Key takeaways from FCA Consultation Paper 25/42 – A prudential regime for cryptoasset firms

The Consultation Paper sets out the FCA’s proposed prudential requirements for all new cryptoasset regulated activities that are being introduced by the UK government under the Cryptoasset Regulation published on 15 December 2025 (see here for further information on the Statutory Instrument laid before Parliament).

For a regulated firm, prudential requirements are those relating to the firm’s financial resources, systems and controls and governance arrangements.

The main areas covered in the Consultation Paper are summarised below. If you have any specific questions or concerns in relation to this Consultation Paper or any other aspect of the UK's cryptoasset regulatory regime, please reach out to the Hogan Lovells team.

Background

In May 2025, the FCA published CP25/15, which proposed a prudential regime for issuing qualifying stablecoins and safeguarding qualifying cryptoassets. The new Consultation Paper extends the scope of the prudential regime to the remaining cryptoasset activities, in particular operating a qualifying cryptoasset trading platform (CATP), staking, arranging deals, dealing as agent and dealing as principal in qualifying cryptoassets. The activity of dealing as principal includes firms that offer lending and borrowing products. The Consultation Paper also addresses certain issues that had been deferred from CP25/15. The draft rules that are attached to the new Consultation Paper cover the whole of the proposed prudential regime for cryptoasset firms.

Financial resources

The financial resource requirements for a cryptoasset firm will follow a similar approach to those for investment firms that provide services in relation to traditional investments.

Like investment firms, cryptoasset firms will be required to calculate an “own funds requirement” (OFR) – that is, a minimum amount of capital that it will be required to maintain at all times. The firm will then be required to hold “own funds” to meet those capital requirements – particularly, in the form of share capital and capital from other eligible instruments.

There are detailed rules behind the calculation of the OFR set out in the Consultation Paper. In summary, the OFR for a cryptoasset firm will be the highest of the following three figures:

(1) Permanent Minimum Requirement (PMR)

This is a base level which applies to all firms. The exact amount of the PMR for each firm depends on the cryptoasset services and activities that it has permission to undertake. The amounts range from £75,000 (for firms with the lowest risk profiles, such as those who arrange deals in cryptoassets) to £750,000 (for firms with the highest risk profiles, such as those who deal in cryptoassets as principal). The PMR for a firm operating a CATP will be £150,000.

(2) Fixed Overhead Requirement (FOR)

The FOR is one quarter of a firm’s relevant expenditure, before distribution of profits, during the preceding year. There are detailed rules about how this amount is calculated set out in the Consultation Paper.

(3) K-Factor Requirements (KFRs)

“K-factors” are a series of requirements which are calculated separately to reflect particular risks that arise in a cryptoasset firm's business. The same approach is proposed as currently applies for investment firms. By way of example, an investment firm that manages assets has a K-factor relating to its assets under management (AUM) (calculated as being 0.2% of the firm’s average AUM). There are different K-factors applicable to different situations, including in relation to client money held, assets safeguarded and administered, client orders handled, net position risk and trading counterparty default.

The Consultation Paper sets out a number of K-factors that relate specifically to cryptoasset activities, including for:

• client cryptoasset orders;
• cryptoasset trading flow;
• cryptoassets staked; and
• net position exposures and concentration / counterparty default risk – which will apply to cryptoasset firms that take trading positions.

By way of example, the K-factor requirement for client cryptoasset orders (K-CCO) will be 0.1% of the average of such cryptoasset orders, whilst the K-factor requirement for clients’ cryptoassets staked (K-CCS) is 0.04% of the average amount of clients’ cryptoassets staked.

In relation to cryptoasset counterparty default (K-CCD), the Consultation Paper proposes a formula that includes an element which varies depending upon the nature of the counterparty. In that formula, a figure of 1.6% applies in the case of exposure to central governments and most types of regulated firms, rising to 83.33% applying in the case of exposure to retail clients. This reflects the idea expressed in CP25/40 that firms will not have recourse to retail clients beyond any collateral that has actually been received from those clients. The K-factor for cryptoasset firms with retail clients will therefore be considerably higher than those for cryptoasset firms with institutional clients.

Overall risk assessment

The FCA proposes to require cryptoasset firms to conduct a prudential assessment on an ongoing basis, similar to the internal capital adequacy and risk assessment (ICARA) exercise that investment firms are currently required to undertake.

