HM Treasury Crypto Policy: How the New UK Regulations Restrict and Shape the Industry in 2026

HM Treasury Crypto Policy: How the New UK Regulations Restrict and Shape the Industry in 2026 Jul, 10 2026

For years, the United Kingdom sat on the fence regarding cryptocurrency regulation. The message from regulators was clear but vague: "We are watching you." But as of mid-2026, that ambiguity is dead. The HM Treasury UK government department responsible for economic and financial matters, including the regulation of financial services has moved from observation to enforcement. With the publication of the draft Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025, the UK has drawn a hard line in the sand.

If you are operating a crypto business, holding significant assets, or simply trying to understand why your favorite exchange just changed its terms of service, this shift matters. The new framework does not ban crypto; it restricts how it can be offered to UK consumers. It brings digital assets into the same regulatory perimeter as traditional stocks and bonds. This means stricter rules, higher compliance costs, and a clearer-but narrower-path to market access.

The Core Shift: From Wild West to Regulated Perimeter

The central change introduced by HM Treasury is the definition of what constitutes a regulated activity involving crypto. Previously, many crypto services operated in a gray area. Now, specific activities require authorization from the Financial Conduct Authority (FCA), the UK's primary financial regulator responsible for supervising financial firms and markets.

The legislation targets two main categories of digital assets:

  • Qualifying Cryptoassets: These are cryptocurrencies that meet specific criteria set by the Treasury, generally excluding highly volatile or non-compliant tokens.
  • Qualifying Stablecoins: Digital currencies pegged to stable values like fiat money, which pose different risks than volatile assets.

By defining these as "specified investments" under the Financial Services and Markets Act 2000, the government ensures that anyone dealing in them must follow strict conduct and prudential standards. This is not a suggestion; it is a legal requirement. If you fall outside these definitions, you might still operate, but you cannot offer services to UK retail customers without facing severe penalties.

Five Activities That Now Require Authorization

You cannot just launch a platform and start trading. The new order identifies five distinct activities that trigger the need for FCA authorization. If your business model touches any of these areas within the UK, you need to prepare for a rigorous approval process.

  1. Operating a Cryptoasset Trading Exchange: Running a marketplace where users buy and sell qualifying cryptoassets requires full licensing. This includes order matching, price discovery, and trade execution services.
  2. Stablecoin Issuance: Creating and issuing stablecoins is heavily regulated. The rules here are particularly strict because stablecoins mimic bank deposits. Issuers must hold reserves and ensure redeemability at par value.
  3. Dealing in Qualifying Cryptoassets: Buying and selling these assets for your own account or on behalf of clients falls under this category. This covers proprietary trading desks and brokerage services.
  4. Custody Arrangements: Holding private keys or securing digital assets for other people is now a regulated activity. Custodians must demonstrate operational resilience and security protocols equivalent to traditional banks.
  5. Arranging Transactions: Acting as an intermediary to facilitate deals between buyers and sellers also requires authorization. This catches referral platforms and certain types of investment advice services.

These restrictions mean that the barrier to entry has risen significantly. Small startups may struggle with the cost of compliance, while established firms have a competitive advantage due to existing infrastructure.

Comparison of Regulatory Requirements for Different Crypto Activities
Activity Authorization Required? Key Compliance Focus
Trading Exchange Yes Market integrity, best execution, transparency
Stablecoin Issuance Yes Reserve management, redemption guarantees, anti-money laundering
Custody Yes Security controls, insurance, segregation of client assets
Dealing (Proprietary) Yes Capital adequacy, risk management
Arranging Transactions Yes Consumer protection, suitability assessments

Territorial Scope: Who Does This Apply To?

A common misconception is that these rules only apply to companies registered in London. That is incorrect. The regime uses a territorial scope distinction that affects both domestic and foreign firms.

For most cryptoactivities like trading exchanges and custody, the rules apply to any firm conducting business with UK customers. If you are a non-UK based exchange allowing British residents to sign up, you likely need FCA authorization or must block UK IP addresses entirely. This closes the loophole where offshore platforms could serve UK users without oversight.

However, there is a notable exception for stablecoin issuance. The current draft regulates stablecoin issuance primarily for UK-based issuers. This creates a complex landscape where a US-based stablecoin issuer might not face the same direct issuance rules as a UK company, but UK firms using those stablecoins must still comply with usage and custody regulations. This approach aims to protect UK consumers while avoiding extraterritorial overreach that could conflict with other jurisdictions' laws.

Illustration of five regulated crypto activities facing FCA

The DeFi Exclusion: A Lifeline or a Loophole?

