In this article Jonathan Brogden, Jonathan Howell and Alexander Bradley-Sitch of DAC Beachcroft Crypto Disputes Team join forces with Christopher Coltart KC, Head of Business Crime at 2 Hare Court Chambers. Together, we consider the implications of a new consultation issued by the FCA in its quest to implement a comprehensive package of crypto regulation.
Whether you view the proposed regulation by the FCA of cryptoassets as a much needed reining in of the Wild West, or as the death knell of an innovative, free spirited movement, the fact is that it is going to happen. Earlier in the year, Parliament approved the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026 (‘the FSMA Regulations’), which identify activities which will be regulated when the legislation comes fully into force on 25 October 2027. In order to undertake those activities, firms will need to be authorised by the FCA. The window for applying for that authorisation opens on 30 September 2026 and closes on 28 February 2027. With this in mind, the FCA is now consulting on an update to its Perimeter Guidance (PERG) in order to provide clarity on which firms and which activities will fall within its remit once the new regime is in force (CP26/13).
The activities identified by the FSMA Regulations include:
- Operating a crypto trading platform
- Dealing in or safeguarding ‘qualifying’ cryptoassets (i.e., those that are fungible, transferable cryptographically and function as more than a mere record of value or rights), and
- Issuing stablecoins
In addition, the FSMA Regulations also identify cryptoassets which have always been within the perimeter, namely ‘specified investment cryptoassets’ (e.g., tokenised shares).
Firms (or individuals) involved in this sphere will therefore have to give careful consideration to whether they will be carrying on one of these newly regulated activities, or whether they may be caught by activities in which they are already engaged.
In order to assist in this process, the guidance tackles discrete issues, such as the meaning of carrying on activities ‘by way of business’ and when activities are considered to be ‘in the UK’. In addition, it addresses more general principles, such as the need to focus on the substance of the activity undertaken by the firm in question and not the terminology which the market participants adopt (which is unique to the crypto industry and may not map easily onto traditional financial services). Equally, firms are encouraged to consider the guidance carefully where a service includes smart contracts and/or blockchain based or decentralised features. The fact that it may do so will not automatically place the activity outside the regulated perimeter. If (as seems inevitable) a person does ultimately operate or maintain the service, and/or receives some financial benefit from it, authorisation may be required.
Special mention is reserved for those crypto businesses which are currently registered with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (ie. cryptoasset exchange providers and custodian wallet providers). Once the FSMA Regulations are in force, the fact of such registration will not constitute authorisation by the FCA and those firms will need to consider if permission is required to continue with their activities (if it is and it is granted, separate registration under the Money Laundering Regulations will not be required). Any new crypto businesses which manage to secure an exemption from the FSMA regime will however still need to consider if they should register separately under the Money Laundering Regulations.
As will by now be obvious, the road to regulated activity is littered with pitfalls and bear traps for the unwary. The consequences of getting it wrong are significant. Operating in contravention of a required authorisation from the FCA is a criminal offence carrying an unlimited fine, a term of imprisonment of up to two years, or both. All crypto firms intending to operate in the UK should already be considering their position with great care and, if necessary, preparing applications to be submitted to the FCA later in the year.
In the context of global crypto regulation, the FCA's approach moves the UK into greater regulatory alignment with the EU's approach under the Markets in Crypto-Assets Regulation ("MiCA"). By extending established financial services concepts, such as authorisation, perimeter guidance and market abuse rules to cryptoassets the UK has opted for an activity‑based framework designed (ostensibly) to provide greater clarity for firms. While the UK regime retains its own structural features, the overall direction of travel reflects a deliberate move towards alignment with the European MiCA model.
FCA PERG – Key points for firms
- Authorisation, not registration, is the new baseline
FCA registration under the Money Laundering Regulations will not be sufficient once the FSMA Cryptoassets regime comes into force. Firms must assess whether they require full FCA authorisation for their activities.
- Substance over labels remains the FCA’s guiding principle
The FCA will look at what a firm actually does, not how it describes itself. Crypto‑specific terminology, decentralised branding or novel structures will not prevent an activity from falling within the regulatory perimeter.
- “Decentralised” does not mean unregulated
The presence of smart contracts, blockchain infrastructure or decentralised features will not, of itself, place a service outside the perimeter. Where a person operates, maintains or monetises a service, authorisation may be required.
- Control is key for custody and safeguarding
The proposed guidance makes clear that safeguarding can arise wherever a firm has sufficient control over cryptoassets, even if the firm does not claim ownership of them. Custodians and wallet providers should scrutinise their operating models closely.
- Issuing stablecoins is broader than minting tokens
The FCA takes an expansive view of what it means to “issue” a qualifying stablecoin, which may include redemption, backing arrangements and operational functions - not just technical creation.
- UK nexus remains a low threshold
Activities may be treated as carried on “in the UK” even where firms are overseas, including where UK users are targeted or served. International crypto businesses should not assume they are outside scope.
- Existing business models may unintentionally trigger regulation
Firms already active in the crypto ecosystem - including exchanges, brokers, staking providers and infrastructure providers - should revisit their models against the new PERG guidance to identify hidden authorisation risks.
- The clock is already ticking
The FCA authorisation gateway opens on 30 September 2026 and closes on 28 February 2027, well ahead of the regime going live on 25 October 2027. Firms that leave perimeter analysis or applications until late risk being shut out.
- Getting it wrong carries criminal consequences
Carrying on a regulated cryptoasset activity without the required FCA authorisation will be a criminal offence, punishable by an unlimited fine, imprisonment of up to two years, or both.
Christoper Coltart KC is an experienced criminal barrister, specialising in business crime. He represents companies and senior executives accused of financial wrongdoing and is Head of Business Crime at 2 Hare Court Chambers.
Jonathan Brogden (Partner and Head of Crypto Disputes), Alexander Bradley-Sitch (Senior Associate), and Jonathan Howell (Senior Associate) are part of the Commercial Disputes team of DAC Beachcroft LLP, based in London. They regularly advise clients on disputes and investigations relating to cryptocurrencies, DeFi and FinTech.
 |
