on those third parties (similar to the expectations on stablecoin issuers). The FCA will require firms to have specific oversight roles (e.g. a dedicated CASS or crypto asset safeguarding officer) and audits, in line with existing custody regulation practices.

New prudential regime (COREPRU & CRYPTOPRU)

  • Introduction of COREPRU/CRYPTOPRU: The FCA proposes a tailored prudential framework to ensure crypto firms have adequate financial resources. A new COREPRU module (Core Prudential Requirements) will set certain baseline rules applicable across sectors, such as the method to calculate fixed overheads. A dedicated CRYPTOPRU sourcebook will contain crypto-specific capital and liquidity rules for firms undertaking stablecoin issuance or crypto custody. These mirror the three-pillared approach used in traditional finance – minimum capital, liquidity buffers, and risk controls – to reduce the likelihood and impact of firm failures.
  • Base capital (permanent minimum): All in-scope crypto firms must hold a minimum amount of own funds (equity or similar high-quality capital) at all times. The FCA is proposing a £350,000 minimum capital requirement for stablecoin issuers, and £150k ($204k) for crypto custodians. If a firm carries out both activities, the higher figure applies. This permanent minimum requirement (PMR) aligns the stablecoin issuer threshold with that for electronic money institutions (which is also £350k ($476k). It ensures even small firms have a capital base to absorb losses.
  • “K-Factor” capital (scaled to activity): Firms must also hold additional capital in proportion to the scale of their operations, using K-factor metrics (akin to the approach for MIFIDPRU investment firms). For stablecoin issuers, the proposed K-factor is 2% of the total value of stablecoins in circulation. For custody providers, it is 0.04% of the total value of client cryptoassets safeguarded. These percentages (2% and 0.04%) have been calibrated to match equivalent traditional requirements – 2% mirrors the capital buffer for e-money float, and 0.04% aligns with the capital charge on custody assets in investment firms. The K-factor ensures that as a firm’s liabilities or assets under custody grow, so too does its loss-absorbing capital.
  • Fixed overheads requirement: In addition, firms must maintain capital to cover ongoing fixed costs. The FCA will require a buffer equal to one quarter of the firm’s annual fixed overhead expenses (i.e. 3 months of operating costs). This Fixed Overheads Requirement (FOR) is a cross-sector measure (to be added to COREPRU) ensuring a firm can wind down in an orderly way or withstand short-term shocks. The FOR acts as a floor tied to the firm’s size; if a crypto firm’s expense base grows, its FOR capital must be recalculated and increased accordingly.
  • Liquidity & concentration risk: Alongside capital, the prudential regime will impose liquidity requirements. Firms will need to hold a minimum pool of liquid assets (cash or high-quality liquid securities) to meet short-term obligations – referred to as a Basic Liquid Assets Requirement (analogous to liquidity coverage in other regimes). Also, rules on concentration risk will limit over-exposure to any single counterparty or asset, preventing firms from, for example, putting all their reserves in one bank or one type of asset . These measures further bolster resilience by ensuring firms have cash on hand and are not unduly exposed to a single point of failure.
  • Planned ICARA process: The FCA signaled that a fuller Internal Capital Adequacy and Risk Assessment (ICARA) will be introduced in a later phase of the crypto regime. In DP23/4, the FCA floated the idea of requiring crypto firms to conduct ICAAP-style self-assessments of risks and capital needs. For now, CP25/15 focuses on firm-wide minimum requirements, but an ICARA (similar to what MIFID investment firms do) is expected to follow in a subsequent consultation. This staged approach means firms should prepare for eventual obligations to regularly evaluate their specific risks (beyond the minimum formulas) and hold additional capital or liquid resources if their own risk profile warrants it.
  • Interaction with MIFIDPRU: The FCA confirms there “may be instances where a CRYPTOPRU firm is subject to other prudential requirements in our handbook, when they are conducting other relevant activities that bring them into scope of those rules. For example, a qualifying cryptoasset custodian may also be conducting investment business in the traditional finance space as a MIFIDPRU investment firm. This would bring them into scope of both MIFIDPRU and CRYPTOPRU/COREPRU. Further detail on the potential interaction, will be released in the FCA’s follow-up consultation later this year/early next year.

What should firms be thinking about doing now?

  • Stablecoin issuers – prepare reserve management: Prospective stablecoin issuers should start aligning their reserve management with the proposed FCA rules, ensuring reserves consist only of eligible high-quality assets and are held in a statutory trust with an independent custodian. Issuers must also implement daily reserve reconciliations and develop automated, seamless redemption processes to guarantee prompt payouts and maintain customer trust.
  • Crypto custodians – enhance safeguarding controls: Crypto custodians should audit and strengthen their safeguarding controls by segregating client assets, maintaining robust record-keeping, and establishing regular reconciliation routines to quickly identify and resolve discrepancies. Management should designate responsible safeguarding officers, invest in enhanced key security and disaster recovery, and ensure all third-party providers are thoroughly vetted.
  • Assess capital needs early: Both stablecoin issuers and custodians should assess their current capital positions against the new minimum requirements and calculate additional capital needed for K-factors and fixed overheads. Firms must plan to address any capital shortfalls well before 2026, considering strategies such as raising equity or retaining earnings, and should prepare for potentially higher requirements following future risk assessments.

Timeline & next steps

  • Open until July 31, 2025. Firms are encouraged to provide feedback.
  • Final rules expected in 2026, following enabling legislation and further coordination.
  • The regime is likely to go live in 2026, with a possible transition period for existing firms.

Etay Katz is a senior partner, Sid Ulker, counsel, and Jamie Jefferson Ng is a senior associate, in the financial regulation practice at Ashurt.

Other authors: Jake Green partner; Tim Cant, partner; Bradley Rice, partner; Max Savoie, Partner and Simon Williams, Counsel (REACH).

, , , , , , , ,

You may also like