CP26/4: Application of FCA Handbook for Regulated Cryptoasset Activities II

Consultation Paper CP26/4*** Application of FCA Handbook for Regulated Cryptoasset Activities II January 2026

How to respond We are asking for comments on this Consultation Paper (CP) by 12 March 2026. You can send them to us using the form on our website. Or in writing to: Crypto Policy Team Financial Conduct Authority 12 Endeavour Square London E20 1JN Email: cp26-4@fca.org.uk We make all responses to formal consultations available for public inspection unless the respondent requests otherwise. We will not regard a standard confidentiality statement in an email message as a request for non-disclosure. Despite this, we may be asked to disclose a confidential response under the Freedom of Information Act 2000. We may consult you if we receive such a request. Any decision we make not to disclose the response is reviewable by the Information Commissioner and the Information Rights Tribunal. Further information on the FCA’s use of personal data can be found on the FCA website at: www.fca.org.uk/privacy. All our publications are available to download from www.fca.org.uk. Request an alternative format Please complete this form if you require this content in an alternative format. Or call 0207 066 1000 Sign up for our news and publications alerts See all our latest press releases, consultations and speeches.

3 Disclaimer When the FCA makes rules, it is required to publish: • a list of the names of respondents who made representations where those respondents consented to the publication of their names, • an account of the representations we receive, and • an account of how we have responded to the representations. In your response, please indicate: • if you consent to the publication of your name. If you are replying from an organisation, we will assume that the respondent is the organisation and will publish that name, unless you indicate that you are responding in an individual capacity (in which case, we will publish your name), • if you wish your response to be treated as confidential. We will have regard to this indication but may not be able to maintain confidentiality where we are subject to a legal duty to publish or disclose the information in question. We may be required to publish or disclose information, including confidential information, such as your name and the contents of your response if required to do so by law, for example under the Freedom of Information Act 2000, or in the discharge of our functions. Given the connected objectives between the FCA and the Financial Ombudsman, we may share responses to this consultation with the Financial Ombudsman. Please note that we will not regard a standard confidentiality statement in an email message as a request for non-disclosure. By responding to this publication, you are providing personal data to both the FCA and the Financial Ombudsman, including your name, contact details (including, if provided, details of the organisation you work for), and opinions expressed in your response. We will process personal data to inform our work as regulator and in reviewing and developing complaints handling rules and policy, both in the public interest and in the exercise of our official authority under FSMA. Any information you provide in response to this publication may be shared with the Financial Ombudsman to assess your response, support FCA’s ongoing regulatory policy development, enable a review of existing rules and practices on complaints handling, and enable cooperation between the FCA and the Financial Ombudsman. Irrespective of whether you indicate that your response should be treated as confidential, we are obliged to publish an account of all the representations we receive when we make the rules. How the Financial Ombudsman treats data: The Financial Ombudsman will use CoPilot to summarise responses to this consultation. For context Copilot utilises large language models (LLMs), a type of artificial intelligence (AI) algorithm that uses deep learning techniques to understand, summarise, predict, and generate content. Any output generated by CoPilot will be reviewed by a human to ensure accuracy. Please indicate in your response if you object to the use of AI to review your submission. Further information about the FCA’s use of personal data, including the legal basis for using it, can be found in our privacy notice. Further information about the Financial Ombudsman’s use of personal data, including the legal basis for using it, can be found in its privacy notice.

4 Contents Chapter 1 Summary Page 5 Chapter 2 The Consumer Duty Page 9 Chapter 3 Dispute resolution and compensation . . . . . . . . . . . . . . . . . . . Page 14 Chapter 4 Conduct of Business Sourcebook (COBS) Page 24 Chapter 5 The use of credit cards to purchase cryptoassets Page 37 Chapter 6 SM&CR Tiering  Page 39 Chapter 7 Training and Competence . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 42 Chapter 8 Regulatory Reporting (SUP 16) Page 45 Chapter 9 Safeguarding client cryptoassets . . . . . . . . . . . . . . . . . . . . . . Page 52 Chapter 10 Safeguarding specified investment cryptoassets . . . . . . . . . . . . Page 65 Annex 1 CP Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 71 Annex 2 Cost benefit analysis Page 76 Annex 3 Compatibility statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page 113 Annex 4 Approach to International Cryptoasset Firms (AICF) Page 119 Annex 5 Guidance Consultation Page 128 Annex 6 SUP16.34 Regulatory Reporting Guidance . . . . . . . . . . . . . . . . . Page 129 Annex 7 Abbreviations used in this paper . . . . . . . . . . . . . . . . . . . . . . . . Page 158 Appendix 1 Draft Handbook text

5 Chapter 1 Summary Why we are consulting 1.1 In December 2025, the government introduced legislation to bring certain cryptoasset activities within our regulatory remit which is available on legislation.gov.uk. Our remit is currently limited to overseeing how cryptoassets are promoted and making sure firms meet expected anti-money laundering, counter terrorist financing and proliferation financing standards. 1.2 In future, firms and individuals conducting regulated cryptoasset activities will need to apply for authorisation before carrying out any of these activities by way of business in the UK. They also need to follow FCA Handbook requirements covered in various consultation papers published as part of the Crypto Roadmap, as well as any other relevant consultation papers. 1.3 In recent months we have consulted on different aspects of the future regulatory regime for cryptoassets as set out in our Crypto Roadmap (CP25/14, CP25/15, CP25/25, CP25/40, CP25/41, CP25/42). This CP should be considered alongside these consultations. Our proposals should also be considered alongside other consultation proposals, such as CP25/36 (regarding SYSC 10 and COBS 3). Scope of this consultation 1.4 This CP includes our proposals on: • How the Consumer Duty (the Duty) will apply to cryptoasset firms, supplemented by further non-handbook guidance. • Our approach to Redress and Dispute Resolution (DISP). • The application of various parts of the Conduct of Business Standards Sourcebook (COBS). • The use of credit to purchase cryptoassets. • Our approach to Training and Competence. • Our approach to Regulatory Reporting (SUP 16). 1.5 We are also consulting on: • the application of cryptoasset safeguarding rules to firms who are conducting more than one regulated cryptoasset activity and our proposed approach to specified investment cryptoasset custody. • The treatment of retail consumers’ collateral when engaging in retail cryptoasset borrowing. • Location policy guidance for cryptoasset firms.

6 1.6 Two items within this CP relate to non-handbook guidance: the Duty (Chapter 2 and Annex 5) and our proposed location policy for international cryptoasset firms (Annex 4). We have set out questions in relation to the Duty in Chapter 2. We have also included Handbook guidance on regulatory reporting in Annex 6. 1.7 For firms applying to be authorised in the UK and serving UK clients, we will generally expect them to have a UK legal entity as explained in Annex 4. However, in certain circumstances, we believe that UK CATP operators should be able to combine a UK legal entity presence with UK authorisation of an overseas CATP via a UK branch. We propose to assess cryptoasset firms’ intended legal form individually at the FCA authorisation gateway and during supervision to ensure they meet our fundamental threshold conditions and general requirement. Question 1: Do you agree with our proposed approach on guidance for international crypto firms? If not, provide details. a. In particular, we would be interested in views as to whether any of our proposed rules in this CP should be applied differently to a UK QCATP which is authorised via a UK branch of an overseas firm, in relation to non￾UK users. 1.8 Our proposals take account of the novelty of the cryptoasset market and the business models within it. Regulation will not be able to limit all the risks in the sector, nor should it attempt to. Anyone who buys cryptoassets should be aware of the risks involved – including that they might lose all the money they invest. There are trade-offs in designing a regulatory regime for cryptoassets, and we are open to feedback on our proposals. 1.9 As we have developed these proposals we’ve engaged widely, including with cryptoasset firms, their representatives and our panels. We have also considered the 60 responses to CP 25/25. 1.10 Our proposals are aligned with our primary strategic and operational objectives; consumer protection, market integrity, and effective competition. We have designed our proposals balancing these objectives with our intention to be internationally competitive and with the growth of a sustainable UK cryptoasset industry in mind. 1.11 In addition to the proposals in this CP, in CP 25/25, we consulted on applying SUP 3.3 – 3.8 rules to qualifying cryptoasset custodians and stablecoin issuers. These related to appointment of auditors, auditors’ qualifications and independence, firms’ cooperation with their auditors, notification of matters raised by auditors, and rights and duties of auditors. We would be interested in hearing feedback as to whether these rules should be extended to firms who are conducting other cryptoasset activities, which is the approach we take for traditional finance firms. Question 2: Do you consider that the SUP 3.3-3.8 should be extended to all cryptoasset activities? If not, explain why.

7 What we want to achieve 1.12 We want to create a market where: • Effective competition delivers high quality products and services, drives innovation in the UK cryptoasset sector, and levels the playing field among authorised firms conducting similar activities. • Clients served by authorised firms for regulated cryptoasset activities have appropriate levels of protection. • Consumers can make informed choices about investing in cryptoassets or using crypto-based services. • The international competitiveness of the economy of the UK is supported, as well as its growth in the medium to long term, and firms are encouraged to set up in the UK to offer cryptoasset products and services. • Firms are well-run with appropriate standards and sufficient resources that we can supervise effectively. • Fair value products and services are accessible, meet consumer needs and are sold fairly. • Cryptoassets used within our regime are not attractive for fraud, money laundering, terrorist and proliferation financing or any other criminal activities. • UK investors and market participants can participate in fair, transparent, orderly, and resilient markets. Measuring success 1.13 Our proposals follow the ‘same risk, same regulatory outcome’ principle, where appropriate, to achieve consistency between our approach to firms engaged in regulated cryptoasset activities and our existing approach to FMSA-authorised firms with similar risks. 1.14 We will evaluate our success by the extent to which our proposals achieve the following benefits: • Effective competition, enhancing market integrity for cryptoasset services. We will assess this using a range of complementary measures, including the number and diversity of firms operating in the UK, market concentration, entry and exit rates, switching behaviour and indicators of innovation, pricing dynamics and compliance with conduct standards or transparency requirements. • Increased consumer trust, with consumers accessing products and services meeting their needs. We will measure this through research covering attitudes to cryptoassets. • A reduction in fraud, money laundering, terrorist and proliferation financing or any other criminal activities to make the cryptoasset environment safer. We will monitor ongoing crime rates involving cryptoassets. • The UK being a location in which cryptoasset firms choose to establish and operate from. We will measure this through the number of cryptoasset firms, including the proportion of major global cryptoasset firms, authorised under our regime with a UK physical presence.

8 • Increased confidence in cryptoasset firms so that consumers have a positive experience when dealing with them, empowering them to make informed decisions. We will look to measure this through consumer research. 1.15 We will monitor how firms adapt to the new regime, the outcomes for consumers. International engagement 1.16 We engage internationally and have also had regard to relevant international standards. This includes the Financial Action Task Force (FATF) standards, the International Organization of Securities Commissions’ (IOSCO) Crypto and Digital Assets (CDA) recommendations, and the Financial Stability Board (FSB)’s recommendations covering cryptoassets. Equality and diversity considerations 1.17 We do not consider our proposals will materially disadvantage the groups with protected characteristics under the Equality Act 2010 (the Equality Act for the most part does not extend to Northern Ireland but other antidiscrimination legislation applies). Based on analysis from Wave 6 of the Cryptoasset Research series, cryptoasset owners are more likely to be below 34, male and live in households with above-average incomes. 1.18 While these groups are currently overrepresented in ownership of cryptoassets, we expect all consumers who use cryptoasset-related services will benefit from a regulatory regime for cryptoasset firms. Digitally excluded consumers 1.19 Our proposals are unlikely to have an impact on digitally excluded consumers, as they do not use the digital services needed to buy cryptoassets. Our proposals are also unlikely to have an impact on levels of cash use. Next steps 1.20 We welcome feedback on our questions, proposed rules and guidance in this consultation by 12 March 2026. 1.21 Following consideration of responses to all the consultations as part of the Crypto Roadmap, as well as other related guidance such as perimeter guidance, our final rules and guidance will then be set out in Policy Statements.

