From the journal

UK Cryptoassets Regulations 2026 Set Full Regulatory Regime to Commence October 2027

The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, Statutory Instrument 2026 No. 102, designates specified cryptoasset activities as regulated activities under the Financial Services and Markets Act 2000, with the regime coming into force on 25 October 2027. Firms must apply to the FCA for authorisation from 30 September 2026, with the application window closing 28 February 2027. The regime covers stablecoin issuance, custody, trading platform operation, dealing, arranging, and staking.

3 min read

The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, made as Statutory Instrument 2026 No. 102, designates specified cryptoasset activities as regulated activities under the Financial Services and Markets Act 2000. The regulated activities regime comes into force on 25 October 2027. The FCA authorisation gateway for cryptoasset firms opens on 30 September 2026 and closes on 28 February 2027, giving firms a five-month window to apply before the commencement date.

The instrument amends Schedule 2 to the Financial Services and Markets Act 2000 to add the following as regulated activities: issuing qualifying stablecoin in the UK; safeguarding qualifying cryptoassets; arranging for another person to safeguard qualifying cryptoassets; operating a qualifying cryptoasset trading platform; dealing in qualifying cryptoassets as principal or agent; arranging deals in qualifying cryptoassets; making arrangements with a view to transactions in qualifying cryptoassets; and qualifying cryptoasset staking. Carrying on any of these activities without FCA authorisation after 25 October 2027 constitutes an offence under section 19 of the Financial Services and Markets Act 2000, attracting criminal and civil liability.

Cryptoasset trading platforms, stablecoin issuers, custodians, brokers, dealers, and staking service providers operating in or into the UK must obtain FCA authorisation or cease the relevant regulated activity before 25 October 2027. Firms currently registered with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 as cryptoasset businesses must apply separately for authorisation under the 2026 Regulations; MLR registration does not constitute authorisation. Gambling operators and gaming technology suppliers accepting cryptoassets should assess whether their payment and custody arrangements trigger any of the newly designated regulated activities.

An admissions and disclosures framework and a cryptoasset-specific market abuse regime are subject to separate FCA consultation under Consultation Paper CP25/41 and are not included in SI 2026 No. 102. Transitional arrangements for existing FCA-registered cryptoasset businesses are expected in forthcoming FCA policy statements, but no transitional provisions appear in SI 2026 No. 102 as made. The regulatory perimeter for decentralised finance protocols and non-custodial wallet providers remains subject to ongoing FCA analysis.

Licentium advises cryptoasset businesses, exchanges, stablecoin issuers, and gambling operators integrating cryptoasset payment rails on UK regulatory authorisation strategy and FCA engagement. Our consultants assist with FCA authorisation applications, regulatory perimeter analysis, and SMCR implementation for cryptoasset firms. Work we undertake includes: UK cryptoasset authorisation applications, FCA regulatory perimeter advice, senior manager and certification regime implementation, AML/CTF compliance for cryptoasset businesses, and cross-border regulatory mapping for firms active in UK and EU markets.

Source: The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, SI 2026 No. 102

Crypto Regulatory

More from the journal

See all

Illinois signs Artificial Intelligence Safety Measures Act into law, effective January 2027

Governor JB Pritzker signed the Illinois Artificial Intelligence Safety Measures Act on 6 July 2026, making Illinois the first US state to require mandatory annual third-party audits of frontier AI model developers. The Act applies to large frontier developers operating or deploying models in Illinois, requires transparency reports before each new or substantially modified frontier model deployment, and establishes civil penalties. Core obligations take effect 1 January 2027.

UK consults on modernising payment services regulation covering stablecoins and AI agents, 2026

HM Treasury launched a consultation on modernising the UK payment services regulatory regime, with responses due by 6 October 2026. The consultation addresses how to adapt regulation for tokenised payments including qualifying stablecoins, Open Banking expansion, and agentic AI systems authorised to conduct payments. It follows the February 2026 Payments Forward Plan and the government's decision to transfer Payment Systems Regulator functions to the Financial Conduct Authority.

Hong Kong SFC mandates phishing-resistant authentication for internet brokers and VATPs, July 2026

The Hong Kong Securities and Futures Commission issued a circular on 9 July 2026 requiring licensed corporations engaged in electronic trading and SFC-licensed virtual asset trading platform operators to replace one-time passwords with phishing-resistant authentication methods. Covered firms must implement passkeys or bound-device recognition for client login and device binding. Large internet brokers must act immediately. All other in-scope firms have up to 12 months to comply.