Under the Consultation Paper, the proposed overall risk assessment is the collective term for the internal systems and controls that a cryptoasset firm must implement on an ongoing basis. The assessment should identify, monitor and, if proportionate, mitigate all risks from the operation or winding down of its business that may cause material harm.

As part of the overall risk assessment, a cryptoasset firm should:

• Identify and monitor risks: implement systems and controls to identify and monitor all risks that may cause harm to clients, counterparties and markets.
• Undertake risk mitigation: consider and implement appropriate financial and non-financial mitigants to minimise the likelihood of crystallisation and/or the impact of identified risks that may cause material harm.

The Consultation Paper proposes that cryptoasset firms should also:

• Undertake business model assessment, planning and forecasting: The Consultation Paper suggests that it is not enough for a cryptoasset firm to only consider the impact of a business model and strategy on its current and future cash-generative powers. It should also identify misalignments between the business model and the interests of clients and the wider market.

Cryptoasset firms will therefore be required to conduct a forward-looking assessment of capital and liquidity requirements as part of business, capital and liquid assets planning, which must include an assessment of how severe, but plausible, economic or idiosyncratic stress could affect its ability to meet the firms’ overall financial adequacy rule (OFAR). The firm should also consider reverse-stress testing.

• Undertake recovery action planning: All cryptoasset firms will be expected to do some form of recovery planning. This should identify quantitative and, if appropriate, qualitative indicators that provide an early signal that the firm is running into capital, liquidity or funding difficulties. It also includes setting out credible management actions the firm will take in such situations, as well as the firm’s wider governance arrangements for executing the recovery action.
• Undertake wind down planning: Through a wind-down plan, a cryptoasset firm will be required to:
  • identify the steps and resources needed to ensure it can wind down without causing material harm and can terminate its business over a realistic timescale;
  • evaluate the risks arising from winding down and actions required to mitigate these risks; and
  • apply consistent assumptions between these steps and other elements of the overall risk assessment, including business model forecasting and scenarios.
• Assess the adequacy of own funds and liquidity requirements: When determining an appropriate level of overall own funds and liquid assets, cryptoasset firm will be required to consider the extent to which any residual risk that may cause material harm is covered by its own funds requirements, basic liquid asset requirement, and any sectoral liquidity requirement.
• Hold sufficient liquid assets: Cryptoasset firms will be subject to a basic liquid assets requirement (BLAR), under which each firm must hold a minimum amount of core liquid assets that will allow it to begin wind-down without causing material harm. An issuer of qualifying stablecoins will also be subject to an issuer liquid asset requirement (ILAR), which is intended to ensure that the firm can supplement the backing pool using its own liquidity in the required timeframe.
• Reviewing and documenting the overall risk assessment: All cryptoasset firms will be required to review their overall risk assessment at least once every 12 months (or immediately after a material change to their business model or operating model). Firms will be required to keep records of each such assessment for 3 years.

The position is more complicated for a firm that performs both cryptoasset activities and provides investment services, and also for groups of companies that include both cryptoasset firms and firms authorised to perform other regulated activities. The Consultation Paper contains information on how the respective prudential regimes will interact with each other, including how firms should be able to avoid duplicating elements of the two regimes, and how groups should approach the new obligations.

Public disclosure of prudential information

The FCA is proposing to introduce a tailored public disclosure framework for cryptoasset firms. This framework is designed to ensure there is transparency around firms’ prudential position and risk management practices.

The disclosure requirements aim to support market discipline by enabling stakeholders, including clients, counterparties and regulators, to assess the prudential soundness of cryptoasset firms. These requirements apply to all cryptoasset firms on an individual basis. They must be complied with at least annually, either at the time of publishing annual financial statements or, where these are not published, on the date on which a firm submits its confirmation statement to Companies House.

The proposals require firms to publicly disclose certain information on the following areas:

• Risk management: a concise statement approved by the firm’s governing body describing key risks and any potential material harm associated with the firm’s business strategy and operating model.
• Own funds: A breakdown of the composition of the capital that the firm is using to satisfy its own funds requirement, and a reconciliation of this with the capital recorded in the firm’s audited balance sheet.
• Own funds requirements: The funds requirements for the firm, including the PMR, FOR and KFR (identifying which K-factors apply).
• Group arrangements: For firms that are part of a group - Its membership of the group, the financial exposure to other group members or any indirect financial exposure and the additional own funds or liquid assets held to address group-related harms identified in the overall risk assessment.

Authored by John Salmon, Lavan Thasarathakumar, Dominic Hill and James Sharp.