9 Chapter 2 The Consumer Duty 2.1 Since its introduction on 31 July 2023, the Consumer Duty (the Duty) has set high standards of retail customer protection across financial services. It requires firms to build on rule compliance by placing greater emphasis on delivering good outcomes for retail customers and sets robust expectations that apply to products and services offered to retail customers. Overview of the current framework Principle 12 and PRIN 2A set out our Consumer Duty rules and guidance (with further guidance provided in FG22/5). The Duty comprises of: A consumer principle. Principle 12 sets out that firms must act to deliver good outcomes for retail customers. 3 cross-cutting obligations, which set out high-level standards of behaviour: A firm must act in good faith towards retail customers. A firm must avoid causing foreseeable harm to retail customers. A firm must enable and support retail customers to pursue their financial objectives. 4 sets of outcome rules setting more detailed requirements and expectations in the following areas: Products and Services – products and services must be designed to meet the needs, characteristics and objectives of retail customers in an identified target market and distributed appropriately. Price and Value – firms must ensure products and services provide fair value to retail customers, and take appropriate action where they identify that this is not the case. Consumer Understanding – firms must communicate in a way that supports customers’ understanding and equips them with the right information to make decisions that are effective, timely and properly informed. Consumer Support – firms must provide retail customers with the support they need throughout the lifecycle of the product or service.

10 Applying the Duty/Addressing risks in the sector 2.2 Some firms that will be authorised for cryptoasset activities have not been regulated before. Cryptoasset markets often operate differently to traditional finance markets, including in their structure and terminology. For example, retail customers often trade cryptoassets directly on cryptoasset trading platforms rather than through intermediaries. Given these differences, we are consulting on guidance to clarify how the Duty will apply to cryptoasset firms. 2.3 The Duty has been designed to be outcomes focused, setting high and clear standards of protection for retail customers across financial services. This is to ensure all firms have the same responsibility to act to deliver good outcomes for retail customers. It also requires firms to consider the diverse needs of their customers, including those with characteristics of vulnerability. The Duty gives cryptoasset firms the flexibility to assess their customers’ needs and tailor their products and communications accordingly. Firms must apply the Duty in a way that’s reasonable and reflects their size, role, and the risk their products pose to consumers. The Duty is not a one-size-fits-all framework. Its flexible nature helps avoid creating unintended costs and challenges for firms as products and services evolve. Wider action plan for the Duty 2.4 As set out in our letter to the Chancellor in September 2025 we have committed to amend the Duty’s rules to remove disproportionate burdens from wholesale firms and give them confidence to act proportionately. As part of the four-point action plan we committed to in the letter, on 8 December 2025 we published: • A supervisory statement setting out our expectations when firms work together to manufacture products for retail customers. • CP25/36 – a consultation on our client categorisation rules and simplifying our rules on conflicts of interests. 2.5 In the first half of 2026, we will: • Consult on changes to rules on the application and requirements of the Duty, including through distribution chains. • Propose to remove business with non-UK customers from the scope of the Duty. 2.6 It is likely that the Duty rules will be subject to change before they apply to authorised cryptoasset firms. However, given that these consultations are intended to make Duty requirements more proportionate and easier to interpret for firms, we expect cryptoasset firms to see a reduction of the overall costs of applying the Duty. Firms should therefore engage with these consultations and comply with any confirmed changes when preparing to apply the Duty. The guidance on which we are consulting is based upon the current version of the Duty. However, the guidance is intended to remain accurate following the upcoming consultations and we will draw firms’ attention if this changes for any areas of the guidance.

11 Stakeholder feedback 2.7 The overwhelming majority of respondents (80%) to CP25/25 (Application of FCA Handbook for Regulated Cryptoasset Activities) supported applying the Duty alongside additional sector-specific guidance. Respondents highlighted that the Duty’s outcomes￾based framework is well-suited to cryptoasset firms, would create an even playing field across retail financial services, and that sector-specific guidance would help firms apply the Duty effectively. 2.8 Respondents agreed with some of the challenges we identified in applying the Duty. Examples include the lack of identifiable manufacturers or issuers for some cryptoassets and the challenges in applying the price and fair value outcome given the volatility in the cryptoasset market. 2.9 In CP25/25 (paragraph 6.34), we set out the position: ‘It would likely not be fair value if an asset had risen in price steadily over the longer term and the firm kept its percentage￾based charges the same, if the firm’s operational costs for the activity or service remained relatively stable’. Several stakeholders disagreed with this, saying it is not consistent with practice in traditional finance markets. We are not including this example in our Guidance, however, fair value is to be assessed in context for each product and service and firms must make sure that there remains a reasonable relationship between the price customers pay and the benefits of the product or service in line with the Final non-Handbook Guidance for firms on the Consumer Duty (FG22/5). Supplementary guidance on fair value for cryptoasset firms is set out in detail in the proposed Guidance. Interaction with Admissions & Disclosure regime (A&D) 2.10 In CP25/41, we proposed that the Duty will not be extended to designated activities relating to public offers and admissions to trading of qualifying cryptoassets. The Duty applies to a firm’s retail market business, which will include regulated cryptoasset activities that could overlap with these designated activities. We proposed a carve-out to the definition of retail market business that would exclude those designated activities from that definition where there is an overlap. This would mean the Duty would not apply and instead the rules we proposed in CP25/41 would apply. We did not propose to extend the carve-out to disclosures relating to UK-issued qualifying stablecoins and we are proposing that the Duty will apply to all retail market business when relating to UK￾issued qualifying stablecoins, including the designated activities relating to public offers and admissions to trading. This includes UK-issued qualifying stablecoin QCDDs.

12 Summary of proposals 2.11 We propose to apply the Duty (Principle 12 and PRIN 2A) to cryptoasset firms in the same way as it applies generally to all FSMA-authorised firms (including payments firms). Additionally, we propose non-Handbook guidance to clarify how the Duty applies to cryptoasset activities. This guidance is not designed to be comprehensive and should be read in conjunction with FG22/5. We are consulting on this guidance as part of this CP and it forms Annex 5. The final section of this chapter contains a series of consultation questions on the Guidance. 2.12 As a result of our proposal to apply the Duty to cryptoasset firms we do not intend to apply the Product Intervention and Product Governance sourcebook (PROD). We believe the Product and Services outcome of the Duty will provide an appropriate level of protection for retail customers. By design, the Duty sets similar rules to the product governance outcomes in PROD, particularly around identifying a target market, product design and appropriate distribution. So, we believe it is appropriate to rely on the Duty to deliver the right outcomes for retail customers through product governance, rather than apply prescriptive rules. 2.13 In CP25/25, we proposed that we will not apply the Duty to the trading between participants of a UK authorised QCATP. We refer to this as a UK QCATP in accordance with the term subsequently used in our rules relating to platform operators in CP25/40. This is comparable to how we treat trades executed on multilateral trading facilities (MTFs) in traditional finance. While UK QCATPs will have much more direct retail access, we believe the proposed requirements and rules to be put in place by the UK QCATP operator, in accordance with our draft rules in chapter 6 of the CRYPTO sourcebook, will provide for non-discretionary, fair and transparent trading between all participants. The Duty would continue to apply to how QCATP operators interact with retail customers more broadly, for example in the communications and service provided to customers. 2.14 As highlighted in 2.10, the Duty will not apply directly to A&D activities except in the case of qualifying stablecoins, with similar outcomes targeted through the bespoke A&D rules and guidance. 2.15 As discussed in more detail at 2.6, in the first half of 2026, we will propose changes to the Duty’s application and requirements, including across distribution chains and set out plans to exclude business with non-UK customers from its scope. Cryptoasset firms should engage with these publications as the Duty requirements upon them may change. 2.16 The consultation questions below refer to the proposed Guidance in Annex 5. We invite stakeholders to consider the Guidance and respond to these questions below. We are particularly interested in views on whether there are additional areas which we ought to address in the Guidance to provide greater clarity for cryptoasset firms applying the Duty.

13 Question 3: Do you agree with our proposals to apply Principle 12 and PRIN 2A to cryptoasset firms supplemented by non￾Handbook guidance to clarify how the Duty applies to cryptoasset activities? Question 4: Do you agree with our approach that the Duty will not apply to trading between participants of a UK QCATP? Question 5: Do you agree with our approach that the Duty will apply to all activities carried out in relation to UK-issued qualifying stablecoins, including activities relating to public offers and admissions to trading? Question 6: Do you have any comments on our proposed guidance on how cryptoasset firms should comply with the Consumer Principle and three cross‑cutting rules? Question 7: Do you have any comments on our proposed guidance on application of the Duty’s: (a) products and services outcome; (b) price and value outcome; (c) consumer understanding outcome; and (d) consumer support outcome? Question 8: Are there any areas where cryptoasset firms could benefit from additional guidance to better understand their obligations. Please provide examples.

14 Chapter 3 Dispute resolution and compensation Overall approach 3.1 We have considered how the following parts of the current framework for complaints resolution and compensation should apply to the new regulated cryptoasset activities: a. Complaints handling requirements: DISP Chapters 1 and 2 set out the regulatory framework for how firms must handle complaints from their customers and the circumstances in which these complaints can be referred to the Financial Ombudsman. DISP 3 sets out rules on how the Financial Ombudsman handles eligible complaints. b. Access to the Financial Ombudsman: The Financial Ombudsman Service (Financial Ombudsman) is an impartial body set up by Parliament to resolve certain complaints between consumers and businesses that provide financial services. Its role is to resolve these complaints quickly and with minimum formality, by reference to what is, in the Financial Ombudsman’s opinion, fair and reasonable in all the circumstances of the case. The way in which the FOS handles complaints is being reviewed as set out in this consultation, Modernising the Redress System, published by the FCA and Financial Ombudsman’s and the Treasury’s Review of the Financial Ombudsman Service consultation. c. Access to the FSCS: The Financial Services Compensation Scheme (FSCS) is the UK’s statutory compensation scheme. If a financial firm has gone out of business and can’t pay a customer’s claim, FSCS can step in to pay compensation. Harms we are seeking to address 3.2 There is a risk that some authorised cryptoasset firms may cause harm to customers by failing to provide good customer service. For example, firms may fail to adequately disclose the risks of certain cryptoasset products, or slow procedures could lead to customers having considerable delays in accessing their funds. If authorised cryptoasset firms lack adequate procedures to address such issues and they remain unresolved, consumers could suffer harm. A complaint handling framework can help mitigate these risks by making sure complaints are resolved promptly and fairly and that lessons are learned. 3.3 We propose applying the DISP Sourcebook to cryptoasset firms, in a similar way to how it applies to other authorised firms. The rules in DISP aim to make sure that complaints are resolved quickly and effectively, providing fair and predictable outcomes when things go wrong. They also contribute to a regulatory environment in which firms can compete, grow and invest for the long term. We want to make sure that consumers have a way to get redress without going through courts including, for example, for financial losses, harm experienced as a result of inappropriate disclosures, or poor customer service in carrying on regulated activities.

