FCA redraws crypto regulatory perimeter

What does this mean?

The FCA proposes guidance to help firms assess whether they require authorisation, based on questions such as: whether a person is carrying on a regulated activity, whether the activity is carried on in the UK, whether it is carried on by way of business, and whether any exclusion or exemption applies. Firms are expected to assess “every activity they perform” on a “case-by-case basis”.

The guidance reflects the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, which introduce new categories of specified investments, including qualifying cryptoassets and qualifying stablecoins, and new regulated cryptoasset activities. These include:

• Issuing qualifying stablecoins in the UK.

• Safeguarding and arranging safeguarding of qualifying cryptoassets and relevant specified investment cryptoassets.

• Operating a qualifying cryptoasset trading platform.

• Dealing in qualifying cryptoassets as principal or agent.

• Arranging deals in qualifying cryptoassets.

• Arranging qualifying cryptoasset staking.

Firms must consider both whether they are carrying on these new regulated activities and whether existing regulated activities apply to specified investment cryptoassets.

The FCA proposes that whether an activity is within scope depends on the substance of the activity and the role performed by the person in question, not the terminology the market participants adopt.

The guidance also clarifies that the use of smart contracts, public blockchains or some elements of decentralisation does not determine the perimeter position nor place the arrangement outside of regulation. Instead, firms should consider whether there is an identifiable person carrying on the activity, including where they operate or maintain a service, set key parameters, control important aspects of how it functions, and/or receive fees or other commercial benefit.

The FCA proposes expanded guidance on when activities are carried on in the UK, including circumstances where services are provided to UK consumers by firms based overseas. It notes that cross-border arrangements do not necessarily preclude an activity from being carried on in the UK.

For intermediary activities, the FCA proposes that dealing and arranging cover “a broad range of transactions… regardless of how they are described”, including both bringing about transactions and making ongoing arrangements that facilitate trading. It also clarifies that there is no specific exclusion for technical services in relation to arranging deals in qualifying cryptoassets.

The proposed guidance on safeguarding states that this activity applies where cryptoassets are safeguarded on behalf of another person and the firm has the requisite degree of control, regardless of whether the cryptoasset is owned by the customer or the firm. 

The FCA also proposes guidance on arranging qualifying cryptoasset staking, including activities such as managing the staking lifecycle, pooling customer assets, and distributing rewards, while noting that purely technical services are generally outside scope.

Exclusions are activity-specific and firms “should not assume that an exclusion… will apply in the same way, or, at all”.

Finally, the FCA clarifies that firms within scope will require FSMA authorisation and will no longer need a separate MLR registration, while continuing to comply with MLR obligations.

What do firms need to do?

Firms should start with a bottom-up perimeter assessment, mapping each activity they perform across the full transaction lifecycle. The FCA’s approach makes clear that partial involvement, particularly in trading, staking or custody chains, may still trigger authorisation.

Business models positioned as technology providers, “non-custodial” or offshore should be reassessed. The focus on substance, control and commercial benefit means many firms will need to revisit whether they are in fact arranging, safeguarding or otherwise intermediating.

Cross-border strategies require particular attention. Serving UK consumers from overseas is unlikely to avoid the perimeter, and firms should assess whether a UK legal entity and permissions strategy will be required.

Firms should also review where they rely on regulatory exclusions, as these are limited and not directly transferable from traditional markets.

Operationally, this is not just a legal exercise. Firms should align governance, permissions and accountability to their assessed activities, given the consequences of misclassification.

Waiting for final rules before acting risks compressing timelines. The proposals already provide sufficient clarity for firms to begin restructuring analyses, engaging with the FCA, and planning for authorisation.

Next steps

The consultation closes on 3 June 2026. The FCA will publish the final guidance in September 2026. 

Application for authorisation to carry on the new regulated cryptoasset activities runs from 30 September 2026 to 28 February 2027. Firms already authorised under FSMA must ensure they hold the correct permissions, including applying to vary permissions where needed.