FCA Consults On Cryptoasset Perimeter Guidance For The UK’s Forthcoming Crypto Regime.

Executive Summary

What’s new: The UK FCA published Consultation Paper CP26/13 on 28 April 2026, setting out proposed perimeter guidance for the new UK-regulated cryptoasset activities under the UK’s forthcoming cryptoasset regulatory regime.

Why it matters: The proposed guidance will be important for all stakeholders looking to provide cryptoasset-related services in the UK and is particularly relevant to overseas firms, given the FCA’s guidance on when activities may be treated as carried on “in the UK.”

What to do next: Firms should consider mapping existing and planned UK-facing cryptoasset activities against the proposed FSMA regulated activities, classifying relevant tokens, identifying required permissions and preparing for the FCA application window opening on 30 September 2026.

__________

On 28 April 2026, the UK Financial Conduct Authority (FCA) published Consultation Paper CP26/13 (the CP), setting out proposed perimeter guidance for the new UK-regulated cryptoasset activities under the UK’s forthcoming cryptoasset regulatory regime.

The CP is open for comment until 3 June 2026, with final guidance expected in September 2026. The FCA expects the application window for firms seeking authorisation, or variations of permission, to run from 30 September 2026 to 28 February 2027, ahead of the new regime commencing on 25 October 2027.

CP26/13 is a significant step in the FCA’s implementation of the UK’s cryptoasset regulatory framework. Although the CP does not itself expand the perimeter, it provides important guidance on how the FCA expects firms to analyse whether their activities will require authorisation under the Financial Services and Markets Act 2000 (FSMA). The guidance will sit in a new chapter of the FCA’s Perimeter Guidance Manual (PERG), PERG 19.

The proposed guidance will be important for all stakeholders who are looking to provide cryptoasset-related services in the UK. It is also particularly relevant to overseas firms, given the FCA’s proposed guidance on when activities may be treated as being carried on “in the UK” (including services that are provided to UK consumers from outside the UK).

The core message is that firms should not rely on labels used in crypto markets. The FCA emphasises a substance-over-form analysis. The relevant questions are:

What the firm does.

Where the activity is carried on.

Whether it is carried on by way of business.

Whether the relevant cryptoasset falls within the new categories.

Whether an exclusion or exemption applies.

The FCA also makes clear that smart contracts, public blockchains or decentralised features do not, of themselves, place an arrangement outside the regulatory perimeter.

Background

From 25 October 2027, a new set of regulated cryptoasset activities will become subject to regulation in the UK under FSMA. Persons carrying on those activities by way of business in the UK will need to be authorised unless an exclusion or exemption applies.

Existing FCA-authorised firms may need to apply for a variation of permission where they are carrying on activities that are currently unregulated but will become regulated under the regime. Firms currently registered under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) will not be treated as FSMA-authorised merely because of that registration and will need to apply for authorisation separately.

The regulated cryptoasset activities covered by the proposed guidance follow those activities introduced by the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, namely:

Issuing qualifying stablecoins: UK-established issuers carrying on or arranging the offer, redemption and maintaining of value of qualifying stablecoins.

Safeguarding cryptoassets: Custody-style activity involving qualifying cryptoassets or relevant specified investment cryptoassets.

Arranging cryptoasset safeguarding: Arranging for another person to safeguard cryptoassets.

Operating a qualifying cryptoasset trading platform: Operating a venue or system for trading qualifying cryptoassets.

Dealing in qualifying cryptoassets as principal: Buying or selling qualifying cryptoassets on one’s own account.

Dealing in qualifying cryptoassets as agent: Buying or selling qualifying cryptoassets on behalf of others.

Arranging deals in qualifying cryptoassets: Bringing about transactions or making arrangements that facilitate trading.

Arranging qualifying cryptoasset staking: Arranging blockchain validation using qualifying cryptoassets on behalf of another person.

Key Takeaways

1. The guidance is likely to be central to authorisation strategy.

The proposed guidance is intended to help firms identify which permissions they need, and the FCA has expressly linked it to improving the quality of applications. Firms should therefore expect the FCA to test authorisation applications against the PERG 19 analysis.