15 3.4 We propose to allow access to the Financial Ombudsman for consumers of regulated cryptoasset firms. Consumers that are not based in the UK will be able to refer complaints to the Financial Ombudsman where eligible. We do not propose to expand FSCS protection to regulated cryptoasset activities. Stakeholder feedback 3.5 These proposals reflect feedback from DP23/4 and the discussion questions in CP25/25. DP23/4 sought views on consumer redress requirements for UK-qualifying stablecoin issuers (stablecoin issuer) and custodians. More specifically, we asked whether current complaints handling rules in DISP should apply for customers of stablecoin issuers and custodians. In a discussion chapter in CP25/25 we invited views on whether access to the Financial Ombudsman should extend to cryptoasset disputes, and the operational and cost implications of this policy option. 3.6 Respondents generally supported this proposal. Many agreed it would be consistent with our approach to traditional finance and that it could increase consumer confidence and facilitate stablecoin adoption by providing familiar complaints resolution mechanisms. A minority, however, were concerned about the complexity of stablecoin￾related complaints and the need to make sure the Financial Ombudsman is equipped to handle them. Summary of proposals Complaint handling requirements in DISP 1 for firms 3.7 We propose to apply the requirements in DISP 1 to the new regulated cryptoasset activities set out in the RAO SI. As with other regulated activities in traditional finance, firms carrying on cryptoasset activities will need effective processes to promptly and fairly deal with complaints. Unclear complaints handling requirements may undermine firms’ incentives to maintain high standards of behaviour and governance and increases the risk of unfair practices and consumer harm. 3.8 DISP 1 contains rules and guidance on how firms should deal promptly and fairly with complaints. The table below sets out a non-exhaustive summary of the requirements applicable under DISP 1. Cryptoasset firms should familiarise themselves with the detailed requirements as set out in DISP 1 when considering their response to this consultation. 3.9 As outlined in paragraph 8.7 in Chapter 8, we propose a phased approach to complaints reporting for authorised cryptoasset firms at the outset of the new cryptoasset regime. In the initial period following authorisation we propose to disapply the complaints reporting requirements in DISP 1.10, DISP 1.10A and DISP 1 Annex 1. We propose that authorised cryptoasset firms provide a baseline level of complaint data as part of more general reporting requirements set out in SUP 16[34.6R(1)-(2)]. This forms part of a phased approach set out in Chapter 8 and we will assess existing or emerging areas of risk and make enhancements as needed.

16 3.10 Initially, we will ask firms to report only their total number of complaints received and total number of complaints upheld within the reporting period. This requirement will be set out in an amendment to SUP 16, rather than by making changes to the FCA’s complaints reporting return. Table 1: Key DISP 1 provisions that will apply to cryptoasset firms. This table provides a summary and is not an exhaustive list. DISP provision  Summary  DISP 1.2: Consumer awareness rules Firms must publish information about internal procedures for handling complaints and information about the Financial Ombudsman. DISP 1.3 Complaints handling rules  Firms must establish procedures to reasonably and promptly handle complaints that can be made free of charge.  The procedures should recognise that complaints require resolution. The procedures should enable firms to identify the root cause of common types of complaints and take appropriate steps to address any recurring or systemic problems.  A firm must appoint an individual who will have responsibility for oversight of the firm’s compliance with DISP 1. DISP 1.4 Complaints resolution rules  Complaints must be investigated competently, diligently and impartially. They must be assessed fairly, consistently and promptly and resolved at the earliest possible opportunity. Remedial action or redress must be provided where appropriate, as well as clear explanations about the assessment of the complaint.  DISP 1.5 Complaints resolved by close of the third business day  When a complaint has been resolved by close of the third business day, following receipt of the complaint, a ‘summary resolution communication’ must be sent to the complainant. This must refer to the availability of the Financial Ombudsman and indicate whether the firm consents to waive time limit relevant to the determination of the Financial Ombudsman’s jurisdiction.  DISP 1.6 Complaints time limit rules  A firm must send a prompt written acknowledgement of receipt of the complaint and keep the complainant informed thereafter. In most cases, the firm must respond within 8 weeks of receiving the complaint and:  • send a ‘final response’ which may consist in accepting or rejecting the complaint or offering redress without consideration of the complaint. Where rejected, the response must clearly explain why, or  • send a written response which explains why the firm has been unable to provide a final response and when it expects to provide one, and  • in either case, send information about referral rights to the Financial Ombudsman together with an explanatory leaflet.  DISP 1.7 Complaints forwarding rules  If a firm reasonably considers another firm is solely or jointly responsible for the matter being complained about, it should promptly forward the complaint to the responsible party, if known. 

17 DISP provision  Summary  DISP 1.8 Complaints time barring rules  A firm may reject a complaint received outside the relevant time limits for referral to the Financial Ombudsman, but it must explain its decision to do so in a final response letter. In general, the time limits are 6 years after the event complained of or, if later, 3 years from the date from which the complainant became aware (or ought reasonably to have become aware) they had cause for complaint.  DISP 1.9 Complaints record rules  A firm must keep records of complaints for 3 years, from the date the complaint was received.  Third party complaints handling for UK-qualifying stablecoin issuers 3.11 As outlined in CP25/14, UK qualifying stablecoin issuers (stablecoin issuers) would not be limited to using authorised firms as third parties. However, depending on the activities third parties carry out on behalf of an issuer, these third parties may be in scope of other regulated activities that require FCA authorisation. These may include, but are not limited to, safeguarding qualifying cryptoassets, dealing in qualifying cryptoassets, or arranging deals in qualifying cryptoassets. 3.12 Consumers may not interact directly with the stablecoin issuer, and it may not be clear how complaints will be handled where stablecoin issuers rely on third parties to carry out activities on their behalf. Consumers may need information about the appropriate complaints process to follow, as third parties will often not handle complaints themselves. 3.13 We have limited our consideration of third-party complaints handling requirements to stablecoin issuers arising from acts or omissions of third parties for which they may be responsible. Summary of proposals 3.14 We propose that qualifying stablecoin issuers should make it clear to consumers, and the market, when a third party is carrying out an activity on its behalf. In these cases, we have proposed that the stablecoin issuer is fully responsible for discharging all its regulatory obligations, as outlined in CP25/14. In addition, CP25/25 proposes that, generally, when a firm conducting cryptoasset activities uses third-party service providers, it retains responsibility for managing risks arising from those arrangements. 3.15 To mitigate the risks that arise when third party carries out activities on behalf of the stablecoin issuer, (e.g. offering or redeeming a qualifying stablecoin), we propose the stablecoin issuer must include the following within the contractual arrangements with the third party in the Cryptoasset Sourcebook Chapter 2: i. Provisions requiring the third party to provide information on the stablecoin issuer’s procedures for the handling of complaints;

18 ii. that the third party forwards complaints it received from consumers to the stablecoin issuer to ensure the regulated firm can consider them; and iii. Provisions requiring the third party to provide contact details information for the stablecoin issuer to the holder of a qualifying stablecoin, including clarifications of the role (if any) the third party plays in the handling of customer service. 3.16 The purpose of these rules is to ensure consumers know how to complain to the qualifying stablecoin issuer and to ensure the qualifying stablecoin issuer receives the complaint from the third party, which it then has to consider in accordance with relevant DISP rules. The effect of the proposed rules will allow a consumer to refer a complaint to either the third party or the stablecoin issuer. Question 9: Do you agree with our proposal to apply the DISP 1 complaint handling requirements to all cryptoasset firms? Question 10: Do you agree with the proposal to add requirements to the crypto sourcebook for stablecoin issuers to put in place contractual arrangements with third parties that carry out activities on their behalf? Access to the Financial Ombudsman 3.17 Not all complaints are satisfactorily resolved between firm and consumers. Where consumers remain dissatisfied with the response provided by an authorised person, they can refer their complaint to the Financial Ombudsman for an impartial and free assessment of eligible complaints. 3.18 The Financial Ombudsman has two jurisdictions. The compulsory jurisdiction covers complaints about regulated activities as well as other specified activities and there are rules setting out what activities could give rise to complaints in scope of the compulsory jurisdiction. The voluntary jurisdiction, whose rules are made by the Financial Ombudsman, covers complaints beyond the scope of the compulsory jurisdiction but which relate to activities which could have been or are covered by the compulsory jurisdiction. The voluntary jurisdiction allows the Financial Ombudsman to cover a broad section of financial services including where the service may not be within FCA’s regulatory perimeter but where it may be beneficial to offer access to consumers to avoid confusion or to enhance confidence in the type of service. To participate in the voluntary jurisdiction, firms voluntarily agree to sign up to the Financial Ombudsman’s standard terms. 3.19 In DP23/4, we discussed the potential extension of the Financial Ombudsman’s compulsory jurisdiction to include complaints arising from UK qualifying stablecoin issuers and qualifying cryptoasset custodians. This recognised that access by consumers to an independent dispute resolution scheme such as the Financial Ombudsman enhances trust and confidence in financial markets. Following supportive feedback, we considered extending access to the Financial Ombudsman to complaints relating to other regulated cryptoasset activities. We think it appropriate that customers

19 of qualifying cryptoasset firms should be able to refer their complaints to the Financial Ombudsman once those activities fall within our regulatory perimeter. 3.20 This option was discussed in Chapter 6 of CP25/25 and was generally supported by respondents. Many respondents supporting the ‘same risk, same regulatory outcome’ principle that underpins the wider regulatory framework for cryptoassets. Respondents also agreed that this would help set clear accountabilities mechanisms and strengthen consumer confidence in the cryptoasset sector. 3.21 However, respondents also raised the following points for consideration: a. Stakeholders generally agreed that the Financial Ombudsman should not uphold complaints relating only to investment losses from poor performance or complaints related to third-party failures and blockchain-level issues. b. Concerns about whether the Financial Ombudsman possesses appropriate technical knowledge to handle cryptoasset related complaints. They also highlighted that novelty of the products and services may lead to a large volume of complaints. In their response, the Financial Ombudsman highlighted both their continued commitment to collaborating with the FCA to make sure there is regulatory alignment and emphasised the value of ongoing support from the FCA to ensure they have necessary resources, insight and awareness to handle complaints on cryptoasset activities. c. No access to the Financial Ombudsman for customers of overseas firms. Respondents noted that this could introduce inconsistency and complexity to the complaints process, causing confusion for consumers. d. Consideration of complexities in the value-chain across the cryptoasset sector. Respondents emphasised the importance of clearly defining accountability for complaints. This would help to reduce the risk of firms being held responsible for complaints that fall within the remit of other regulated firms. Our proposal 3.22 We propose to extend the compulsory jurisdiction to complaints arising from acts or omissions in carrying on any of the new regulated cryptoasset activities. 3.23 We will update DISP 2.3 and the definitions to which this relates, to ensure these activities fall within FOS’s Compulsory Jurisdiction. We also propose to further clarify at DISP 2.3.2G that acts and omissions in relation to which complaints can be made against a firm includes those of third parties authorised to act on their behalf. We do not consider any further changes to be required, so firms will need to follow the same complaints handling rules that already apply for the provision of other regulated activities. 3.24 The Financial Ombudsman will only be able to consider complaints against qualifying cryptoasset firms arising from acts or omissions in carrying out regulated activities on or after the day the new regime goes live, subject to the time limits that are set out in DISP.

20 Eligible complainants 3.25 The Financial Ombudsman can only consider complaints made by an ‘eligible complainant’ as defined in DISP 2.7. To be eligible, a complainant must meet the conditions set in DISP 2.7.3R which essentially requires them to be a consumer, an eligible microenterprise, a small business, a certain type of charities, trustees or a guarantor. That complainant must also have an eligible relationship to the respondent, set out in DISP 2.7.6R. A complaint can be made by the eligible complainant or on their behalf by a person authorised to do so by law. We expect most complainants to be customers of the cryptoasset firm complained of, so in scope of DISP 2.7.6R(1) (or DISP 2.7.6R(2) for potential customers). Authorised overseas firms 3.26 The compulsory jurisdiction will cover complaints from eligible complainants about activities of firms carrying out regulated cryptoasset activities from an establishment in the UK, as is already the case for other regulated activities under DISP 2.6.1R. 3.27 As set out in the chapter 12, firms carrying out regulated cryptoasset activities are generally expected to do so from a UK legal entity where FCA authorisation is required. Where an authorised firm carries on regulated cryptoasset activities from an establishment in the UK, the UK complaints handling framework, including DISP and access to the Financial Ombudsman, will apply in the usual way. However, consumers will not be able to refer complaints to the Financial Ombudsman in relation to those activities where an authorised cryptoasset firm does not carry on regulated cryptoasset activities from an establishment in the UK. 3.28 There may be limited circumstances in which authorised overseas firms are subject to UK complaints requirements, including where specific arrangements apply (for example, in relation to Gibraltar firms), and this will depend on the nature of the firm’s activities and the applicable legal framework. Consumers will still be able to pursue alternative routes of redress, including court action, where the complaint gives rise to a private right of action and remains unresolved, subject to applicable law. 3.29 We recognise that it may be challenging for consumers of overseas and authorised cryptoasset firms to understand which consumer protection and redress arrangements apply to them, particularly regarding access to the Financial Ombudsman. However, we note that all firms that carry out newly regulated cryptoasset activities have to clearly disclose to consumers whether they have access to the Financial Ombudsman in relation to these activities. Question 11: Do you agree that the Financial Ombudsman should consider complaints about all new cryptoasset activities carried out by all UK authorised firms? If not, are there specific activities it should not be able to consider complaints for?

