UK crypto regulation overhaul forces every firm to relicense by 2027

The UK’s Financial Conduct Authority has drawn a hard line on crypto. With its finalized UK crypto regulation framework now published, the FCA is giving digital asset firms a clear runway — and a firm deadline — to get their house in order before the new regime takes effect on October 25, 2027. For an industry that has operated under minimal oversight despite explosive growth, this marks a structural turning point.

Key takeaways

• The FCA’s crypto regulatory framework takes effect on October 25, 2027, covering exchanges, custodians, stablecoin issuers, staking firms, and more.
• Firms must apply for FCA authorization between September 30, 2026, and February 28, 2027; existing AML registrations do not automatically transfer.
• The stablecoin capital requirement was reduced from 2% to 1% of issued value after industry pushback.
• Sterling-backed stablecoins fall under FCA supervision; larger, systemically important stablecoins may be overseen by the Bank of England.
• Crypto firms must conduct annual stress tests using internally designed models, submitted to the FCA for review each year.

UK FCA Finalizes Crypto Regulatory Framework with 2027 Deadline

The framework, finalized on June 29–30, 2026, is the UK’s most sweeping overhaul of digital asset oversight to date. It brings a full spectrum of crypto businesses — trading platforms, custodians, stablecoin issuers, lending and borrowing providers, staking firms, and certain decentralized finance operators — under a single, unified licensing system for the first time.

David Geale, the FCA’s Executive Director for Payments and Digital Finance, framed the shift directly: “For the first time, we’ve got a comprehensive regulatory framework for crypto in the UK, one that covers how firms trade, how they hold assets, serve consumers and manage risk.” He added that the package “applies the same core principles we use across financial services — so where we see the same risk, we’re looking for the same regulatory outcomes.”

That alignment with traditional finance is not incidental. The FCA is deliberately mirroring the risk management standards already applied to banks and investment firms, pushing crypto businesses to operate with comparable discipline.

Application window and authorization timeline

The authorization window opens September 30, 2026, and closes February 28, 2027. During that five-month period, firms wishing to provide regulated crypto services in the UK must either apply for a fresh FCA license or amend existing financial services permissions. Pre-application support meetings are available from July 2026 to help firms prepare.

Until October 2027, the FCA’s oversight of crypto firms remains limited to financial promotions and anti-money laundering requirements. After that date, the full regime applies — and any firm without authorization faces significant operational disruption.

Late or incomplete applications are the FCA’s stated concern. Slow approval processes caused by poor filings could leave firms in legal limbo precisely when the rules kick in. The regulator’s message is straightforward: start early, file correctly.

New Requirements for Crypto Firms’ Authorization and AML Registrations

Existing AML registrations will not carry over. Any firm currently registered under the UK’s Money Laundering Regulations must submit an entirely new application under the fresh FCA authorization framework — there is no automatic conversion.

This matters more than it might appear. A meaningful number of UK crypto firms built their compliance posture around the AML registration regime, which was relatively lightweight compared to full FCA authorization. That foundation is now insufficient. The new framework demands full prudential, conduct, and operational resilience standards, not just anti-money laundering controls.

The scope is broad. It covers UK qualifying cryptoasset trading platforms (QCATPs), which must meet due diligence requirements, publish qualifying cryptoasset disclosure documents for assets admitted to trading, and satisfy new market abuse rules. The FCA also removed a previous exception that allowed fungible cryptoassets to be listed without a disclosure document — a notable tightening of transparency requirements.

Stablecoin Oversight Adjusted After Industry Feedback

One of the framework’s most discussed changes involved stablecoin capital requirements. After sustained industry feedback, the FCA reduced the K-SII capital coefficient for stablecoin issuance from 2% to 1% of the total value of stablecoins issued. The original 2% figure had drawn criticism as unnecessarily burdensome, particularly for newer entrants building reserve infrastructure.

The easing is meaningful, but it is not a free pass. Stablecoin issuers still face requirements around reserve backing, safeguarding arrangements, timely redemption of tokens, and customer disclosures. The FCA also removed redemption forecasting obligations for backing assets and permitted limited intragroup custody arrangements subject to safeguards — alongside allowing backing pools to hold excess assets of up to 5%.

Supervision split between FCA and Bank of England

Sterling-backed stablecoins will be supervised directly by the FCA. However, larger stablecoins deemed systemically important — those whose scale or interconnection with the broader financial system could pose a systemic risk — may instead fall under Bank of England oversight. The division reflects the UK’s broader approach to proportional regulation: the more systemically significant the asset, the higher the supervisory authority.

This dual-track model is worth watching for stablecoin issuers with ambitions to scale. A product that starts under FCA supervision could, as it grows, attract Bank of England scrutiny — a more demanding regulatory environment with different expectations.

Operational Resilience and Risk Management Measures for Crypto Firms

Beyond licensing, the framework introduces substantive operational requirements. Firms must maintain sufficient capital against higher-risk assets and conduct annual stress tests assessing their resilience under severe market conditions and economic strain.

The stress testing model is deliberately flexible — and notably different from how banks operate. While major UK banks receive specific test scenarios from the Bank of England, crypto firms design their own stress testing models based on internal risk assessments. Those results are then submitted to the FCA each year for review. The approach gives firms autonomy but also places the burden of appropriate scenario design squarely on them.

Capital reserves and risk management aligned with traditional finance

The prudential framework also introduces a single 40% net risk position requirement and a 40% counterparty default volatility adjustment for eligible cryptoassets admitted to UK qualifying trading platforms — replacing a previously proposed two-tier classification system. That simplification was welcomed by some, as it removes complexity around how different asset types are treated.

On market integrity, the framework introduces insider trading and market manipulation rules. The FCA retained an industry-led approach for large QCATP operators while narrowing on-chain monitoring obligations for those firms and refining requirements around inside information disclosures and intermediary notifications.

Decentralized finance sits in a distinct position. The FCA has made clear it remains a regulatory priority, with enforcement focus on identifying operators or controlling entities within DeFi structures. Services with identifiable operators — including controlled decentralized autonomous organizations — are more likely to fall within supervisory scope. Fully autonomous protocols with no identifiable controller face a harder classification question that the regulator is still refining.

For the industry, the FCA’s framework represents both clarity and a compliance burden. Geale acknowledged as much: “Firms have been asking us for regulatory clarity and we think we’ve delivered it.” Whether firms can translate that clarity into timely, complete authorization applications before the February 2027 window closes will determine who is operating legally when October 2027 arrives — and who is not.

FAQ

When does the new UK FCA crypto regulatory framework take effect?

The framework takes effect on October 25, 2027, requiring all crypto firms operating in the UK to hold FCA authorization by that date.

Do existing AML registrations for crypto firms automatically comply under the new FCA rules?

No. Existing registrations under the Money Laundering Regulations do not convert automatically. Firms must submit entirely new FCA authorization applications under the new framework.

What are the capital requirements for stablecoin issuers under the new rules?

Stablecoin issuers must maintain capital reserves equal to 1% of the issued stablecoin value, reduced from the initially proposed 2% following industry feedback. Additional requirements around reserve backing, safeguarding, and redemption standards also apply.

Are crypto firms required to perform stress tests?

Yes. Crypto firms must conduct annual stress tests using internally designed models based on their own risk assessments. The results are submitted to the FCA for review each year — unlike banks, which receive standardized scenarios from the Bank of England.

Article produced with the assistance of artificial intelligence and reviewed by the editorial team.