The Financial Conduct Authority (FCA) published the final rulebook for the UK’s cryptoasset regime on June 30, 2026 — five policy statements covering regulated activities, prudential standards, market abuse and Handbook application — opening an authorisation race that runs from September 30, 2026 to February 28, 2027, ahead of the regime taking effect on October 25, 2027. The UK has chosen a full Financial Services and Markets Act (FSMA) authorisation model where the EU chose a bespoke licence, and the gap between the two now defines European crypto market access.
The package rests on the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, made on February 4, 2026, which bring trading platforms, custody, stablecoin issuance and staking inside the UK regulatory perimeter (FCA). Policy Statements PS26/9, PS26/11, PS26/12 and PS26/13 — plus three pieces of finalised guidance and two further guidance consultations — complete the framework (Norton Rose Fulbright, Global Regulation Tomorrow). This analysis walks through what the rules require, how the UK now compares with the EU, US and Singapore, the enforcement backdrop, and the operational deadlines between here and October 2027.
Key Facts:
• On June 30, 2026 the FCA published five policy statements — including PS26/9 (admissions, disclosures and market abuse), PS26/11 (regulated cryptoasset activities), PS26/12 (prudential regime) and PS26/13 (Handbook application) — plus three finalised guidance documents and two further consultations — Norton Rose Fulbright, June 2026
• The statutory basis is the FSMA 2000 (Cryptoassets) Regulations 2026, made February 4, 2026 — FCA
• Pre-application meetings opened in July 2026; the authorisation window runs September 30, 2026 to February 28, 2027; the regime applies from October 25, 2027 — FCA, via Decrypt
• The stablecoin issuer capital coefficient was cut to 1% of outstanding tokens in the final rules, from 2% at consultation — Decrypt, July 2026
• Retail customers of authorised firms gain Financial Ombudsman Service access, and the Bank of England will supervise stablecoins designated systemic — Decrypt, July 2026
• DeFi protocols fall in scope only where there is an “identifiable controlling entity” — Decrypt, July 2026
• Enforcement precedent: the FCA fined CB Payments Ltd, a Coinbase Group company, £3,503,546 on July 25, 2024 for onboarding high-risk customers in breach of a voluntary requirement — FCA Final Notice
Methodology and sources
This analysis draws on the FCA’s cryptoasset-regime landing page and press release of June 30–July 1, 2026, the policy statements themselves (PS26/9 through PS26/13, published June 30, 2026), the Norton Rose Fulbright and A&O Shearman client summaries of the package, and reporting by Decrypt on the final-rule changes from consultation. Jurisdictional comparisons use the Markets in Crypto-Assets Regulation (MiCA, Regulation (EU) 2023/1114), the SEC–CFTC joint interpretation of March 17, 2026, and the Monetary Authority of Singapore’s (MAS) Payment Services Act and Digital Token Service Provider frameworks. The time window is February 2025 to July 2026 — the consultation-to-final arc of the UK regime. Caveat: two guidance consultations remain open, so conduct-level details can still move before the gateway opens; primary documents supersede this summary.
What the FCA’s final rules actually say
The FCA’s June 30, 2026 package converts cryptoasset activities from a registration-based anti-money-laundering (AML) perimeter into full FSMA authorisation. What did the FCA publish? Five policy statements finalising the UK cryptoasset regime: PS26/11 defines the regulated activities — operating a cryptoasset trading platform, dealing, arranging, custody and staking — and who needs permission for each; PS26/12 sets the prudential regime, including capital requirements, liquid-asset buffers and stress-testing obligations; PS26/9 establishes an admissions-and-disclosures framework and a market-abuse regime modelled on the Market Abuse Regulation, covering insider dealing and manipulation on trading venues; and PS26/13 applies the wider FCA Handbook — systems and controls, conduct rules, complaints handling — to the new activity set (Norton Rose Fulbright, June 2026). Firms already registered under the Money Laundering Regulations do not carry that status over: they must apply for authorisation in the September 30, 2026 to February 28, 2027 window to operate under the regime from October 25, 2027.
Two consultation-to-final changes matter most commercially. The capital coefficient for stablecoin issuers was halved to 1% of outstanding tokens, a direct response to industry submissions that the 2% draft figure exceeded the e-money benchmark. And the perimeter language on Decentralised Finance (DeFi) settled on an “identifiable controlling entity” test — genuinely decentralised protocols stay outside, front-ends and governance-controlled protocols do not (Decrypt, July 2026).