21 Financial Ombudsman: Voluntary Jurisdiction 3.30 The Voluntary Jurisdiction rules are made by the Financial Ombudsman with the approval of the FCA. Accordingly, this part of the consultation paper is a joint consultation between the FCA and the Financial Ombudsman. 3.31 The Financial Ombudsman has considered whether to extend the Voluntary Jurisdiction to cover the new cryptoasset activities for firms based in the EEA or Gibraltar who are not subject to the Compulsory Jurisdiction and taken account of the following: a. Most firms carrying out the new cryptoasset activities are likely to fall within the compulsory jurisdiction, so the extension of voluntary jurisdiction would provide little benefit. b. Firms providing the new cryptoasset activities from outside the UK are likely to be outside the EEA and Gibraltar, and therefore beyond the wider territorial scope of the voluntary jurisdiction. 3.32 The Financial Ombudsman also thinks there would be little demand for the voluntary jurisdiction to be made available for complaints about pre-regulation acts or omissions. 3.33 As the Financial Ombudsman believes that its voluntary jurisdiction should only be made available where there are clear benefits to consumers and industry, and given the costs to establishing and promoting the availability of its voluntary jurisdiction, the Financial Ombudsman does not currently believe that it is consistent with its priorities to offer the voluntary jurisdiction for cryptoasset activities. Question 12: Do you agree that the Financial Ombudsman should not extend the voluntary jurisdiction to cover complaints about the proposed new cryptoasset activities? Financial Ombudsman general levy and case fee 3.34 The fees and levy rules that apply to firms currently covered by the Financial Ombudsman are set out in Chapter 5 of the FEES sourcebook in the FCA Handbook. The powers to make rules on funding the Financial Ombudsman are shared between the FCA and the Financial Ombudsman. We make rules on the amount of the Financial Ombudsman annual budget that will be raised by way of the compulsory jurisdiction general levy. The Financial Ombudsman makes rules on the payment of fees (case fees) by firms for cases referred to the Financial Ombudsman, which is subject to consultation (see the Financial Ombudsman Consultation on Plans and Budget (2026/27)). This includes the number of cases that are handled each year without a fee being charged (currently 3), as well as the fee rules on the payment of the annual levy for voluntary jurisdiction participants. 3.35 We are considering our consultation proposals for the Financial Ombudsman’s fees and levies for regulated cryptoasset activities. Our provisional intention is to align this approach with that taken for the wider FCA levy (FEES 4). This is in terms of how we approach the adaption, or creation, of fee blocks for regulated cryptoasset activities. We will consult on the periodic fee structure and the Financial Ombudsman industry block for firms with cryptoasset activity permissions in 2026.

22 Consumer compensation when firms are unable to meet liabilities Overview of the current framework 3.36 Under the Financial Services and Markets Act 2000 (FSMA), we have the power, subject to public consultation, to make rules enabling the FSCS to compensate customers of certain failed firms where: a. An eligible claimant has a protected civil claim against a relevant person (generally an authorised firm) arising from an eligible regulated activity and has suffered a financial loss, and b. that firm has been declared in default. 3.37 FSCS protection does not automatically apply to all regulated activities and, as noted in our FS22/5 (Compensation framework review response paper), its availability, and the benefits it brings to consumers, should be commensurate to the expected benefits it brings to financial services markets. Stakeholder feedback 3.38 In DP23/4, we proposed not to extend FSCS cover to UK qualifying stablecoin issuers or cryptoasset custodians. Most respondents supported this position. 3.39 Respondents to DP23/4 considered that the approach used for electronic money issuers and payment services firm, which relies on safeguarding, is a model suitable for the stablecoin market, given the similarities to other money-like instruments. Many also deemed our existing capital and prudential requirements sufficient to adequately safeguard consumer assets. Respondents also cited insufficient data to set appropriate compensation limits and levies and unduly burdensome costs as other reasons to not extend FSCS cover. 3.40 Nevertheless, a minority favoured extending FSCS protection. They were concerned that withholding FSCS protection could weaken consumer safeguards and might signal that stablecoins are unsafe and deter consumer adoption. Our proposals 3.41 We do not propose to extend FSCS coverage to new regulated cryptoasset activities. This means that customers will not be eligible for compensation from the FSCS in case of investment losses arising from regulated cryptoasset activities. 3.42 Instead, our proposed framework introduces activity-specific regulatory safeguards, intended to mitigate risks to consumers, including requirements relating to conduct, disclosure and firm resilience. Our consumer protection objective also reflects the general principle that consumers should take responsibility for their decisions (s.1C of FSMA). The majority of cryptoassets remain high risk and extending compensation arrangements may create inappropriate incentives for both consumers and firms.

23 3.43 In DP23/24, we set out reasons for not proposing to extend FSCS cover to UK qualifying stablecoin issuers. These included significant uncertainty about the number of market entrants, their size and revenue, and their potential liabilities, such as unpaid redress or losses of assets. These uncertainties would pose difficulties when setting an appropriate FSCS levy and could potentially expose the wider financial services industry to unexpected funding demands in the event of a firm failure. 3.44 We think that these considerations apply equally to other newly regulated cryptoasset activities. However, we may wish to consider further if this could give rise to inconsistent outcomes, for instance, for claims relating to the safeguarding of specified investment cryptoassets (SICs). Currently, the activity of safeguarding and administering SICs falls within Article 40 of the Regulated Activities Order (RAO) and likely falls within the scope of the FSCS cover as a ‘designated investment business’ in scope of COMP 5.5.1R. Under the draft Cryptoasset Regulations, safeguarding of SICs will move to be within scope of Article 9N of the RAO. In theory, it is possible some other regulated activities involving SICs could lead to valid FSCS claims, for instance if investment advice relates to SICs, which could appear inconsistent. This proposal would mean a claim in connection with safeguarding and administration of a share would be covered by FSCS but a claim in connection with safeguarding of a token representing the share on a blockchain would not be covered by FSCS. As the market and the regulatory framework develop, we will consider whether to revisit this approach, but invite comments on this specific point. We will continue to work closely with HMT and the BoE on what comprehensive issuer-failure arrangements for systemic stablecoins may be. Question 13: Do you agree with our approach to not extend FSCS coverage to new regulated cryptoasset activities and all types of qualifying cryptoassets? Question 14: Given that the move of Specified Investment Cryptoasset (SIC) safeguarding from Article 40 to Article 9N may remove it from the scope of FSCS protection, do you agree with our approach to SIC safeguarding even though it may give rise to potential inconsistent outcomes, for example, safeguarding a traditional share would fall within FSCS scope, while safeguarding its tokenised equivalent would not?

24 Chapter 4 Conduct of Business Sourcebook (COBS) Background 4.1 The Conduct of Business Sourcebook (COBS) sets expectations of how regulated investment firms must act when authorised by the FCA. It sets standards for client interactions, including how firms communicate with their clients, market products, handle client data and assess product suitability to ensure fair and professional treatment. The aim is to protect clients by requiring firms to act in clients’ best interests. This is part of a holistic framework for firms to provide the best outcomes for clients. 4.2 Applying COBS rules to cryptoassets firms is pivotal to address key potential vulnerabilities in the sector including inconsistent conduct standards, misleading promotions, poor disclosures and increased exposure to cyber, operational and financial-crime risks. COBS requirements for fair communication, transparency, governance and record-keeping provide essential safeguards to strengthen market integrity and improve accountability. Without such standards, regulatory arbitrage or misconduct can result in a loss of public trust which can threaten the sector’s stability. A proportionate, crypto-specific adaptation of COBS is therefore crucial for a safer, competitive and sustainable UK cryptoassets industry. 4.3 In CP25/25, we sought feedback on whether and how COBS should apply to regulated cryptoasset firms. We also considered whether and where the Duty could be deployed instead of applying aspects of COBS. Overall Approach and Summary of Proposals 4.4 We propose to extend our Handbook glossary definition of ‘designated investment business’ (DIB) to include the future cryptoasset regulated activities under the new regime. Consequently, the COBS requirements which apply to firms conducting DIB would apply to these firms. Firms should ensure that compliance with COBS obligations is considered alongside the specific requirements set out in the CRYPTO sourcebooks. 4.5 Chapter 7 of CP25/25 details relevant COBS provisions which we propose to apply to cryptoasset firms. 81% of respondents agreed with our approach. We propose to retain this approach and to apply relevant COBS provisions summarized in the table below:

25 Chapter Summary of proposals in CP25/25 Approach in this CP COBS 1 – Application Apply 1.1, 1.2 and Annex 1; amending Annex 1 with a carve out for transactions between UK CATP operators and professional clients as they are afforded a lighter level of protection due to their knowledge and experience. Retain proposals. Extend carve-outs in COBS 1 Annex 1 that apply to transactions concluded on an MTF to transactions concluded on a UK QCATP. Since such transactions are executed under the non-discretionary matching rules of the UK QCATP, certain COBS provisions would not be appropriate to apply. We will continue to consider where it is appropriate to disapply COBS generally to non-UK retail and professional users of UK QCATPs based overseas and authorised via a UK branch (see also Approach to International Cryptoasset Firms in Annex 4). Apply COBS to persons providing services from overseas to retail clients in the UK. COBS 2 – Conduct of Business obligations Apply 2.1, 2.2, 2.3, 2.4, 2.5 (subject to the carve-outs in Annex 1). Retain proposals. Cryptoasset firms must act honestly, fairly and professionally, providing timely and accurate disclosures. This includes disclosures about the firm, its services, designated investments, proposed strategies, execution venues, and all relevant costs and charges, along with appropriate risk warnings. COBS 3 – Client categorisation Apply all provisions Retain proposals. We propose to expand the definition of per se eligible counterparty (ECP) within our Handbook to include qualifying cryptoasset firms. (However, note that the definition of ECP Business will not include the activity of Operating a UK QCATP. This reflects the position in relation to the activity of operating and MTF). See paragraph 4.7 for more information on the interaction between clients and holders of qualifying stablecoins.

26 Chapter Summary of proposals in CP25/25 Approach in this CP COBS 4 – Communicating with clients, including financial promotions Apply with some changes to how UK-issued qualifying stablecoins are treated. Retain proposals. Apply COBS 4 provisions to cryptoassets firms with some changes to how UK-issued qualifying stablecoins are treated. Reclassify the Restricted Mass Market Investment (RMMI) status for UK￾issued qualifying stablecoins, which would mean that they would not be subject to marketing restrictions. Financial promotions for qualifying stablecoins not issued by a UK￾authorised issuer should include additional risk warning information. Clarify that firms should be aware of applicable disclosure requirements in CRYPTO that may be separate and complementary to COBS requirements. We propose guidance noting that firms have flexibility in determining how to discharge these requirements. Clarify that references in COBS 4.9 to an overseas person include a person that undertakes a qualifying cryptoasset activity but does not operate from a permanent place of business in the UK. COBS 5 – Distance communications Not to apply Retain proposals.

