Panoramic: Automotive and Mobility 2025
Insights and Analysis
UK: FCA consults on applying existing rules to cryptoasset firms
19 September 2025
The Financial Conduct Authority (“FCA”) is seeking feedback on the application of existing rules in the FCA Handbook to future regulated cryptoasset firms.
On 17 September 2025, the FCA published a consultation paper (CP25/25) (the “CP”) on the application of existing FCA Handbook rules to cryptoasset firms that will be regulated under the incoming regime in accordance with the draft statutory instrument (the “SI”) published earlier this year (see our previous article here).
In terms of its overarching approach, the FCA intends to apply the majority of existing FCA Handbook rules and guidance to cryptoasset firms in a similar way as how those rules apply to traditional providers of investment services such as brokers, dealers and investment intermediaries.
At a glance, the CP covers:
- Consultation proposals (Chapters 1-5 of the CP) on the application of rules and guidance from cross-cutting FCA Handbook areas to cryptoasset firms, such as the Principles for Business (PRIN), Senior Management Arrangements, Systems and Controls (SYSC), etc. as well as non-Handbook guidance on operational resilience—the FCA is seeking feedback on consultation proposals by 12 November 2025; and
- Discussion elements (Chapters 6-7 of the CP) in relation to the application of the Consumer Duty, conduct of business and product governance sourcebooks to cryptoasset firms, as well as access to the Financial Ombudsman Service—the FCA is seeking feedback on discussion elements by 15 October 2025.
Read on for a breakdown of the key components of the CP.
Chapter 1
Consultation proposals
High Level Standards and supervision
The FCA intends to apply the High Level Standards (with adjustments) to cryptoasset firms. These include the Threshold Conditions (COND), Principles for Business (PRIN), General Provisions (GEN) and Supervision (SUP) Sourcebooks, which set out fundamental obligations applicable to all FCA authorised firms.
In relation to PRIN specifically, where there are requirements on firms for their customers, the FCA proposes that the definitions of ‘customer' and ‘client' will include a holder of a qualifying stablecoin.
The FCA also proposes disapplying certain Principles in relation to cryptoasset trading platforms (“CATPs”) in certain circumstances — for example Principle 6 (Customers' interests) and Principle 9 (Customers: relationships of trust) will not apply to an operator of a CATP for professional clients. CATPs will, however, be subject to some of the Principles when dealing with retail investors.
Senior Management Arrangements, System and Controls (“SYSC”)
The FCA proposes to apply SYSC and related sourcebooks to cryptoasset firms in a similar manner to other FCA-regulated firms, including:
- Code of Conduct (COCON)
- Fit and Proper Test (FIT)
- Senior Managers and Certification Regime (SM&CR), in particular SUP 10C
- Financial Crime guidance and reviews (FCG and FCTR)
The FCA intends to apply the following parts of SYSC to cryptoasset firms.
| SYSC 1 | Application and purpose |
| SYSC 4 | General organisational requirements |
| SYSC 5 | Employees, agents and other relevant persons – which will include specific requirements relating to training and competence |
| SYSC 6 | Compliance, internal audit and financial crime |
| SYSC 7 | Risk control |
| SYSC 9 | Record keeping |
| SYSC 10 | Conflicts of interest |
| SYSC 18 | Whistleblowing |
SYSC 8 (outsourcings) is not expressly included, but the CP says that outsourcings will be covered in the part of the CP dealing with operational resilience (see further below).
In relation to SYSC 10, the FCA notes that due to specific conflicts of interest risk arising from business models in the cryptoasset market (e.g. vertical integration), it intends to consult separately in late 2025 on the conflicts position.
The FCA also intends to apply SM&CR to all firms carrying out cryptoasset activities. Among other things, the FCA welcomes feedback on how to ensure the regime applies proportionately to cryptoasset firms based on size and complexity, noting that SM&CR rules apply differently depending on the tier a firm falls in (i.e. Limited, Core or Enhanced firms).
In relation to financial crime, the FCA intends to apply the same rules in place for other FSMA authorised firms to cryptoasset firms, including the rules and guidance under SYSC 6, FCG and FCTR.
All cryptoasset firms are expected to fall in scope of the operational resilience framework set out in the FCA Handbook (primarily, SYSC 15A). The CP highlights the FCA's expectations on firms to have a comprehending understanding and mapping of its resources underpinning important business services, and strong cyber resilience measures. A UK branch of an overseas firm would not be in scope of SYSC 15A.
Notably, the CP also clarifies that use of permissionless DLTs would not be considered an outsourcing arrangement under SYSC 8.1.1R. The FCA will further consult in Q1/Q2 of 2026 on non-Handbook guidance on the use of DLTs to provide greater clarity on their implications for operational resilience.
Operational resilience (non-Handbook guidance)
In a separate chapter of the CP, the FCA sets out further guidance for cryptoasset firms to help them implement operational resilience requirements within the Handbook (e.g. SYSC 15A on operational resilience and SYSC 8 on outsourcing), with reference to cryptoasset-specific considerations such as: private key security and validator risks; use of critical third-party services such as DLT providers (including permissionless DLTs); and blockchain forks in the context of communication strategies to manage operational disruptions.
The guidance helpfully sets out hypothetical examples of how various Handbook requirements—e.g. undertaking mapping exercises, identifying important business services (“IBS”), setting impact tolerances, and testing disruption scenarios—may apply to different kinds of cryptoasset firms.
