TLDR:
- FCA will relax management and internal control rules for crypto firms while tightening oversight on cyber risks.
- Crypto exchanges will not be required to offer cooling-off periods or cancellation rights to customers under new rules.
- The regulator said cryptoasset firms do not carry the same systemic risk as banks or large investment institutions.
- Strong cybersecurity and operational resilience measures will be mandatory to prevent hacks and outages.
The UK’s financial regulator is preparing a shakeup for crypto firms. The Financial Conduct Authority (FCA) said it will drop some traditional finance requirements to better fit the unique nature of the industry.
Rules on senior managers and operational controls will be relaxed. But the regulator will step up its focus on cybersecurity threats and other high-risk areas. The new framework is expected to take effect in 2026, after feedback from the industry.
The Financial Times reported that FCA executive David Geale confirmed that the regulator does not plan a direct copy of banking rules. He said a “lift and drop” approach would not work for crypto assets like Bitcoin.
Instead, the rules will be tailored to reflect how crypto operates and the risks involved. Geale added that consumer protection remains a priority, warning that crypto investments still carry a chance of total loss.
FCA to Streamline Crypto Rules
Under the proposed rules, crypto trading platforms will not face the same standards as banks or traditional investment firms.
Requirements around senior management, systems, and internal controls will be eased. The FCA said cryptoasset firms do not carry the same level of systemic risk as other financial institutions.
Consumer protections like cooling-off periods or cancellation rights will not apply to crypto purchases under the new regime. The regulator argued that due to the high volatility of crypto assets, these measures would not provide meaningful protection.
Some handbook principles, such as treating customers fairly will not be enforced in the same way for crypto exchanges.
The FCA also recognized that many crypto transactions use distributed ledger technology with no intermediaries involved. Because of that, it said it will not treat these arrangements as outsourcing, meaning extra oversight will not be required. This approach is meant to allow crypto firms to operate more efficiently within a regulated framework.
Stronger Cybersecurity Controls for Crypto
While some rules are being relaxed, others are becoming stricter. The FCA said cyber risk will be a core area of focus under the new framework. Geale pointed to recent hacks, including the $1.5 billion Bybit wallet theft this year, as evidence of the need for stronger controls.
Crypto firms will need to prove they can maintain operational resilience, avoid major outages, and protect users from breaches. This includes upgrading IT infrastructure and demonstrating 24/7 readiness for service continuity. The FCA warned that businesses unable to maintain uptime will face compliance issues.
The consultation paper asks whether crypto firms should also fall under the FCA’s consumer duty rules. That would require platforms to ensure users get a fair deal and have recourse to the Financial Ombudsman Service. Feedback from the industry will help shape the final regulations before they roll out in 2026.
