UK Financial Services and Markets Act 2023: Bringing Crypto Into the Regulatory Perimeter

The Financial Services and Markets Act 2023 received Royal Assent in August 2023, representing the most significant piece of UK financial services legislation since the original Financial Services and Markets Act 2000. It encompasses far more than crypto regulation — covering financial market infrastructure resilience, the Edinburgh Reforms to UK financial services competitiveness, changes to the senior managers regime, and the creation of the FCA’s new secondary competitiveness objective. But for the digital assets industry, its most consequential provisions are those that bring cryptoassets into the scope of regulated activity under FSMA 2000, creating the legal architecture through which the UK’s comprehensive crypto regulatory regime will be constructed.

The Structure: Power Before Rules

Understanding UK crypto regulation requires understanding a constitutional feature of British financial law. The regulated activities framework under FSMA 2000 works through a combination of primary legislation — which creates the general framework and powers — and secondary legislation (statutory instruments) specifying which activities are regulated and how. The Regulated Activities Order 2001, made under FSMA 2000, lists the specific activities (deposit-taking, insurance, investment management, and so on) that require FCA authorisation. New regulated activities are added by amending the Regulated Activities Order through new statutory instruments rather than through new primary legislation.

FSMA 2023 modified FSMA 2000 to introduce “cryptoasset business” as a new category of regulated activity — establishing the primary legislative hook — and to give HM Treasury broad powers to designate specific cryptoasset activities as regulated through statutory instruments. This means the detailed rules governing which cryptoasset businesses require FCA authorisation, and what those businesses must do to be authorised, are contained not in FSMA 2023 itself but in secondary legislation made under it.

The December 2025 Statutory Instrument

HM Treasury exercised its new powers by publishing the Cryptoassets (Financial Promotion and Registration) Regulations and, critically, the Financial Services and Markets Act 2000 (Regulated Activities and Financial Promotion) (Amendment) Order — collectively known as the Cryptoassets Regulations 2025 — in December 2025. This secondary legislation specifies the regulated activities that will require FCA authorisation for cryptoasset businesses, including issuing, operating, and trading cryptoassets.

The Cryptoassets Regulations 2025 define the scope of regulated cryptoasset activity to include: operating a cryptoasset exchange; providing cryptoasset custodian services; dealing in cryptoassets as principal or agent; arranging deals in cryptoassets; operating a cryptoasset lending platform; and communicating financial promotions relating to cryptoassets. The definition of “cryptoasset” in the regulations is designed to be technology-neutral and broad — covering any cryptographically secured digital representation of value or rights that uses distributed ledger technology — while excluding assets that are already regulated as financial instruments under other legislation, maintaining the MiFID boundary.

The October 2027 Go-Live Date

The regulations specify an implementation date of October 25, 2027 — a date chosen to allow firms currently operating under the FCA’s temporary registration regime for crypto exchange and custodian services to transition to the full authorisation regime. The two-year-plus implementation window reflects the FCA’s recognition that full authorisation involves substantially more demanding requirements than the temporary registration, and that the industry needs time to build the compliance infrastructure.

The FCA, under Chief Executive Nikhil Rathi, has indicated that it will consult on the detailed rules for authorised cryptoasset businesses — covering capital requirements, consumer protection, systems and controls, AML compliance, and market integrity — through a series of policy papers during 2026 and 2027. Firms seeking authorisation will need to apply before the go-live date; the FCA has warned that applications submitted close to October 2027 may not be processed in time, with firms unable to continue operating if unapproved.

What Firms Need to Do

The authorisation pathway under the new regime requires cryptoasset businesses to demonstrate compliance across several dimensions. FCA authorisation requires firms to show that they have adequate capital — the precise capital requirements will be set in FCA rules, but they are expected to be calibrated to the risk profile of different business activities, with exchange and custodian businesses facing more demanding requirements than those providing simpler services. Senior managers must be approved under the Senior Managers and Certification Regime, which requires individual accountability for regulated activities.

AML and counter-terrorism financing compliance is not new for UK cryptoasset businesses — the FCA has regulated this through the Money Laundering Regulations since January 2020, and the temporary registration regime has been in place since then. However, full authorisation requires demonstrating AML compliance as part of a comprehensive FCA authorisation application rather than through the lighter-touch temporary registration process. Firms that have struggled with FCA expectations in the temporary registration period — a significant number have been refused registration — will face a more demanding assessment.

Consumer protection requirements under the Consumer Duty, which applies to financial services firms from July 2023, will extend to authorised cryptoasset businesses and impose obligations to deliver good outcomes for retail customers — including fair value, transparency, and support when things go wrong. This is a substantially higher standard than the existing financial promotions rules and represents a meaningful increase in the regulatory burden for firms currently serving retail crypto customers.

Post-Brexit Divergence from MiCA

The UK’s decision to build its crypto regulatory framework through FSMA 2023 and secondary legislation, rather than adopting or mirroring MiCA, reflects a deliberate post-Brexit regulatory design choice. The UK is not required to align with MiCA and has specifically declined to do so in several respects — most notably by adopting a principles-based approach to stablecoin regulation rather than MiCA’s prescriptive reserve and capital requirements for e-money tokens.

This divergence has both competitive and practical implications. Competitive, because the UK can position its regime as more flexible and accommodating of innovation — a post-Brexit regulatory dividend if it works. Practical, because firms operating in both the UK and EU now face two separate regulatory regimes for cryptoasset business, with different authorisation requirements, different conduct standards, and different supervisory relationships. The regulatory overhead of dual compliance is real, though many global crypto firms consider UK market access sufficiently valuable to bear it.

The FCA’s approach to cryptoasset regulation has been notably more cautious than some industry participants hoped post-Brexit. Its temporary registration refusal rate and the demanding authorisation timeline for October 2027 suggest the FCA’s secondary competitiveness objective — introduced by FSMA 2023 — has not translated into a materially more permissive supervisory stance for cryptoassets. The regime will be competitive in structure, but whether it is competitive in practice will depend on how the FCA applies it.