The Crypto Series (Pt 3) - CP24/42: What the Prudential Regime for Cryptoasset Firms Will Look Like

As the UK completes its transition from a registration-based crypto regime to full financial services regulation, prudential requirements sit at the centre of the new framework.

In Consultation Paper CP25/42, the FCA sets out how cryptoasset firms will be expected to hold capital, manage financial risk, and plan for stress and failure once authorised. This consultation completes the regulatory picture alongside CP25/40 (regulated activities and conduct) and CP25/41 (admissions, disclosures and market abuse).

For firms considering FCA authorisation, CP25/42 is critical. It determines whether a firm is financially credible enough to be authorised in the first place, and whether it can remain authorised over time.

Why A Prudential Regime for Crypto

The FCA’s starting point is clear: cryptoasset firms can cause significant harm when they fail, particularly where client assets, retail exposure or market infrastructure are involved. The absence of prudential standards has historically led to disorderly failures, consumer losses and market disruption.

CP25/42 is designed to address this by ensuring that authorised crypto firms:

• Hold sufficient own funds and liquid assets

• Understand and actively manage their risks

• Can absorb shocks and wind down in an orderly manner

• Are less likely to fail suddenly or contagiously

The FCA is explicit that regulation cannot eliminate all crypto risks, but it can ensure firms operate with baseline financial resilience comparable to other regulated financial institutions.

A Prudential Framework Aligned With Traditional Finance

Rather than creating a standalone crypto regime, the FCA anchors its proposals in familiar territory. CP25/42 builds on the framework introduced in CP25/15 and establishes two prudential sourcebooks:

• COREPRU, setting cross-sector baseline prudential requirements

• CRYPTOPRU, containing cryptoasset-specific prudential rules

This structure closely mirrors the Investment Firm Prudential Regime (MIFIDPRU). The message is clear: crypto firms are being integrated into the UK’s existing prudential architecture, not treated as experimental outliers.

For firms already subject to other prudential regimes, CP25/42 explains how COREPRU and CRYPTOPRU will interact to avoid double-counting while still capturing crypto-specific risks.

Own Funds Requirements: The Minimum Financial Baseline

At the heart of CP25/42 is the own funds requirement (OFR). This represents the minimum level of regulatory capital a cryptoasset firm must maintain at all times.

The OFR is the highest of three components:

• The Permanent Minimum Requirement (PMR)

• The Fixed Overhead Requirement (FOR)

• The K-factor Requirement (KFR)

The PMR is activity-based and sets a hard floor for authorisation. The FCA proposes the following PMRs for activities covered by CP25/42:

• £75,000 for dealing as agent or arranging deals

• £150,000 for operating a cryptoasset trading platform or providing staking services

• £750,000 for dealing as principal (including crypto lending and borrowing)

Where a firm undertakes multiple activities, the highest applicable PMR applies.

For authorisation candidates, this means that capital planning is no longer optional or flexible. The FCA expects firms to demonstrate they can meet these requirements from day one.

Risk-Sensitive Capital Through K-Factors

Beyond fixed minimums, CP25/42 introduces a suite of K-factors designed to scale capital requirements in line with a firm’s actual risk profile.

These include:

• Operational risk K-factors linked to client orders, trading flow and staked assets

• Market risk requirements for firms trading cryptoassets in their own name

• Counterparty default risk requirements, particularly relevant to lending models

• Concentration risk requirements where exposures become excessive

The FCA explicitly aligns these K-factors with traditional finance equivalents, while adjusting calibrations to reflect cryptoasset volatility and operational fragility.

For firms offering lending, staking or principal trading, these requirements can materially exceed the PMR and will be a decisive factor in commercial viability.

The Overall Risk Assessment: Crypto's ICARA Equivalent

One of the most important elements of CP25/42 is the introduction of the Overall Risk Assessment (ORA). This replaces the ICARA process used for investment firms but serves a similar purpose.

The ORA is the FCA’s centrepiece for prudential supervision. It requires firms to:

• Identify and monitor all risks that could cause material harm

• Assess whether those risks are adequately mitigated

• Determine whether additional own funds or liquid assets are required

• Embed risk assessment into business model and strategic decision-making

For cryptoasset firms, the ORA must also explicitly address:

• Business model sustainability

• Capital and liquidity forecasting

• Stress testing and reverse stress testing

• Recovery actions

• Wind-down planning

The governing body must review and formally approve the ORA at least annually. This makes prudential risk a board-level responsibility, not a compliance afterthought.

Financial Adequacy, Recovery and Wind-Down

CP25/42 reinforces the FCA’s expectation that firms plan not only for success, but also for failure.

Firms must be able to demonstrate:

• How they would restore capital or liquidity if thresholds are threatened

• What credible recovery actions are available

• When recovery is no longer viable and wind-down should begin

• That sufficient financial resources exist to wind down without causing material harm

The FCA is explicit that firms unable to meet their own funds or liquid asset thresholds may be expected to initiate wind-down, and that failure to do so may trigger supervisory intervention.

For crypto firms accustomed to rapid growth and flexible balance sheets, this represents a significant cultural shift.

Prudential Disclosure and Supervisory Transparency

Authorised cryptoasset firms will be required to publicly disclose key prudential information, including:

• Own funds levels and composition

• Risk management approaches

• Key prudential metrics

These disclosures are intended to promote market discipline and allow stakeholders to assess a firm’s financial resilience. The FCA sees transparency as a feature of the regime, not a burden.

What This Blog Does Not Cover

This blog focuses on the strategic and authorisation-critical implications of CP25/42. It does not provide a detailed, rule-by-rule explanation of the prudential calculations.

In particular, it does not cover in detail:

• The precise mechanics of individual K-factor calculations

• Worked examples and calibration methodology

• Interaction with PRA-regulated entities

• Detailed regulatory reporting proposals

• Cost-benefit analysis and transitional arrangements

These areas will require tailored analysis during implementation.