How the UK, EU, US and Singapore now compare
| Jurisdiction / Regulator | Effective date | Scope | Key requirement | Penalty / sanction |
|---|---|---|---|---|
| UK (FCA) | October 25, 2027 (applications September 30, 2026 – February 28, 2027) | Trading platforms, dealing, custody, staking, stablecoin issuance | Full FSMA authorisation under PS26/11–PS26/13; 1% stablecoin capital coefficient; FOS access for retail | Unlimited FSMA fines; criminal liability for unauthorised business (FSMA s.23) |
| EU (ESMA / national CAs) | CASP title applicable December 30, 2024; grandfathering ended July 1, 2026 | Crypto-Asset Service Providers (CASPs), ART/EMT issuers | MiCA authorisation with passporting across 27 member states (Regulation (EU) 2023/1114) | Administrative penalties under Article 111 MiCA, ceilings set nationally by turnover percentage |
| US (SEC + CFTC) | Joint interpretation March 17, 2026; GENIUS Act implementing regulations due from July 2026 | Crypto asset securities/commodities split; permitted stablecoin issuers | Registration per the SEC–CFTC joint interpretation; CLARITY Act market-structure split pending in Congress | SEC civil money penalties and disgorgement; CFTC penalties per violation |
| Singapore (MAS) | DPT licensing since January 28, 2020; overseas-serving DTSP regime since June 30, 2025 | Digital Payment Token services, including offshore-only providers | Payment Services Act licence or FSMA 2022 DTSP licence; retail-access restrictions | Fines up to S$250,000 and imprisonment for unlicensed activity (PSA s.5) |
Sources: FCA policy statements (June 30, 2026); Regulation (EU) 2023/1114; SEC–CFTC joint interpretation (March 17, 2026); MAS Payment Services Act. Last updated July 7, 2026. All primary documents linked in body.
How does the UK regime differ from MiCA? The structural answer is authorisation architecture. MiCA created a bespoke CASP licence with automatic passporting across 27 member states — one authorisation, one market — and its transition ended on July 1, 2026, when national grandfathering windows closed. The FCA instead extended the existing FSMA perimeter, meaning a UK crypto firm is authorised the same way as a broker or asset manager, subject to the same Handbook, Senior Managers regime and Financial Ombudsman Service jurisdiction, but with no passport attached. The trade-offs run both directions: the UK model gives firms a single conduct framework across crypto and traditional business lines and gives retail customers ombudsman recourse MiCA does not provide, while an EU CASP reaches 27 markets on one licence. For groups running both, the binding constraint becomes duplicated capital and governance — there is no equivalence bridge between the two regimes, and none is under negotiation (FCA; Regulation (EU) 2023/1114).
“This is a significant moment for crypto regulation in the UK. We’ve created a framework that doesn’t force firms to choose between regulatory certainty and room to innovate – this regime means they can have both.”
— David Geale, Executive Director of Payments and Digital Finance, Financial Conduct Authority
(FCA press release)
Enforcement context: the perimeter has teeth already
The regime’s enforcement posture is best read through what the FCA did with its narrower pre-2026 toolkit. On July 25, 2024, the regulator fined CB Payments Ltd (CBPL) — the Coinbase Group’s UK e-money arm — £3,503,546 for repeatedly onboarding high-risk customers in breach of a voluntary requirement the firm had agreed in October 2020. The case mattered less for its size than its signal: it was the FCA’s first enforcement action against a crypto-linked firm under the Electronic Money Regulations, and it established that undertakings given to the regulator will be tested against actual system behaviour, not policy documents — CBPL’s controls failed to catch 13,416 high-risk customers (FCA Final Notice, July 2024).
The cross-border benchmark remains the Binance resolution of November 21, 2023, in which the exchange paid $4.3 billion to the US Department of Justice, CFTC, FinCEN and OFAC for Bank Secrecy Act and sanctions failures — the largest corporate resolution involving a crypto firm to date. For firms weighing the UK gateway, the relevant precedent is that both cases turned on AML and customer-risk controls, exactly the systems the FCA’s authorisation assessments will test line by line under PS26/13’s Handbook application. Firms that treated Money Laundering Regulations registration as a compliance ceiling will find it was the floor.
What this means for brokers, exchanges, custodians and compliance teams
For trading platforms and dealers, the deadline structure is the strategy: pre-application meetings are open now, and the FCA has signalled that firms filing early in the September 30, 2026 – February 28, 2027 window get the deepest supervisory engagement before October 2027. The prudential build under PS26/12 — capital, liquidity buffers, stress testing — is the long-lead item; firms without a regulated-entity finance function need most of a year. For custodians, PS26/11’s custody activity definition pulls sub-custody and omnibus-wallet arrangements into scope, so intragroup custody chains need mapping and documenting before applications file. For stablecoin issuers, the 1% capital coefficient plus Bank of England designation risk for systemic tokens means issuance economics are now modellable — and the FOS route means retail complaints carry balance-sheet consequences. For fund managers and their counterparties, the practical test from October 2027 is authorisation-status diligence: dealing through an unauthorised UK platform after commencement risks FSMA section 23 exposure on the platform’s side and best-execution questions on the manager’s. Legal and compliance teams should treat the two open guidance consultations as live drafting risk and respond before they close.
