Author: James Borley, Director of Payment Services
On 23 January 2026, the Financial Conduct Authority (FCA) published Consultation Paper 26/4 (CP26/4), setting out detailed proposals on how the FCA Handbook should apply to firms undertaking regulated cryptoasset activities once the new statutory regime under the Financial Services and Markets Act 2000 (FSMA) comes into force. CP26/4 is the latest and arguably most consequential instalment in a multi-phase regulatory strategy to bring cryptoassets within the traditional financial regulatory perimeter. Rather than reinventing the wheel, the approach adapts established principles to a dynamic and rapidly evolving asset class.
To appreciate the significance of CP26/4, it is necessary to understand both the existing regulatory backdrop, particularly the current registration regime under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), and the direction in which UK crypto regulation is now, finally, moving.
MLR Registration: The Starting Point of UK Crypto Oversight
Prior to the introduction of the new FSMA-based regulated activities regime, Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) regulation has provided the primary form of oversight for UK crypto businesses. Under the MLRs, cryptoasset businesses that provide certain services “by way of business”, including exchange services or custodial wallet provision, must register with the FCA before carrying out those services in the UK. Registration under the MLRs is a legal requirement and subjects firms to AML/CTF obligations such as customer due diligence, ongoing monitoring and reporting duties.
Since the regime’s inception in January 2020, the FCA has supervised the registration process, assessing applications on a case-by-case basis. As of mid-2025, there were 48 firms with current MLR registration and dozens more whose applications were refused or withdrawn, illustrating the high bar that the FCA applies, even under this ostensibly narrow regime.
MLR registration has also intersected with other regulatory drivers. For example, MLR-registered cryptoasset firms were previously able to rely on a limited exemption under the financial promotions regime, allowing them to communicate certain cryptoasset promotions to UK consumers without full FSMA authorisation, as part of a transitional approach to extending financial promotions rules to crypto.
However, the MLR regime’s limited scope, focused on AML/CTF compliance rather than conduct standards, prudential requirements, or broader financial regulation, has left significant gaps in investor protection, market integrity and systemic oversight. This fragmentation, combined with progress in other jurisdictions, underscores the need for a comprehensive UK regulatory framework.
CP26/4: Applying the FCA Handbook to Regulated Crypto Activities
CP26/4 continues the FCA’s phased approach to embedding cryptoassets more fully within the regulated financial ecosystem. It builds on earlier consultations, including CP25/14 (stablecoin issuance and custody), CP25/15 (prudential requirements) and CP25/40 (regulating cryptoasset activities), and sets out how the FCA Handbook will apply once the legislation is passed and the new authorisation gateway opens in September 2026.
The key message of CP26/4 is consistent with the FCA’s approach to new markets and sectors: rather than crafting an entirely bespoke rulebook for crypto, the FCA proposes adapting its existing framework, including Conduct of Business (COBS), governance, and reporting rules, with crypto-specific nuances.
In summary:
- Consumer Duty and Conduct Standards
CP26/4 proposes that crypto firms will fall within scope of the Consumer Duty, the FCA’s flagship policy requiring firms to act to deliver good outcomes for retail clients. This includes obligations around fair value, clear and timely communications and proactive identification and mitigation of consumer harm.
In addition, the FCA proposes extending relevant COBS provisions to crypto firms, reinforcing expectations around transparency, conflict management and client categorisation. These standards aim to harmonise conduct expectations across financial services.
- Customer Redress and Complaints Handling
CP26/4 anticipates the extension of the FCA’s Dispute Resolution: Complaints (DISP) sourcebook to crypto firms, enabling consumers to access structured and timely redress. This marks a significant improvement from the ad hoc dispute processes previously available in the unregulated crypto market.
- Lending and Credit Considerations
The consultation addresses crypto-related credit products, highlighting the FCA’s concerns about debt-funded investment in highly volatile assets. This reflects broader efforts to mitigate consumer harm associated with leveraged crypto exposure.
- Governance, Competence and Senior Accountability
Echoing broader regulatory priorities, CP26/4 emphasises governance, individual accountability and staff competence. Senior managers will fall within scope of the Senior Managers and Certification Regime (SM&CR), ensuring robust oversight and accountability.
- Safeguarding Assets and Collateral Treatment
The FCA outlines how safeguarding rules will apply to firms holding client cryptoassets, addressing segregation, operational resilience and collateral arrangements. These rules reflect lessons from the payment services sector and seek to instil trust in custody services, an area where asset loss has been a repeated concern.
- Reporting and Oversight
The FCA proposes extending reporting obligations under SUP 16, alongside introducing new expectations around ‘location policy’, requiring firms to disclose where core functions and services are delivered. This will assist the FCA in maintaining real-time visibility over operational risks and firm conduct.
Transitioning from MLR Registration to Full Regulation
A pivotal aspect of CP26/4 is the transition from MLR registration to full FSMA authorisation. Under the new regime, MLR-registered firms wishing to continue carrying out regulated cryptoasset activities must apply for authorisation before the gateway opens. Once authorised, these firms will no longer need to maintain separate MLR registration, although AML/CTF compliance will still apply.
This transition brings cryptoasset firms fully within the scope of traditional financial services regulation, consolidating oversight across conduct, prudential and operational dimensions.
Importantly, MLR registration has served as more than an administrative threshold. It has been a proving ground, with the FCA using it to assess governance, controls and risk management. These areas are now firmly in focus under CP26/4 and associated consultations.
Why This Matters: The Evolution of UK Crypto Regulation
UK crypto regulation has developed gradually, from the MLR-based AML regime and temporary registration in 2020, to the extension of the financial promotions regime and now a series of targeted consultations culminating in CP26/4.
While some jurisdictions (such as the EU under MiCA) have taken more rapid steps, the UK’s evolving framework now aims to strike a balance between innovation and regulation, offering much-needed clarity and consumer protection.
The shift from MLR registration to full FSMA authorisation marks the UK’s intent to regulate cryptoassets with the same rigour as other financial instruments, covering a wider range of risks, from conduct and financial crime to market integrity and operational resilience.
Looking Ahead
CP26/4 represents both the culmination of several years of preparatory work and the start of the final stretch before full implementation. The consultation closes on 12 March 2026, and final rules are expected ahead of the statutory gateway opening in September 2026. Stakeholders are encouraged to provide feedback, participation ensures that firms can shape the regulatory future they will be subject to.
Ultimately, CP26/4 is not just a rulebook update, it signals that crypto, long seen as an outsider, is being integrated into the regulated financial system. The same standards that underpin trust in traditional finance will soon apply, adapted but no less rigorous, and the sector must be ready.
How Complyport Can Help
Complyport has been supporting crypto firms since the introduction of the MLR registration regime in 2020 and is well-positioned to guide businesses through the transition to FSMA authorisation. Our experienced regulatory consultants can assist with:
- Assessing readiness for authorisation
- Preparing and submitting FCA applications
- Strengthening governance, controls and policies in line with CP26/4
- Ongoing compliance support and risk management
Book a meeting with a Subject Matter Expert today to discuss your authorisation strategy and regulatory obligations.
Ask ViCA, your Virtual Compliance Assistant. Claim your complimentary 20 queries today! Register here: https://vica.chat