27 Chapter Summary of proposals in CP25/25 Approach in this CP COBS 6 – Information about the firm, its services and remuneration Apply only 6.1 and 6.4 Retain proposals. We intend to require cryptoasset firms to disclose information about the firm and its services. This includes details on registered status, conflicts of interest, and the nature, frequency, and timing of performance reports. For firms that safeguard either qualifying or specified investment cryptoassets on trust, we are proposing that they provide the following information in plain language on: • How the firms’ approach to setting up the trust will impact clients’ protections clients and potential risks they face. • Whether the firm does not hold cryptoassets on trust for clients, and the associated risks this presents. • The firm’s access and security arrangements • The firm’s use of third parties. COBS 8 – Client agreements (non￾MiFID provisions) Apply with some changes to how UK-issued qualifying stablecoins are treated. Retain proposals. COBS 10 – Appropriateness (for non-advised services) (non￾MiFID and non￾insurance-based investment product provisions). Apply relevant provisions Retain proposals. Our changes to COBS 10 include introducing a rule requiring that when conducting the appropriateness assessment, firms must ask the client questions that cover, at least, the matters in COBS 10 Annex 4G. Along with this change, we are proposing to change COBS 10 Annex 4G from guidance into a rule. We are also proposing new rules in COBS 10 requiring firms to assess clients’ knowledge and experience of cryptoasset lending and borrowing to assess such products as appropriate before offering them to clients. In addition to this requirement, we are proposing rules and guidance in COBS 10 on the specific cryptoasset lending and borrowing matters that firms should consider covering when assessing appropriateness.

28 Chapter Summary of proposals in CP25/25 Approach in this CP COBS 11 – Dealing and managing Not to apply We propose to disapply COBS 11 for firms carrying out qualifying cryptoasset activities, which will instead be subject to execution and order handling rules within CRYPTO 5. In relation to personal account dealing rules in COBS 11.7, where the specified investment is a financial instrument, firms will be subject to COBS 11.7A in respect of MiFID business, and COBS 11.7 for non-MiFID business. COBS 15 – Cancellation Not to apply Disapply the Handbook rules in relation to cancellation rights for distance contracts related to cryptoasset products or activities. COBS 16 – Reporting information to clients Apply 16.1 to 16.4 to qualifying cryptoasset staking and qualifying cryptoasset safeguarding. COBS 16.4 may also apply to other firms undertaking cryptoasset activities. We propose to disapply COBS 16 requirements for firms carrying out the following activities, and instead include similar reporting requirements in CRYPTO 8:

1. A UK QCATP operator;
2. Dealing in qualifying cryptoassets as principal
3. Dealing in qualifying cryptoassets as agent; or
4. Arranging deals in qualifying cryptoassets. We are proposing to disapply CRYPTO 8 for firms engaged in a lending and borrowing service, to which similar reporting provisions have been proposed in CRYPTO 9. We are proposing to amend COBS 16.4 rules to require firms that safeguard qualifying or specified investment cryptoassets on trust to: • provide access to an online system, with up-to-date statements of a client’s client cryptoassets; and • include in those statements the quantity of each type of client cryptoassets the firm is safeguarding.

29 Chapter Summary of proposals in CP25/25 Approach in this CP COBS 1 Annex 2 – Application to TP firms and Gibraltar￾based firms We propose that Gibraltar-based firms carrying out qualifying cryptoasset activity will be subject to the applicable COBS requirements. 4.6 We also recognise that there are some provisions in the CRYPTO sourcebook (on which we are consulting in CP25/40) which are similar to requirements in COBS 6 and 8. Firms are required to comply with both sets of rules. However, firms may comply with both sets of rules through the same systems or processes. Firms will also need to ensure compliance with requirements that extend to both sets of rules such as the Consumer Duty (where applicable). Question 15: What is your view on whether COBS generally (subject to COBS 1 Annex 1 carve-outs) should apply to non-UK retail and professional clients of a UK QCATP operator that is incorporated overseas and authorised via a UK branch? 4.7 For the purposes of COBS, a holder of qualifying stablecoin is likely to be a client, or prospective client, of a firm when: • the holder or prospective holder is acquiring or seeks to redeem a qualifying stablecoin directly with a UK authorised stablecoin issuer • the holder is transferring ownership of a qualifying stablecoin on the secondary market via a FCA authorised firm who is not a stablecoin issuer. 4.8 If ownership of the qualifying stablecoin was transferred, the new holder of the qualifying stablecoin would only be a client, or potential client, under COBS requirements of a UK authorised stablecoin issuer, if the holder seeks to redeem the qualifying stablecoin directly with the UK authorised stablecoin issuer. UK authorised stablecoin issuers should take account of the COBS requirements for clients when designing customer journeys. 4.9 Our proposals in relation to COBS 4, 5, 6, 10, 15 and 16 are explored further below. COBS 4 – Communicating with clients, including financial promotions 4.10 COBS 4 includes rules relating to how firms communicate with clients about investment products and services. This is to ensure that these communications or financial promotions, are fair, clear and not misleading.

30 4.11 As detailed in CP25/25, regulated cryptoasset activities and any related promotions will fall under the existing financial promotions regime as promotions relating to qualifying cryptoassets. Currently, qualifying cryptoassets are classified as Restricted Mass Market Investments (RMMI). Marketing restrictions for RMMI include conditions such as appropriateness assessments, a 24-hour cooling off period for new customers, appropriate client categorisation and prominent risk warning. UK issued qualifying stablecoins 4.12 We proposed that UK-issued qualifying stablecoins should not be categorised as RMMI, on the basis this reflects their comparatively lower risk profile relative to other overseas stablecoins. All respondents agreed with our proposal, setting out the following in support of this approach: • Alignment with the existing principles of the Financial Promotions regime. • Consumers can distinguish easily between stablecoins not issued in the UK and UK-issued qualifying stablecoins. • The purchase of electronic money is not subject to cooling off period and felt that UK-issued qualifying stablecoins should be treated in the same way. 4.13 We are proposing to retain our position that UK-issued qualifying stablecoins are not categorised as RMMI. UK-issued stablecoins are 1:1 backed and therefore provide confidence to consumers and the market. Qualifying stablecoins not issued by a UK-authorised issuer 4.14 We also proposed that financial promotions for qualifying stablecoins not issued by an authorised UK issuer should include additional risk warning information. 4.15 A majority of respondents (52%) agreed. Respondents who did not agree raised concerns that extra friction slows down growth, innovation and cross-border commerce in fintech. We believe the additional content of the risk warning is factual and informs consumers that the issuance of overseas stablecoins is not regulated in the UK (and therefore not subject to similar regulatory requirements which offer a level of protection). It should also help consumer understanding of how these products differ. 4.16 We intend to proceed with our proposal as a risk warning already applies to cryptoassets classed as RMMI. Other qualifying cryptoassets 4.17 We acknowledge feedback from responses that asked us to look at the categorisation of other qualifying cryptoassets in the future, including whether certain cryptoassets could be “downgraded” based on past performance, or due to them being issued by a firm with equivalent regulatory requirements.

31 4.18 We do not have evidence to support switching off our proposed financial promotions rules (which apply generally for investments, with limited exceptions) for other qualifying cryptoassets and we believe that the risk to consumers of purchasing qualifying cryptoassets remains high. However, in CP25/42, we have introduced the concept of categories of qualifying cryptoassets, to be assessed by firms, which would result in adjustments to the minimum capital requirements for different categories. In Chapter 8, regulatory reporting we outline that we expect firms tell us the number of qualifying cryptoassets they have categorised in each group. This should help us monitor whether there is consistency in approaches to categorisation and the level of risk between asset groups, allowing us to test whether our proposals need to be adjusted over time. Question 16: Do you have any views on what qualifying cryptoassets should be assessed as Category A or Category B qualifying cryptoassets? If so, please provide details. Advertisement where there is a Qualifying Cryptoasset Disclosure Document 4.19 As described in the Cryptoasset Regulations, an advertisement is a communication which relates either to: • A specific offer of a qualifying cryptoasset to the public, or • An actual or proposed admission of qualifying cryptoasset to trading on a Cryptoasset Trading Platform Where the communication aims specifically to promote the potential buying of, or subscribing for, a qualifying cryptoasset, and is not a QCDD or a supplement to a QCDD. 4.20 We are proposing that the rules relating to QCDDs will sit within CRYPTO 3 as opposed to COBS as they are supplementary requirements to the financial promotion regime, and they should be read and complied with in addition to those within COBS. CRYPTO 3 will contain rules as proposed in CP25/41 applicable to public offers of cryptoassets, admissions to trading of cryptoassets, and advertisements in relation to public offers and admissions. 4.21 We are proposing to apply rules within CRYPTO 3 to advertisements that relate to offers and admissions of qualifying cryptoassets where a QCDD is required. These rules will require that these advertisements identify the relevant QCDD, advise consumers to read the QCDD, and be consistent with the QCDD and any supplementary disclosure documents. These rules aim to encourage potential investors to refer to and rely on the QCDD which we believe will help consumers make decisions based on information that is subject to the statutory material information requirement and the QCDD liability regime. COBS 5 – Distance Communication 4.22 COBS 5 sets out the rules firms must follow when marketing their products to consumers from a geographical distance. COBS 5 is derived from the Directive of the

32 Council and Parliament of 23 September 2002 on distance marketing of consumer financial services (No 2002/65/EC) (DMD). We consider that the language used throughout COBS 5 does not reflect how cryptoasset firms conduct their distance marketing activities (e.g. through mobile application or website). Additionally, we believe that the principles applied by the Duty, particularly avoiding foreseeable harm, improving customer understanding and providing support would be sufficient to achieve our intended outcomes. 4.23 In response to CP25/25 79% of respondents agreed with our proposal that the Consumer Duty with additional guidance, would be sufficient to achieve clear distance communications for cryptoassets instead of applying COBS 5. A minority of respondents who disagreed were uncertain whether the Duty would be sufficient. 4.24 We propose to retain our proposal not to apply COBS 5 to regulated cryptoasset firms. Responses to CP 25/25 and our own analysis indicate that the Duty, when applied correctly, would be sufficient to ensure that firms are communicating with customers in the right way. COBS 6 – Information about the firm, its services and remuneration for firms safeguarding client cryptoassets 4.25 In line with our amended CASS 17 rules, we want to ensure that firms that safeguard qualifying or specified investment cryptoassets on trust disclose key information to their clients. This is so that clients can understand the risks to their cryptoassets and provide informed consent for firms not to hold their cryptoassets on trust where required. 4.26 We are therefore proposing that these firms provide the following information in plain language: • How the firm’s approach to setting up the trust may impact the protections clients will have and the potential risks they face, including: whether or not that trust will or may contain client cryptoassets belonging to other clients; how shortfalls in the trust property will be allocated if the firm fails; and whether and how client cryptoassets may be applied to distribution costs if the firm fails. • Whether firms will use permitted exceptions in CASS 17 to not hold client cryptoassets on trust, and any potential risks, including as part of obtaining their informed consent to do so. • The firm’s means of access security and organisational arrangements, including the responsibilities of the client and third parties where relevant. • The firm’s use of third parties, including: the name of the third party, and the country in which it is headquartered; whether safeguarding chains are used; and the consequences for the client if the third party fails.

