UK Proposals for Cryptoasset Regulation

The U.K. government has published its much-anticipated proposals for regulating the cryptoasset industry. These proposals, currently in the form of a consultation, will see many (but not all) cryptoasset-related activities being brought within the regulatory perimeter for financial services in the U.K. The consultation is extensive, covering the main elements of a new regime for cryptoasset issuance and disclosure, trading, custody and lending, as well as a proposed market abuse framework for cryptoassets.

The consultation closes on 30 April 2023. The government will publish its response once it has analysed the feedback, which will be followed by legislation being put before Parliament. The Financial Conduct Authority (FCA) will consult on its proposed detailed rules once the legislation has been published.

The government has also announced a significant change to its earlier communicated approach to the regulation of cryptoasset financial promotions. Previously, such promotions could be issued only by regulated financial institutions. The changes will mean that those cryptoasset businesses that are registered with the FCA for the purposes of anti-money laundering (AML) compliance will be able to communicate their own financial promotions in relation to qualifying cryptoassets.

This client note discusses the impact of these proposals.

Impact for Cryptoasset Market Participants

These proposals represent wide-ranging reforms and will have an impact on many cryptoasset market participants, including firms that are already regulated for other financial services and are active in this sector. We discuss some of the most immediate effects for participants in the crypto markets.

The current proposals can only be understood within the context of the U.K.’s current regulatory scheme for cryptoassets, which to date has been restrictive and defensive. Presently, cryptoassets are treated as an unregulated product class, and a cryptoasset product will only be regulated to the extent it can be characterised as an existing regulated product class (e.g., a share or bond). However, certain regulated firms, when acting in, or from, the U.K., are prohibited from marketing, selling or distributing to retail clients derivatives and exchange traded notes referencing certain types of unregulated, transferable cryptoassets. The only targeted regulatory requirement for operators in this sector is a limited purposes AML registration requirement with the FCA, similar to the AML registration regimes in place for non-financial firms in some other sectors, such as estate agents and law firms.

Firms that are currently registered with the FCA for AML purposes will need to apply for a separate and fresh registration as a financial institution, with permission to undertake specified cryptoasset activities. These applications will be more onerous than those for AML registration because of the scope of the assessment and volume of information that will be required.

Firms that are currently regulated by the FCA and that want to undertake a regulated cryptoasset activity will need to apply for a variation of permission.

Cryptoasset firms that operate exchanges and undertake other regulated cryptoasset activities will have to comply with the requirements for regulated trading venues as well as the requirements applicable to the other activities. It will be important for these types of firms to develop strong conflicts-of-interest policies and procedures. In the future, the regulators may also require firms carrying out multiple functions or activities to structure themselves to have separate, independent governance and ensure the functions are separated in different entities, or otherwise managed to address conflicts issues, in the manner of many existing large financial institutions.

The UK’s Approach

Phased Implementation

Certain activities, such as dealing in investments, giving advice, managing assets, providing custody, as well as payment services, are already well-defined and regulated under U.K. law where they relate to financial instruments. The U.K. government has already announced proposals to regulate the issuance, payment and custody of fiat-backed stablecoins. This is set forth in the Financial Services and Markets Bill (“FSM Bill”), which is currently going through Parliament. We discussed how the FSM Bill will establish the stablecoin framework in our note, “UK Financial Services and Markets Bill 2022.” However, dealings in other types of cryptoasset are unregulated.

The proposals in this latest consultation, if implemented, will regulate a broader set of cryptoassets, with the result that trading activities in respect of any cryptoassets will be regulated.

Future phases may cover some level of financial regulation for post-trade activities relating to cryptoassets, the mining or validation of transactions, operating a node on a blockchain and using cryptoassets to run a validator node infrastructure on a proof-of-stake network (layer 1 staking). None of these activities will be regulated under the current proposals. In the future, where not already caught by regulation, consideration will also be given to whether advising on cryptoassets and managing cryptoassets should become regulated activities. HM Treasury is seeking views on this topic in its call for evidence.

Cryptoassets Defined

The U.K. definition of a cryptoasset under the FSM Bill is intentionally broad:

“cryptoasset” means any cryptographically secured digital representation of value or contractual rights that— (a) can be transferred, stored or traded electronically, and (b) that uses technology supporting the recording or storage of data (which may include distributed ledger technology).

The definition is similar to that found in the EU’s forthcoming Markets in Cryptoassets Regulation (“MiCA”), which refers to “a digital representation of a value or a right which may be transferred and stored electronically, using distributed ledger technology or similar technology.”

