CPs25/14 and 15: The FCA's explosive start to its path to regulating cryptoassets

• The work required to analyse the impact of the proposed rules, especially those underpinning the prudential regime, is very significant for firms that are not already regulated by the FCA and accustomed to complying with the UK financial services regulatory regime. Start now.

• On both CPs, engage swiftly with trade associations. We are assisting several with their responses. Feedback to the FCA on detailed rules needs to be compelling, evidence-based and reasoned. Where a proposal is being rejected, responses that include solutions will gain much more traction.

• Given the volume of materials being generated by the FCA (and see section 2 below for more on that), it is clear that firms need to be ready to devote more business resources to support legal, compliance and policy functions in analysing and responding. Make no mistake: at Policy Statement stage, it will be too late.

With over 140 pages of draft Handbook text across the two CPs, firms wishing to operate as QS issuers and crypto-custodians (and their investors) can be forgiven for assuming that their engagement with the consultations will give them a complete picture from which to plan. This is not so.

There is a plethora of areas explicitly left for future consultation exercises, or upon which the FCA has used a CP to express only a nascent view and invites further information, evidence or analysis from industry as part of the current process (e.g. in relation to multi-currency qualifying stablecoins). It would actually be counter-productive to list them all. While the signposts in the Crypto Roadmap remain largely accurate (subject to one point on the prudential regime), the FCA is clearly continuing to grapple with the sheer scale of the task, and the wide variety of considerations when bringing an entire new sector (and one which is already complex) into regulation. Far from aiming for a gentle incline for firms, the FCA seems to have started by presenting the sector with a regulatory Kilimanjaro with Everest to follow – could this be too much regulation too soon?

Stakeholders should build into their plans, and consider how their response to the current consultation might develop, in the light of several additional steps yet to be taken:

1. Q3 2025 will see a Conduct and Firm Standards CP, which (being relevant for all cryptoasset firms) will affect QS issuers and crypto-custodians. As well as dealing with a number of cross-cutting issues (most notably the application of the Consumer Duty), the most pertinent aspect of this for QS issuers will be its examination of the consequences of a firm being designated (by HM Treasury) as an operator of, or provider within, a systemic payment system. QS issuers that expect or plan to operate at systemic scale will especially need to study the content covering areas requiring dual supervision with the Bank of England.

2. "Later this year" (per Sarah Breeden, the Bank of England's Deputy Governor for Financial Stability, quoted in the FCA's press release), the Bank of England will publish a complementary consultation on its approach to systemic stablecoin systems. As we have discussed before, for QS issuers to be able to scale they must know how the regulators plan to manage the cliff-edge (in the current proposals) between their regimes. 

3. Around the end of the year, or into 2026, there will be a CP on Trading platforms, intermediation, lending and staking (the predecessor DP25/1 closed to feedback on 13 June). Besides various reporting requirements, this will deal with the approach to staking, reuse/rehypothecation, and lending/borrowing activities that rely on the use of cryptoassets held or otherwise controlled by crypto-custodians. 

4. As noted above, the S&C CP does not even cover all QS: it looks solely at QS that maintain their value relative to a single fiat currency. Given that the proposed statutory QS definition extends to those which reference more than one fiat currency (such as a currency pair or basket), the FCA is seeking further information from stakeholders as to how the rules could be adapted to apply to "multi-currency stablecoins".

5. There will be a further (timing not specified in the Roadmap) consultation on the approach to the failure of cryptoasset firms. We can imagine that, if the proposals are at a suitably defined stage, this could be added to the Conduct and Firm Standards CP without it being too incongruous.

6. Critically, there will be an entire second phase of consultation on the prudential regime (which the FCA refers to as "CP2" – but, by our count, this could more accurately be described as the sixth CP of relevance, barring any backsliding). Dividing the consultation on the prudential regime in this way makes planning very difficult, because the matters deferred to CP2 – mainly reporting, how to deal with groups, the Internal Capital Adequacy and Risk Assessment (ICARA), and concentration risk requirements – have been shown in TradFi to cause a huge amount of complexity (and, therefore, work and cost). This approach fragments the work firms will have to do in an exceptionally painful way. We deal further with the prudential regime in the following section. 

The phrase "in traditional finance" is used 21 times in the S&C CP, usually to introduce a discussion of how a TradFi concept, process or approach should be extended and adapted to cover cryptoassets.

The UK policy – unlike that adopted under MiCA – was always to extend and adapt the existing FSMA regime to deal with cryptoassets. Firms understand that, just as they also understand the complementary strategic approach being "same risk, same regulatory outcome."