“a significant step in bringing crypto into a more established regulatory framework”
— Hannah Meakin, Partner, Norton Rose Fulbright, describing the FCA package while noting the compliance lift now facing applicant firms
(Decrypt)
The forward view: what is still moving
Three tracks remain open. First, the FCA’s two further guidance consultations — published alongside the final rules on June 30, 2026 — cover conduct expectations under the new activity set; their closing dates fall before the application window opens, and final guidance is expected around the gateway’s opening. Second, the US timeline is converging on the same quarter: GENIUS Act implementing regulations are due from federal and state regulators by July 2026, and the CLARITY Act’s SEC–CFTC market-structure split is still before Congress — a US federal framework landing in H2 2026 would reset the arbitrage math for global groups choosing between London, Dublin and New York booking entities. Third, the Bank of England’s systemic-stablecoin designation criteria remain to be operationalised; a sterling stablecoin crossing the threshold would face bank-adjacent supervision that the FCA’s 1% coefficient does not anticipate. The contested question into 2027 is throughput: whether the FCA can process the application pipeline in thirteen months. MiCA’s own transition produced a long authorisation queue at national regulators; the UK is attempting the same conversion with one regulator and a hard commencement date.
TL;DR
The FCA finalised the UK cryptoasset regime on June 30, 2026 with five policy statements (PS26/9–PS26/13): full FSMA authorisation for trading, dealing, custody, staking and stablecoin issuance, applications open September 30, 2026 to February 28, 2027, and commencement on October 25, 2027. The final rules halved the stablecoin capital coefficient to 1%, gave retail customers Financial Ombudsman Service access, and scoped DeFi by an “identifiable controlling entity” test. Unlike MiCA’s passported CASP licence — whose grandfathering ended July 1, 2026 — UK authorisation reaches one market under one Handbook. Enforcement history sets the bar: the FCA’s £3,503,546 CB Payments fine (July 25, 2024) shows authorisation undertakings are tested against system behaviour, not policy documents.
FAQ
What did the FCA publish on June 30, 2026?
Five policy statements finalising the UK cryptoasset regime — PS26/9 on admissions, disclosures and market abuse; PS26/11 on regulated cryptoasset activities; PS26/12 on the prudential regime; and PS26/13 on Handbook application — plus three finalised guidance documents and two further guidance consultations (Norton Rose Fulbright, June 2026).
When does the UK crypto regime take effect?
The regime applies from October 25, 2027. The FCA accepts authorisation applications from September 30, 2026 until February 28, 2027, with pre-application meetings available from July 2026. The statutory basis — the FSMA 2000 (Cryptoassets) Regulations 2026 — was made on February 4, 2026.
Which crypto activities need FCA authorisation?
Operating a cryptoasset trading platform, dealing in cryptoassets, arranging, safeguarding (custody), staking services and stablecoin issuance all become regulated activities under PS26/11. Existing Money Laundering Regulations registration does not carry over — firms must apply for full FSMA authorisation in the window.
How do the UK rules treat stablecoins?
Issuers face a capital coefficient of 1% of outstanding tokens — halved from the 2% consultation draft — plus reserve and redemption requirements, with the Bank of England taking supervision of any stablecoin designated systemic (Decrypt, July 2026). The US GENIUS Act and MiCA’s EMT tier regulate the same activity with different capital and reserve mechanics.
Does the UK regime cover DeFi?
Only where there is an “identifiable controlling entity”. Genuinely decentralised protocols without a controlling person sit outside the perimeter; operators of front-ends or governance-controlled protocols are in scope. The boundary will be tested case by case, and one of the two open guidance consultations bears directly on it.
How does UK authorisation compare with a MiCA licence?
A MiCA CASP authorisation passports across all 27 EU member states; UK authorisation covers the UK only but embeds firms in the full FSMA framework — Senior Managers regime, Handbook conduct rules and Financial Ombudsman Service access for retail customers. There is no equivalence mechanism between the two, so pan-European groups need both.
Related coverage: the CLARITY Act’s SEC–CFTC market-structure split, why the US stablecoin KYC rule stops at the issuer’s door, the FATF Travel Rule’s unresolved VASP compliance split, and the SEC’s crypto ETF fast track. Primary documents: the FCA policy-statement overview, PS26/11 and PS26/12.
This article is informational analysis only and does not constitute legal, regulatory, tax, or investment advice. Regulatory frameworks change frequently and interpretation depends on facts and circumstances; primary documents and official regulator guidance always supersede summaries. Firms should consult qualified legal counsel and their relevant supervisory authority before taking any action based on the analysis above.