For instance, the FCA provides an example of a qualifying stablecoin issuer which has the technical ability to freeze stablecoins (e.g. if stolen or linked to illicit activity), thus improving security and general compliance. In another example, the FCA posits that where a firm provides custodial staking services, an operation of validator nodes could be identified as an IBS.
The guidance notes that where a cryptoasset firm relies on decentralised third party providers and/or does not have direct contractual agreements in place in relation to a service (e.g. decentralised protocols), the firm should strengthen its internal controls and monitoring beyond traditional means, such as via enhanced transaction monitoring across on-chain and off-chain activities, stress-testing node connectivity and performing regular independent audits of smart contracts.
The FCA seeks feedback on whether stakeholders agree with the guidance set out in the CP and whether the FCA could provide clearer or better tailored examples.
Business Standards: Environmental, Social and Governance (“ESG”) Sourcebook
The FCA proposes to apply the ESG Sourcebook to cryptoasset firms in the same way as other FSMA authorised firms. For example, cryptoasset firms will be required to ensure that any claims about sustainability characteristics of its products are fair, clear and not misleading (ESG 4.3.1R).
The FCA does not propose to introduce new climate-related or sustainability disclosures for cryptoasset firms, particularly in light of the difficulties in obtaining sustainability data in this nascent market.
Chapter 2
Discussion elements
Consumer Duty
The Consumer Duty requires firms to comply with high standards of retail consumer protection. In relation to the application of the Consumer Duty to cryptoasset firms, the FCA is considering two options:
- Option 1: To apply the Consumer Duty, supplemented by sector-specific guidance where needed, or
- Option 2: Not to apply the Consumer Duty, but to introduce rules that would achieve an appropriate standard of consumer protection for regulated cryptoasset activities.
A benefit of Option 1 is that the Consumer Duty provides an established framework and baseline of consumer protections, while allowing for the development of sector-specific guidance due to its flexible, outcomes-focused nature. That said, the FCA also considers that certain aspects of the Consumer Duty may be challenging for to apply in the context of cryptoasset activities – for example, with regards to the requirement on firms to provide “fair value” to retail customers, it may be difficult to assess fair value given the inherently volatile value of many cryptoasset products.
Option 2 could arguably introduce more clarity by implementing sector-relevant rules.
The FCA is also considering whether or not to introduce bespoke rules and guidance within the admissions and disclosures (“A&D”) regime (with a focus on consumer understanding) in addition to the Consumer Duty—it considers this to be an effective way to reinforce consumer protection.
Access to the Financial Ombudsman Service (“FOS”)
The FCA invites discussion on whether customers should be able to bring complaints to the FOS where a cryptoasset firm is unable to resolve a complaint. Key benefits of this approach would to increase confidence in the market and to ensure consistency between cryptoasset and other similarly regulated activities.
The FCA intends to consult on applying its complaint handling rules in Dispute Resolution: Complaints Sourcebook (“DISP 1 rules”) to cryptoasset activities (with potential amendments) later this year, once it has finalised its position on access to the FOS. This is because DISP 1 rules are interdependent with the rules that outline the circumstances in which a complaint can be referred to the FOS.
The FCA also notes it will consider whether the Financial Services and Compensation Scheme (FSCS) protection should be extended to apply to newly regulated cryptoasset activities, and will consult upon this in the future.
Conduct of Business Sourcebook (“COBS”)
The FCA is considering applying the majority of the requirements under COBS to cryptoasset firms.
The CP discusses the application of various COBS chapters (with some exceptions or adjustments) to cryptoasset firms. Notably, in relation to COBS 4 (Communicating with clients, including financial promotions) the FCA states that it is considering the current classification of qualifying cryptoassets as Restricted Mass Market Investments (RMMI) and considering whether to take UK-issued qualifying stablecoins outside the RMMI definition. This would reflect their lower risk profile compared to other types of cryptoassets, and would facilitate payment use cases of such stablecoins. The FCA is also considering whether financial promotions for stablecoins issued by a non-UK authorised entity should incorporate additional risk warnings.
The FCA proposes not to apply certain sections of COBS which cover activities that do not have a cryptoasset-equivalent, or are not appropriate for cryptoasset markets (e.g. rules on cancellation rights in COBS 15).
Product Intervention and Product Governance Sourcebook (“PROD”)
Although the FCA expects cryptoasset firms to maintain effective governance throughout the product and service lifecycle, it is considering not applying existing PROD provisions to cryptoasset firms.
Instead, the FCA is welcoming feedback on whether the Consumer Duty (supplemented with guidance) is sufficient to meet the FCA’s intended product governance outcomes, or if further rules or guidance is needed.
Authored by Christina Wu and Dominic Hill.
Next steps
As mentioned above, the FCA is welcoming feedback on the proposals in the CP by:
- 15 October 2025 for discussion elements (Chapters 6-7)
- 12 November 2025 for consultation proposals (Chapters 1-5)
Interested stakeholders may submit responses via the online forms or by writing to the FCA. Please reach out to the Hogan Lovells team if you would like assistance with your submission.
In accordance with the FCA’s roadmap, the FCA expects to publish a number of consultations throughout 2025 and in Q1 2026, with the aim to publish final rules with accompanying policy statements in 2026.
For more information, please get in touch with a member of the team and visit our Hogan Lovells Digital Assets and Blockchain Hub.
This article is for guidance only and is a non-exhaustive summary only of certain aspects of the points discussed and should not be relied on as legal advice in relation to a particular transaction or situation.
Contacts
Articles you may be interested in
View more insights and analysis
