The Financial Conduct Authority has set out landmark rules for UK cryptoasset businesses, introducing financial resilience, market integrity, and stablecoin standards before the new mandatory regime comes into force in October 2027.
The framework will apply to companies supporting consumers and businesses to buy, trade, hold, or use crypto. Trading platforms, intermediaries, custodians, stablecoin issuers, and companies arranging staking will need FCA authorisation to operate in the UK once the regime begins.
All authorised crypto businesses will need to meet financial resilience requirements, including capital and stress testing. The regulator is also introducing market integrity rules covering insider trading, market manipulation, and other conduct risks that have long been associated with fragmented and lightly regulated crypto markets.
Stablecoins will face specific standards because of their potential use in payments, settlement, and digital commerce. These assets, which are designed to maintain a stable value by reference to a currency such as sterling, will be subject to rules intended to support trust in how they are issued, managed, and redeemed.
Following consultation, the FCA has simplified parts of the regime, including capital requirements for stablecoin companies and trading rules intended to better reflect how crypto markets operate. The regulator said it drew on international best practice and applied established financial services standards where comparable risks exist, including the Consumer Duty.
David Geale, executive director of payments and digital finance at the FCA, said: “This is a significant moment for crypto regulation in the UK. We’ve created a framework that doesn’t force firms to choose between regulatory certainty and room to innovate — this regime means they can have both in a stable, competitive home to build and grow. For consumers, it means firms will be held to similar standards to other financial providers, though we can’t regulate away risk.”
Legislation passed in February brought cryptoassets into the FCA’s remit, creating one of the most significant expansions of the regulator’s oversight in recent years. Until the new rules begin in October 2027, FCA oversight will remain limited to financial promotions and anti-money laundering controls.
The authorisation gateway will open on 30 September 2026 and close on 28 February 2027. The FCA is encouraging companies to begin preparing now and to use pre-application support meetings from July. A further policy statement in September will set out how the regulatory perimeter applies to cryptoasset activities.
The regime replaces partial oversight with a fuller conduct and prudential framework. Crypto companies used to lighter supervisory touchpoints will need to show they can meet standards closer to those applied across mainstream financial services. That will require capital planning, governance, risk management, control documentation, board oversight, operational resilience, custody controls, and customer communications that can withstand regulatory scrutiny.
The authorisation process is likely to become a strategic filter. Companies that can evidence systems, controls, senior accountability, and financial resilience will have a clearer route into the regulated UK market. Those that cannot may need to restructure, leave the UK market, or operate outside the regulated perimeter.
Stablecoin standards are likely to draw particular scrutiny. Although many cryptoassets remain speculative, stablecoins sit closer to payment and treasury use cases. If tokenised money is used for cross-border settlement, platform commerce, loyalty mechanisms, or business-to-business payments, the reliability of reserve arrangements, redemption rights, liquidity, and operational controls becomes central to confidence.
The FCA’s reference to the Consumer Duty places crypto inside a wider UK conduct-regulation landscape in which proportionality, product design, customer understanding, and foreseeable harm are now central supervisory themes. The same tension is visible in the FCA’s proposed Consumer Duty scope changes, where regulated companies are seeking clearer boundaries while the regulator tries to preserve customer protection.
Market integrity will be difficult to supervise because crypto markets trade globally, around the clock, and across venues with different levels of transparency. Monitoring manipulation, wash trading, insider dealing, and information asymmetry will require strong surveillance systems and cooperation between regulators and exchanges. Companies seeking UK authorisation will need to show they can manage conduct risk in markets that often extend beyond a single jurisdiction.
Custody will carry equal weight. Crypto failures have repeatedly exposed weaknesses in ownership records, segregation, private key controls, recovery planning, and insolvency arrangements. The FCA’s authorisation process will therefore need to examine technology architecture, legal clarity, insurance, operational control, resilience testing, and accountability for customer assets.
The regime lands as the UK seeks to build a credible digital assets market without importing the weaknesses that have damaged trust in parts of crypto finance. A regulated market could support tokenised assets, payments innovation, market infrastructure, and new forms of settlement. Weak oversight would expose customers and counterparties to avoidable losses and undermine the same innovation the framework is intended to support.
The timetable gives crypto companies a defined runway. By autumn, they should have more clarity on the perimeter. By early 2027, authorisation applications will need to be in train. By October 2027, operating in the UK will require a licence. The companies best placed for that deadline will spend the next year strengthening governance, capital, controls, and customer trust rather than treating authorisation as a paperwork exercise.




You must be logged in to post a comment.