With the draft Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 now laid before Parliament, and the FCA launching three major consultations (CP25/40, CP25/41 and CP25/42), crypto regulation in the UK is entering a decisive new phase.
This is not simply an expansion of existing rules. It represents a fundamental reset of how the UK expects crypto businesses to operate, compete and manage risk.
For years, UK oversight of crypto was largely limited to anti-money laundering registration and compliance with Financial Promotions rules. That era is ending. The UK is now drawing a full regulatory perimeter around crypto, placing it firmly alongside traditional financial services.
The end of “capital‑light” crypto
The traditional crypto business model has relied on three assumptions: light or no capital requirements, minimal rules around market conduct, and a focus on technology over governance. All three are being dismantled.
CRYPTOPRU will apply “K‑factor” style capital requirements like those used for investment firms. These K-factors are a combination of activity and exposure-based requirements. The principal is clear, the larger your footprint the greater the risk – and the more capital you must hold.
Lending to retail and offering leveraged or complex products will attract particularly high capital charges and firms will be expected to be able to fail safely without contagion. It’s likely that, for these activities to remain viable, over-collateralisation, possibly with stablecoins, will become the norm.
That changes the economics of crypto intermediation. Business lines that once looked highly profitable when thinly capitalised may become marginal or loss‑making once fully costed. For leadership teams, this is not a compliance footnote. It goes to the heart of strategy, pricing, and even which markets you want to be in.
Market integrity is paramount
The FCA is importing a familiar concept from traditional markets: market abuse. But this time, it is tailored to on‑chain reality. The proposed MARC regime will require firms to prevent, detect, and report insider dealing, manipulation across multiple venues, and abusive strategies that exploit fragmented liquidity and 24/7 trading.
Crucially, this will not be limited to order-book data from a single exchange. Firms will be expected to understand and monitor on‑chain activity, cross‑platform patterns, connecting wallet behaviour, protocol events, and venue data in a coherent surveillance view.
Being a serious crypto intermediary now means behaving like a serious market operator. “Growth first, Controls later” cultures will struggle.
Strong surveillance, transparent governance, and credible escalation pathways become as important as the matching engine.
From innovation story to risk story
For years, the crypto narrative has focused on innovation, speed, and disruption.
Regulators are now forcing boards to tell a different story: what risks do you create, and how will you contain them if things go wrong?
The FCA’s focus on “operational resilience” and “failing safely without contagion” means more robust business continuity, outsourcing oversight, and wind‑down planning. Leaders need to think from an ecosystem perspective and operate more like system operators.
The question is no longer simply “can we build it?”, but “can we keep it safe at scale and shut it down cleanly if we have to?”
What this means for boards
This is a board‑level transformation, not an incremental compliance project. Three strategic actions stand out:
1. Redraw your business map against the new perimeter
Map each revenue stream – trading, brokerage, staking, lending, custody, and yield products – to the new regulated activities. Identify which permissions you will need once the authorisation gateway opens. Decide which activities you truly want to continue under a full regulatory burden, and which may need to be exited or redesigned.
2. Re‑assess your technology through a regulatory lens
Can your surveillance tools meaningfully monitor on‑chain data, not just your own order book? Can you detect behaviour that looks abusive when seen across multiple venues? Can you provide evidence to supervisors that your alerts and investigations are consistent and well‑governed?
3. Rethink your capital and client strategy
Model the impact of K‑factor‑style requirements on each major business line. Pay particular attention to retail lending, leveraged products, and any activity that transforms maturity or liquidity. Consider whether your client mix needs to shift to maintain viable returns on capital.
If you would like to discuss further or require support, please feel free to get in touch with us at Cosegic.