33 COBS 10 – Appropriateness (for non-advised services) (non-MiFID and non-insurance-based investment products provisions) 4.27 COBS 4.12A.28R states that if a firm or person knows, or should know that a client’s application or order to transact in qualifying cryptoassets is prompted by a direct offer financial promotion, they must not process the application or order until they have checked that qualifying cryptoassets are appropriate for the retail client in adherence with the applicable rules under COBS 4 and COBS 10. This includes requirements for firms to assess whether the client’s knowledge and experience make the product appropriate for them. This requirement applies to all firms that communicate or approve direct offer financial promotions in the UK. 4.28 To comply with the requirements in COBS 10 in evaluating whether a client has sufficient knowledge and experience of the service or product being promoted, we have observed: • Firms conduct interactive online questionnaires, often without any direct, customer‑specific human involvement. • Many firms’ assessments did not cover all relevant topics outlined in COBS 10 Annex 4G. • Most firms will allow consumers to invest in specific cryptoasset products despite the outcome of the appropriateness assessment. 4.29 These behaviours exposed consumers to harm, particularly when they do not fully understand the nature or risks of the cryptoassets or the cryptoasset service being promoted to them. To address this, we are proposing a new rule that when conducting the appropriateness assessment, firms must ask the client questions that cover, at least, the matters in COBS 10 Annex 4G. In making this change, we are changing COBS 10 Annex 4G from a guidance provision to a rule. 4.30 In response to CP25/25, 69% of respondents either agreed or had a neutral stance to our proposals to apply the appropriateness test and all 12 matters outlined in COBS 10 Annex 4G. 4.31 Generally, most respondents who were neutral about the approach agreed with the need for an appropriateness test but wanted to retain more flexibility with a risk-based application of the matters in Annex 4G. Respondents who disagreed suggested that the appropriateness test is overly restrictive and may introduce consumer friction without enhancing understanding. 4.32 Our assessment has concluded that all 12 matters in COBS 10 Annex 4G remain relevant as part of the appropriateness test. We believe that appropriate testing adds necessary friction which seeks to ensure that clients understand the risk associated with investing in cryptoassets.

34 Appropriateness Testing for Cryptoasset Lending and Borrowing firms 4.33 We propose to require that cryptoasset lending and borrowing (L&B) firms must assess the appropriateness of L&B products for the relevant client. COBS 10.2.1R sets out that firms must determine whether the client has the necessary experience and knowledge to understand the risks involved with the product or service. 4.34 We consider that L&B products have specific risks compared to other cryptoasset products and services, and that these should be factored into appropriateness assessments. As such, we are proposing new rules and guidance in COBS 10 on the specific L&B knowledge and experience that firms should consider assessing consumers against when conducting appropriateness assessments (Annex 6). 4.35 To ensure proportionality and operational flexibility, we propose to allow firms to decide whether to assess appropriateness for L&B as part of the appropriateness assessment required for qualifying cryptoassets under COBS 4.12A.28 or instead assess this separately. Question 17: Do you agree with our proposals on express consent, appropriateness testing, and strengthening retail clients’ understanding? If not, please explain why not? If there is an issue of timing or cost in relation to our proposals on appropriateness assessments and express consent, including as they apply to existing clients, please share details. COBS 15 – Cancellation 4.36 COBS 15 outlines rules on contract cancellation, including cooling-off periods and firm obligations when a client exercises cancellation rights. It also includes an annex listing products exempt from cancellation rights. COBS 15 Annex 1 exempts distance contracts whose price depends on market fluctuations beyond the firm’s control. Cryptoassets are often highly volatile, and our consumer guidance has consistently warned that investors should be prepared to lose all their money. 4.37 We asked the question in CP25/25 if there should be cancellation rights for distance contracts related to cryptoassets products or activities whose price is not driven by market fluctuation such as staking and safeguarding. 4.38 87% of respondents agreed with our proposed approach not to grant cancellation rights for distance contracts related to cryptoassets. Of those respondents who agreed with our proposals, they detailed: • Cancellation rights for such services would lead to regulatory arbitrage for non￾authorised firms.

35 • Some respondents also said that application of cancellation rights to services such as staking and safeguarding is impracticable as they typically operate on flexible or rolling durations. As such, granting customers a cancellation right would offer limited tangible benefit while imposing disproportionate operational and compliance burdens on authorised firms. • Transactions are often executed immediately on-chain and cannot be easily reversed without impacting the network integrity or other participants in the market making operationalising a cancellation very challenging. 4.39 A minority of respondents disagreed with our proposal citing that services such as staking work akin to ongoing service agreements, making it appropriate to offer cancellation rights. 4.40 Upon further assessment, we are of the view that applying COBS 15 to staking firms is not practicable as some provisions in COBS 15 are not compatible with the staking business model. COBS 15 provision Compatibility Assessment with proposed staking rules 15.4.1 R Not compatible if a client requests to unstake only part of the cryptoassets that were originally staked under agreed terms. 4.41 Considering all factors, we propose not to apply COBS 15 to all cryptoasset activities. Staking firms however must comply with all relevant proposed staking rules which may include requirements to provide retail customers with sufficient information on their ability to terminate the qualifying cryptoasset staking service and receive a return of their qualifying cryptoassets and any rewards earned. Equivalent provisions for cryptoasset lending are also in place. COBS 16 – Reporting information to clients 4.42 COBS 16 outlines client reporting rules, requiring firms to provide clients with periodic statements on client assets and money to keep clients informed about the value and custody arrangements. 4.43 In this CP we propose applying COBS 16.1 to 16.4 to qualifying cryptoasset staking and qualifying cryptoasset safeguarding activities, as these activities involve holding or managing client cryptoassets. To strengthen these requirements, we propose to amend COBS 16.4 to require firms that safeguard qualifying or specified investment cryptoassets on trust to: • Provide access to an online system with up-to-date statements of a client’s cryptoassets held on trust; and • Include in those statements the quantity of each type of client cryptoasset the firm is safeguarding on trust.

36 4.44 Additionally, we propose disapplying COBS 16 (except for COBS 16.4) requirements for firms carrying out the following activities and instead introduce similar reporting requirements under CRYPTO 8: • Operating a UK qualifying cryptoasset trading platform; • Dealing in qualifying cryptoassets as principal; • Dealing in qualifying cryptoassets as agent; and • Arranging deals in qualifying cryptoassets. 4.45 We consider disapplication appropriate because these activities involve trading and execution services where traditional periodic reporting under COBS 16 would provide limited consumer benefit and could impose disproportionate operational burdens. 4.46 We also propose to disapply CRYPTO 8 for firms engaged in lending and borrowing services, as similar reporting provisions have been proposed under CRYPTO 9. This will ensure that reporting obligations for firms are proportionate and aligned with the specific risks of lending and borrowing.

37 Chapter 5 The use of credit cards to purchase cryptoassets Background 5.1 In DP25/1 we asked whether regulated cryptoasset firms should be prohibited from accepting credit cards or credit lines from electronic money institutions (EMIs) for cryptoasset purchases. This was due to concerns about vulnerable consumers incurring unsustainable debt if asset values fall and a consumer was relying on that value to repay the credit. 5.2 We have used this feedback, and evidence from the 2025 consumer research commissioned by the FCA and conducted by YouGov which found that consumers who said they paid for cryptoassets with a credit card decreased from 14% (August 2024) to 9% (August 2025) to develop our position. DP25/1 Feedback 5.3 We asked for feedback on whether restrictions on the use of credit facilities for cryptoasset purchases would reduce consumer harm, especially for vulnerable consumers. 5.4 57% of respondents opposed restrictions, highlighting that risks were overstated because credit providers already follow rules on creditworthiness, Consumer Duty, fair treatment of vulnerable consumers and clear disclosure of terms. Some felt restrictions would be ineffective as they could be bypassed via overdrafts, loans, or buying stablecoins on credit and converting them. Credit card and cryptoasset firms also raised operational challenges in identifying cryptoasset transactions due to the lack of a unique Merchant Category Code and overlapping services (e.g. fiat payments, e-money). Proposal 5.5 While we recognise the risks of buying cryptoassets with lines of credit for consumers, and consider that borrowing to purchase cryptoassets is unlikely to align with the risk profiles of most retail clients, we do not propose restricting firms from accepting credit card payments or lines of credit from EMIs. The evidence provided by responses to DP 25/1, combined with a decline in consumer behaviour suggests that the risk of harm may be overstated and supports this position.

38 5.6 Section 1C(2)(d) of FSMA details that the FCA must have regard to consumers taking responsibility for their decisions. This is balanced by the proposed regime including new rules for qualifying cryptoasset firms within the scope of the CRYPTO sourcebook, supported by the Duty which aims to ensure that firms act to deliver good outcomes for retail consumers and to help consumers understand the decisions they are making. We would also encourage firms to share information (such as key messages in InvestSmart) with consumers who may be making use of lines of credit to purchase cryptoassets to provide further understanding of the risk. All parties together should provide a foundation for consumers to understand the impact and take responsibility for their decisions.

39 Chapter 6 SM&CR Tiering  Overall approach 6.1 As we committed to in CP25/25 (paragraphs 3.36-39), this chapter sets out our proposed requirements for categorising cryptoasset firms as ‘Enhanced’ under the SM&CR. Our proposals seek to ensure that the largest cryptoasset firms whose size, complexity and potential impact on consumers or markets warrant more attention will be correctly categorised under SM&CR. Stakeholder feedback 6.2 In CP25/25, we proposed Enhanced criteria for stablecoin issuance firms and cryptoasset custodian firms. We also asked respondents to submit available data relevant to determining what exactly the numerical threshold for being an ‘SM&CR Enhanced’ cryptoasset custodian firm should be. 6.3 Respondents broadly agreed (over 50%) with our proposals to use the existing classification framework for FSMA regulated firms in traditional finance services, recognising the principle of ‘same risk, same regulatory outcome’. We did not receive any objections to our consideration that existing proportions for Core vs Enhanced firms in traditional financial sectors (ie on average, Enhanced firms constitute around 1% of a sector’s overall population) would also be appropriate for the future cryptoasset market. This outcome is consistent with our desktop research and previous data collection exercises. Respondents also agreed that stablecoin issuance firms and cryptoasset custodians should have a route to becoming Enhanced, as and when their size and complexity grow and consequently warrant Enhanced classification (and the additional requirements that accompany it). 6.4 We invited suggestions for appropriate methods for determining cryptoasset firm’s classification as Core or Enhanced. Recommendations included taking into consideration operational resilience vulnerabilities, or customer population size. As these suggestions would represent a significant deviation from the current approach behind the SM&CR classification framework (ie generally not technology-specific or business-model specific), we will not be introducing any bespoke thresholds beyond those already proposed in CP25/25. 6.5 As addressed in CP25/25, we have not considered bespoke Enhanced routes for other cryptoasset RAO activities, as these activities do not have natural analogies to those captured under the current Enhanced criteria in traditional finance. Respondents generally did not support introducing new thresholds to cater for the remaining RAO activities. 

40 Proposed ’Enhanced’ criteria 6.6 We propose the following criteria:   Stablecoin issuance firms:   • The total value of the backing asset pool is more than £65bn, calculated as a three-year rolling average. Cryptoasset custodians: • The sum of the total value of the authorised cryptoasset firm’s ‘client assets’ (the sum of the firm’s qualifying cryptoassets and specified investment cryptoassets, when held on trust), during the firm’s last calendar year, added to the total value of safe custody assets (if any) held in the firm’s last calendar year, is more than £100bn in any given month (these values must be recorded within the same month).  • Firm projects holding a cumulative sum of more than £100bn in safe custody assets and safeguarded cryptoassets in any given month of the current year. Stablecoin issuance firms 6.7 We propose introducing an equivalent qualification threshold to the existing threshold for asset management firms, such that the management of backing assets of qualifying stablecoins could be captured. At present, the threshold captures assets under management of £50 bn or more calculated as a 3-year rolling average and will be updated to £65 bn subject to final responses to the separate SM&CR consultation (CP25/21, paragraph 4.74).  This threshold has been set to be in line with existing SM&CR thresholds and should not be considered a threshold for what could be considered a systemic stablecoin issuer in the future. 6.8 To achieve this, we will use data submitted via new regulatory reporting rules (see Chapter 8) and add to SYSC 23 an adjusted financial qualification test that replicates the existing metrics set out in FSA038; this is as outlined in CP25/25. This proposal is based on the business model’s similarity with conventional asset management firms, which are currently subject to Enhanced classification if the average amount of the firm’s AUM is £50bn or more. Cryptoasset Custodian firms  6.9 We propose introducing the following Enhanced qualification criteria for cryptoasset custodian firms, similar to the existing criteria for traditional finance (firms that meet the ‘CASS Large’ definition are classed as Enhanced). 6.10 Specifically, firms will meet the new Enhanced criteria if the highest total value of the authorised cryptoasset firm’s client cryptoassets held on trust (during the firm’s last calendar year), added to the highest total value of safe custody assets held in the firm’s last calendar year, is more than £100bn. Initially (when firms first enter the gateway) this calculation will be based on projections for assets held on behalf of

