Key Takeaways
- The UK’s Financial Conduct Authority (FCA) is tightening the regulatory perimeter for crypto‑assets, potentially classifying many platforms as custodians if they hold client assets longer than 24 hours during settlement.
- Validators, node operators, and other “pure‑tech” service providers will lose their exemption the moment they add value‑added features such as dashboards, yield‑generation tools, or reward‑compounding mechanisms.
- The FCA introduces a “shadow custody” concept: any arrangement that theoretically allows a service provider to override a client’s authority—regardless of whether that power is ever exercised—triggers custodial status.
- Stablecoin issuers must be UK‑established and retain full control over the token’s entire lifecycle, from issuance to redemption and reserve maintenance, to be deemed lawful.
- The consultation on these proposals runs until 3 June 2026, with final policy statements expected this summer and the final perimeter guidance published in September 2026.
- Existing crypto‑asset firms must migrate from the current money‑laundering registration regime to a full approval process under the Financial Services and Markets Act (FSMA), applying between 30 September 2025 and 28 February 2027 to benefit from “savings provisions” that allow continued operation while the regulator reviews their applications.
- Failure to meet the application deadline exposes firms to fines, suspensions, or permanent closure, underscoring the urgency for market participants to reassess their custody models and compliance frameworks.
Background and Objective of the FCA’s Cryptoasset Perimeter Guidance
The Financial Conduct Authority (FCA) released its Cryptoasset Perimeter Guidance on Wednesday to clarify which activities fall under its regulatory remit as the crypto‑asset sector matures. The guidance aims to strengthen consumer protection, promote fair and transparent markets, and close loopholes that have allowed certain service providers to operate without the safeguards required of traditional financial institutions. By publishing a detailed perimeter, the FCA signals its intent to bring more crypto‑related functions—especially those involving the holding or control of client assets—within the scope of the UK’s financial services regime.
Redefining Custody: The 24‑Hour Rule
A cornerstone of the new guidance is the 24‑hour threshold for custody. Any firm, platform, or application that holds a client’s crypto assets for longer than a single day during trade settlement will likely be classified as a regulated custodian. This classification triggers the requirement to obtain a full safeguarding licence under the FCA’s rules. The regulator views the 24‑hour mark as the point at which a service provider assumes sufficient control over assets to warrant the same protections applied to traditional custodians, such as segregation of assets, regular audits, and robust operational resilience standards.
Implications for Validators and Node Operators
Validators and node operators, who have traditionally relied on a “pure‑tech” exemption because they merely maintain network infrastructure, must now exercise caution. The FCA warns that the exemption disappears the moment these entities provide any “added value” features—such as user‑friendly dashboards, yield‑earning products, or reward‑compounding tools—beyond basic block validation. When such features are offered, the provider is deemed to be arranging staking or other custodial‑like services and must seek full approval under the FSMA framework, effectively moving them from a light‑touch registration to a comprehensive licensing process.
Shadow Custody and Control Over Client Authority
For the first time, the FCA explicitly addresses the concept of “shadow custody.” The guidance states that if a crypto service provider’s arrangement theoretically allows it to override a client’s authority over their assets, the provider is considered a custodian, even if it promises never to exercise that power. This determination hinges on the legal ability to control or redirect assets, not on actual use of that control. Consequently, smart‑contract‑based platforms, decentralised applications, or any service that retains a unilateral administrative key or upgrade mechanism may fall into the custodial category, regardless of their decentralised branding.
Stablecoin Issuance Requirements
Stablecoin issuers face an equally stringent mandate. The FCA considers issuance lawful only if the issuer is established in the United Kingdom and maintains full control over the token’s entire lifecycle. This includes the initial offering, ongoing redemption processes, and the maintenance of adequate reserves to back the stablecoin’s value. Issuers that rely on overseas entities or outsource reserve management will not meet the FCA’s criterion and could be deemed to be operating outside the permissible perimeter, exposing them to enforcement action.
Consultation Timeline and Final Rule Publication
The FCA has opened a consultation on these proposals, inviting industry feedback until 3 June 2026. Following the consultation period, the regulator plans to publish final policy statements this summer, reflecting any adjustments made in response to stakeholder input. The finalized Cryptoasset Perimeter Guidance itself is slated for release in September 2026, providing market participants with a clear, enforceable framework ahead of the impending transition deadlines.
Transition from AML Registration to FSMA Approval Regime
Under the current regime, many crypto‑asset firms operate merely as money‑laundering registrants, a relatively light‑touch requirement. The new guidance forces a shift to a more stringent approval process under the Financial Services and Markets Act (FSMA). This transition means that firms will need to demonstrate compliance with a broader set of prudential, conduct, and governance standards, including capital adequacy, risk management, and ongoing supervisory reporting—similar to the obligations imposed on traditional financial intermediaries.
Application Window and Savings Provisions
To ease the shift, the FCA offers a five‑month application window running from 30 September 2025 to 28 February 2027. Firms that submit their FSMA approval applications within this period can avail themselves of the so‑called “savings provisions,” which allow them to continue operating while the regulator reviews their submissions. Entities that miss this window lose the benefit of transitional relief and may be subject to immediate enforcement actions, including fines, activity suspensions, or even permanent closure if they persist without the required authorization.
Enforcement Risks and Market Impact
The FCA’s revised perimeter raises the stakes for non‑compliance. Firms found to be operating as custodians—or providing custodial‑like services—without the appropriate safeguarding licence could face financial penalties, restrictions on their ability to offer services, or forced withdrawal from the UK market. The regulator’s emphasis on both actual control and theoretical authority (shadow custody) means that even technically decentralised projects must scrutinise their governance structures, smart‑contract admin keys, and any value‑added features. Consequently, market participants are likely to invest in compliance redesigns, seek legal counsel, and potentially consolidate services under entities that can meet the rigorous FSMA standards, reshaping the competitive landscape of the UK crypto‑asset ecosystem.