Instrumental health: Final cryptoasset legislation

In our technical feedback we noted that the original drafting of the SI brought a risk that accepting stablecoins as payments would fall within the scope of dealing as principal – a regulated activity. This was contrary to HMT's broader stated policy position that there should be no barriers to the evolution of stablecoins as payment instruments.

A new Article 9Z10 is inserted into the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO), which excludes from the scope of regulated activities "an activity carried on for the purpose of the sale of goods or supply of services, by a supplier to a customer".

Supplier is very widely defined as meaning "a person whose main business is to sell goods or supply services", which would appear to give the required coverage to those businesses interested in accepting stablecoin payments. Public sector use cases that are not a supply of goods and services (e.g. paying benefits or collecting tax, both of which have been mooted as ways for the government to accelerate adoption) should be able to benefit from the separate exclusion in Article 9V(1)(c): "activity where the qualifying cryptoasset is acquired or transferred for no consideration".     

While this change is welcome (indeed, essential), we remain disappointed that – notwithstanding the six months plus since the publication of the draft SI – HMT continues to park the integration of stablecoins into payments regulation. This remains an aspiration, but one without any definitive timeline. It is possible that the forthcoming Payments Forward Plan, to be produced by the Payments Vision Delivery Committee in early 2026, may shed more light on the approach on this.

Staying with the topic of payments, we had previously raised that the attempt to separate the definition of stablecoins from the definition of e-money did not work because the definition had been made circular, with anyone attempting to trace the definitions of e-money and qualifying stablecoin sent in a circle between the new Article 88G of the RAO and the new regulation 3ZA of the Electronic Regulations 2011 (EMRs).  

This concern was obviously heeded, as regulation 3ZA has been reworked and is now noticeably longer and more expansive than the version in the draft SI. The intention is clearly that regulation 3ZA should provide a single answer, which it seeks to achieve by embedding its own definition of a "stablecoin" (closely tracking the existing definition of "qualifying stablecoin"). In CP25/14, the FCA indicated its plan to consult on Perimeter Guidance on this boundary, which may be of more practical use than the legislation.

As we suggested, these have now been excluded from the scope of a qualifying stablecoin. This is done by adding article 88G(4)(b), relevant to banks and other deposit-takers "whether authorised or not" (that is, including overseas banks).

A further successful exclusion from scope applies to securities that are recorded on legal registers that are cryptographically secured. Our concern was that the definitions of "specified investment cryptoasset" and "relevant specified investment cryptoasset" had been so widely-drawn as to catch, for example, interest in uncertificated securities held within CSDs, as it is not unusual for CSDs to use cryptographic security within their ledger infrastructure. The effect of this could have been that such CSDs would be carrying out the regulated activity of "safeguarding of qualifying cryptoassets and relevant specified investment cryptoassets" (which we refer to as the Article 9N custody activity). 

This has been avoided by the device of excluding from scope of these activities a cryptoasset which is "solely a record of value or contractual rights." The nature of the digital record is not changed, but its treatment within the regime is altered in a way that will be welcomed by CSDs and, potentially, by managers of authorised funds using cryptographic registers to record ownership of fund interests. This change also has the benefit of resolving the related question as to whether group companies could be caught by the Article 9N custody activity.           

The major issue that we (and many others) had raised on the ambit of the Article 9N custody activity was that the inclusion of arrangements where the custodian's "client" had a right to the return of the cryptoasset meant that lending and collateral arrangements were, on their face, in scope. Article 9N has now been drafted so as to exclude both a "title transfer collateral arrangement" (defined in an intuitive way in Article 9N(5)(c)), and the situation where the custodian's client had previously contracted to buy back the cryptoasset from the custodian. These additions are helpful.

However, these exclusions do not seem to apply to a straightforward cryptoasset lending arrangement. Moreover, they do not apply when the "client" is a consumer, or a member of a class specified by (as yet unmade) FCA rules, so for consumers and any additional class that the FCA decides to specify, the concern will remain.    

