FCA proposes consumer protection for cryptoassets

What does this mean?

Consumer Duty

Around 80% of respondents to CP25/25 supported applying the Consumer Duty to cryptoasset firms, alongside additional crypto-specific guidance. Respondents viewed the Duty’s outcomes-based and flexible design as well suited to crypto markets. The FCA positions its proposal as proportionate, recognising crypto-specific features such as platform-based retail trading, high price volatility, novel market structures and the fact that many cryptoasset firms will be newly regulated.

The Consumer Duty (Principle 12 and PRIN 2A) is proposed to apply to cryptoasset firms in line with its application to other FSMA-authorised firms, on a proportionate and outcomes-focused basis, supported by non-Handbook crypto-specific guidance. Firms would be expected to act to deliver good outcomes across products and services, price and value, consumer understanding and consumer support, including assessing fair value in context. PROD is not proposed to apply, with the FCA relying on the Duty to deliver product governance outcomes.

The Duty is not proposed to apply to designated admissions and trading activities, or to trading between participants on UK QCATPs, except in relation to UK-issued qualifying stablecoins. Further changes to the Duty are proposed to be consulted on in 2026.

Dispute resolution and compensation

Respondents to DP23/4 and CP25/25 generally supported extending the existing complaints handling framework to regulated cryptoasset activities, consistent with the principle of “same risk, same regulatory outcome”. The FCA proposes applying DISP 1 to all regulated cryptoasset firms, requiring firms to establish effective arrangements for the prompt and fair handling of complaints, including senior oversight, root-cause analysis and record-keeping.

A phased approach to complaints reporting is proposed at authorisation, with firms initially required to report only total complaints received and total complaints upheld. The FCA proposes extending access to the Financial Ombudsman Services's compulsory jurisdiction for complaints complaints arising from regulated cryptoasset activities carried on from an establishment in the UK by authorised cryptoasset firms. FSCS protection is not proposed to be extended to cyptoasset activities, including stablecoins. Where stablecoin issuers use third parties, issuers would remain fully responsible for complaint handling and redress arrangements.

Conduct of Business Sourcebook (COBS)

The FCA proposes extending the definition of designated investment business to include regulated cryptoasset activities, bringing selected COBS requirements into scope alongside the CRYPTO sourcebooks, subject to explicit carve-outs and disapplications. This approach was supported by 81% of respondents to CP25/25.

Core conduct requirements under COBS 2 are proposed to apply, including obligations to act honestly, fairly and professionally and to provide clear, fair and not misleading disclosures. Carve-outs are proposed for transactions concluded on UK QCATPs, reflecting the approach for transactions executed on MTFs. COBS 4 is proposed to apply to communications and financial promotions, with UK-issued qualifying stablecoins not proposed to be categorised as Restricted Mass Market Investments. Additional risk warning content is proposed for qualifying stablecoins not issued by a UK-authorised issuer.

The FCA proposes strengthening appropriateness requirements by requiring firms to ask clients questions covering, at least, the matters set out in COBS 10 Annex 4G, which is proposed to be converted from guidance into a rule. Additional appropriateness requirements are proposed for cryptoasset lending and borrowing. COBS 5 (distance communications) and COBS 15 (cancellation rights) are proposed to be disapplied, with reliance placed on the Consumer Duty and crypto-specific rules. COBS 16 reporting is proposed to apply primarily to safeguarding and staking activities, with trading and execution activities subject to reporting under CRYPTO.

Use of credit cards

The FCA does not propose restricting regulated cryptoasset firms from accepting credit cards or credit lines from electronic money institutions for cryptoasset purchases. This reflects feedback to DP25/1, evidence of declining consumer use of credit cards for cryptoasset purchases and reliance on existing creditworthiness and conduct requirements, supported by the Consumer Duty.

SM&CR tiering

The FCA proposes applying the existing SM&CR Core and Enhanced framework to cryptoasset firms. Only the largest and most complex firms are expected to be categorised as Enhanced, with proposed thresholds of £65bn (three-year rolling average) for stablecoin issuers’ backing assets and £100bn for cryptoasset custodians’ client and safe custody assets. Most newly authorised cryptoasset firms are unlikely to be captured initially.

Training and competence

The FCA proposes applying the Training and Competence Sourcebook to certain cryptoasset activities provided to retail clients, aligned with comparable traditional finance activities. Firms dealing in, safeguarding or arranging staking of qualifying cyptoassets would be required to ensure staff have appropriate skills, knowledge and expertise, supported by training, competence and record-keeping requirements. No mandatory qualification requirements are proposed at this stage.

Regulatory reporting (SUP 16)

The FCA proposes a phased and iterative approach to regulatory reporting for cryptoasset firms. From Day 1, firms would be required to submit existing SUP 16 returns alongside a limited set of new crypto-specific baseline returns focused on key risk indicators, including client numbers, transaction volumes, safeguarding arrangements, stablecoin issuance and complaints. Over the first two to three years, reporting requirements would be refined through additional baseline metrics and targeted supplementary data collections. Firms safeguarding cryptoassets would be subject to more frequent reporting, including monthly submissions. Prudential reporting is proposed to be introduced iteratively as requirements are finalised.

Safeguarding of cryptoassets (CASS 17 and SICs)

The FCA has revised its safeguarding proposals in response to feedback from DP25/1 and CP25/14. Amended CASS 17 is proposed to apply to both qualifying cryptoasset custodians and specified investment cryptoasset custodians, replacing reliance on CASS 6 for SIC custody.

Client cryptoassets would generally be required to be held on a non-statutory trust, with increased flexibility in trust and wallet structures. A limited operational surplus of firm cryptoassets would be permitted within the trust under defined conditions. UK QCATPs using a float settlement model would be permitted, subject to explicit client consent, to hold up to 1% of client cryptoassets outside the trust, with those assets falling outside CASS protections. Cryptoassets lent to firms would not be subject to CASS 17, with consumer protections addressed through the proposed cryptoasset lending and borrowing rules. Enhanced record-keeping, reconciliation, private key security and proportionate third-party oversight requirements are proposed to apply across both qualifying cryptoassets and specified investment cryptoassets.

What do firms need to do?

The FCA is testing whether cryptoasset firms can operate to the same consumer outcome standards as traditional financial services, while still accommodating crypto-specific business models. The strategic question is therefore not “how do we meet the minimum?", but “which parts of our model will regulators scrutinise first?”

Firms should prioritise decisions that are hard to reverse later: custody architecture, trust and wallet structures, platform settlement models, and the extent to which business models rely on client consent to carve assets out of regulatory protection. These choices will shape future supervisory intensity, capital expectations and operational cost.

At the same time, firms should assume progressive regulatory tightening. The FCA has been explicit that reporting, Consumer Duty application and safeguarding rules will evolve. Firms that design flexible, transparent operating models now will be better positioned as the regime scales.

Most importantly, leadership teams should actively decide whether they want to compete on regulatory credibility. In a regime built around outcomes and trust, firms that can evidence strong consumer protections early are likely to face fewer constraints and gain disproportionate strategic advantage as weaker models fall away.

Next steps

The consultation closes on 12 March 2026. The FCA is due to issue Policy Statements on the cryptoassets framework in mid-2026.