However, the FSM Bill uses this definition to focus only on the regulation of stablecoins. Under the new consultation proposals, this broad definition would be applied across the U.K.’s wider financial services regulatory framework.

Activities-Based Approach

In line with the U.K.’s traditional approach to regulation, HM Treasury proposes to regulate specific activities which are undertaken in relation to cryptoassets, rather than the cryptoasset itself. Therefore, it is proposed that cryptoassets will be added to the list of specified investments in the Regulated Activities Order (RAO), meaning that any natural or legal person carrying out certain activities involving cryptoassets “by way of business” will be performing a regulated activity and will need to be authorised.

HM Treasury is proposing that the following activities would become regulated activities:

  • Dealing in cryptoassets as principal or agent;
  • Arranging (bringing about) deals in cryptoassets;
  • Making arrangements with a view to transactions in cryptoassets;
  • Custody;
  • Operating a cryptoasset trading venue; and
  • Operating a cryptoasset lending platform.

As mentioned above, the call for evidence is seeking views on whether advising and portfolio management activities in respect of cryptoassets should also be brought within the U.K. regulatory perimeter.

In addition, the following activities will also be subject to regulation:

  • Admitting (or seeking the admission of) a cryptoasset to a cryptoasset trading venue; and
  • Making a public offer of cryptoassets (including ICOs).

Geographical Scope

The usual U.K. regulatory perimeter regime requires authorisation for activities carried out in the U.K. (either based on the service-provider being in the U.K. or as a result of the “characteristic performance” of a cross-border service to U.K. customers being deemed to occur in the U.K.). HM Treasury is proposing that authorisation will be needed for cryptoasset activities provided in or to the U.K. [emphasis added] because unlike traditional financial services, the location of a cryptoasset activity is more difficult to pin down. This generally means that firms carrying on activities from a place of business in the U.K. would need to be regulated, wherever their clients are located, as would those operating outside the U.K. with clients in the U.K. Some exceptions may be available, presumably including the existing “overseas persons exclusion,” which would mean that firms operating outside the U.K. with retail clients in the U.K. would likely need to be licensed or team up with a locally regulated firm whereas overseas firms with non-retail U.K. clients may not need authorisation. Unfortunately, despite the widely drawn regulatory perimeter in relation to crypto activities, the paper is silent on the availability of the overseas persons exclusion.

HM Treasury states that an exemption may be available for reverse solicitation. The government also intends to implement an equivalence regime to allow firms authorised in overseas countries to provide services in the U.K. without needing a U.K. presence or authorisation, provided the overseas firms are subject to equivalent standards.

There is also a reverse solicitation exemption under the EU’s MiCA, allowing third country firms to access EU investors. The requirements for invoking the reverse solicitation exception when dealing with EU investors will be narrowed slightly compared to the position under MiFID II. We discussed the MiFID II reverse solicitation model in our client note, “On the Existence of a Pan-European Reverse Solicitation Regime Under MiFID II, and its Importance on a ‘Hard’ Brexit.”

Authorisation and Key Regulatory Requirements

Under the new proposals, firms that intend to conduct regulated cryptoasset activities (other than issuers) would need to apply to the FCA for authorisation. Generally, this will involve providing the FCA with detailed information on the firm’s operations, services and business plans, controllers, key staff, a description of organisational and governance arrangements, a description of controls and risk management processes, cybersecurity, outsourcing arrangements and financial resources.

Once authorised, firms will be subject to a range of ongoing regulatory requirements, including prudential (capital) requirements, operational resilience requirements and a detailed suite of conduct of business rules aimed at behaviour. There will be differences between the application of these requirements depending on the type of activity a firm is undertaking. It is not proposed at this stage to impose detailed regular reporting requirements on all authorised cryptoasset firms. The main obligation for reporting will fall on trading venues, although this approach may be adjusted in the future.

Regulated cryptoasset intermediaries are intended to be subject to governance and consumer protection requirements, such as acting honestly, fairly and in the best interests of their clients, managing conflicts of interest, best execution, appropriateness and transparency requirements. These firms would need to have systems and controls for detecting market abuse and submitting suspicious transaction order reports (STORs) to the relevant trading venue. These proposed requirements are similar to those in the EU’s MiCA.


It is proposed that the FCA would be able to participate in any insolvency proceedings, governed by the Insolvency Act 1986, of a regulated cryptoasset trading venue, intermediary, custodian or lending platform. This is the same for all regulated firms and means that the FCA is able to attend and be heard at a meeting of creditors. Unlike for banks and large investment firms, no bespoke special administration regime for cryptoasset firms is currently proposed, but this may be considered for future reforms.

