UK Crypto Regulation Moves Forward: A Prudential Regime for Cryptoasset Firms – Key Takeaways from FCA CP25/42

The close of 2025 highlighted the continuing momentum for the digital asset industry, with regulatory developments accelerating rather than slowing. In December, the UK Government and the Financial Conduct Authority (FCA) released a series of draft instruments and consultation papers that are poised to play a significant role in shaping the sector’s future. On 15 December 2025, HM Treasury (HMT) published a revised draft of The Financial Services and Markets Act 2000 (Cryptoassets) Order 2025. This was followed on 16 December 2025 by the FCA’s publication of three consultation papers addressing core elements of the forthcoming cryptoasset regulatory framework: (1) CP25/40 Regulating Cryptoasset Activities, (2) CP25/41 Regulating Cryptoassets: Admissions & Disclosures and Market Abuse Regime for Cryptoassets, and (3) CP25/42 A Prudential Regime for Cryptoasset Firms. Momentum continued into the new year. On 8 January 2026, the FCA provided further detail on its proposed “gateway,” the application process through which firms will seek authorisation to carry on newly regulated cryptoasset activities under the UK’s forthcoming regime.

Together, these developments underscore that the UK is not retreating from digital asset regulation but instead progressing steadily toward the establishment of a comprehensive and structured framework. Last month, we offered a high‑level overview of the regulatory timeline and anticipated changes arising from these late‑2025 and early‑2026 announcements in our Client Alert, UK’s Digital Assets Regulatory Framework Takes Shape. Following our recent Client Alert on CP25/41, which examined the FCA’s proposed framework for admissions and disclosures (A&D) and the introduction of a market abuse regime for cryptoassets (MARC), this briefing focuses on CP25/42 and offers a detailed analysis of the FCA’s proposed prudential regime for authorised cryptoasset firms, including its approach to capital requirements, liquidity, risk management, governance and wind-down planning.

CP25/42: A PRUDENTIAL REGIME FOR CRYPTOASSET FIRMS

KEY PROPOSALS

CP25/42 builds on earlier proposals in CP25/15, extending the scope of the prudential regime to cover remaining cryptoasset activities, namely operating a qualifying cryptoasset trading platform (CATP), staking, arranging deals, dealing as agent, and dealing as principal in qualifying cryptoassets. The FCA's proposals are aligned with its primary strategic and operational objectives - consumer protection, market integrity, and effective competition - and advance its secondary international competitiveness and growth objective. The proposed rules are set out across two separate sourcebooks: COREPRU (cross-sectoral requirements) and CRYPTOPRU (cryptoasset-specific requirements).

Own Funds Requirements

Under the proposed regime, cryptoasset firms will be required to maintain own funds at least equal to their own funds requirement (OFR), which is the highest of three limbs: the permanent minimum requirement (PMR), the fixed overhead requirement (FOR), and the K-factor requirement (KFR).

Permanent Minimum Requirements (PMR)

The FCA proposes that cryptoasset firms maintain a minimum level of own funds based on the services and activities they have permission to undertake. The proposed PMR amounts are:

Where a cryptoasset firm conducts multiple activities, its PMR will be the highest across those activities.

K-Factor Requirements

The K-factor capital requirements are either activity-based or exposure-based. Activity-based K-factors typically address the operational risk associated with the relevant activity, while exposure-based K-factors apply to firms that take trading book positions in cryptoassets, covering market, credit, and concentration risk.

Operational Risk K-Factors:

• K-CCO (Client Cryptoasset Orders): Set at 0.1% of average cryptoasset orders, designed to cover the operational risk arising from handling client orders.
• K-CTF (Cryptoasset Trading Flow): Set at 0.1% of average cryptoasset orders, covering operational risk relating to the value of trading activity conducted in the firm's own name.
• K-CCS (Client Cryptoassets Staked): Set at 0.04% of average client cryptoassets staked, covering operational risk relating to the value of cryptoassets staked on behalf of clients.

Exposure-Based K-Factors:

• K-NCP (Net Cryptoasset Position): Covers market risk arising from fluctuations in the value of cryptoassets held by the firm. Firms must apply position risk adjustments of 40% for Category A cryptoassets (characterised by higher levels of market maturity, liquidity, and resilience) and 100% for Category B cryptoassets.
• K-CCD (Cryptoasset Counterparty Default): Applies to firms that enter into transactions exposing them to counterparty default risk lasting longer than the standard settlement period for a spot trade, such as cryptoasset lending. Risk factors vary by counterparty type: 1.6% for central governments, central banks, credit institutions, and regulated firms; 8% for other counterparties; and 83.33% for retail clients.
• K-CON (Concentration Risk): Covers risks arising from significant exposures to individual clients or groups of connected clients, adopting the same core methodology as MIFIDPRU 5.4 to 5.10 with targeted modifications for cryptoasset-specific exposures.

