The Financial Conduct Authority (FCA) has published Consultation Paper CP25/25 on 17 September 2025, seeking feedback on proposals to extend existing FCA Handbook rules to firms carrying out regulated cryptoasset activities. This initiative supports the UK’s broader Cryptoasset Regulatory Roadmap and anticipated HM Treasury legislation, aiming to foster a competitive and sustainable crypto sector grounded in market integrity, consumer protection and effective competition.
Key proposals include applying High Level Standards like SYSC for governance, Senior Managers and Certification Regime (SMCR), financial crime, and operational resilience, as well as Business Standards such as the ESG Sourcebook. The FCA is also discussing the application of the Consumer Duty, Conduct of Business Sourcebook (COBS), Product Intervention and Product Governance Sourcebook (PROD), redress mechanisms and access to the Financial Ombudsman Service (FOS).
At present, regulatory oversight is limited to financial promotions and anti-financial crime rules. The proposed expansion will require firms to obtain authorisation, thereby enhancing safeguards against operational failure and financial crime while addressing crypto-specific risks such as private key security and vulnerabilities associated with decentralised ledger technologies.
Key Developments
- Extension of High-Level Standards and Supervision
The FCA proposes applying core Handbook sections to cryptoasset firms, including:
- Threshold Conditions (COND)
- Principles for Businesses (PRIN)
- General Provisions (GEN)
- Supervision (SUP)
Cryptoasset activities will be treated as “Designated Investment Business” (DIB), with some tailored disapplications. This ensures minimum authorisation thresholds and enables the FCA to exercise effective supervisory oversight through firm notifications and regulatory reporting.
- Senior Management Arrangements, Systems and Controls
The SYSC sourcebook, including the SM&CR, will apply to all cryptoasset firms on a tiered basis (Limited, Core, Enhanced). This will require the allocation of Senior Management Functions (SMFs) and Prescribed Responsibilities (PRs). The FCA expects strong governance frameworks that promote operational resilience and deter financial crime, aligning with obligations under the Money Laundering Regulations (MLRs).
Firms must implement robust internal controls to mitigate risks such as cyber threats, third-party dependencies and systemic vulnerabilities.
- Crypto-Specific Operational Resilience Guidance
Non-Handbook guidance under SYSC 15A addresses unique crypto risks, such as private key safeguarding, validator failures, smart contract vulnerabilities and service disruptions.
Examples are provided for activities like stablecoin issuance, trading platforms, staking, and custody, focusing on impact tolerance setting, scenario testing, and continuity planning. Permissionless Distributed Ledger Technology (DLT) is clarified as not constituting outsourcing under SYSC 8.
- Business Standards and ESG Considerations
The FCA proposes applying the ESG Sourcebook, requiring cryptoasset firms to ensure sustainability claims are fair, clear, and not misleading. Criteria for using ESG-related labels will be introduced.
However, the FCA is not currently proposing to extend climate-related disclosures or asset-manager-specific ESG obligations to crypto firms. This is due to current data limitations and low demand in the sector.
- Discussions on Consumer Duty, Redress and Related Standards
The FCA is exploring two options for applying the Consumer Duty: either through sector-specific guidance or tailored rules that achieve equivalent outcomes. The unique features of decentralised assets and distribution channels are under consideration when determining value assessment criteria.
Additionally, the FCA is proposing to extend the following Handbook sections to cryptoasset activities:
- COBS (e.g., inducements, suitability)
- PROD (product governance)
- DISP 1 (complaints handling)
The expansion of compulsory jurisdiction under the Financial Ombudsman Service (FOS) for eligible complainants is also being considered.
Next Steps for Interested Parties
Firms and stakeholders should take the following steps in light of CP25/25:
Submit Feedback
Provide comments on the Consumer Duty and redress proposals by 15 October 2025 via the FCA’s consultation portal.
Prepare for Authorisation
Firms engaging in cryptoasset activities (e.g., issuing stablecoins, operating trading venues, custody services) should evaluate their preparedness to meet the FCA’s expectations, particularly in relation to:
- SM&CR obligations
- Operational resilience standards
- Financial crime controls
Monitor Regulatory Developments
Further consultations are expected later in 2025, including rules on client asset protection (CASS) for crypto custody. A final Policy Statement is anticipated in 2026.
How Complyport Can Help
Complyport offers tailored solutions to strengthen crypto compliance frameworks, helping firms navigate Handbook applications and mitigate risks. Our services include:
- Authorisation Application Assistance
- Staff training on Consumer Duty, SYSC and Crypto-Financial Crime specific risks
- Operational Resilience and Financial Crime support
- ESG Policy Development
- Regulatory Guidance and Advisory Support
Book a Meeting with a Complyport SME
To learn how to enhance your firm’s crypto strategies and ensure compliance with FCA expectations, book a consultation with a Complyport Subject Matter Expert today.
Ask ViCA, your Virtual Compliance Assistant.
Access instant answers on regulatory changes.
Claim your complimentary 20 queries today! Register here: https://vica.chat
