UK Crypto Regulations: Hidden Pitfalls for Unwary Firms

The UK's Financial Conduct Authority has unveiled proposed crypto regulations that could significantly broaden the definition of custody, potentially ensnaring platforms and software providers that do not consider themselves custodians. The FCA's Cryptoasset Perimeter Guidance, published recently, outlines several technical pitfalls for firms handling clients' crypto assets. A key aspect of the rules is the 24-hour threshold for custody, whereby any firm or crypto platform holding client assets for more than a day during trade settlement may be classified as a regulated custodian, necessitating a full safeguarding license. Validators and node operators must also exercise caution, as the regulator has warned that providing 'added value' features, such as user dashboards or yield-compounding tools, will result in the loss of their pure tech exemption, requiring them to seek full approval for arranging staking. The FCA has stated that its new perimeter provides the necessary tools to strengthen consumer protections and support fair, transparent, and orderly markets as the sector matures. Notably, the regulator has addressed the issue of 'shadow custody' for the first time, clarifying that if a crypto service provider can theoretically override a client's authority, it is considered a custodian, regardless of whether it guarantees that it will not exert that power. The document emphasizes that the use of smart contracts, public blockchains, or elements of decentralization does not determine the perimeter position or exempt an arrangement from regulation. For stablecoin issuers, the mandate is clear: issuance is only permissible if the issuer is established in the UK and manages the entire lifecycle, from initial offering to redemption and reserve maintenance. The FCA has requested feedback on these proposals until the consultation closes on June 3, 2026, and intends to publish finalized rules in policy statements this summer, followed by the final perimeter guidance in September. The regulatory roadmap requires all entities providing crypto services to transition from the current money-laundering registration systems to a stricter approval regime under the UK's Financial Services and Markets Act. Firms intending to continue operating under the new regulations face a five-month application window from September 30, 2026, to February 28, 2027, and failure to meet this deadline may result in fines, suspensions, or permanent closures. Only those who apply during the application period will be eligible for the 'savings provisions' that allow them to continue operating while the regulator deliberates.