← Back to updates
FCA

FCA

Financial Conduct Authority (UK)

High Impact

FCA publishes aggregate cost-benefit analysis for the UK cryptoasset regime final policy statements

Published

Jun 29, 2026

Effective

Oct 25, 2027

Topics

Cryptoassets, Stablecoins, FCA authorisation, Market abuse, Admissions and disclosures, Prudential requirements, Custody and safeguarding, Consumer Duty, SM&CR, Regulatory reporting, Financial crime

Executive Summary

The FCA’s June 2026 aggregate CBA provides a consolidated assessment of the costs and benefits of the UK cryptoasset regulatory regime introduced through policy statements PS26/9, PS26/10, PS26/11, PS26/12 and PS26/13. The CBA states that the regime will bring within FCA requirements activities including issuing a qualifying stablecoin, safeguarding qualifying cryptoassets and relevant specified investment cryptoassets, operating a qualifying cryptoasset trading platform, dealing as principal or agent in qualifying cryptoassets, arranging deals in qualifying cryptoassets including lending and borrowing, and arranging qualifying cryptoasset staking. It also covers prudential requirements in CRYPTOPRU and COREPRU, the Market Abuse Regime for Cryptoassets, cryptoasset admissions and disclosures, and application of wider FCA Handbook standards. The FCA estimates total 10-year present value benefits of £1.435bn and costs of £1.315bn, resulting in an estimated net benefit of £120m. The FCA’s new regime webpage states that the regime is expected to come into force on 25 October 2027 and that cryptoasset businesses will need FCA authorisation to do business in the UK once it is in place. Business impact is high for crypto exchanges, custodians, stablecoin issuers, brokers/intermediaries, staking and lending/borrowing providers, and non-UK firms serving UK consumers, because operating models, authorisation status, governance, systems, disclosures, prudential resources, reporting and client-asset controls will need to be assessed and remediated before go-live.

What Changed

newAggregate impact assessment for final cryptoasset regime

Previous

The FCA had previously consulted through separate consultation papers and CBAs, including CP25/14, CP25/25, CP25/40, CP25/41 and CP26/4.

New

The June 2026 CBA aggregates the final-rule impacts, updates assumptions for consultation feedback and market data, and removes duplication across prior CBAs.

newFCA authorisation perimeter for specified cryptoasset activities

Previous

Cryptoasset firms providing many of these products and services faced lower regulatory requirements than equivalent FSMA-regulated firms, and many activities were outside the FCA’s full regulatory perimeter.

New

In-scope firms will need authorisation and must comply with activity-specific rules relevant to their business model.

newPrudential requirements under CRYPTOPRU and COREPRU

Previous

Cryptoasset firms did not generally face equivalent FCA prudential requirements for these activities.

New

Firms must assess capital and liquidity resources against the new cryptoasset prudential regime and the activity mix they plan to carry on.

newMarket Abuse Regime for Cryptoassets

Previous

The CBA identifies regulatory failures in cryptoasset markets, including that conduct restricted in traditional financial markets could occur in cryptoasset markets without equivalent regulation.

New

UK cryptoasset market participants must build systems, controls, insider-list processes, disclosure protocols and market-abuse detection capabilities appropriate to MARC.

newCryptoasset admissions and disclosures regime

Previous

The CBA identifies information asymmetries and inconsistent information as drivers of consumer and market harm.

New

Cryptoasset trading platforms, issuers and offerors involved in admission to trading must produce or manage disclosure documents, conduct due diligence, and support consistent availability of information.

newApplication of wider FCA Handbook standards

Previous

Many cryptoasset firms did not have to apply the full set of cross-cutting FCA Handbook standards to these cryptoasset activities.

New

Firms must map applicable Handbook obligations to cryptoasset activities and implement governance, accountability, conduct, complaint, training, financial crime, resilience and reporting controls.

modifiedUpdated costs and firm population assumptions

Previous

Earlier CBAs used prior assumptions on firm population and compliance/familiarisation costs.

New

The aggregate CBA uses revised assumptions, including an estimated 325 firms in scope across stablecoin issuers, trading platforms and intermediaries, plus additional activity populations for lending and borrowing, custody and staking.

newExpected regime commencement

Previous

The CBA refers to implementation from 2027 but does not itself provide the specific commencement date in the extracted text.

New

Firms should plan implementation against the FCA-stated expected commencement date of 25 October 2027.

Business Impact

Who is affected

Cryptoasset trading platforms, custodians, stablecoin issuers, intermediaries dealing or arranging in qualifying cryptoassets, firms offering cryptoasset lending and borrowing or staking services, issuers and offerors seeking admission to UK trading platforms, existing FSMA-authorised firms expanding into qualifying cryptoasset activities, and non-UK cryptoasset firms serving UK consumers.