Investor Protection & Compensation

It is currently proposed that cryptoassets should be carved out from the U.K.’s Financial Services Compensation Scheme (FSCS). This may create potential confusion to investors, implementation issues and other concerns. Cryptoassets are, to date, highly volatile assets with potential for high investment gains but also high investment losses. Moreover, numerous operators in this space have fallen into insolvency processes, raising the prospect that this may recur at a time when investors lose out on their investments. The FSCS typically compensates investors in FCA-regulated firms for their losses on the insolvency of FCA-regulated firms up to a pre-defined level. The FSCS is funded by the industry by way of a levy. It could be unfair to lumber non-crypto businesses with an increased FSCS levy to cover the cryptoasset sector.

A lack of FSCS protection may create other issues for the future. Recently, there have been examples of various products on the edge of the regulatory perimeter, such as the bonds offered by Basset & Gold and London Capital & Finance, which were compensated in full and in part, respectively, by FSCS based upon technical distinctions which do not appear to have any rational basis in policy or obvious fairness for investors. It will clearly be a challenge for the FCA to make and enforce rules requiring clear and sufficiently prominent disclosure by cryptoasset firms whose investments are not protected by FSCS, since most consumers assume this to be a corollary of FCA authorisation. If FSCS does not compensate investors, the investors who lose out are likely, as seen in recent history, to institute proceedings against the FCA or at the Financial Regulators Complaints Commissioner (FRCC), seeking compensation from the FCA itself. The FCA’s liability for such losses has been controversial. It has attempted to introduce new rules limiting its liability (including proposals to amend its complaints scheme), but these were not progressed following adverse reactions (see the FCA’s board minutes). Recently, the FCA was found to have acted unlawfully in introducing other rulemaking in this area. The FCA attempted to introduce a new “solely or primarily responsible” test for the payment of FCA compensation under its complaints scheme by way of a Remedies Statement that was published in June 2020, without consultation. The FRCC published a report in response to widespread complaints about the Remedies Statement, which found that the introduction of this test was unlawful. The FCA chose to ignore the FRCC’s recommendations that the test be removed (see the FCA response to the FRCC’s report), and it remains on the FCA’s website.

These issues all need clarifying, as has been proposed under amendments tabled recently in the House of Lords to the FSM Bill, which we set out in our note, “The UK’S Financial Services Bill – Proposed Amendments Towards Enhanced Accountability for Financial Regulators.”

The consultation paper does not address whether complaints between regulated cryptoasset businesses and their customers will fall within the remit of the Financial Ombudsman Scheme (FOS). However, given that the FCA is responsible for setting which regulated activities are within the scope of the FOS, it is expected that this issue will therefore be addressed in the FCA’s consultation on its rules on cryptoassets.

Cryptoasset Lending

In recent months, the world has witnessed significant failures of crypto lending platforms—Genesis Trading and FTX’s Alameda Research are prominent examples. Crypto lending platforms offer services similar to traditional finance models, such as peer-to-peer lending, collateralised lending and investment management, as well as some novel services. Credit risk and liquidity mismatches can be a particular problem. However, crypto lending platforms are typically outside the U.K.’s regulatory perimeter, which means traditional safeguards are not available.

To deal with this, HM Treasury plans to introduce a new regulated activity—operating a cryptoasset lending platform—that will be adapted from existing RAO activities, such as those regulating peer-to-peer lending.

Most jurisdictions which have already established regulatory frameworks for cryptoassets have not explicitly brought lending and borrowing activities into the regulatory perimeter. The U.K.’s second-mover advantage has allowed HM Treasury to learn from other regimes and to calibrate its regulatory proposals to reflect the turbulence in the crypto markets in the last year.

Relevant activities would include facilitating backed and unbacked borrowing of crypto, or borrowing fiat currencies with crypto as collateral. Firms that operate a cryptoasset lending platform will need to submit detailed applications for authorisation, including describing the persons who are lending and borrowing assets and how their liabilities are to be met at any point in time. There will be prudential, operational resilience and governance requirements, including an obligation to monitor and manage liquidity funding risks across different time horizons and stress scenarios.

EU MiCA does not address crypto lending at this stage but the EU plans to keep regulation of this area under review.


Cryptoasset custody business models vary, but typically custodians hold the private key to a client’s cryptoassets. The key is required to conduct transactions with the asset. Once lost, a private key cannot be retrieved and the cryptoassets in question can no longer be used. If stolen, the key would allow a thief to carry out transactions which are irreversible because of the nature of the blockchain. Safe and reliable custody services are therefore central to a viable cryptoasset industry.

There is currently no U.K. regulatory regime covering cryptoasset custody. The FSM Bill will, if passed, bring the custody of fiat-backed stablecoins within the regulatory perimeter.

