Crypto View - September 2025

Firstly, welcome back to Crypto View! After a short hiatus – I’ve been away getting married and having a very busy summer – we are very much back to business, and what a way to return. The big news yesterday was the publication of CP25/25, which covers the Application of the FCA Handbook for Regulated Cryptoasset Activities under the future regulatory regime. We give our thoughts on this first. Following that, we’ll take a look through some of the consultations that were published over the summer, covering stablecoins, prudential requirements, custody, and the broader regulatory approach to crypto firms. Finally, there have been some interesting developments from a number of European regulators relating to licensing and structuring under MiCA.

Cryptoassets in the Handbook

While we have got very used to consultations from HMT and the FCA relating to cryptoassets in the UK over recent months and years, this is potentially one of the most significant for UK firms. CP25/5 outlines the approach that the FCA intends to take with regards to the day-to-day operation of cryptoasset firms that will be authorised in the UK under the future regime, by confirming which bits of its Handbook – the set of rules and principles that govern investment services in the UK – will apply to cryptoasset firms. The FCA’s general approach has been to apply the majority of existing Handbook rules and guidance to cryptoasset firms in the same way as to traditional finance firms. If this approach goes ahead, as we expect it will, it will mean a significant uplift in compliance for UK cryptoasset firms – substantially more than their peers in the EU under MICA. The process has been for the FCA to look at the existing set of rules and decide what should be disapplied, rather than looking at this from the opposite side and determining which rules in the Handbook are necessary to deal with actual harms.

The FCA does say that it wants the UK cryptoasset market to be competitive on the global stage and for a stable and proportionate regulatory framework to play a role in fostering an innovative cryptoasset sector in the UK, though when compared with peers across the channel, UK firms look like they will be subject to a far more onerous regime.

• High Level Standards
  The Threshold Conditions that determine what firms are able to be regulated by the FCA, including location of offices, having appropriate resources, being capable of effective supervision and having a suitable business model will apply in full.

  The Principles for Business will also generally apply though, in line with the approach for existing FSMA-authorised firms that only service institutional clients or professional clients, the intention is to disapply relevant parts of PRIN where firms deal with eligible counterparties. Similarly, just as Principles 1 (Integrity), 2 (Skill, care, and diligence), 6 (Customers’ interests) and 9 (relationships of trust) are not applicable to transactions on MTFs, the FCA has proposed to disapply these principles for transactions entered into on a Crypto Asset Trading Platform (CATP) by its members. Though CATPs will owe obligations to retail investors under PRIN, where applicable, in order to protect retail customers who have direct market access to CATPs in cryptoasset markets, which is typically not the case in other traditional finance sectors.

  Note that Principle 12 (Consumer Duty) is not being proposed to apply at this point as the FCA is not currently consulting on the application of the Consumer Duty.

  Interestingly, the FCA has suggested that the definition of customer and client in PRIN will include a holder of a qualifying stablecoin. Given that stablecoins can be freely traded without the issuer’s involvement, that could cause some unforeseen outcomes for issuers having duties to holders that they don’t even know exist, and don’t have a relationship with. There is definitely more to think about here.

  Other high level standards will apply in full, for example the requirements in GEN which prohibits firms from claiming or implying that the FCA has endorsed their business, outlines the steps firms should take when they cannot comply with FCA rules in an emergency, and confirms how firms need to describe their regulatory status.

• Operational Resilience
  A key focus on CP25/25 is operational resilience. Many firms will be familiar with DORA (as a result of the MiCA authorisation process), however the FCA’s operational resilience requirements under SYSC goes beyond DORA and applies general op-res requirements for the entire business (rather than just critical ICT services, as captured by DORA). While the FCA intends to implement SYSC to crypto firms in much the same way as in traditional finance, as operational and technological risks are common in both traditional financial firms and crypto firms, it notes that there are a number of unique characteristics of cryptoassets that introduce specific challenges. These include private key security risks, validator risks, code vulnerabilities and service disruptions.

  Under the SYSC rules, crypto firms are proposed to be classed as “other firms” rather than being subject to the same rules as banks and investment firms. This reduces the burden here and reflects the FCA’s view that crypto firms do not offer the same level of systemic risk here, which is a pragmatic and welcome position. Nevertheless, SYSC remains a significant compliance burden and will impact on many firms’ management, systems and controls. Firms that are unfamiliar with the UK’s operational resilience framework can review the FCA’s PS21/3.

• Senior Management
  The Senior Managers & Certification Regime is going to be applied in full to crypto. Again, this is not a surprise as the approach was suggested in previous Discussion Papers, this is the confirmation. The existing SM&CR is designed so the SMFs, categorisation criteria and certification functions are not sector specific, and as such, the intention is that the regime should remain relevant and applicable across different business models within financial services, while also remaining technologically agnostic, and so suitable for crypto firms. Most firms are anticipated to be “Core” firms and therefore attract the standard SM&CR requirements, with the criteria for “Enhanced” crypto firms is going to be subject to further consultation. Firms will be “required to allocate up to 6 Senior Management Functions […], depending on whether the SMFs are relevant to the Firm, and 5 Prescribed Responsibilities” – whilst this is not a target for all firms, clearly UK substance is, unsurprisingly, going to be really important. There is no proposal to introduce any SMFs or PRs specifically for SM&CR Core cryptoasset firms.

  If you would like to get ahead of the game, we have a sister publication, SMCR View, which covers developments with the regime, along with governance, whistle blowing, and other relevant news to assist in managing compliance.

