FCA Handbook Application for Regulated Cryptoasset Activities – Key Takeaways from CP26/4

The close of 2025 highlighted the continuing momentum for the digital asset industry, with regulatory developments accelerating rather than slowing. The Financial Conduct Authority (FCA) published a series of consultation papers to address the core elements of the forthcoming cryptoasset regulatory framework, which we have discussed in our prior client alerts; UK’s Digital Assets Regulatory Framework Takes Shape; Lending, Staking & DeFi - Key Takeaways from FCA CP25/40; Admissions & Disclosures and Market Abuse for Cryptoassets – Key Takeaways from FCA CP25/41; Prudential Regime for Cryptoasset Firms – Key Takeaways from FCA CP25/42; New Cryptoasset Regulated Activities: The FCA Gateway. January 2026 brought yet another consultation paper, CP26/4: Application of FCA Handbook for Regulated Cryptoasset Activities II (CP26/4).

On the surface, CP26/4 appears to revisit and clarify earlier ideas first discussed in the consultations published earlier this year. However, despite its seemingly disparate scope, CP26/4 should not be underestimated. Several of its measures have the potential to materially affect firms’ business models and organisational frameworks. Whilst the deadline for responses to the consultation closed on the 12th of March, this article discusses the key proposals in CP26/4 and their potential implications for cryptoasset firms preparing for authorisation under the UK’s forthcoming regulatory regime.

Embedding Consumer Outcomes Into Cryptoasset Business Models

A central feature of CP26/4 is the FCA’s proposal to apply the Consumer Duty (Principle 12 and PRIN 2A) to regulated cryptoasset activities in broadly the same way as it applies across the wider FSMA perimeter, supplemented by non‑Handbook guidance tailored to cryptoassets.

For firms serving UK retail customers, this reinforces that compliance will be assessed not only on technical rule adherence, but on whether firms are designed to deliver good consumer outcomes across the full product lifecycle. The FCA emphasises that cryptoasset activities often involve heightened complexity, information asymmetry, and risk of consumer harm, factors that will intensify supervisory scrutiny under the Duty.

The Duty comprises a consumer principle requiring firms to deliver good outcomes for retail customers, three cross-cutting obligations (acting in good faith, avoiding foreseeable harm, and enabling customers to pursue their financial objectives), and four outcome rules covering products and services, price and value, consumer understanding, and consumer support. 

While certain activity (such as trading between participants on a UK qualifying cryptoasset trading platform) would fall outside the Duty itself, the FCA is clear that the Duty would remain relevant to how firms design platforms, present information, set fees, and support customers more broadly.

Products, Pricing, and Communications Under Enhanced Scrutiny

The accompanying non‑Handbook guidance (GC26/2) provides clearer indications of how the FCA expects cryptoasset firms to approach product governance, pricing, and disclosures.

• Product design and distribution: Activities such as cryptoasset lending and borrowing are characterised as “more complex or niche,” with an expectation of tighter target market definitions and more intentional distribution strategies. Distributors may be required to assess product risks independently where manufacturers are unregulated or difficult to evaluate.
• Price and value assessments: Firms will be expected to evaluate whether charges they control, such as spreads, custody fees, staking commissions, yield mechanics, and withdrawal costs, represent fair value in the context of cryptoasset risks. Where upstream products are not subject to the Duty, distributors must still assess whether their own charges undermine overall value.
• Customer understanding: The FCA signals a strong expectation that firms avoid dense legal wording and technical blockchain jargon, particularly in marketing and onboarding materials. Supporting customer understanding is framed as an ongoing obligation, extending well beyond the point of sale.
• Customer support and friction: GC26/2calls out scenarios such as wallet freezes, staking failures, and protocol events as moments where effective support will be critical. The FCA explicitly warns against unreasonable barriers to exit, including opaque fees or delayed access to assets.

Complaints, Redress, and the Limits of Consumer Protection

CP26/4 proposes to extend the FCA’s existing complaints handling framework (DISP) to regulated cryptoasset activities, giving eligible retail customers access to established dispute resolution channels, including the Financial Ombudsman Service.

At the same time, the FCA draws a clear boundary around the scope of consumer protection:

• Firms will be required to maintain transparent, free‑of‑charge complaints procedures and clearly explain those processes to customers.
• Stablecoin issuers remain responsible for complaints handling even where third parties perform outsourced activities, and contractual arrangements must reflect that allocation of responsibility.
• The FCA expressly does not propose extending Financial Services Compensation Scheme (FSCS) coverage to cryptoasset activities, citing concerns that compensation eligibility could create a misleading “halo effect” around high‑risk products.