41 clients in the upcoming year. This will mean that ‘cryptoasset native’ custodian firms, with only cryptoasset permissions, will have to safeguard £100bn or more of qualifying cryptoassets and/or specified investment cryptoassets to be considered Enhanced. 6.11 With this new Enhanced threshold, the value of client cryptoassets will effectively be added to the value of safe custody assets already used to cumulatively calculate whether a firm is CASS Large. However, the definition of ‘safe custody assets’ will not be changed to include qualifying cryptoassets or specified investment cryptoassets. This approach aligns with stakeholder feedback, where this was recommended as a reasonable and proportionate solution. This proposal also follows the principle of ‘same risk, same regulatory outcome’, promoting a compliance culture while not introducing additional compliance costs for smaller cryptoasset firms. 6.12 ‘The highest total value of the authorised cryptoasset firm’s qualifying cryptoassets held on behalf of clients’ will be based on the data submitted in the new cryptoasset custodian regulatory return (see Chapter 8 of this CP for further detail), and the ‘highest total value of safe custody assets held in the firm’s last calendar year’ will be based on the existing CMAR return requirement for custodian firms.  6.13 Based on available UK market data, the proposed threshold is unlikely to capture newly authorised cryptoasset firms initially when the gateway opens. Current market data indicates that cryptoasset custody volumes – when no other safeguarded assets are held – tend to fall significantly below £100bn. This approach aligns with feedback from CP25/25. 6.14 This proposed threshold could also newly capture existing FSMA-authorised firms holding both cryptoassets and other ‘safe custody assets’ on behalf of clients, where perhaps they would not have been an Enhanced firm before. We consider this would be a sensible and reasonable approach, allowing our supervisory colleagues to access a greater suite of regulatory levers when supervising firms safeguarding more assets on behalf of clients. For example, Enhanced firms must provide a Management Responsibilities Map and appoint eleven (where relevant) additional FCA-approved SMFs for critical roles, such as SMF2 (Chief Finance Function) and SMF7 (Group Entity Senior Manager). 6.15 In line with the existing operation of CASS Large criteria (including CASS 1A), we propose adopting the same time measurement conditions to determine how a custodian firm qualifies as ‘CASS Large’. This means that the ’total value of qualifying cryptoassets held on behalf of clients’ and the ‘total value of specified investments held on behalf of clients’ values will be based on data submitted as of 31 December the previous calendar year. Firms will be subject to Enhanced requirements 12 months after the qualification threshold has been met by the firm, as provided in SYSC 23, Annex 1 Part 10. Question 18: Do you agree with our proposals to introduce thresholds for becoming an SM&CR Enhanced firm for authorised stablecoin issuance firms and authorised cryptoasset custodians? If not, please explain why.

42 Chapter 7 Training and Competence 7.1 Our training and competence regime makes sure the financial services workforce is appropriately qualified and well regulated. This chapter outlines our proposals for applying the Training and Competence (TC) Sourcebook to cryptoasset firms providing services to retail clients in a similar way to traditional finance. 7.2 We propose cryptoasset firms will need to ensure their employees servicing retail clients have appropriate skills, knowledge and expertise. Our proposals supplement Handbook requirements, particularly Senior Management Arrangements, Systems and Controls (SYSC 5) on skills, knowledge and expertise, which we consulted on in CP25/25 (Chapter 3). Stakeholder feedback 7.3 Feedback to CP25/25 echoed the importance of robust governance in this sector, highlighting that employees involved in cryptoasset activities must be appropriately skilled and competent. Feedback also highlighted that available professional training courses are not currently relevant to this sector. Overall approach 7.4 We propose firms conducting certain new cryptoasset activities for retail clients that have a comparable TC traditional financial activity will need to follow TC requirements. These will include: • Dealing in qualifying cryptoassets as principal or agent (including cryptoasset lending and borrowing). • Safeguarding a qualifying cryptoasset or a relevant specified investment cryptoasset (including arranging for a person to carry on that activity) where those cryptoassets are held on trust. • Arranging qualifying cryptoasset staking. 7.5 We also propose these types of cryptoasset firms should comply with corresponding requirements on training (TC 1), competence (TC 2 and appended TC 4, 5, 6, 7) and record-keeping on training (TC 3). We propose the new activities are subject to the territorial scope of the TC requirements. While we recognise the cross-border nature of cryptoasset markets, we do not see strong justification to expand this at this time. 7.6 This approach mirrors the standards applied to firms dealing in securities, safeguarding and administering investments or holding client money in traditional finance – thereby is consistent with the principle of ‘same risk, same regulatory outcome’. Retail clients engaging in cryptoasset activities set out in paragraph 7.4 would be served by employees who are subject to comparable training and competence standards.

43 This aligns with the risks posed by these cryptoasset activities and offers comparable reassurance and protection, as is in line with CP25/25, where our approach proposed mapping cryptoasset activities to those already captured under the ‘designated investment business’ (DIB) definition in the Handbook. 7.7 We do not propose extending the proposals above to all other types of firms conducting cryptoasset activities that do not have a comparable TC traditional finance activity for designated investment business for retail clients. This is to ensure our proposals will not deviate from the current overall TC approach, and to align with our overarching principle of ‘same risk, same regulatory outcome’. Whilst there is no equivalent traditional finance activity to arranging qualifying cryptoasset staking, we propose that firms conducting this activity for retail clients will need to follow TC requirements. The proposal will help ensure employees understand the nature of the activity or the risks involved, and complements our proposed consumer-consent activity rules covered in CP25/40. 7.8 In addition, we have considered the following factors: • TC will not apply when firms only carry out wholesale activities. • Not to cover employees who work exclusively with professional or eligible counterparty clients because these clients do not require the same level of protection as retail clients. • Where the employees of the relevant cryptoasset firms will not be directly involved in advising retail clients and therefore influence or impact on a retail client’s involvement or engagement in the relevant cryptoasset activity (eg qualifying stablecoin issuance in the UK, operating a qualifying CATP). • Whether activity rules will be adequate and support employee competence. 7.9 We are not proposing qualification requirements for cryptoasset activities. This approach aligns with how TC applies in traditional finance to dealing securities, where there is no mandate on qualifications (TC App 1.1.1R at 13A). For cryptoasset activities that have a traditional finance equivalent with qualifications requirements (ie safeguarding), our analysis indicates that the professional training market and courses are still under development, and it is unclear that the training currently available in the market aligns with standards we currently expect for firms in traditional financial services. We will monitor this as the new cryptoasset regime implements – particularly on how firms interact with retail clients in consumer protection-related proposals (see also chapters on the Consumer Duty). We will consider in due course as to if and when it would be appropriate to introduce and expand the qualification requirements to all covered firms conducting TC cryptoasset activities. Question 19: Do you agree with our proposals to apply the TC Sourcebook to certain cryptoasset activities similar to the existing approach for traditional finance? If not, please explain why?

44 SYSC – Conflict of Interest 7.10 As part of the CP25/25 consultation on the proposed overall approach for SYSC (Chapter 3), we also highlighted that the SYSC 10 requirements on conflicts of interest is undergoing a separate consultation (paragraph 3.15). In December 2025, we published CP25/36 (Chapter 4), consulting on rationalising our Handbook conflicts of interest rules to simplify how it applies to firms undertaking different types of activities under FCA regulation. Specifically, we proposed streamlining SYSC 10 rules on proportionality, identifying conflicts, types of conflicts, record of conflicts, managing conflicts, disclosure of conflicts, conflicts policy and contents of policy. These requirements will be relevant to both current FSMA-authorised firms in traditional financial services and cryptoasset firms in the future. As a result, cryptoasset firms will have to comply with the streamlined SYSC 10 provisions, once these rules are made final following the consultation. Firms should consider these proposals in CP25/36, which closes on 2 February 2026, at the same time.

45 Chapter 8 Regulatory Reporting (SUP 16) Overview 8.1 This chapter sets out our proposed approach to regulatory reporting for firms undertaking regulated cryptoasset activities. As part of our commitment to become a smarter regulator, we want to make sure that firms are subject to proportionate and effective oversight. This includes firms’ obligations to report key information, events and changes to us both on a regular and one-off basis. 8.2 As these activities and products are newly regulated, we are not proposing a full set of detailed regulatory returns that all cryptoasset firms should report on from the first day the regime goes live (Day 1) and as such this iterative approach is not reflected in the instrument. Instead, we are proposing to adopt an iterative approach, introducing reporting metrics gradually and refining them based on feedback to ensure a proportionate and balanced approach. 8.3 Supervision will be supported by a combination of standardised regulatory returns and targeted data collections, enabling us to monitor financial resilience, governance, operational integrity, and conduct across the sector. This will play a central role in enabling effective oversight of cryptoasset firms. Our proposed approach combines: • Activation of existing returns, which are already embedded in our supervisory model for authorised firms; and • Development of new returns, tailored to the specific activities and risks associated with cryptoassets. 8.4 We expect that reporting metrics will become stable once the regime is more established. We acknowledge that this may be challenging for firms in the initial period. However, we think this iterative approach will reduce firm burden in the long-term as we will consider firms’ feedback at every opportunity. Existing Returns 8.5 We are proposing that the existing returns in SUP 16, as set out in the table below, will apply to all qualifying cryptoasset firms that have Part 4A permission. The following existing returns will be required to be submitted by all qualifying cryptoasset firms from Day 1 of the regime. These are well-established tools used across the financial services sector and provide essential data for supervision. We propose that these will be completed electronically using RegData, our data collection platform. Cryptoasset firms may also need to report data (for example, income) for the calculation of regulatory fees that firms we regulate pay. We will consult on the fees structure for cryptoasset firms as part of our annual fees policy consultation in November 2026.

46 Return Content Supervisory Purpose Application (SUP 16.1) Defines which firms and activities the reporting requirements apply to. Ensures the FCA can identify the scope of firms subject to its reporting obligations. Purpose (SUP 16.2) States the purpose of the reporting rules in SUP 16. Provides the FCA with timely and accurate information to monitor compliance and fulfil its regulatory objectives. General provisions on reporting (SUP 16.3) Sets out general provisions for submitting reports, including format, frequency, and method. Establishes consistency and reliability in regulatory reporting to support effective supervision. Annual Controllers Report (SUP16.4) Identifies firm controllers. Essential for assessing fitness and propriety. Annual Close Links Report (SUP16.5) Captures close links that may affect a firm’s supervision. Important for detecting conflicts and cross-border risks. Annual Reports and Accounts (SUP16.7A) Requires firms to submit their audited annual financial statements and accompanying reports. Provides a comprehensive view of the firm’s financial health Verification of Firm Details (SUP16.10) Ensures accurate firm records for reporting and public registers. Transparency and supervisory engagement. Annual Financial Crime Report (SUP16.23) Assesses financial crime risks and controls. Assesses the adequacy of firms’ financial crime controls and helps identify sector-wide risks. Baseline Financial Resilience Report (SUP16.30) Monitors financial health of solo-regulated firms. Helps identify stress and prioritise interventions while prudential rules are finalised. Operational Incident and Third Party Reporting (SUP16.33) Requires firms to notify material outsourcing and non-outsourcing third￾party arrangements. Gives visibility of key third-party dependencies and disruptions. Economic Crime Levy Determines levy liability based on UK revenue. Determines a firm’s liability for the Economic Crime Levy Operational Resilience 8.6 Cryptoasset firms will need to take into account the proposed reporting rules outlined in CP24/28 (SUP16.33). This provides further clarity on operational incidents firms should report and introduces new third-party reporting requirements. These requirements include notifying the FCA of material outsourcing and non-outsourcing third-party arrangements under SUP 15.19 based on consulted rules. As the proposed enhancements to operational incident reporting will apply to all firms regulated by the FCA, we propose extending the third-party reporting requirements to all regulated