Firms should consider beginning mapping products, services, customer journeys and contractual flows to the proposed PERG 19 categories now. The FCA application window is short, and perimeter uncertainty could delay applications or lead to firms applying for the wrong permissions.

2. The UK territorial perimeter will be important for overseas firms.

The FCA explains that certain activities may be treated as carried on in the UK even where some participants or elements are overseas. In particular, services provided to UK consumers by overseas firms may fall within scope in certain circumstances. The FCA also notes that its baseline expectation is for firms requiring FCA authorisation to carry out regulated cryptoasset activities from a UK subsidiary.

Even outside of the consumer market, the absence of an “overseas person exemption” means this will remain a tricky issue even for institutional markets.

This is one of the most important points for global cryptoasset businesses. The UK regime is not a simple “place of establishment” test. Firms servicing UK retail users from offshore entities may want to assess:

Whether they need UK authorisation.

Whether a UK entity is required.

How group operating models should be restructured.

3. The FCA is taking a broad view of intermediation.

The proposed guidance states that dealing and arranging will cover a broad range of buying, selling and facilitation activities. Arranging can include both bringing about specific transactions and making ongoing arrangements that facilitate trading, including where a firm provides only part of the transaction infrastructure.

Many firms that consider themselves technology providers, front-end providers, liquidity routers, brokers, on/off-ramp providers or app-based access points may need to consider whether they are arranging deals, even if they do not hold client assets or execute trades directly.

4. Custody analysis will focus on control, not legal ownership alone.

The safeguarding activity may apply where cryptoassets are held on behalf of another person and the firm has the requisite degree of control, even where the customer does not legally own the cryptoasset but has a right against the firm for its return.

This is particularly relevant to omnibus wallet models, internal ledger structures, exchange float models and arrangements where clients have contractual claims rather than direct on-chain ownership. Firms should ensure that custody, trading and settlement models are analysed together.

5. UK stablecoin issuance is treated separately, but non-UK issued stablecoins are otherwise largely treated like other qualifying cryptoassets.

The activity of issuing qualifying stablecoin in the UK requires a UK-established person to carry on, or arrange for another person to carry on, all three core elements: offering the stablecoin, undertaking redemption and maintaining its value.

The perimeter guidance should be read together with the FCA’s earlier proposals on stablecoin issuance and custody (see our earlier client alert), including requirements for 1:1 backing, backing asset composition, redemption, safeguarding backing assets and disclosures.

6. Scope of cryptoasset definitions are important for identifying the relevant regulated activities that apply.

The proposed guidance explains that a “qualifying cryptoasset” is a cryptoasset that is fungible, transferable cryptographically, and functions as more than a mere record of value or rights. “Qualifying stablecoins” are a subset of qualifying cryptoassets and are described as cryptoassets that seek or purport to maintain a stable value relative to a fiat currency and are supported by fiat or other backing assets.

The FCA also confirms that certain assets are excluded, including electronic money, fiat currency, central bank digital currencies, limited-network cryptoassets and cryptoassets that fall within other specified investment categories. Tokenised shares or bonds may already be specified investments, meaning existing regulated activities may apply rather than, or in addition to, the new cryptoasset activities.

Firms should carefully review the distinction between qualifying cryptoassets, qualifying stablecoins and specified investment cryptoassets. Firms should not assume that all tokens on a platform can be treated uniformly. Token classification should become a formal governance process, with legal signoff, documented rationales and periodic reassessment.

Activity-by-Activity Analysis

Issuing Qualifying Stablecoins

The FCA proposes guidance on:

When issuing a qualifying stablecoin is carried on in the UK.

What it means to “issue.”

Who would be authorised to issue.

How redemption forms part of the regulated activity.

A key feature is that the activity requires all three limbs (offer, redemption undertaking and value maintenance) to be carried on or arranged by the relevant UK-established issuer.