Under these new proposals, the activity of custody could be carried on with respect to cryptoassets. Unlike currently, the activity would involve either “safeguarding” or “safeguarding and administering” of cryptoassets, so that custodians who merely hold (or safeguard) private keys are captured. Currently, for other assets, both of those services need be offered to trigger financial regulation.

The Law Commission’s Digital Assets: Consultation Paper discussed proposals to enhance certainty on how aspects of the law in England and Wales (e.g., property and insolvency laws) previously addressed the lacuna in regulation for crypto custodians. We discussed this consultation paper in our post, “UK Law Commission Consults on Law Reforms for Digital Assets.” HM Treasury intends to take account of recommendations from the Law Commission’s work.

Broadly speaking, these requirements are similar to many of those under the EU’s MiCA. Under MiCA, custodians will be classed as cryptoasset service-providers (CASPS), rendering them subject to a range of obligations, including needing to have their place of effective management in the EU and having at least one director resident in the EU. EU citizens will be able to receive custody services from non-EU firms by means of reverse solicitation. MiCA requires custodians to be authorised by the national regulator in their country of operation (similar to the U.K.’s requirement for FCA authorisation). All CASPS (including custodians) are subject to a range of standard business conduct obligations similar to those proposed by the U.K., e.g., the need to act honestly and professionally, provide clear, fair and not misleading information and appropriate risk warnings regarding cryptoassets and have adequate policies and procedures for handling complaints and managing conflict of interest.

New Cryptoasset Issuance and Disclosures Regime

HM Treasury is proposing to establish an issuance and disclosures regime for cryptoassets, linked to proposed reforms of the U.K. prospectus framework for securities. The new regime would, however, be tailored to cryptoassets. It is proposed that the following would be regulated under the new cryptoasset regime:

  • Admitting (or seeking the admission of) a cryptoasset to a cryptoasset trading venue

    The Public Offer and Admissions to Trading Regime will prohibit public offerings of securities unless the securities are: (i) admitted to trading on a U.K. Regulated Market—the FCA will set rules on when a prospectus is required; (ii) admitted to trading on an multilateral trading facility (MTF) operating primary markets—the FCA will supervise MTFs to ensure that MTFs require an admission document to be published; or (iii) publicly offered through a “public offer platform,” such as crowdfunding platforms—no prospectus will be required, but the FCA will set requirements for these platforms such as due diligence and disclosure rules. Exemptions will apply which depend on the type or scope of the public offer, for example, offers below a de minimis threshold or offers made to fewer than 150 people.

    It is proposed that the MTF model would be adapted for admission of cryptoassets to a U.K. cryptoasset trading venue. The FCA would set the general rules for admission and disclosure, and cryptoasset trading venues would set detailed requirements for disclosure documents required for admission. HM Treasury does not expect these to take the same form as prospectuses used for securities offerings. The issuer, or trading venue (if acceptable to the venue), would prepare the admission document. Liability for the content would sit with the entity preparing the document.

  • Making a public offer of cryptoassets (including ICOs)

    The government’s view is that public offers of cryptoassets could amount to a securities offering. For public offers of cryptoassets that are a securities offering and are considered a Security Token Offering (STO), the Public Offers and Admissions to Trading Regime will regulate the activity, and some of the exemptions available could apply. Public offers of cryptoassets that are not a STO will be prohibited unless conducted on a regulated trading venue.

Under the FSM Bill, HM Treasury will be empowered to establish a supervisory regime for issuers of stablecoins used for payment. It is intended that the FCA will supervise these issuers. Detailed provisions of the regime are yet to be published.

The EU’s MiCA similarly will ban the admission to trading of cryptoassets other than e-money tokens and asset-referenced tokens (ARTs), unless certain requirements are met, including that the issuer is a legal entity and a cryptoasset white paper that has been notified to the relevant national competent authority is published. Once all the requirements are complied with, offerors may offer such cryptoassets throughout the EU and cryptoassets may be admitted to any EU cryptoasset trading venue. Issuers of ARTs will need to obtain authorisation before the ART can be offered in the EU or admitted to trading on an EU venue. Issuers of e-money tokens must also be authorised (as a credit institution or e-money institution) before making a public offering or seeking admission to trading on a trading venue.

Trading Venues

Under the proposals, the regulatory framework for cryptoasset trading venues would be based on the existing regime for regulated trading venues, such as the operation of an MTF. This also reflects the MiFID II regime. However, it is proposed that the cryptoasset framework would be adapted where necessary to take account of specific characteristics and risks of cryptoasset trading activities, including in the areas of cyber security and conflicts of interests.