One of the most debated aspects of the HM Treasury policy is its treatment of Decentralized Finance (DeFi). The draft legislation explicitly excludes truly decentralized models from authorization requirements. The logic is simple: if there is no identifiable controller or central party to regulate, the FCA cannot grant authorization.

This sounds like good news for DeFi advocates, but it comes with a catch. The FCA retains the power to assess whether a "sufficiently controlling party" exists. If a protocol has a foundation, a core developer team, or a governance structure that exerts control, it may still be deemed regulatable. Therefore, teams building DeFi products must carefully audit their governance structures. True decentralization is a defense against regulation, but it is a high bar to clear legally.

For developers, this means documenting decision-making processes and ensuring no single entity can unilaterally alter protocol parameters. For users, it means that interacting with semi-centralized DeFi platforms may still carry regulatory risks if those platforms are deemed to be offering regulated services without a license.

Anti-Money Laundering and Future Layers

The Cryptoassets Order 2025 is just the first layer. In September 2025, HM Treasury published draft amendments to the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. These updates specifically target cryptoasset firms with enhanced customer due diligence (CDD) requirements.

Firms will need to implement more robust identity verification processes. Pooled client accounts face stricter scrutiny, and trust registration rules have been clarified to prevent anonymity abuse. The goal is to align crypto AML standards with those of traditional banking. This adds another layer of operational complexity and cost.

Looking ahead, the government has promised further regimes for market abuse and admissions and disclosures. These will likely mirror the rules for traditional securities, prohibiting insider trading and requiring transparent reporting for major cryptoasset offerings. Until these are finalized, firms should anticipate additional compliance burdens throughout 2026.

Cartoon comparing impact of regulations on small vs big firms

Impact on the Market: Winners and Losers

Who benefits from this restrictive environment? Established financial institutions and well-capitalized crypto firms do. They have the resources to build compliant infrastructure. London’s position as a global financial hub may strengthen for institutional crypto services, attracting banks seeking a clear regulatory path.

Who loses? Small innovators and consumer-facing apps may find the cost of entry prohibitive. The requirement for operational resilience and consumer protection measures favors scale. We may see consolidation in the market, with larger players acquiring smaller ones or driving them out of the UK jurisdiction entirely.

Compared to the European Union’s MiCA regulation, the UK approach is similar in scope but adapted to its existing legal framework. While MiCA provides a single rulebook for all EU members, the UK’s system builds upon the Financial Services and Markets Act 2000. This offers consistency for firms already regulated in the UK but requires careful navigation for those entering from abroad.

What You Should Do Next

If you are affected by these changes, immediate action is required. First, map your business activities against the five regulated categories. Second, assess your territorial exposure. Are you serving UK customers? Third, review your governance structure, especially if you claim to be decentralized. Finally, engage with legal experts specializing in financial services law. The comment period for technical errors has passed, but the implementation phase is just beginning. Ignorance of the law is not a defense, especially when the FCA is actively preparing its rulebooks.

Does the new HM Treasury policy ban cryptocurrency in the UK?

No, the policy does not ban cryptocurrency. Instead, it brings cryptoassets into the existing financial regulatory perimeter. This means that businesses offering crypto services to UK customers must obtain authorization from the FCA and comply with strict consumer protection and anti-money laundering rules. Individuals can still hold and use crypto, but they must do so through regulated channels.

Which crypto activities require FCA authorization?

Five key activities require authorization: operating a cryptoasset trading exchange, issuing stablecoins, dealing in qualifying cryptoassets, providing custody services for cryptoassets, and arranging transactions in qualifying cryptoassets. Any firm engaging in these activities with UK customers must seek FCA approval.

How does the UK regulate Decentralized Finance (DeFi)?

Truly decentralized finance models, where no central controller exists, are excluded from authorization requirements. However, the FCA can assess whether a "sufficiently controlling party" exists. If a protocol has a foundation or core team that exerts control, it may still be subject to regulation. Teams must prove true decentralization to avoid these rules.

Do non-UK crypto firms need to comply with these rules?

Yes, for most activities. If a non-UK firm conducts business with UK customers, such as operating a trading exchange or providing custody, it must comply with the UK regulatory framework. This includes obtaining FCA authorization or blocking access for UK residents. Stablecoin issuance rules currently focus more on UK-based issuers, but usage rules apply broadly.

What is the difference between the UK approach and the EU's MiCA?

Both frameworks aim to regulate cryptoassets comprehensively. The UK approach extends the existing Financial Services and Markets Act 2000, integrating crypto into the current financial services structure. The EU's MiCA creates a separate, unified regulation for all member states. The UK model offers consistency for firms already regulated in the UK, while MiCA provides a single passport across Europe.