Firms should consider identifying which group entity creates, offers, redeems and maintains the stablecoin. Where different functions are split across affiliates or third parties, the group may want to assess whether the UK entity is “issuing” or whether other permissions may be needed. Issuers should also consider how the perimeter guidance interacts with separate FCA proposals on backing assets, redemption rights, statutory trust arrangements and third-party arrangements.

Safeguarding and Arranging Safeguarding

The safeguarding activity covers safeguarding qualifying cryptoassets or relevant specified investment cryptoassets on behalf of another person, as well as arranging for another person to do so. The FCA’s focus is on whether the firm has the necessary degree of control over the cryptoasset rather than solely on legal title.

In the crypto context, “control” can arise in ways that do not have direct analogues in traditional custody models — for example, where:

A firm controls or co-controls private keys (including through multisignature arrangements), enabling it to unilaterally or jointly authorise transfers.

Assets are held in an omnibus wallet structure and customers have only contractual claims against the firm, but the firm controls the wallet infrastructure and transaction execution.

A platform operates an internal ledger or off-chain book-entry system, with client entitlements recorded internally while the firm retains control of the underlying on-chain assets.

A firm can initiate, block or reverse transactions (e.g., through smart contract permissions, admin keys or governance controls embedded in protocols).

Assets are subject to staking, rehypothecation or pooling arrangements, and the firm controls how and when assets are deployed or returned to clients.

These features are structurally different from traditional custody, where control is typically evidenced through legal title, possession or segregated account arrangements with central securities depositories or custodians. In contrast, cryptoasset control is often a function of technical access rights and transaction authority, rather than formal legal ownership.

Custody permissions may therefore be required by exchanges, wallet providers, prime brokers, lending platforms and other firms that control wallets, private keys, transfer mechanisms or internal ledger arrangements, even where customers are described as “owning” the assets. Firms should also consider whether they are arranging safeguarding where they introduce or route clients to a third-party custodian.

Operating a Qualifying Cryptoasset Trading Platform

The FCA’s proposed guidance addresses when a firm may be operating a qualifying cryptoasset trading platform (QCATP), including examples involving different operators, locations and business models. The FCA notes that a QCATP operator may also need other permissions, such as safeguarding or dealing as principal, depending on its activities.

Trading venues should not treat the QCATP permission as a complete solution. An exchange model may involve multiple regulated activities, such as custody, principal dealing, agency dealing, arranging, and potentially staking or lending-related permissions.

Dealing and Arranging

The FCA states that dealing in qualifying cryptoassets as principal or agent covers a broad range of buying and selling activities, while arranging deals includes both transaction-specific arrangements and ongoing arrangements that facilitate trading. This can apply even where a firm provides only part of the facilities for a transaction.

This is likely to capture a range of business models, including:

Broker apps.

Execution-only interfaces.

Liquidity routing models.

On/off-ramp providers.

Embedded crypto offerings.

Firms should be cautious about relying on a “technical services” characterisation, as the FCA specifically notes there is no general technical services exclusion for arranging deals in qualifying cryptoassets.

Cryptoasset Lending and Borrowing

Cryptoasset lending and borrowing is not a stand-alone regulated cryptoasset activity. However, the FCA states that such arrangements may involve dealing, arranging and safeguarding, depending on their structure and contractual terms.

Firms offering yield, lending, borrowing, margin, collateralised loan or rehypothecation-style products should consider conducting a granular analysis of title transfer, client rights, asset control, matching mechanics and repayment obligations.

Arranging Qualifying Cryptoasset Staking

The proposed staking activity focuses on arrangements made on behalf of another person for blockchain validation using qualifying cryptoassets. Activities that may be within scope include:

Managing the end-to-end staking life cycle.

Pooling customer assets to meet validator thresholds.

Distributing staking rewards.

Pure technical services, such as operating a validator node or offering solo staking tools without further involvement, are generally less likely to be in scope on their own.

Staking providers should distinguish between pure infrastructure, delegated staking, pooled staking, custodial staking and reward distribution. The more a firm intermediates the client’s participation, controls assets or manages the staking life cycle, the more likely it is to require permission.

