Author: James Borley, Director, Payment Services
By any measure, the UK’s approach to cryptoasset regulation has reached an inflection point. It is now no longer a matter of ‘if’ but ‘when’. With the publication of Consultation Paper 26/13 (CP26/13), the Financial Conduct Authority (FCA) continues the transition from interpretative perimeter guidance to a fully-fledged regulatory regime grounded in the Financial Services and Markets Act 2000 (FSMA).
This article summarises the key elements of CP26/13 and offers some reflections on its implications for firms managing the perimeter.
From Taxonomy to Territory
The FCA’s earlier work and publications, most notably PS19/22, was concerned primarily with cryptoasset taxonomy: distinguishing between security tokens, e-money tokens and unregulated exchange or utility tokens.
That framework, while useful, was inherently limited. It clarified what might fall within the perimeter, but not how far the perimeter should extend. Indeed, a significant proportion of cryptoasset activity, particularly involving exchange tokens, remained outside regulation altogether.
CP26/13 represents a decisive shift. Rather than continuing to rely on analogies to existing specified investments, the FCA is now working alongside HM Treasury to extend the perimeter itself, bringing defined cryptoasset activities explicitly within scope.
Activity-Based Regulation
A central theme of CP26/13 is the move towards an activity-based regime. This aligns cryptoassets with the broader, traditional FSMA model, where regulation is triggered not merely by the nature of the asset or instrument, but by the activities performed in relation to it.
The emerging list of regulated activities is expansive. It includes, among others:
- Operating cryptoasset trading platforms;
- Dealing (as principal or agent) in qualifying cryptoassets;
- Arranging deals in cryptoassets;
- Safeguarding and custody services; and
- Issuance of qualifying stablecoins.
This approach is conceptually significant. It reduces the scope for regulatory arbitrage based on token design and instead focuses on the economic function of the activity. In doing so, it echoes the FCA’s long-standing principle that ‘same risk, same regulation’ should apply irrespective of technological wrapper. The classic regulatory tenet of “technologically neutral.”
What Remains Outside?
Despite this expansion, CP26/13 does not herald universal regulation of all cryptoassets. Boundary questions persist and, in some cases, become more nuanced.
The perimeter will still depend on:
- Whether the asset qualifies as a ‘specified investment’ or a newly defined ‘qualifying cryptoasset’;
- Whether the activity is carried on ‘by way of business’ in the UK; and
- The nature of the client (e.g. retail vs wholesale).
This layered approach introduces complexity. Firms must now determine first, whether the asset falls within scope, and second, whether their activities in relation to that asset are now captured.
The result is not simplification, but a more granular perimeter.
Interplay with the Wider Crypto Roadmap
CP26/13 is not to be read as a stand-alone document. Rather, it forms part of a broader legislative and regulatory programme, including consultations such as CP26/4 on the application of the FCA Handbook to cryptoasset firms.
Notably, the FCA intends to apply its core regulatory frameworks, such as Consumer Duty, Conduct of Business rules (COBS), Senior Managers and Certification Regime (SM&CR) and safeguarding requirements, to crypto firms in much the same way as traditional financial services.
Cryptoassets are not to be regulated as a stand-alone or parallel system, as they perhaps exist today under the Money Laundering Regulations, but as an extension of the existing FSMA framework.
A More Interventionist Perimeter
There is also a subtle but important philosophical shift. Historically, the FCA has emphasised that it does not control the perimeter; this is a matter for HM Treasury.
However, CP26/13 illustrates a more proactive stance. The FCA is not merely interpreting the perimeter; it is actively shaping how it will operate in practice, including:
- Defining categories such as “qualifying cryptoassets”;
- Setting expectations for UK establishment of firms; and
- Designing activity-specific rules and supervisory approaches.
In effect, the perimeter is becoming a regulatory toolkit, not just a boundary line.
Practical Implications for Firms
For firms, the implications are immediate and material:
- Authorisation is coming into scope
Firms that previously operated outside the perimeter,particularly exchanges, brokers and custodians, should now assume they will require FCA authorisation. Remember, the FCA plans to open its doors to new applications for authorisation from 30 September 2026. - Structural considerations will be critical
Unsurprisingly, the FCA hasa strong preference (and in some cases requirement) for UK-incorporated entities serving UK clients. This may have significant implications for global operating models, perhaps used to operating entirely on a cross-border basis. - Compliance frameworks must mature rapidly
Application of the Consumer Duty and other Handbook requirements will require a step-change inexisting governance, controls and documentation. - Perimeter analysis becomes ongoing, not static
Given the functional approach, firms will need to continually reassess their activities as products evolve.
Clarity at the Cost of Complexity?
CP26/13 undoubtedly makes it clear that most economically significant cryptoasset activities will be regulated.
However, this clarity comes with a trade-off. The perimeter is no longer a relatively simple classification exercise; it is a multi-dimensional analysis combining asset type, activity, client base and domicile.
There is though a risk that complexity, previously embedded in token taxonomy, re-emerges in the interpretation of regulated activities and their application to novel business models. Indeed, as we continue to see in other sectors, innovation stands still for no-one and legislation can only take into account what is here today and reasonably visible on the horizon. There will inevitably be advances and development that push and pull at use cases and the perimeter. This is where such cases “not in the contemplation of the legislator/regulator” will present future challenges.
Conclusion
CP26/13 marks a pivotal stage in the UK’s crypto regulatory journey. It reflects a transition from guidance to governance, from classification to capture. Most importantly, better clarity as to what’s in and out of the perimeter.
For firms, the message is clear: the era of operating at the edges of the perimeter (admittedly, largely a consequence of the absence of comprehensive legislation) is drawing to a close. The focus must now shift to authorisation, compliance and sustainable business models within a fully regulated environment. In that respect, crypto starts playing with the grown-ups and will be held to account accordingly.
As with many FCA initiatives, the direction is pragmatic rather than radical. But the cumulative effect is transformative. Oh, and you do know that the FCA has a ready, willing and organised (to coin a phrase) Unauthorised Business Department monitoring the regulatory perimeter, right?
How Complyport Can Help
Complyport supports firms in managing regulatory change, including emerging cryptoasset requirements under the FCA’s evolving perimeter. Our services include:
- FCA authorisation and regulatory permissions;
- SM&CR implementation and governance frameworks;
- Consumer Duty gap analysis and implementation;
- Ongoing compliance support and monitoring; and
- Regulatory horizon scanning and impact assessments.
If your firm is likely to be impacted by CP26/13 or the broader UK crypto regulatory framework, we encourage you to speak with one of our Subject Matter Experts.
Contact Complyport today to arrange a consultation and ensure your business is prepared for the upcoming regulatory changes.
Ask ViCA, your Virtual Compliance Assistant. Claim your complimentary 20 queries today! Register here: https://vica.chat
