Crypto cracker: 12 things to know about the FCA's cryptoassets papers CP25/40 and CP25/41

The new market abuse regime to be contained in MARC is founded on Chapter 2 of Part 2 of the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 (the Cryptoasset Regulations), and given substance by the FCA's rules in newly-drafted chapters of the CRYPTO sourcebook, which include requirements relating to:

• the disclosure of inside information;

• legitimate market practices (LMPs, examples of which will include coin-burning and crypto-stabilisation, as well as other actions taken for legitimate reasons);

• preventing, detecting and disrupting market abuse;

• market abuse systems and controls for CATPs and intermediaries;

• creating and maintaining insider lists; and

• information sharing for particular CATPs (see next section).

The FCA has noted more than once that it does not consider that MARC will "achieve the same regulatory outcomes as UK MAR." While it certainly makes sense for HMT and the FCA to have taken UK MAR as the starting point for the design of MARC, the FCA has acknowledged that many of the distinctive aspects of the cryptoassets market militate against a copy and paste approach.   

Perhaps unsurprisingly for a new and still developing market, the FCA says explicitly that this should be regarded as a "day one" market abuse framework, and one that can (and presumably, will) "be recalibrated over time as the market matures".    

The draft rules define a "large CATP" as one with average annual revenue, calculated over a 3-year period of at least £10 million. Not specifically mentioned in the front-end text of the CP, but clear on the face of the rules, is that this £10 million includes revenue from all its activities (not just operating the CATP), and (presumably as an anti-avoidance measure) revenue from periods "when the business was carried on by or in any predecessor entity."

Large CATPs are subject to two additional sets of obligations under MARC:

• carrying out on-chain monitoring of activity, with a view to identifying and disrupting market abuse; and

• participating in cross-platform information-sharing, where large CATPs have reasonable grounds to suspect that market abuse has occurred, and disclosing the information to other large CATPs is necessary to detect, prevent or disrupt the market abuse.  

Large CATPs will be protected from any civil liability where they make such disclosures acting in good faith, and with a reasonable belief that the sharing is necessary to counter the suspected market abuse and that the information shared is relevant and proportionate to this purpose. This would not cover liability for data protection breaches.

In addition, and distinct from MARC, this threshold will also be used to determine the CATPs and intermediaries to whom pre-trade transparency requirements will apply.

There has already been a bit of disquiet in the market as to whether setting the threshold at £10 million p.a. is too low, and therefore casts the net too widely.

The FCA and HMT do not plan to replicate two key elements of UK MAR. First, and identified as a key difference from traditional finance, the FCA itself will not play a central role in receiving and assessing Suspicious Transaction and Order Reports (STORs). Instead, intermediaries will make reports to CATPs, whose operators will need to assess the reports and decide on a response. This is a serious responsibility for CATPs, since they will effectively become the frontline enforcers of much of MARC in practice.

There will be an exclusion of liability for intermediaries in relation to suspicious transaction reports to CATPs made in good faith akin to that outlined above for large CATPs carrying out cross-platform information sharing. 

Secondly, and possibly more welcome, the FCA is not going to pursue the introduction of disclosure obligations modelled on the Persons Discharging Managerial Responsibilities (PDMR) regime. The FCA has been persuaded that this would be difficult to implement in practice and disproportionate for affected firms that are not themselves issuing the cryptoasset.

CATPs will only be permitted to admit a qualifying cryptoasset to trading where a QCDD has been prepared and published under the rules, except where:

• trading is only open to qualified investors;

• the qualifying cryptoasset is a UK-issued qualifying stablecoin (see below); or

• the qualifying cryptoasset is fungible with a qualifying cryptoasset already admitted to trading on that CATP and there was a QCDD published at the time.

CATP operators will be required to check QCDDs, and satisfy themselves that they meet the requirements of the Cryptoasset Regulations.

Content requirements will be set in a three-layered fashion:

• high-level requirements in the Cryptoasset Regulations;

• FCA rules and guidance aimed at both those applying for admission of the qualifying cryptoasset to trading and the CATPs themselves; and

• the CATP's own rulebook, the drafting of which will have to comply in certain respects with FCA rules. Rulebooks can, where appropriate, be aligned with overseas requirements to maximise efficiency. 

Where there is a material change to the information provided in a QCDD, a supplementary disclosure document (SDD) will be required. QCDDs and SDDs will be published on CATPs' websites and uploaded to a central, FCA-controlled repository (e.g. the National Storage Mechanism). The Cryptoasset Regulations include a statutory liability regime providing compensation for losses caused by untrue or misleading statements in, or certain omissions from, QCDDs or SDDs.

CATPs will have to compile and publish their criteria for admission, approved by their governing body, which must be risk-based and objective. CRYPTO 3.2 sets out a non-exhaustive set of factors that should be taken into account when producing these criteria.

A CATP will be expected to reject applications for admission where, based on its criteria and due diligence, the CATP considers that the qualifying cryptoasset is likely to be detrimental to retail investors – meaning that CATPs that do not permit participation by retail investors are essentially relieved of this obligation (although as the FCA itself notes, direct participation by retail investors is a feature of CATPs).

The FCA has agreed with feedback that there should not be a requirement to publish individual admission decisions.

As we have discussed before in our earlier articles on the Cryptoasset Regulations (including the draft version), HMT has adopted a position of openness in certain aspects when it comes to the provision of services from abroad. Specifically (although note our earlier doubts that this policy has definitely been achieved), the intention is that CATPs which do not serve UK consumers (for example, they only serve institutional clients) can potentially (in a cautious choice of words from the FCA) do so from an overseas CATP without needing FCA authorisation.

