HM Treasury Crypto Policy and Regulations: What UK Crypto Businesses Must Know in 2025

For the first time in UK history, crypto businesses operating with British customers now face clear, legally binding rules. On April 29, 2025, HM Treasury released its draft Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025 - a landmark move that brings cryptocurrency activities under the same regulatory umbrella as banks, brokers, and payment processors. This isn’t a suggestion. It’s the law, and it’s coming into force in 2026. If you’re running a crypto exchange, issuing a stablecoin, or holding crypto for clients in the UK, you need to act - now.

What’s Actually Regulated Now?

The new rules don’t touch every crypto activity. They focus on five specific areas where consumer risk and market integrity are highest:

• Operating a cryptoasset trading exchange
• Issuing qualifying stablecoins
• Dealing in qualifying cryptoassets (buying/selling on behalf of others)
• Providing custody services for cryptoassets
• Arranging transactions in qualifying cryptoassets

These aren’t new ideas - they’re the same activities that require authorization for traditional financial firms. Now, crypto companies must meet identical standards: financial resilience, anti-fraud controls, transparent disclosures, and client asset protection. There’s no special treatment. No loopholes. If you’re doing any of these five things for UK customers, you need FCA authorization by mid-2026.

What Counts as a ‘Qualifying’ Cryptoasset?

Not every token falls under these rules. HM Treasury defines two key categories:

• Qualifying cryptoassets - digital assets that function like securities or commodities, such as Bitcoin or Ethereum when used for investment or trading.
• Qualifying stablecoins - digital tokens pegged to a fiat currency (like GBP or USD) and intended for payments. Only stablecoins issued by UK-based entities are regulated under this law. A US-based stablecoin like USDC? Still accessible to UK users, but the issuer isn’t subject to UK rules.

This territorial distinction is critical. The UK isn’t trying to control global stablecoins. It’s making sure that if you’re issuing a pound-backed stablecoin from London, you’re held to the same standard as a bank. But if you’re using a foreign stablecoin to pay for groceries in Manchester, the rules don’t block you - they just make sure the UK issuer is safe.

DeFi Is Excluded - Here’s Why

One of the most surprising parts of the draft? Truly decentralized finance (DeFi) protocols are exempt. If there’s no single company, team, or entity controlling the smart contracts - no one you can sue, fine, or license - then the FCA won’t regulate it.

This isn’t a loophole. It’s a realistic acknowledgment. Regulating a permissionless blockchain protocol is like trying to regulate the internet’s core protocols. You can’t. So HM Treasury drew a line: if there’s a legal entity behind the code - like a company managing the protocol’s treasury, marketing, or upgrades - then that entity is regulated. If not? It’s outside the scope.

This approach has drawn praise from developers and legal experts. Unlike the EU’s MiCA, which tries to apply rules to every DeFi actor, the UK recognizes that some systems simply can’t be controlled. It’s a smarter, more targeted strategy.

Who Needs to Apply for FCA Authorization?

If your business fits any of the five regulated activities, you must apply to the FCA. The process isn’t easy - but it’s familiar.

Existing financial firms - think banks or payment providers adding crypto services - already have the infrastructure. They know how to handle capital requirements, AML checks, and governance structures. For them, adding crypto to their license is a matter of documentation.

But crypto-native startups? That’s a different story. Many don’t have:

• A compliant internal audit team
• Segregated client asset systems
• Anti-money laundering officers on payroll
• Written policies for operational resilience

The FCA doesn’t care if you’re a startup. If you’re serving UK customers, you need to prove you can operate like a bank. That means hiring compliance staff, upgrading tech systems, and spending months preparing applications. The cost? Often over £200,000 for smaller firms.

Stablecoin Issuers Face the Tightest Rules

Stablecoins are the biggest focus. Why? Because they’re designed to be used like money. If a UK-issued stablecoin loses its peg, people could lose savings. If it’s used for money laundering, the damage is immediate.

Under the new rules, UK stablecoin issuers must:

• Hold 100% reserves in cash or short-term government bonds
• Produce monthly audits by independent firms
• Disclose exactly how reserves are held and managed
• Have a clear plan for winding down if things go wrong

No more algorithmic stablecoins. No more opaque collateral. No more “trust us.” The UK is demanding full transparency. And only issuers based in the UK are covered - meaning a US-based issuer like Circle or Tether doesn’t need FCA approval. But if you’re trying to sell a pound-backed stablecoin from a London office? You’re in the crosshairs.

Anti-Money Laundering Rules Are Getting Stronger

On September 2, 2025, HM Treasury released draft amendments to the Money Laundering Regulations. These changes tighten the rules for crypto firms even further:

• Customer due diligence must now include source-of-funds checks for all transactions over £1,000
• Pooled client accounts for crypto must be fully traceable and separately audited
• Trust registration requirements now apply to crypto wallets used for estate planning
• Information sharing between crypto firms and financial institutions is mandatory

This isn’t just about blocking criminals. It’s about making crypto transactions as traceable as bank transfers. If you’re running a crypto exchange and you can’t prove where your users’ money came from, you’re at risk of fines - or losing your license.

What’s Coming Next?

The April 2025 draft is almost final. The public comment period closed in May 2025. The law is expected to pass by early 2026.

But there’s more coming:

• Market abuse rules for crypto trading (like insider trading and market manipulation) will be published later in 2025.
• Admissions and disclosure rules for crypto tokens will follow - meaning companies listing tokens on UK exchanges will need to file prospectuses.
• The FCA will release detailed rulebooks, guidance, and authorization checklists by Q2 2026.

If you’re waiting to see what happens, you’re already behind. Firms that started preparing in late 2024 are now in the final stages of application. Those waiting until 2026 will face delays, higher costs, and possible loss of customers.

What This Means for You

If you’re a UK-based crypto business:

• Map your activities to the five regulated functions.
• Identify which parts of your business require FCA authorization.
• Start building your compliance team - even if you’re just hiring one part-time AML officer.
• Review your custody and reserve systems. Are they audit-ready?
• Don’t assume foreign stablecoins are safe. If your users are using them, you’re still responsible for reporting.

If you’re a UK consumer:

• Only use platforms that display their FCA authorization number.
• Be wary of any stablecoin that doesn’t publish monthly reserve reports.
• Understand that decentralized apps (DeFi) are not protected by UK financial safety nets.

The UK isn’t banning crypto. It’s not chasing the hype. It’s building a system where crypto can exist - safely, transparently, and responsibly. The goal isn’t to stop innovation. It’s to make sure innovation doesn’t come at the cost of people’s money.

By the end of 2026, the UK will have one of the clearest, most enforceable crypto regulatory frameworks in the world. The question isn’t whether you’ll comply. It’s whether you’re ready.