HMT's policy on territorial scope was clear and quite liberal, in the sense of being open to overseas cryptoassets (including stablecoins). Our feedback, in fact, was that HMT possibly had too much optimism that the drafting of the SI achieved the policy, and/or that the position could be unclear.

For qualifying stablecoins, the position has been clarified by the redrafting of Article 9M, which defines the stablecoin issuance activity, to tie the elements that comprise the activity to "an establishment in the UK".

On the other hand, we advocated the creation (or extension) of an overseas person exclusion for the cryptoasset activities that HMT said could be conducted from overseas without authorisation, as opposed to what might be called the "hopeful" approach of simply omitting the activity from section 418 of FSMA (which deems activity to be caught by UK regulation). This element is unchanged, which means that firms that are notionally "overseas" will still need advice on geographic scope.   

There are three other areas where we raised concerns that have not been acted upon, of which the most important is the lack of differentiation in the Article 9N custody activity between what we term "holding control" – where the custodian actually holds legal or beneficial title to the cryptoasset belonging to the client – and "non-holding control" – under which the custodian has no title to the cryptoasset, but safeguards the private keys. Our concern that these two activities raise distinct risks remains, but they continue to be treated together. We know that there will be further FCA publications relating to the Article 9N custody activity (not least the policy statements due in 2026), so there may be further opportunities to influence the FCA's rules and guidance on this topic.

In addition, HMT has not extended statutory immunity to the operators of cryptoasset trading platforms, when exercising quasi-regulatory functions, nor has it followed our suggestion to recognise safeguarding arrangements other than trusts, such as bailment for commodities, where used as backing assets. In fairness to HMT, these were possibly more akin to policy points than to drafting feedback.

Eagle-eyed observers will note that the Regulations are rather wider than the draft SI. That (with the working title of the Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025) was limited primarily to changing the regulatory perimeter to accommodate cryptoassets. In contrast, the Regulations add previously-trailed legislation (found in Part 2 of the Regulations) governing offers and the admission to trading of qualifying cryptoassets.

Offering qualifying cryptoassets to the public and admitting qualifying cryptoassets to trading will become designated activities, alongside the use and disclosure of inside information and market manipulation. Regulation 22 bans the use of inside information in insider trading, and regulation 28 does the same for market manipulation.    

"Designated activities" are distinct from regulated activities under the RAO (the designated activities regime, or DAR, was introduced by the Financial Services and Markets Act 2023). Firms that are only conducting designated activities will not have to obtain FCA authorisation, but they will be subject to the rules promulgated by the FCA (set out in draft form in CP25/41, which is covered in our subsequent briefing). While current market practice involves a great deal of integration in many cryptoassets firms (such that most current firms will be carrying out what will become regulated activities), in principle this does mean that some firms involved in admitting cryptoassets to trading might be able to avoid FCA authorisation.    

There is no consultation phase for the Regulations. Strictly, both the House of Commons and the House of Lords must now approve the Regulations for them to become law; this is generally a formality.

Affected firms (which have already been grappling with a deluge of FCA and Bank of England consultation exercises) now have the certainty needed to make investment decisions. The Regulations give the FCA a deadline of 25 October 2026 to specify the timeline within which cryptoassets firms will have to apply for full authorisation.

The Regulations also create an interesting form of transitional regime, some aspects of which appear to have been inspired by the arrangements put in place when the UK left the EU. First, where a firm  has applied for FCA authorisation to carry out regulated cryptoasset activities, and that process is in train (either because the FCA has not decided, or the firm is seeking a review of a refusal of authorisation), the changes to the perimeter will not apply to that firm until a longstop date of 25 October 2029.

Secondly, the FCA is given a power to direct that firms described in the previous paragraph are to be treated as an exempt person for the purposes of performing pre-existing contracts. This power also lasts until 25 October 2029.

If 2025 will have been a year of consultations, 2026 and 2027 will be a time of execution. Firms that want to play leading roles in this sector must be taking action now, and we can help interpret and implement the mass of legislation and regulation to which they are going to be subject.