Jurisdictions

United Kingdom, Non-UK firms with UK consumers

Business processes

FCA authorisation and permissions strategy, Regulatory perimeter assessment, Stablecoin issuance governance, backing asset and redemption controls, Cryptoasset custody and safeguarding controls, Client asset segregation and client statements, Trading platform governance, order execution and transparency, Intermediary order handling and conflicts controls, Lending, borrowing and staking consent and appropriateness workflows, Market abuse surveillance, on-chain monitoring and insider lists, Cross-platform suspected market abuse information sharing, Inside information disclosure controls, Cryptoasset admissions due diligence and disclosure document production, Central repository/National Storage Mechanism submission workflow, Prudential capital and liquidity monitoring, SM&CR allocation and certification, Consumer Duty implementation, Complaints, redress and FOS case handling, Operational resilience and disruption reporting, Financial crime controls, Regulatory reporting and management information, Training and competence

Estimated effort

High

Compliance risk

High

Affected Reports

Cryptoasset disclosure documents for admissions to trading, described in the CBA as QCDDCentral repository / National Storage Mechanism submissions for admissions and disclosure documentsRegulatory returns information submitted to the FCA by cryptoasset firmsSafeguarding returns reviewed by the FCAAuditors’ safeguarding reports reviewed by the FCAOperational disruption reportsClient statements for cryptoasset custody clientsPre-trade and post-trade transparency dataTrading data provided by intermediariesInsider listsInside information disclosuresCross-platform suspected market abuse information-sharing notifications or recordsRecords for cryptoasset staking servicesRecords supporting lending, borrowing and staking client consent
FieldValidation rule
Authorised cryptoasset activityFirms must identify whether they carry on issuing qualifying stablecoins, safeguarding qualifying cryptoassets or relevant specified investment cryptoassets, operating a qualifying cryptoasset trading platform, dealing as principal or agent, arranging deals including lending and borrowing, or arranging qualifying cryptoasset staking.
Firm size and activity mix for prudential assessmentPrudential requirements under CRYPTOPRU and COREPRU are associated with the activity for which a firm is authorised and are designed to scale with the level of risk associated with the firm’s activity.
Client asset segregation statusCryptoasset custodians must implement segregation of client assets and organisational arrangements to support safeguarding.
Client statement informationThe CBA identifies providing client statements as a custody requirement with transition and ongoing costs.
CASS oversight officer responsibilityThe CBA identifies appointment or operation of a CASS oversight officer function as a cryptoasset custody cost category.
Backing asset pool managementQualifying stablecoin issuers must manage the backing asset pool as part of stablecoin issuance requirements.
Redemption timingThe CBA identifies providing redemptions by the next business day as a stablecoin issuer requirement.
UK branch or subsidiary statusThe CBA identifies establishing a UK branch or subsidiary as a cost category for overseas cryptoasset trading platforms entering the UK market.
Market maker identificationTrading platforms must identify market makers and avoid discrimination of retail trades, as described in the trading platform cost categories.
Conflict of interest controlsTrading platforms and intermediaries must manage or prevent conflicts of interest, including conflicts relating to self-issued tokens for trading platforms.
Credit line restrictionThe CBA identifies restricting credit lines to clients as a trading platform requirement.
Pre-trade and post-trade transparency dataTrading platforms must provide pre- and post-trade transparency.
Order execution controlsIntermediaries must comply with order execution requirements and treat consumers fairly without discriminatory order handling.
Payment for order flow arrangementsThe CBA identifies restrictions on payments for order flow as an intermediary requirement.
Authorised venue useThe CBA identifies authorised venues as a cost category for cryptoasset intermediaries.
Lending and borrowing appropriateness assessmentFirms offering cryptoasset lending and borrowing services must conduct additional appropriateness testing.
Lending, borrowing and staking express consentFirms must obtain express client consent for lending, borrowing and staking activities or key terms, as applicable.
Collateral top-up restrictionThe CBA identifies restrictions on collateral top-ups as a lending and borrowing requirement.
Staking service informationFirms offering cryptoasset staking services must provide required information to retail consumers.
Annual staking notificationThe CBA states that firms arranging staking must provide an annual notification about the staking service.
On-chain market abuse monitoringMARC rules include monitoring on-chain data.
Suspected market abuse information sharingMARC rules include cross-platform information sharing of suspected market abuse.
Insider listFirms must maintain insider lists as part of market abuse systems and controls.
Inside information disclosureMarket participants have disclosure responsibilities for inside information under the Market Abuse Regime for Cryptoassets.
Cryptoasset disclosure documentThe admissions and disclosures regime requires disclosure documents for cryptoassets admitted to UK regulated trading platforms.
Admissions due diligencePlatforms admitting tokens must conduct due diligence and may reject admissions where major concerns are detected.
Operational disruption reportThe CBA identifies reporting operational disruptions as an operational resilience requirement.
Consumer Duty change projectThe CBA identifies Consumer Duty familiarisation, training, IT project and change project activities for authorised cryptoasset firms.
SM&CR senior manager, certification and conduct rule coverageThe CBA identifies Senior Manager Rules, Certification Regime and Conduct Rules costs for authorised cryptoasset firms.

Recommended Actions

  1. 1

    Establish a board-level cryptoasset regime implementation programme mapped to the expected 25 October 2027 commencement date and covering authorisation, prudential, conduct, safeguarding, market abuse, disclosure and reporting workstreams.

  2. 2

    Perform a legal perimeter assessment for every UK-facing product and service to determine whether the firm issues qualifying stablecoins, safeguards qualifying cryptoassets, operates a qualifying cryptoasset trading platform, deals or arranges in qualifying cryptoassets, arranges staking, or supports lending and borrowing.

  3. 3

    Prepare an FCA authorisation strategy, including target permissions, UK branch or subsidiary planning for overseas platforms, senior management responsibilities, governance evidence and readiness milestones.

  4. 4

    Map current custody operations against the FCA’s identified custody control areas, including segregation of client assets, client statements, CASS oversight officer arrangements, external audit, organisational arrangements, safeguarding returns and auditors’ safeguarding reports.

  5. 5

    For stablecoin issuers, assess backing asset pool controls, redemption-by-next-business-day capability, prudential resources and admissions/disclosure obligations before deciding whether to establish or expand UK issuance.

  6. 6

    Design MARC compliance capabilities, including on-chain monitoring, market abuse surveillance, cross-platform information-sharing processes, insider lists, inside information disclosure controls and market abuse recordkeeping.

  7. 7

    Build an admissions and disclosures operating model covering cryptoasset disclosure documents, issuer/offeror inputs, trading platform due diligence, admission decision records and central repository/National Storage Mechanism submission processes.

  8. 8

    Update trading platform and intermediary controls for order execution, conflicts of interest, payment for order flow restrictions, authorised venue requirements, pre- and post-trade transparency, trading data provision and retail non-discrimination.

  9. 9

    Review lending, borrowing and staking models for additional appropriateness testing, express consent, required retail disclosures, annual staking notifications, collateral restrictions, asset segregation and recordkeeping.

  10. 10

    Assess prudential capital and liquidity implications under CRYPTOPRU and COREPRU using the firm’s planned authorisation profile, business model and activity mix.

  11. 11

    Extend wider FCA Handbook implementation to cryptoasset activities, including SM&CR, SYSC, operational resilience, financial crime, PRIN, COBS, Consumer Duty, complaints/redress, training and competence, and regulatory reporting.

  12. 12

    Develop customer communications that clearly explain the scope and limits of FCA regulation, including that FCA regulation does not remove cryptoasset price volatility or all consumer risk.

  13. 13

    Budget for one-off and ongoing compliance costs, including familiarisation, legal advice, IT builds, surveillance tooling, reporting, external audit, training and additional compliance personnel.

  14. 14

    Monitor FCA policy statement pages and cryptoasset regime guidance for final Handbook text, perimeter guidance, application windows, reporting templates and any transitional arrangements.

Timeline

other

Jan 1, 2024

FCA discussion and consultation work referenced by the CBA included DP24/4 for crypto admissions and disclosures and market abuse.

other

Jan 1, 2025

FCA consultations referenced in the CBA included CP25/14 on stablecoins and cryptoasset custody, CP25/15 on prudential requirements, CP25/25 on conduct and firm standards, CP25/40 on regulated cryptoasset activities, and CP25/41 on market abuse and admissions and disclosures.

other

Jan 1, 2026

FCA consultations referenced in the CBA included CP26/4 on applying Handbook standards, CP26/8 on CASS amendments related to cryptoasset activities, and CP26/13 on proposed perimeter guidance.

publication

Jun 1, 2026

FCA published the aggregate Cost Benefit Analysis for cryptoasset regime policy statements PS26/9, PS26/10, PS26/11, PS26/12 and PS26/13.

implementation

Jan 1, 2027

The CBA assesses costs and benefits occurring from implementation in 2027 over a 10-year appraisal period.

effective date

Oct 25, 2027

The FCA states that the new cryptoasset regime is expected to come into force, after which cryptoasset businesses will need FCA authorisation to do business in the UK and will need to meet FCA standards.

Sources

AI-generated analysis is based on the following primary sources. Always verify against the official publication.

Related Evidence

Similar official source documents found with semantic search.

Receive updates like this by email

Get AI-generated analysis for the regulators and topics you care about.