HM Treasury Crypto Policy and Regulations: What UK Crypto Firms Need to Know in 2026
14 March 2026

The UK government isn’t waiting around anymore. After years of mixed signals and vague statements, HM Treasury has laid out a clear, enforceable framework for how cryptocurrencies and stablecoins must operate in Britain. If you’re running a crypto exchange, issuing a stablecoin, or holding crypto for clients in the UK, this isn’t just another policy paper - it’s the law, and it’s already taking shape.

What Exactly Changed in 2025?

On April 29, 2025, HM Treasury dropped the draft Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025. This wasn’t a suggestion. It was the final draft before becoming law. The goal? Bring crypto activities under the same rules as banks, brokers, and payment firms. No more gray area. No more "we don’t regulate this" excuses.

The new rules define two key types of crypto: qualifying cryptoassets and qualifying stablecoins. These aren’t just any coins or tokens. They’re the ones that matter - the ones used for payments, trading, or as a store of value by real people in the UK. And now, if you’re doing certain things with them, you need FCA authorization.

The Five Activities That Now Require a License

You can’t just set up a crypto platform and start taking deposits. Under the new rules, five activities are now strictly regulated:

  1. Operating a cryptoasset trading exchange - If people can buy or sell crypto on your platform, you need a license.
  2. Stablecoin issuance - Only UK-based issuers are regulated here. If you’re creating a stablecoin pegged to the pound and targeting UK users, you’re in the crosshairs.
  3. Dealing in qualifying cryptoassets - Buying or selling crypto as a business, not just for yourself.
  4. Custody arrangements - Holding crypto for others. Think wallets, hot and cold storage, institutional custody services.
  5. Arranging transactions - Acting as a broker or middleman for crypto trades.

These aren’t new ideas. They mirror the EU’s MiCA rules. But the UK didn’t build a whole new system. It plugged crypto into the existing Financial Services and Markets Act. That means firms already regulated by the FCA - like banks or payment processors - have a much easier path. They already know the rules. They just need to add crypto to their compliance checklist.

Who Does This Apply To?

Here’s the twist: it’s not about where the company is based. It’s about who it serves.

If you’re a crypto exchange in Singapore, but thousands of UK residents trade on your platform, you’re still subject to UK rules. HM Treasury made it clear: if you’re doing business with UK customers, you’re in. This is a territorial rule - not a nationality rule.

But there’s one exception: stablecoin issuance. Only UK-based issuers need FCA approval. A US-based stablecoin like USDC can still be used in the UK - but its issuer doesn’t need to register here. Instead, the UK relies on other mechanisms - like anti-money laundering checks and consumer warnings - to manage risks from foreign stablecoins.

Animals discuss DeFi regulation, with one spotting a hidden human behind a blockchain.

What About DeFi? Is It Regulated?

This is where the UK got smart.

Many countries tried to regulate decentralized finance (DeFi) - lending platforms, automated market makers, DAOs - and failed. Why? Because there’s no company, no CEO, no legal entity to hold accountable.

The UK didn’t try to regulate the blockchain. It looked for the humans behind it. If there’s a team, a company, or a governing body pulling the strings - even if it’s on-chain - they’re in. But if it’s truly decentralized? No regulation. No license needed.

This isn’t a loophole. It’s a realistic acknowledgment of how blockchain works. The FCA will assess whether a "controlling party" exists. If yes - they get regulated. If no - they’re left alone. It’s a rare case of regulation that actually understands the technology.

What About Anti-Money Laundering?

The crypto world has long been a target for criminals. HM Treasury didn’t ignore that.

In September 2025, they published draft amendments to the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. These updates specifically target crypto firms. Now, crypto businesses must:

  • Perform customer due diligence (KYC) on all users
  • Report suspicious activity to the National Crime Agency
  • Keep records of transactions for at least five years
  • Use pooled client accounts only if they meet strict safeguards
  • Register with the FCA as a crypto asset service provider

This isn’t optional. It’s part of the same regulatory package. You can’t get licensed for trading or custody unless you also pass the AML test. The FCA will check both.

What Happens If You Don’t Comply?