For CATPs that will be authorised, the FCA has decided to proceed with its proposal that UK retail customers should, in principle, have a relationship with a UK legal entity (i.e. a UK-incorporated subsidiary), but that this could be combined with an authorised UK branch of an overseas CATP, where necessary to facilitate global liquidity.

The FCA intends consult on guidance on the approach taken to location by its authorisation and supervision functions in Q1 2026.

As issuers of UK-issued qualifying stablecoins will already have been authorised by the FCA, the FCA has chosen to amend its earlier draft of CRYPTO 2.5 (published in CP25/14), which set out various FCA disclosure requirements. Now that there will be requirements for a QCDD under the Cryptoasset Regulations, the FCA has concluded that it does not need to subject those issuers to two overlapping and duplicative sets of rules, so the earlier draft has been replaced, with the FCA specifying that the required minimum content of the website disclosures and the stablecoin QCDD will be the same.  

CATPs will have a different approach to rejection in relation to UK-issued qualifying stablecoins. While they will of course be able to (and arguably must, in the right circumstances) reject admission of such cryptoassets to trading, they will not be able to do so only on the grounds that the QCDD is deficient. "Deficient" is the word used by the guidance on the rule (which refers to the quality or accuracy of the stablecoin QCDD), so the inference to be drawn from this is that such rejection decisions must need to be supported by additional reasons to consider there to be the risk of detriment to retail investors.

CRYPTO 3.9 fleshes out the right under the Cryptoasset Regulations for buyers of UK-issued qualifying stablecoins to exercise their right to withdraw; that is, the right to change their mind about buying or subscribing to the issue. This right would arise where:

• an agreement to buy or subscribe to a UK-issued qualifying stablecoin is contingent on it being admitted to trading on a CATP;

• the agreement was entered into after publication of a UK-issued qualifying stablecoin QCDD;

• after the agreement was entered into, the QCDD has subsequently been updated because certain material information has become inaccurate; and

• the circumstances which required the subsequent publication of the updated QCDD arose or were noted before the admission to trading on a CATP.

Importantly, buyers have only two working days to exercise this right, unless the relevant issuer or intermediary through which the stablecoin was purchased gives an extension. There are similar, but not totally identical, rights for buyers of other qualifying cryptoassets under CRYPTO 3.5.

CATPs will be pleased to see that the FCA has changed course in two major areas since its DP.

First, rather than proposing a sweeping and prescriptive set of rules where algorithmic and automated trading takes place on CATPs, the FCA is instead proposing an outcomes-focussed approach to ensure that these practices do not lead to customer harm, concentrating on disclosure, limits and monitoring of algorithmic and automated trading.

Secondly, the FCA had previously raised the possibility of preventing CATPs from admitting to trading tokens in which they had an interest. The FCA has concluded that the wider regime – A&D, MARC, and conflicts of interest rules in Principle 8 and SYSC – can be sufficient to manage this market practice (as long as they are complied with properly).

In most of the areas covered in this article, there have been material changes, and quite often in a way that is positive for the industry. As Table 2 of CP25/40 shows, in contrast, for intermediaries, there has been relatively little change in direction, and the regime looks quite familiar, especially when contrasted with the following three sections of this article, all of which touch on activities that are "crypto-native" to some degree. 

One additional point to highlight is that the FCA has signposted that a further consultation on settlement by intermediaries (as well as CATPs) will be forthcoming in H1 2026. The CP has a brief mention of very high-level expectations of intermediaries – proposing "that they must put in place adequate and robust arrangements to appropriately mitigate against settlement risks." These arrangements must be "documented and published" – but without, as far as we can see, the FCA having drafted detailed rules at this stage.

The proposed rules on cryptoasset staking – which will become regulated for the first time – have pros and cons, but have on balance improved.

The FCA's policy concern is focussed on customers' understanding of how staking works, and the risks they are taking. To that end, the main proposal is for greater requirements on transparency and pre-contractual disclosures, plus a requirement for express consent to staking. It is highly unlikely that the FCA will change its mind on this.

Although it has changed its mind, to the benefit of firms providing staking services, by dropping the proposal to require firms to give automatic compensation to retail clients for losses caused by operational and technological failures, having been persuaded that this risk is too low to justify a bespoke compensation regime.

The previous DP had attracted considerable commentary – mainly negative, albeit with some supporters – for proposing to "restrict" cryptoasset lending and borrowing services from being offered to retail clients. (Lending, for these purposes, means, in essence, handing a firm cryptoassets in exchange for yield. Borrowing can be summarised as using cryptoassets as collateral to secure loans of other cryptoassets. These are not specific regulated activities in their own right – instead, depending on the model, they are likely to involve dealing or arranging activities.)

The FCA has now concluded that, instead, its proposals for pre-contractual disclosures and express consent from retail clients can mitigate the risks. It appears to have been convinced, in part, by the argument that its proposal would have pushed activity to unregulated providers.

The FCA reminds firms that, where there is a clear controlling person to which regulation attaches, then its requirements apply, even if it is labelled "DeFi".

That is potentially a statement of the obvious, but what will be more interesting is the promised future consultation, covering indicators of (de)centralisation, as well as guidance for authorised firms when interacting with businesses with high levels of automation or decentralisation.