This approach underscores the FCA’s intent to strengthen procedural protections without reframing cryptoassets as low‑risk or guaranteed products.

Conduct Standards and Appropriateness Testing

CP26/4 would bring regulated cryptoasset activities within the scope of existing Conduct of Business Standards (COBS) requirements, by expanding the definition of “designated investment business” (DIB) to include cryptoasset regulated activities.

In practice, this would import familiar obligations around:

• Acting honestly, fairly, and professionally;
• Making fair, clear, and not misleading communications;
• Client categorisation; and
• Appropriateness assessments.

The FCA places particular weight on appropriateness testing for cryptoasset lending and borrowing products, signaling that these assessments are intended to introduce meaningful friction and ensure retail clients appreciate the risks involved.

Credit-Funded Cryptoasset Purchases

While acknowledging the risks of borrowing to invest in cryptoassets, the FCA stopped short of proposing an outright ban on the use of credit cards or EMI credit lines for such investments. Instead, firms would be encouraged to provide clear, targeted risk messaging, such as InvestSmart‑style disclosures, when customers use credit to purchase cryptoassets.

This reflects a broader regulatory preference for informed decision‑making over categorical restrictions, while preserving flexibility for firms’ payment and funding models.

Governance Expectations: SMCR, Training, and Accountability

CP26/4 clarifies how the FCA expects cryptoasset firms to fit within established governance frameworks:

• Senior Managers and Certification Regime (SMCR): The FCA proposes criteria under which certain cryptoasset firms, particularly large stablecoin issuers and custodians, would fall into the enhanced SMCR category, triggering additional governance, mapping, and approval requirements.
• A custodian will be classified as an Enhanced SMCR firm where, in any given month, the aggregate value of (i) client cryptoassets and specified investment cryptoassets held on trust together with (ii) any safe custody assets exceeds £100 billion, or where the firm reasonably projects that it will exceed this threshold in a month during the current year.
• A stablecoin issuance firm will fall into the Enhanced category where the total value of the backing asset pool exceeds £65 billion, calculated on a three‑year rolling average, aligned with the existing threshold used for asset management firms.
• Training and competence: The FCA proposes applying the Training and Competence sourcebook to cryptoasset firms, while acknowledging that formal qualification pathways are still developing. Wholesale‑only firms and staff dealing exclusively with professional clients would generally fall outside scope.

Safeguarding, Custody, and the Treatment of Client Cryptoassets

One of the most operationally significant sections of CP26/4 concerns the proposed extension of CASS 17‑style safeguarding regimes to cryptoasset custody, including specified investment cryptoassets.

Key features include:

• Mandatory use of a non‑statutory trust for client cryptoassets, with flexibility in trust design but firm baseline protections for segregation and shortfall allocation.
• Daily record‑keeping, reconciliations, and rapid shortfall resolution expectations.
• Tight limits on the use of operational surplus cryptoassets, and restrictions on granting liens over client assets.
• Distinct treatment for firms that arrange safeguarding versus those that perform custody directly.

The FCA also proposes tailored protections for retail collateral provided in cryptoasset borrowing arrangements, aimed at preventing inadvertent transfers of ownership and ensuring collateral remains protected if a firm fails.

Reporting and Supervisory Visibility

Finally, CP26/4 outlines a phased approach to regulatory reporting, beginning with baseline returns designed to give the FCA early visibility into firms’ activities, exposures, and connections within the crypto ecosystem. Over time, additional data collections are expected as both firms and the regulator deepen their understanding of risks.

Conclusion

Although CP26/4 does not introduce an entirely new pillar of crypto regulation, it is an important signal that the FCA is shifting from conceptual framework‑building to implementation detail. Firms that have so far focused primarily on licensing strategy will increasingly need to address controls, governance, disclosures, and operational infrastructure at a granular level.

Cryptoasset firms targeting the UK should expect supervisory engagement to centre on whether their organisations are genuinely equipped to operate within the FCA’s consumer‑focused regulatory model, rather than simply whether they fall inside the perimeter.

For More Information

If you have any questions regarding this subject or related subjects, or if you need assistance, please contact Yulia Makarova (Partner), Rebecca Jack (Partner), or your Winston & Strawn relationship attorney. You can also visit our Cryptocurrencies, Digital Assets & Blockchain Technology page for more information.