• Financial Crime
  As you will be aware, UK crypto firms are already required to comply with the provisions of the MLRs, including demonstrating that they have adequate systems, controls, policies, and procedures in place to effectively manage the risks of money laundering, terrorist financing and proliferation financing in the cryptoasset market. The intention is that firms will continue to be subject to the MLRs, though will no longer be required to register separately to their authorisation under FSMA. Further, firms will be subject to the rules and guidance in SYSC 6 to ensure that they have adequate policies and procedures, including systems and controls to identify, assess, monitor and manage money laundering risks.

• ESG
  ESG requirements are given good, pragmatic treatment, with anti-greenwashing rules applying, but the FCA not following the highly ineffective MiCA climate disclosures requirements.

• Consumer Duty
  CP25/25 includes a discussion chapter on Consumer Duty and offers two options – 1: To apply the Duty, supplemented by sector-specific guidance where needed, or 2: Not to apply the Duty, but to introduce rules that would achieve an appropriate standard of consumer protection for regulated cryptoasset activities. This is a surprising development, and interesting as an approach as generally it was expected that there was no option to do something different in relation to the Duty. This could be reflective of the fact that the FCA is starting to row back on some aspects, and also that it might see doing something more bespoke as more effective than applying the broad Duty requirements. It will be interesting to see how the industry reacts to this choice – better the devil you know?

• Product governance
  While the FCA intends to implement some aspects of a product governance regime, it looks as though this will come under other areas of the Handbook – for example, the FCA suggests that it expects authorised cryptoasset firms – whether acting as manufacturers or distributors – to maintain effective governance throughout the product and service lifecycle, and ensure that products and services are designed and distributed to meet the needs of their target market. However, importantly the FCA has decided not to apply the existing PROD provisions, nor design a new chapter in the PROD sourcebook for firms that provide crypto products or services. This is a good, pragmatic approach to avoid the huge compliance burden that comes with a product governance process, which is likely not needed in any event given the already significant restrictions imposed on product development via the financial promotions regime.

• Conduct of Business
  There are a few limbs to the COBS rules in the Handbook, covering quite a broad range of areas. Firms will be familiar with the rules on FinProms already, having been subject to them since October 2023, and these will continue to apply, though with some proposed changes to certain stablecoins. In particular, the FCA is considering reclassifying UK-issued stablecoins so that they are no longer RMMIs, which would remove them from the FinProm restrictions under COBS. While this is welcome, we would suggest this is not nearly ambitious enough, and would not include EMTs issued by EU EMIs under MiCA, meaning that they would still be subject to the frictions, and would have to include an updated risk warning: “The issuance of this stablecoin is not regulated in the UK. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong.” While some stablecoins will certainly be higher risk, including those issued under MiCA, and an equivalent regime to the UK’s electronic money regime feels like it will hinder payment use cases developing in the UK.

  Elsewhere, and as expected, the FCA is considering introducing client categorisation rules to cryptoasset firms – we note that separately the FCA is planning on consulting on changes to the broader client categorisation rules which will impact this.

We would be more than happy to discuss the consultation and the potential impact of the rules on your firm with you, or help support on any responses to the consultation. Please do get in touch. It will be very important to ensure that the FCA hears views from the industry, particularly about the aspects that could cause the UK to be uncompetitive – though we should also welcome the progress that has been made - those elements where pragmatism has won through.

Previous Consultations

You may also have noticed that there were a few other consultations published over the summer. We have prepared a series of helpful summaries for each of them (and two for CP25/14 because it was such a monster). You can find them at the below links:

• DP25/1: Regulating Cryptoasset Firms
• CP25/14: Regulating Stablecoins
• CP25/14: Regulating the Custody of Cryptoassets
• CP25/15: Prudential Requirements for Cryptoasset Firms

For the new Prudential Regime, we are aware that this may be a particularly complex area for firms to deal with, and will be very different from any regime that they have previously had to navigate. As such, we are proposing to hold a series of workshops to help firms understand and prepare for complying with the new regime. If this is something you would be interested in, please reach out to Rosali Pretorius and Malcolm Smith, our resident experts in this area.

This month in MiCA

You may have seen that earlier this week the French AMF, Italian CONSOB and Austrian FMA published a position paper which outlines their collective belief that MiCA is not adequately addressing risks in the cryptoasset market due to inconsistent standards being applied across the EEA by local regulators. It calls for ESMA to supervise major crypto-asset service providers at a European level, rather than at a state level, because as they see it, “the first few months of implementation of the regulation have demonstrated significant differences in implementation between jurisdictions”. There is also a call to strengthen the MiCA requirements applying to global firms that operate across borders (echoing ESMA’s (in)famous Broker Opinion). The regulators also state their view that the activity of third-country platforms and brokers operating with EU customers under the concept of reverse solicitation is intrinsically problematic for the effectiveness of MiCA and should be limited as far as possible, calling on ESMA to make it mandatory any European intermediary executing orders on crypto-assets on behalf of investors to execute these orders on the order book of a platform subject to MiCA, or to equivalent regulation. Interestingly, they suggest that they would like to see MiCA permit third country intragroup service providers subject themselves to full extra-territorial supervision of the CASP’s home NCA or of ESMA. Reuters even reported that the AMF has threatened to block some firms licensed in other EEA states from passporting into France – a clear rejection of one of the fundamental principles of the European Union.

It was interesting to see one of the “smaller” jurisdictions push back on these suggestions, with the MFSA of Malta saying that it believes that centralisation at this stage would only introduce an additional layer of bureaucracy, which could hinder efficiency during a period when the EU is actively striving to enhance its competitiveness. While Malta was not named by the AMF, CONSOB or the FMA, it seems that it sees the position paper is taking aim at it.