Classification of Cryptoassets

The FCA proposes a two-tier classification system for cryptoassets for the purpose of position risk requirements:

Category A Cryptoassets must meet stringent conditions including: (i) being traded on a UK qualifying CATP; (ii) being directly exchangeable for the firm's functional currency or a qualifying stablecoin; (iii) demonstrating a stable operational history, typically at least three years of trading; (iv) having an active and sizeable market assessed through metrics such as daily bid-ask spread and trading volume; (v) not exhibiting extreme volatility (average daily volatility below 5% expected); (vi) no high correlation between price range and trading volume; and (vii) reliable data availability.

Category B Cryptoassets are those that fail to meet one or more Category A conditions and attract a higher capital charge of 100% of net exposure value.

Overall Risk Assessment

A central feature of CP25/42 is the proposed overall risk assessment framework, which serves as the centrepiece of a firm's risk management process. This framework replaces the previously-used terminology of internal capital adequacy and risk assessment (ICARA) process.

The overall risk assessment requires cryptoasset firms to:

• Identify and monitor all risks from ongoing operations or winding down that may cause material harm to clients, counterparties, or markets.
• Undertake business model assessment, planning, and forecasting, including expected and stressed scenarios.
• Conduct stress testing to consider severe but plausible scenarios that could affect the firm's ability to meet the overall financial adequacy rule (OFAR).
• Undertake recovery action planning to restore compliance where there is a risk of breaching threshold requirements.
• Set out a credible wind-down plan, including timelines, triggers, and an assessment of the amount of own funds and liquid assets required.
• Calculate own funds threshold requirements and liquid assets threshold requirements that represent the firm's view of what is required to meet the OFAR.

The firm's governing body must document and sign off the overall risk assessment annually. Under the proposed rules, senior management is responsible for ensuring the appropriateness of their risk management, and the FCA will hold senior management and governing bodies responsible for meeting expectations.

Liquid Assets Requirements

The FCA proposes a basic liquid assets requirement (BLAR) requiring firms to hold core liquid assets equal to one-third of their fixed overheads requirement plus 1.6% of any guarantees provided to clients. Core liquid assets include coins and banknotes, short-term deposits at UK-authorised credit institutions, assets representing claims on or guaranteed by the UK government or Bank of England, and units or shares in short-term money market funds.

For firms that are qualifying stablecoin issuers, an additional issuer liquid assets requirement (ILAR) applies, calculated based on the backing asset pool and designed to ensure the issuer can top up the backing pool using its own liquidity in the required timeframe.

The FCA also proposes non-core liquid assets for cryptoasset firms - liquid assets that are not core but can still be easily and promptly converted into cash, even in stressed market conditions. Firms must apply appropriate “haircuts” to reflect potential loss of value when converting these assets into cash during stressed market conditions.

Public Disclosure of Prudential Information

CP25/42 introduces a tailored public disclosure framework for cryptoasset firms, requiring disclosure of information on risk management, own funds, own funds requirements, and group arrangements. Disclosure requirements apply to all cryptoasset firms on an individual basis and must be complied with at least annually.

Disclosures must be made in a manner that is easily accessible and free to obtain, clearly presented and easy to understand, consistent with previous disclosure periods, and accompanied by a summary highlighting significant changes. The FCA expects firms to publish disclosures on their websites, though alternative methods may be used in certain circumstances.

Where a firm undertakes dealing in qualifying cryptoassets as principal, additional financial disclosures relating to the ultimate parent undertaking are required, including statements of financial position, liabilities, and details of encumbered assets.

Group Risk Considerations

Rather than creating a bespoke set of requirements for groups of cryptoasset firms, the FCA expects firms to consider group risk as part of their overall risk assessment and to disclose information on their group as part of public disclosure requirements. Cryptoasset firms that are part of a group must identify and monitor risks arising from group membership, including direct financial exposures (such as intra-group lending and guarantees), indirect financial exposures (such as reliance on other group members for revenue generation), and risks from shared reputation, clients, or control frameworks.

Measuring Success

The FCA expects proportionate prudential standards to support the development of cryptoasset markets in the UK while maintaining their integrity. Expected benefits include reduced firm failure, reduced harm from disorderly firm failure, improved market confidence and resilience, effective and proportionate prudential risk management, and effective competition.

TIMING AND NEXT STEPS

The consultation period for CP25/42 was open for comments and feedback until 12 February 2026. Following consideration of responses, final rules and guidance will be set out in policy statements expected to be published in 2026. Firms will also be subject to FCA Handbook requirements covered in a forthcoming consultation on the Consumer Duty, COBS, PROD Sourcebook, and access to the Financial Ombudsman Service, expected to be published in Q1 2026.

FOR MORE INFORMATION

If you have any questions regarding this subject or related subjects, or if you need assistance, please contact Yulia Makarova (Partner), Rebecca Jack (Partner), or your Winston & Strawn relationship attorney. You can also visit our Cryptocurrencies, Digital Assets & Blockchain Technology page for more information.