UK's New Crypto Regulations: A 24-Hour Deadline That Could Catch Firms Off Guard

The UK's Financial Conduct Authority has unveiled proposed crypto regulations that may broaden the definition of custody, potentially affecting platforms and software providers that do not consider themselves custodians. The FCA's Cryptoasset Perimeter Guidance, published recently, outlines several technical traps for firms handling client crypto assets. A key provision draws a line at the 24-hour mark for custody, meaning any firm holding client assets for more than a day during trade settlement may be classified as a regulated custodian, requiring a full safeguarding license. Validators and node operators must also exercise caution, as providing 'added value' features such as user dashboards or yield tools may prompt the need for full approval for arranging staking. The FCA aims to strengthen consumer protections and support fair markets with these new rules. Notably, the regulator has addressed the 'shadow custody' issue, clarifying that a crypto service provider is considered a custodian if it can theoretically override a client's authority, even if it guarantees not to exert that power. The FCA has requested feedback on these proposals, which will be finalized in policy statements this summer, followed by the final perimeter guidance in September. The new regulations will require all entities providing crypto services to transition from the current money-laundering registration system to a stricter approval regime under the UK's Financial Services and Markets Act. Firms intending to continue operating under the new regulations will have a five-month application window, from September 30, 2026, to February 28, 2027, to apply for approval and avoid potential fines and suspensions.