Exclusions and Exemptions

The FCA emphasises that exclusions are activity-specific and fact-dependent. Firms should not assume that exclusions available in traditional financial services apply in the same way to cryptoasset activities. The proposed guidance covers two general exclusions: activities carried on for the sale of goods or supply of services, and activities incidental to a regulated profession or business.

Exclusions should be treated as part of the core perimeter analysis, not as an afterthought. Firms relying on an exclusion should document their analysis carefully.

Interaction With the MLRs Regime

Once the new regime applies, UK firms with MLRs registration will need FSMA permission if they are within scope. Cryptoasset firms will need to continue to comply with MLRs obligations but will no longer need a separate MLRs registration, as this will form part of their authorisation under FSMA.

MLRs-registered firms should not assume a smooth migration into FSMA authorisation. The FCA will assess them against a much broader set of prudential, conduct, governance, systems and controls, custody and market integrity requirements.

Consequences of Getting the Perimeter Wrong

Breach of the FSMA general prohibition is a criminal offence punishable by up to two years’ imprisonment, an unlimited fine or both. Agreements entered into by an unauthorised person carrying on regulated activity may also be unenforceable. On this basis, firms should maintain written assessments, escalation processes and change control procedures for new tokens, products, jurisdictions and customer types.

Key Issues for Third-Country Firms and the UK Perimeter

The proposed perimeter guidance should be read alongside the forthcoming amendments to Section 418 of FSMA, which sets out various cases where an activity will be deemed to be carried on in the UK. These changes are not expected to take effect until the new cryptoasset regime comes into force on 25 October 2027, but they are central to how the UK perimeter will apply to non-UK firms.

Expansion of the UK Territorial Scope

Once in force, the modified Section 418 of FSMA will expand the circumstances in which cryptoasset activities carried on by third-country firms may be treated as taking place in the UK, even where the firm has no physical presence in the UK.

In particular, from October 2027, a third-country firm may be treated as carrying on regulated cryptoasset activities in the UK in the following circumstances:

Sale or subscription of cryptoassets to UK consumers: A non-UK firm will be treated as providing services in the UK where it is involved in the sale or subscription of a qualifying cryptoasset to a UK consumer, unless:

the transaction is intermediated by a UK-authorised firm operating a QCATP; or

a UK-authorised firm is dealing as principal (but not as agent) in the transaction on the non-UK firm’s behalf.

Custody provided to UK consumers: A non-UK firm providing safeguarding (i.e., custody) services to UK consumers will generally be treated as carrying on that activity in the UK. Notably, this applies to direct custody but does not extend to subcustody arrangements, meaning that a non-UK subcustodian appointed by a UK-authorised custodian would not, by that fact alone, be brought within scope.

Although these provisions are not yet in force, they represent a clear policy direction aimed at preventing regulatory arbitrage through offshore structures. Firms should therefore assess their exposure now, particularly where business models involve direct engagement with UK retail users.

Subsidiaries vs. Branches

The FCA has indicated a baseline expectation that firms carrying on regulated cryptoasset activities in the UK should, once the regime is live, do so through a UK-incorporated subsidiary, rather than a branch of an overseas entity.

An exception may apply to firms operating a qualifying cryptoasset trading platform, which may in some cases be permitted to operate through a UK branch. However, where a QCATP branch undertakes additional regulated activities (such as custody, dealing or arranging), the FCA may expect those activities to be conducted through a separately authorised UK subsidiary.

Firms operating multiservice platforms should not assume that a single branch authorisation will be sufficient.

This forward-looking expectation is likely to influence structuring decisions well in advance of October 2027. For cryptoasset groups, this points towards early consideration of subsidiarisation, governance build-out and allocation of regulated activities across legal entities.

Implications for Business Models

Both the distinction between principal and agency models and the subsidiarisation requirement will be critical for business models once the regime takes effect.