Simple: you can’t operate in the UK.

The FCA has the power to ban unlicensed firms from advertising to UK customers. They can block websites. They can order payment processors to cut off services. And they’ve already started.

In late 2025, the FCA added 12 new crypto firms to its warning list - companies that were operating without authorization. One of them had over 150,000 UK users. The message was clear: if you’re not licensed, you’re not welcome.

There are no grace periods. No warnings. If you’re doing one of the five regulated activities and you’re not authorized by March 2026, you’re breaking the law.

A magical mailbox drops AML rule envelopes into a garden of crypto plants under supervision.

What’s Next? What’s Still Coming?

The 2025 Order is just the beginning.

HM Treasury confirmed that two major parts are still coming:

  • Market abuse rules - Rules to stop insider trading, market manipulation, and spoofing in crypto markets. Think of it like the rules that prevent stock traders from front-running.
  • Admissions and disclosures - Requirements for crypto firms to publicly disclose their financial health, risks, and governance structures. Similar to what public companies must do.

These will likely be published in late 2026. But firms shouldn’t wait. The FCA already published a discussion paper in May 2025, asking for feedback on how to design these rules. That means the groundwork is being laid now.

What This Means for Businesses

If you’re a crypto startup in London:

  • Start preparing for FCA authorization now. The process takes 6-12 months.
  • Review your operations. Are you doing any of the five regulated activities?
  • Update your AML policies. Hire compliance staff if you haven’t already.
  • Don’t assume "we’re decentralized" lets you off the hook. If there’s a team behind it, you’re regulated.

If you’re a traditional bank or payment firm:

  • You already have the infrastructure. Just add crypto to your compliance scope.
  • Consider launching crypto services. The UK is creating a clear path for regulated institutions to enter this space.

For users: This is good news. If a crypto firm is FCA-authorized, you know they’ve passed strict checks on security, transparency, and financial health. It doesn’t mean your investment is safe - crypto is still risky - but it means the platform you’re using has been vetted.

Why This Matters Beyond the UK

The UK isn’t just making rules for itself. It’s setting a global standard.

Other countries - especially those in the Commonwealth like Canada, Australia, and Singapore - are watching closely. The UK’s approach is seen as balanced: strict on consumer protection, flexible on innovation, realistic on decentralization.

London could become the go-to hub for compliant crypto businesses. Not because it’s cheap, but because it’s clear. Firms that want to operate globally will look to the UK as a model for how to regulate without killing innovation.

And if you’re a crypto investor? You now have more protection than ever before. No more shady platforms slipping through the cracks. If it’s licensed, it’s been checked. If it’s not - you should walk away.

Do I need an FCA license if I’m just trading crypto for myself?

No. The new rules only apply to businesses offering services to others. If you’re buying and selling crypto for your own portfolio, you’re not regulated. But if you start charging fees, managing wallets for friends, or running a platform - even as a solo operator - you’re likely in the regulated category.

Can I still use USDT or USDC in the UK?

Yes. The UK only regulates stablecoin issuers that are based in the UK. So if you’re buying USDT from Tether (a US company), you’re not breaking any rules. But if a UK firm starts issuing its own stablecoin pegged to the pound, it must get FCA approval. Foreign stablecoins are still usable - but you’re on your own for consumer protection.

What if my crypto platform is based outside the UK?

If you have UK customers, you still need to comply. HM Treasury’s rules are based on who you serve, not where you’re headquartered. So a crypto exchange in Singapore with 50,000 UK users must get FCA authorization. The FCA can block their website, ban their ads, and cut off payment processing in the UK if they don’t.

Is DeFi completely unregulated in the UK?

Not exactly. Truly decentralized protocols - like Uniswap or Aave - where no single entity controls the system, are exempt. But if there’s a company, team, or DAO with decision-making power behind the protocol, the FCA can treat them as a regulated entity. It’s not about the tech - it’s about control.

When does this all take effect?

The final legislation is expected to pass in early 2026. From that point, firms have six months to apply for authorization. After that, unlicensed operators will be blocked from serving UK customers. If you’re in the business, don’t wait - start your application now.

Tags: