top of page

The Crypto Series (Pt 1) - CP25/40: FCA Proposes Full Regulation of Core Cryptoasset Activities - What Firms Seeking UK Authorisation Need to Know.

  • Writer: Andrew Arginovski
    Andrew Arginovski
  • 1 day ago
  • 5 min read

The UK is entering a decisive phase in the regulation of cryptoassets. In Consultation Paper CP25/40, the Financial Conduct Authority sets out its proposed rules and guidance for a wide range of cryptoasset activities that will, for the first time, fall squarely within the UK’s financial services regulatory perimeter.


For firms considering FCA authorisation, this consultation is not simply an incremental change. It represents a fundamental shift in how crypto businesses are expected to operate in the UK: from lightly supervised, registration-based entities to fully authorised, prudentially regulated financial services firms.


This blog focuses on the elements of CP25/40 that are most relevant to firms assessing whether, how, and when to seek authorisation.


From AML Registration to Full Regulatory Authorisation


CP25/40 confirms that once the Financial Services and Markets Act 2000 (Cryptoassets) Regulations come into force, firms carrying on certain cryptoasset activities by way of business in the UK will require Part 4A authorisation.


The activities brought into scope include:

  • Operating a cryptoasset trading platform (CATP)

  • Dealing in qualifying cryptoassets as principal or agent

  • Arranging deals in qualifying cryptoassets

  • Cryptoasset lending and borrowing

  • Cryptoasset staking

  • Certain decentralised finance (DeFi) activities where control or economic benefit exists


This marks the end of the current position where many crypto firms could operate in the UK with little more than an AML registration. Going forward, firms will need to meet the FCA’s Threshold Conditions, demonstrate appropriate governance, and maintain ongoing compliance with FCA Handbook requirements.


For prospective applicants, this means that authorisation strategy must now be central to commercial planning, not an afterthought.


Territorial Scope and Overseas Firms


CP25/40 makes clear that the FCA’s focus is not limited to UK-incorporated entities. Overseas firms will fall within scope where they are deemed to be carrying on regulated cryptoasset activities in the UK or with UK clients.


The FCA recognises the global nature of crypto markets and is prepared to authorise international firms, but only where the structure allows for effective supervision. This may involve:

  • A UK subsidiary

  • In some cases, a combination of a UK entity and a UK branch

  • Clear allocation of responsibilities and accountability


For overseas groups, the key issue will be whether their proposed structure provides the FCA with sufficient regulatory oversight, enforcement reach and consumer protection.


Cryptoasset Trading Platforms: Elevated Regulatory Expectations


Cryptoasset Trading Platforms are placed at the centre of the proposed regulatory framework. The FCA views CATPs as critical market infrastructure that directly influence price formation, market integrity and consumer outcomes.


As a result, CATP operators will be subject to extensive conduct and operational requirements. These include obligations to ensure:

  • Fair, orderly and non-discriminatory access to trading

  • Robust systems to support orderly markets and reliable price formation

  • Effective management of operational and technology risks

  • Appropriate controls to prevent market abuse

  • Transparent reporting and record-keeping


CATPs are no longer treated as neutral venues. Instead, they are expected to actively shape market quality and protect participants.


Conflicts of Interest and Principal Trading


One of the most closely watched aspects of CP25/40 is the FCA’s revised position on conflicts of interest. Earlier policy proposals suggested strict prohibitions on CATPs engaging in principal trading or allowing group affiliates to trade on their platforms.


In CP25/40, the FCA adopts a more pragmatic approach. It proposes to:

  • Permit limited principal trading by CATP operators

  • Allow group affiliates to trade on the platform


However, this flexibility comes with significant expectations. Firms must be able to demonstrate:

  • Clear identification of conflicts

  • Robust mitigation measures

  • Transparent disclosure

  • Governance arrangements that prevent unfair market outcomes


For firms seeking authorisation, conflicts management will be a key area of supervisory focus, particularly where group structures are complex.


Retail Market Access and Consumer Protection


Retail consumer protection is a recurring theme throughout CP25/40. The FCA proposes a framework in which UK retail clients will generally only be able to access cryptoassets that:

  • Are admitted to trading on a UK-authorised CATP, and

  • Are supported by compliant disclosures under the Admissions and Disclosures regime


Intermediaries dealing with retail clients will face additional obligations to ensure that disclosures are made available and that clients understand the nature and risks of cryptoassets.


While full Consumer Duty requirements will be consulted on separately, CP25/40 leaves little doubt about the FCA’s direction of travel. Firms that serve retail clients will be expected to demonstrate:

  • Fair value outcomes

  • Clear, non-misleading communications

  • Products that are designed with consumer understanding in mind


Firms considering authorisation should therefore assess early on whether a retail-facing model is commercially and operationally viable under the new regime.


Intermediaries: Alignment With Traditional Conduct Standards


Crypto intermediaries will be brought much closer to the regulatory expectations applied to traditional investment firms. While the FCA recognises the differences between cryptoassets and traditional instruments, it applies the principle of “same risk, same regulatory outcome” where appropriate.


Intermediaries will be expected to:

  • Act in the best interests of clients

  • Manage conflicts of interest

  • Provide appropriate disclosures

  • Maintain systems and controls


In practice, many firms will find that compliance expectations begin to resemble elements of the Conduct of Business Sourcebook (COBS), even before formal COBS application.


Lending, Borrowing, and Staking: Heightened Scrutiny


CP25/40 makes clear that cryptoasset lending, borrowing and staking are viewed as high-risk activities, particularly where retail clients are involved.


The FCA identifies several risk drivers:

  • Complex product structures

  • Custody and counterparty risk

  • Liquidity risk

  • Conflicts between firms and users

  • Poor consumer understanding of how returns are generated


As a result, firms offering these services should expect:

  • Full authorisation requirements

  • Enhanced governance expectations

  • Detailed disclosures

  • Prudential capital obligations (as set out in CP25/42)


Decentralised Finance: Substance Over Form


The FCA does not attempt to regulate decentralised protocols directly. However, CP25/40 makes it clear that decentralisation alone will not remove an activity from the regulatory perimeter.


Where an identifiable person or entity:

  • Exercises control over a protocol,

  • Maintains or operates it, or

  • Receives ongoing economic benefit,


the FCA is likely to treat that person or entity as carrying on a regulated activity.


This “substance over form” approach means that firms relying on DeFi narratives must carefully assess whether their activities genuinely sit outside the FCA’s control-based perimeter.


What This Blog Does Not Cover


This article focuses on the strategic and authorisation-critical implications of CP25/40 for crypto firms considering entry into the UK regulatory regime. It is not intended to provide a line-by-line summary of every operational requirement in the consultation.


In particular, this blog does not cover in detail:

  • The full operational rule set for cryptoasset trading platforms, including non-discretionary matching rules, market-making arrangements, algorithmic trading controls, trading halts and platform rule enforcement

  • The FCA’s proposed pre- and post-trade transparency, transaction record-keeping and client reporting requirements

  • The detailed best execution framework and pricing obligations that will apply to cryptoasset intermediaries

  • Settlement arrangements, including internal versus external settlement models and their interaction with future safeguarding rules

  • Personal account dealing requirements, which will replicate the substance of existing COBS rules in the new CRYPTO sourcebook

  • The proposed supervisory metrics and how success of the regime will be measured over time


These areas are highly technical and will require careful interpretation and implementation by firms seeking authorisation. They are also closely interconnected with proposals in other consultation papers, including CP25/41 (Admissions, Disclosures and Market Abuse), CP25/42 (Prudential Requirements), and forthcoming consultations on Consumer Duty, COBS and safeguarding.


Firms considering FCA authorisation should treat CP25/40 as part of a wider regulatory package and ensure they assess their readiness across governance, conduct, prudential and operational dimensions.


 
 
bottom of page