The carve-out for UK-authorised firms applies only where the UK firm is dealing as principal, not where it is acting as agent. As a result, non-UK firms relying on UK intermediaries will need to assess whether those intermediaries can operate on a principal basis, rather than merely execute client orders as agent. Agency-style brokerage or “introducer” models are less likely to prevent UK territorialisation once the regime is in force.

Firms may need to revisit execution flows, risk warehousing and balance sheet usage ahead of October 2027 to determine whether a principal model is commercially and prudentially viable.

Similarly, in relation to custody, offshore custodians providing services directly to UK clients are likely to require UK authorisation once the regime commences. Global custody models may therefore need to be restructured so that UK clients are onboarded through a UK-authorised custodian. However, subcustody chains can remain international, provided that the client-facing custodian is UK-authorised.

What Firms Can Do Now

Financial institutions and cryptoasset firms that undertake, or intend to undertake, cryptoasset activities in the UK should consider:

Mapping existing and planned UK-facing cryptoasset activities against the proposed FSMA regulated activities, referencing the PERG 19 guidance.

Classifying all relevant tokens as qualifying cryptoassets, qualifying stablecoins, specified investment cryptoassets or out-of-scope assets.

Identifying which permissions may be required for each product and legal entity.

Reviewing UK consumer access, including offshore onboarding, apps, websites and marketing channels.

Assessing whether custody, internal ledger, float, omnibus wallet or settlement models involve safeguarding.

Reviewing reliance on exclusions and documenting the basis for any out-of-scope conclusions.

Developing a target operating model for the UK, including deciding on the establishment of subsidiaries and/or branches.

Preparing for the FCA application window opening on 30 September 2026.

Considering responding to the CP by 3 June 2026, particularly where business models depend on unresolved perimeter questions.

CP26/13 is not merely a technical PERG update. It is the FCA’s road map for how it expects firms to determine whether they are inside the new UK cryptoasset perimeter. The proposals confirm that the UK regime will be broad, activity-based and substance-driven, with particular significance for:

Overseas firms targeting UK consumers.

Platforms with integrated custody and execution models.

Stablecoin issuers.

Staking providers.

Firms offering lending or yield products.

The guidance should give firms more certainty, but it also highlights the complexity of applying traditional FSMA concepts to cryptoasset business models. Firms that begin perimeter mapping, entity structuring and authorisation planning early will be best placed to navigate the transition to the new regime.

This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.

For further information, please contact:

Sebastian J. Barling, Partner, Skadden

sebastian.barling@skadden.com

FCA Consults On Cryptoasset Perimeter Guidance For The UK’s Forthcoming Crypto Regime.

UK – Rethinking Recruitment After The Employment Rights Act 2025 (‘ERA 2025’).

FCA Consults On Cryptoasset Perimeter Guidance For The UK’s Forthcoming Crypto Regime.

US – SEC Proposes Optional Semiannual Reporting For Public Companies.

Malaysia – Corporate/M&A Update: Guidelines On De-Controlled Vehicles And Pick-Up Trucks.

- Datin Grace C. G. Yeoh - Shearn Delamore & Co,

Corporate/M&A Update: Introduction Of MY Value Programme B SC And Bursa Malaysia.

- Datin Grace C. G. Yeoh - Shearn Delamore & Co,

Corporate/M&A Update: Revised Guidelines On Listed Real Estate Investment Trusts Issued By The Securities Commission Malaysia.

- Datin Grace C. G. Yeoh - Shearn Delamore & Co,

Balancing Energy Demand And Climate Goals: Is Nuclear Power The Answer For Malaysia?

UK – Pension Schemes Act 2026 Brings Opportunities And Challenges For Trustees And Employers Of Occupational Pension Schemes.

China Strengthens Enforcement Against Foreign Extraterritorial Measures With New Blocking Rules And Supply Chain Security Controls.

Making Space: How Leaders Lift Others In Legal Tech.

CONVENTUS LAW

OTHERS

FCA Consults On Cryptoasset Perimeter Guidance For The UK’s Forthcoming Crypto Regime.

Register for your monthly Asia legal updates from Conventus Law

Footer

CONVENTUS LAW

OTHERS