9 May 2025
by Payments Intelligence
What is this article about?
New UK regulation bringing cryptoasset activities under the Financial Services and Markets Act.
Why is it important?
It imposes stricter compliance standards and requires FCA authorisation for firms to continue operating legally.
What’s next?
Firms must map their crypto activities, prepare FCA applications, and comply within transitional timelines.
The UK government has significantly expanded the scope of digital asset regulation with the introduction of the Financial Services and Markets Act 2000 (Cryptoassets) Order 2025. This new framework brings a comprehensive set of crypto-related activities within the perimeter of the existing financial regulatory regime, applying long-standing standards of oversight to a rapidly evolving market segment.
This legislative shift is more than a procedural update—it represents a strategic turning point for the UK’s approach to digital finance. By embedding crypto within the structure of the Financial Services and Markets Act (FSMA), the government signals its intent to integrate these technologies into the mainstream financial system, subject to the same rules that govern traditional instruments and institutions.
For compliance leaders in payments and e-money institutions, the regulation marks a pivotal moment—not only in terms of legal obligations but also in how firms define their future role in a maturing digital asset ecosystem. It demands a reassessment of licensing, governance, risk management, and safeguarding procedures across all crypto-related operations.
The message from HM Treasury is unambiguous: cryptoasset activity must now adhere to the same principles of prudence, consumer protection, and operational accountability that apply to conventional financial services. Firms registered solely under the Money Laundering Regulations 2017 (MLRs) must urgently consider their next steps, as these permissions will no longer be sufficient. Securing FCA Part 4A authorisation is not just a legal requirement—it is now a strategic necessity.
The rapid growth of cryptoassets—particularly stablecoins—has outstripped the UK’s existing regulatory framework, exposing critical vulnerabilities in areas such as consumer protection, asset custody, and enforceability of contractual obligations. Although the Financial Conduct Authority (FCA) has taken steps to register crypto firms under the Money Laundering Regulations (MLRs), this registration primarily targets anti-money laundering and counter-terrorist financing risks. It does not provide the full regulatory oversight required to safeguard market integrity or investor confidence in an increasingly complex and institutionalising sector.
Recent volatility in global crypto markets, high-profile insolvencies, and persistent scams have underscored the urgent need for more robust regulation. Consumers, institutional investors, and policymakers alike have called for a regime that ensures digital asset activities meet the same prudential and governance standards expected in traditional finance.
This legislation forms part of a broader tightening of the regulatory perimeter, which includes the Economic Crime and Corporate Transparency Act 2023 (ECCTA) and the FCA’s enhanced safeguarding standards for payments and e-money firms. Together, these reforms reflect a coordinated policy agenda focused on improving financial system resilience, protecting end users, and increasing accountability across financial technologies.
From a strategic perspective, the UK government aims to balance innovation with risk mitigation, ensuring the country remains globally competitive while reinforcing its reputation as a safe, credible jurisdiction for digital financial services. For compliance leaders, the message is clear: the regulatory trajectory is converging with that of traditional finance, emphasising stability, governance, and long-term viability over rapid market experimentation.
The Order introduces seven new regulated activities under the Regulated Activities Order (RAO), all tied to qualifying cryptoasset operations. These are:
Payments and e-money institutions involved in crypto-related services will need to carefully assess their current activities. Key risks include:
Importantly, MLR-registered firms that have not obtained Part 4A authorisation must now do so to continue operating and cannot rely on their existing status. While transitional arrangements allow continued activity during application processing, failure to act could result in enforcement or forced market exit.
Additionally, Part 4A applications are detailed and time-consuming. Firms that delay may face bottlenecks, especially if the FCA experiences a surge in submissions ahead of the full commencement date.
While the legislation is in final draft form, firms can expect it to come into force in 2025, with staggered implementation. Key timelines and provisions include:
Though the new regulation means a compliance burden for companies active in the relevant markets, there is also strategic upside. Players that move early to secure authorisation and establish best-in-class safeguarding procedures can:
A 2024 survey by YouGov on behalf of the Financial Conduct Authority found 12% of the 2,199 adults surveyed in the UK owned cryptoassets.
One of the greatest challenges to further adoption of digital assets is concern over scams. Another 2024 survey by ConsenSys and YouGov found 57% of 901 adults familiar with cryptocurrencies reported ‘too many scams’ as their main concern with the technology.
This sentiment presents an opportunity for companies who comply with the regulation quickly, gaining regulatory authorisation and credibility. As consumer protection and transparency become defining market expectations, compliance becomes a growth enabler.
The UK’s decision to regulate staking, custody, and dealing explicitly – and to define stablecoins as regulated instruments – puts it ahead of most jurisdictions in scope and clarity. However, its divergence from property law conventions in Singapore and Australia may create legal frictions for firms operating internationally.
Here are some of the key distinctions between the UK’s framework and foreign regulatory counterparts:
To prepare effectively, compliance leaders should:
The UK’s 2025 Cryptoasset Order marks a watershed moment, signalling the end of crypto’s time outside the regulatory perimeter. For compliance leaders, it introduces complexity but also clarity. Crypto is no longer the remit of innovation teams alone; it now sits firmly within the governance, conduct, and operational frameworks expected of any regulated financial activity.
For MLR-registered firms, failing to apply for Part 4A permission in time is not a compliance oversight; it’s an existential risk. Those who act decisively will not only avoid disruption but also help shape a more mature, trusted digital asset ecosystem.
By embedding compliance from the outset, payments firms can help define the next chapter of digital finance, which is stable, trusted, and ready for institutional scale.
The UK’s new crypto regulation redefines compliance for payments firms, requiring FCA authorisation and raising standards across the sector.
Ten key regulatory developments merchants must track in 2025–26, from fraud liability to fee reform, stablecoins, and accessibility.
Cross-border payments are being reshaped by new tech, regulation, and partnerships—but legacy risks still demand smarter compliance.
The Payments Association
St Clement’s House
27 Clements Lane
London EC4N 7AE
© Copyright 2024 The Payments Association. All Rights Reserved. The Payments Association is the trading name of Emerging Payments Ventures Limited.
Emerging Ventures Limited t/a The Payments Association; Registered in England and Wales, Company Number 06672728; VAT no. 938829859; Registered office address St. Clement’s House, 27 Clements Lane, London, England, EC4N 7AE.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