It is likely that such trading venues offering services to U.K. investors will need to be incorporated in the U.K. or establish a subsidiary in the U.K.

Regulated cryptoasset trading venues will be subject to the same range of requirements that currently apply to traditional trading venues, including having fair, open and transparent rules, outsourcing requirements, as well as business continuity and cyber security protections. In addition, data reporting requirements will apply for both on-and-off chain transactions facilitated by the trading venue, and a venue will need to have systems for information sharing, to counter market abuse.

These proposals are similar to those implemented in other jurisdictions for firms operating a cryptoasset trading venue or offering exchange-like services as CASPS. The EU’s MiCA includes similar requirements to the proposed U.K. requirements. Some differences may emerge as the details of the U.K. rules are finalised. For example, EU MiCA requires cryptoasset trading venues to initiate the final settlement of an on-chain cryptoasset transaction within 24 hours of the transaction being executed on the trading platform, or in the case of transactions settled off-chain, on the closing of the day at the latest. The U.K. government is deferring laying down settlement requirements now so that it can assess the most appropriate requirements based on what is learnt from the incoming U.K. Financial Market Infrastructure (FMI) sandbox.

Market Abuse

The government is proposing to introduce a civil market abuse regime for the cryptoasset markets. The regime will be based on elements of the existing market abuse regime in the securities sector set out in the U.K. Market Abuse Regulation (MAR) and related FCA rules and guidance. It is proposed that the offences for market abuse (insider dealing, market manipulation and unlawful disclosure of inside information) would apply to any person or firm committing market abuse in relation to a cryptoasset that is requested to be admitted to trading on a U.K. trading venue. This would apply regardless of where the person or firm is located or where the trading takes place, mirroring the extraterritorial extent of the existing U.K. MAR regime.

The proposed market abuse regime for cryptoassets would impose obligations on certain market participants. The primary obligation would sit with cryptoasset trading venues, which would need to detect, deter and disrupt market abusive behaviours. Regulated cryptoasset intermediaries would also need to have systems for detecting market abuse. The FCA would be responsible for supervising compliance by the trading venues and intermediaries.

There are several challenges, recognised by the government, in achieving the same regulatory outcomes for the cryptoasset market abuse regime as there are for the traditional financial markets. Such challenges include the global cross-border nature of the cryptoasset markets and the high participation of retail actors. The government argues that having some framework in place to guard against market abuse is preferrable to having no regime. The new regime will be monitored, and it is hoped that market abuse prevention and enforcement capabilities will be strengthened in the future by new technologies, international coordination and potentially the introduction of criminal offences.

The EU’s MiCA also prohibits insider dealings, unlawful disclosure of inside information and market manipulation where cryptoassets are admitted to trading on a trading platform for cryptoassets. Notably, derivatives that are financial instruments under EU MiFID II are subject to the EU’s MAR when traded on a regulated market, MTF or organised trading facility (OTF). Cryptoassets subject to MiCA that are the underlying asset for such derivatives will be subject to MiCA’s market abuse regime.

Areas for Potential Future Regulation?

The consultation paper also includes a call for evidence on three separate subjects: (i) decentralised finance (“DeFi”); (ii) other crypto activities such as investment advice and portfolio management; and (iii) sustainability.


DeFi enables a range of financial services activities to be offered using blockchain technology, potentially removing the need for certain traditional financial intermediaries. Transactions take place “automatically” in accordance with rules which conclude and perform automated smart contracts; this makes it difficult to identify who has regulatory responsibility for these activities. Although DeFi currently represents a small fraction of financial services activity, the usual risks (including a lack of transparency and operational resilience) apply. There is a potential for growth in the market if the technology is more widely adopted.

HM Treasury acknowledges that it can be hard to tie DeFi activities to a single jurisdiction. The U.K. does not plan to front-run any global solution to the issue by adopting a prescriptive U.K. framework that may be superseded by global standards from international bodies. However, HM Treasury hopes to adopt a proportionate approach that embraces innovation while ensuring DeFi is suitably captured by regulation to avoid regulatory arbitrage.

One option for the future is to regulate a defined group of De-Fi activities under the RAO or the designated activities regime proposed in the FSM Bill. As with the government’s other proposals, inspiration can be taken from analogous regimes, e.g., the rules governing algorithmic trading in traditional finance.

Activities that are truly open-source and decentralised become very difficult to regulate, so regulatory responsibility could be shifted, for example, to the exchanges and those firms that facilitate consumer access to DeFi.

Content Disclaimer
This content was originally published by Shearman & Sterling before the A&O Shearman merger