However, what these CPs demonstrate, in our view, is that this policy and strategic approach have instead resulted in an excessive preference for "doing things as they have always been done". This leads, at times, to a failure to accommodate specific features of cryptoassets and market practices in relation to them – potentially undermining the "same risk, same regulatory outcome" principle. Rather than seeking a truly bold and innovative way to regulate the cryptoasset sector, the writers of the CPs have often copied and pasted existing regimes. This is particularly apparent in three areas:

1. The prudential regime. While there have been certain efforts to apply particular numbers to deliver some form of alignment with the e-money regime (for example, setting a baseline Permanent Minimum Requirement (PMR) for QS issuers of £350,000, seemingly inspired by the Electronic Money Regulations 2011 or, perhaps, the MiCA/EMD initial capital requirement for issuers of e-money tokens), in reality the regime proposed in the Prudential CP is very obviously the Investment Firms Prudential Regime (IFPR) reproduced wholesale. The regime is fiendishly complex and, crucially, has been found to be difficult to apply in practice. We have not attempted to unpack the approach firms will need to take to every area of difficulty in this briefing, but firms should know the regime is (i) complex to administer, and (ii) highly likely to be more onerous, from a capital, liquidity and concentration risk perspective, than the e-money regime (or tailored version of it for QS issuers) would have been. One particularly unfortunate aspect of the IFPR is its heavy penalisation (from the perspective of mandatory deductions from regulatory capital resources) of firms that have a lot of intellectual property assets on their balance sheet. Although these deductions also apply to other types of firms whose eligible regulatory capital resources are defined by reference to the UK Capital Requirements Regulation, replicating this approach for one of the most innovative and technology-dependent sectors in the UK may be seen as a very unwelcome drag on technological investment by the sector.

2. The confusion about crypto-custody. While we sympathise with the FCA's need to deal with the law as HM Treasury has drafted it (subject to the finalisation of the legislation), it is unfortunate that cryptoasset custody, as dealt with in the S&C CP, continues to overlook the distinction between "holding" control of QCs and relevant specified investment cryptoassets and "non-holding" control. Under "holding" control, title vests in the crypto-custodian as a trustee. Under "non-holding" control, the crypto-custodian has no legal or equitable title to the relevant cryptoassets as a result of its safeguarding of the private key or other means of access (e.g. as an agent only) – although, , potentially with regard to any common law developments reflecting the Law Commission's proposals for cryptoassets as "third category" personal property, it may have a limited legal interest akin to the possessory title of a bailee. While there are plenty of references to the safeguarding of private keys, the implications of the solutions this novel practice requires (at least, where such safeguarding is not intended to confer legal or equitable title to the related cryptoassets in the crypto-custodian) have been lost (or perhaps not thought about at all). It seems clear to us that a modification of the CASS 8 rules, which are applicable to the TradFi practice for mandates taken by a firm in the course of, or in connection with, designated investment business in relation to client money or traditional financial instruments held with a third party, should properly be adapted and applied to the practice for the non-holding control of cryptoassets (and not the full panoply of the CASS rules applicable to the holding control of relevant assets).

3. The approach to yield. The continued refusal to countenance the payment of any form of yield (aside from that available from staking, lending or reuse/rehypothecation activity) to the holders of QS.

Concentrating for a moment on the payment of yield, it is apparent (and wholly unsurprising) that many respondents to the previous DP had urged the FCA to allow the practice, at least in some circumstances.

The FCA's stated reasoning is that it wants to see QS "treated as a money-like instrument and not as investments." That particular principle is accepted, and indeed, as we have argued before, it is in fact the treatment by the Treasury's draft legislation as a subset of qualifying QCs that makes QS look somewhat like investments – in recognition that they may have a secondary market and, potentially, a secondary market value distinct from their par value. Nevertheless, when the FCA argues that "passing down interest from the backing asset pool will blur [the line between money-like instruments and investments] from both a legal and regulatory perspective", we are not convinced.

For one thing, the non-payment of yield is likely to discourage take-up. The obvious problem with the FCA's approach, for innovative QS issuers in particular, is that deposits – money – are both a store of value and a means of exchange. There is no suggestion that banks will not be able to continue to pay interest on deposits, even after they have been tokenised.

Further, there is already a TradFi precedent for "money-like instruments" that provide a yield – money market instruments and other negotiable instruments (e.g. bills of exchange and promissory notes) that pay interest. Law and regulation have had little difficulty in properly characterising these instruments as either payment or investment products depending upon the particular circumstances and context of their use (see, for example, section 9(1)(a) of the Bills of Exchange Act 1882).

There is an obvious financial exclusion angle to this debate. People experiencing financial exclusion due to their socio-economic circumstances are surely even less likely to use stablecoins if they offer no return at all. In the context of a retail central bank digital currency, the Bank of England has endorsed the view that digital payments need to be seen as an essential tool for building financial inclusion. This is a view with which we strongly agree, but it requires financial inclusion to be built into products – and regulation – at the design stage. It is surely possible to find a middle ground here, such as adopting a targeted framework on who can receive returns, or possibly even limits on yield-bearing balances.

We are concerned that the approach to yield means that the regime inherently privileges incumbent banks versus QS issuers: the tokenisation of deposits could offer end-users all of the benefits of the technology, while being clearly preferable to QS because of the chance to earn yield. In addition, the effective extension of the IFPR to cryptoasset firms also gives incumbent investment firms a clear advantage – they will simply have to adapt existing calculations to deal with a new business line.

The implications for competition, innovation and growth of – in essence – airlifting incumbents halfway up the mountain of regulation is surely obvious.

There are some important individual wins in these CPs.

Backing assets

First, the FCA is now proposing a broader range of permitted QS backing assets than those set out in DP23/4. The previous cohort of acceptable backing assets (short-term cash deposits and gilts with a maturity of one year or less) remain acceptable, and are now referred to as core backing assets.

However, subject to certain conditions, the FCA proposes that it should be possible for a QS issuer to include:

1. government debt securities that mature over 1 year;

2. units in a Public Debt CNAV Money Market Fund; and

3. assets, rights or money held as a counterparty to a repurchase agreement/reverse repurchase agreement (subject to conditions as set out in CASS 16).

These are referred to as expanded backing assets.

Unfortunately, even this comes with a fairly steep regulatory price:

• Issuers proposing to include such expanded backing assets must notify the FCA of their intention to do so before expanding the backing asset pool.

• The FCA will only grant permission if the issuer attests to the FCA that it meets certain additional qualitative and quantitative requirements designed to ensure it has sufficient systems and controls, skills and expertise in place to mitigate the risks arising from such expansion.

• Issuers must also have regard to the minimum liquidity requirements set out in the Prudential CP and comply with the backing assets composition ratio (BACR).

• An issuer who has opted-up to using expanded backing assets must satisfy both the BACR and an on-demand deposit requirement (ODDR), requiring that (at least) 5% of the backing assets be held in on-demand bank deposits (which will include short term deposits repayable on demand or with an immediate break clause). Even those sticking with core backing assets must comply with the ODDR.

Liability exposure for crypto-custodians

Secondly, we wholeheartedly welcome the modified approach to liability attaching to crypto-custodians. As we have argued before, it is not appropriate for crypto-custodians to be exposed to strict liability for losses of cryptoassets outside their control, and we were concerned by allusions to the "near-strict" liability regime for depositaries under the Alternative Investment Funds Management Directive. As we had suggested, following the publication of the draft legislation, the FCA now proposes that this risk allocation be left to the parties in their contracts. The FCA will consult, in its Conduct and Firm Standards CP, on rules governing relevant standards for disclosure of contractual provisions for custodial liability.

Custody of backing assets

Thirdly, the FCA has dropped its proposal to require the QS issuer to appoint an independent third-party custodian to take responsibility for the safeguarding duty and day-to-day administration of the backing assets. The feedback about the huge unneeded extra cost and administration of this proposal has clearly had an impact – which demonstrates the case for early and detailed engagement with the FCA's proposals.

Instead, the requirements on QS issuers regarding the backing assets will largely parallel existing CASS requirements, with the QS issuer remaining legally responsible for the backing assets custodied with a third party.

The QS issuer will be subject to various requirements regarding its engagement with a third-party custodian, many of which mirror (at a high level) the approach expected of firms appointing appointed representatives.

Simplification of the structure for vertically-integrated exchanges

Fourth, DP 23/4 included a proposal to require the creation of a separate legal entity for custody-like activities carried out by vertically-integrated cryptoasset exchanges. For now (the FCA suggests that it will return to the issue in its CP on Trading platforms, intermediation, lending and staking), feedback has persuaded the FCA to drop this proposal.

No forced disclosure of Proof of Reserves

The FCA has already determined that it does not propose to require that crypto-custodians give Proof of Reserves.

For readers not familiar with the FCA's approach to trusts in the field of custody, there are two different type of trust structures contemplated in the S&C CP.

• A QS issuer will hold the backing assets under a statutory trust, created under the FCA's powers (widened through the vehicle of the proposed legislation amending the Regulated Activities Order for the new cryptoasset regulated activities). The rules for this are found in the proposed draft text of CASS 16.5.

• A crypto-custodian, however, must hold QCs it holds for its clients under a non-statutory trust, the requirements of which are set out in the draft proposed text of CASS 17.3.

In practice, the distinction between the two is that CASS 16.5 constitutes the trust over the backing assets in favour of the holder of the QS, whereas CASS 17.3 instructs the crypto-custodian to take the required steps to establish a trust over the QCs that meets the FCA's requirements (and which of course could mean that the crypto-custodian gets that wrong).

The FCA has said that it plans to consult on its proposals relating to the custody of specified investment cryptoassets, such as security tokens, and any specific issue relating to them in the 'Trading platforms, intermediation, lending and staking' CP.

In brief, this means that crypto-custodians of QCs will have to:

1. hold QCs as a bare trustee upon receipt, either in an individually-segregated or omnibus- segregated client wallet;

2. ensure they hold the correct amount of QCs for their clients in the trust at all times;

3. maintain adequate books and records to support the non-statutory trust; and

4. choose the appropriate trust structure for their business model e.g. separate trusts for each client, for each class of QCs or for different wallet/blockchain addresses.