47 cryptoasset firms. This is so that both FSMA-authorised firms and regulated cryptoasset firms follow a consistent approach. We are calling out these requirements specifically because they represent a new obligation for regulated cryptoasset firms and are critical to managing risks arising from third-party dependencies. Our proposed requirements are based on the draft text consulted on in CP24/28. Question 20: Do you agree with our proposed application of the existing regulatory returns to qualifying cryptoasset firms? New Returns 8.7 We are also developing new regulatory returns specific to regulated cryptoasset activities. These will be introduced in phases over the first 2-3 years of the regime and refined through engagement with firms and analysis of sector risks. Any changes or enhancements throughout the period we will test thoroughly with firms and will be considerate of the time and cost(s) of any potential system changes, with the objective of minimising disruption and unnecessary burdens, while maintaining robust oversight of sector risks. 8.8 Our proposed approach is as follows: • Baseline returns: We will include a core set of new returns which we are consulting on in this CP. These will focus on key information such as the firm’s customer base, the volume and value attributed to different regulated cryptoasset activities, and its connections with other market participants. This data will help the FCA when supervising to understand existing or emerging areas of risk. We are proposing that these baseline returns will be completed by regulated cryptoasset firms from Day 1. • Post-implementation refinement: Once the regime is live, we will continue to review firms’ understanding of these returns, as well as the consistency and adequacy of the baseline submissions. Where necessary, we may introduce additional reporting requirements. • Supplementary data collections: To enable enhanced understanding once the regime is live, we will issue further ad-hoc data requests to regulated cryptoasset firms. We will engage with firms throughout the implementation period to refine both the scope and detail of any supplementary returns. 8.9 New returns will be delivered through FCA platforms outside of the RegData system through more flexible software, and firms will be provided with guidance on format, frequency, and expectations ahead of implementation. We have produced guidance in Annex 6 of this CP and we would welcome feedback as this will allow us to delve deeply into industry’s understanding of each individual reporting requirement, and consider where we need to further develop the guidance. Question 21: Do you agree with our phased approach to introducing regulatory returns for qualifying cryptoasset firms?

48 Baseline Returns 8.10 A summary of the proposed baseline data reporting obligations for regulated cryptoasset firms is set out below (reflective of changes in SUP16.34). This includes detail relative to specific client types. We have also provided guidance in relation to each of the fields we are proposing to require as a baseline data reporting obligation. Activity/Product Information Required Safeguarding • Balances • Discrepancies • Third parties • Wallet structure Stablecoin Issuance • Minted and issued numbers • Backing asset composition • Redemption (including suspension events) • Third parties Trading Platform • Customer numbers • Transaction numbers and values Dealing and Arranging (Intermediation) • Customer numbers • Transaction numbers and values • Lending/Borrowing values* • Counterparty information*

• Cryptoasset Lending and Borrowing only Cryptoasset Staking • Customer numbers • Staking values Complaints • Total complaints received • Total complaints upheld Active Clients • Total active clients • Total active vulnerable clients 8.11 We are proposing the data would be submitted to us on a quarterly basis and within 20 business days after the end of the reporting period (but please note in the case of the cryptoasset safeguarding return, we propose this will be submitted monthly and within 15 business days of the end of each month).

49 Question 22: Do you agree with the proposed approach for: a. Stablecoin issuance b. Operating a Qualifying Cryptoasset Trading platform c. Dealing and Arranging (intermediation) d. Cryptoasset Staking e. Cryptoasset Lending and Borrowing Safeguarding 8.12 In traditional finance, the client money and assets return (CMAR) gives us an overview of a firm’s client money and safe custody asset (client asset) positions and holdings, as well as a view of the trends in the industry. As the CMAR is a well-established tool for regulatory reporting, we propose that the cryptoasset safeguarding activity baseline requirements should largely reflect similar content, with specific adaptations and additions, to make sure it fits the CASS 17 rules as set out in Chapters 9 and 10 of this consultation. We are proposing to include relevant items from the existing CMAR (such as the highest/lowest value of assets, a log of unresolved items, information on third parties) where appliable, as well as cryptospecific items, in line with our amended CASS 17 rules (such as ‘the use of an operational surplus and detail on the wallet structures used for cryptoasset safeguarding). 8.13 In line with our wider approach, we are proposing for firms to provide a baseline of data to the FCA at the commencement of the regime. This will then be supplemented by further ad-hoc information requests. A firm carrying on the activity of safeguarding qualifying cryptoassets and relevant specified investment cryptoassets will, where they hold those cryptoassets on trust, be required to submit monthly returns containing the baseline information to the FCA. This is in line with the existing reporting requirements for CASS medium and large firms. We are proposing to take a different approach for cryptoasset safeguarding reporting compared to other areas within the CASS regime, where small firms are subject to less frequent and less detailed reporting requirements. This is because the cryptoasset sector is new to regulation, and consistent, frequent reporting from all cryptoasset safeguarding firms, regardless of size, is essential to provide the FCA with sufficient oversight and to monitor emerging risks effectively. Question 23: Do you agree with our approach to qualifying cryptoasset safeguarding reporting? Complaints and Active Clients Reporting 8.14 We intend to ask all regulated cryptoasset firms to provide a baseline level of complaint data, rather than make changes to the complaints reporting return, as set out in PS25/19. We propose initially to ask all qualifying cryptoasset firms only for the total number of complaints received and total number of complaints upheld within the reporting period.

50 8.15 We are also proposing to ask all qualifying cryptoasset firms, other than those with only a permission for issuing qualifying stablecoin, to provide quarterly data on the total number of active clients and active retail customers with characteristics of vulnerability within the reporting period. 8.16 We are proposing that affected qualifying cryptoasset firms would report this information on a quarterly basis, in line with their other cryptoasset activity specific reporting requirements. This differs from the 6-monthly approach taken in DISP for complaints reporting. This is because the requirements proposed in this CP are less detailed reporting requirements, and with the cryptoasset sector being new to regulation, quarterly data provides the FCA with sufficient oversight and to monitor emerging risks effectively. As with the other baseline returns, we will assess the adequacy of these baseline returns and may introduce additional and more detailed reporting requirements in the future, whilst maintaining a proportionate and balanced approach. Question 24: Do you agree with our approach to cryptoasset complaint and active client reporting? Supplementary data collections 8.17 The baseline data and existing returns will provide us with a high-level picture of the firms’ activities. Periodic supplementary data requests will allow us to be flexible to the changing landscape of cryptoasset activities and markets, and will mean we are continuing to ask firms for information that meets our supervisory needs. 8.18 Upon commencement of the regime, the FCA will gather this supplementary information from qualifying cryptoasset firms. Using this flexible supplementary system, we will be able to continually assess the adequacy of the data, and iterate based on firms' feedback over time. 8.19 We would like to reassure firms that our approach to supplementary data collection and reporting will be proportionate and iterative. We are committed to engaging constructively with qualifying cryptoasset firms, actively seeking and considering feedback as we refine our reporting requirements. Any future changes will be introduced with due notice and in consultation with industry, ensuring that reporting obligations remain reasonable, relevant, and sensitive to the operational realities faced by affected firms. Question 25: Do you agree with our proposed approach to supplementary data collections?

51 Prudential 8.20 Prudential regulatory reporting is a key component of the FCA’s supervisory framework. As set out in CP25/42, cryptoasset firms will be subject to specific prudential requirements depending on their permissions. We are proposing that all qualifying cryptoasset firms submit regular prudential returns to the FCA. These returns will provide visibility of firms’ capital and liquidity positions, enabling us to identify emerging risks early and take proportionate action where necessary. 8.21 We do not intend at this time to consult on rules regarding new prudential regulatory returns. Instead, we are proposing to take a more iterative approach to implementing the prudential reporting framework. The metrics firms are required to report will be designed through an iterative process, and we will consider firms’ feedback at every opportunity to allow for iteration of these returns over time to ensure a proportionate and balanced approach. 8.22 We expect that the information we will request from firms will include: • Income statement information • Balance sheet values • K-Factor values Question 26: Do you agree with our approach to prudential reporting? Regulatory Reporting – Technological Enhancement 8.23 One of the distinctive features of the cryptoasset market is its data-rich nature, with transaction data readily accessible via public blockchains. This calls into question whether traditional data returns are still the best way for firms to share information with the FCA. We note that other regulators are exploring alternative methods—such as the use of APIs, third-party analytics tools, and blockchain nodes—to gain insights into the sector, rather than formal submissions by firms. In this context, the FCA as part of its work on Transforming Data Collection is considering whether, over the medium term, there may be more adaptive ways to keep pace with data developments and monitor firms’ compliance.

52 Chapter 9 Safeguarding client cryptoassets Introduction 9.1 This chapter proposes changes to CASS 17 for firms that safeguard client cryptoassets and provide other cryptoasset services such as operating a trading platform, staking, lending and borrowing. Key proposals include: • Outlining the scope and application of our rules for firms offering custody alongside other regulated cryptoasset services. • Requirements to protect clients’ ownership rights through a non-statutory trust in which to hold client cryptoassets, including proposed routes to exit the trust. • Record-keeping and reconciliation requirements. • Requirements for private key management and security. • Requirements for the appointment of third parties involved in cryptoasset custody. 9.2 This chapter also includes our responses to feedback on DP25/1 and CP25/14 where it has led us to amend our proposed CASS rules (including to account for firms that offer multiple cryptoasset services alongside custody). All other feedback on CP25/14 will be addressed in forthcoming Policy Statements. Scope and application of CASS rules 9.3 We propose that the amended CASS 17 rules in this CP apply to both qualifying cryptoasset custodians and specified investment cryptoasset (SIC) custodians. The rationale for this approach is discussed in Chapter 10. In this chapter, we use ‘client cryptoassets’ to refer to both qualifying cryptoassets and SICs. 9.4 Below we detail the scope and application of our proposed CASS rules for firms that conduct multiple regulated cryptoasset services. Safeguarding 9.5 Custody services provide access to and storage of cryptoassets where clients prefer to use a firm rather than to safeguard their assets themselves (self-custody). The safeguarding activity created by the Cryptoasset Regulations refers to: • The safeguarding of a qualifying cryptoasset or relevant specified investment cryptoasset on behalf of another; • Arranging for one or more persons to carry on that activity.

53 9.6 Firms’ services would be within scope of this definition if: • They have control of the cryptoasset through any means that would enable them to bring about a transfer of the benefit of that cryptoasset (9N(2)(a)); and • They are acting on behalf of another, where their client has: i. both legal and beneficial title; ii. the beneficial title only; iii. a right against the firm for the return of the cryptoasset (except for in the circumstances where the firm has received the relevant cryptoasset as a result of a title transfer collateral agreement, or under a repurchase agreement with a non-consumer). 9.7 Firms who are carrying on business in the UK that are within the scope of this definition will need to be authorised with permission to carry on safeguarding of cryptoassets and would be subject to our proposed CASS 17 rules. Firms that meet the scope of the existing Article 40 definition of safeguarding and administering are subject to CASS rules for traditional finance custody. 9.8 Designating qualifying cryptoasset activities as Designated Investment Business (DIB) will mean that clients’ money held in connection with regulated cryptoasset activities will be subject to CASS 7 rules. CASS 7 will therefore apply to cryptoasset firms holding clients’ money, however some minor consequential changes to CASS chapters may be necessary, on which we will consult later this year. Staking 9.9 Staking is where cryptoassets are used and locked for proof-of-stake blockchain validation. Participants typically ‘stake’ a given amount of their cryptoassets for a period of time in exchange for financial rewards. 9.10 Cryptoasset firms often offer staking services on a custodial basis, that is, the firm safeguarding client cryptoassets also facilitates the staking process. In such instances, staking firms hold the means of access to conduct blockchain validation using client cryptoassets, and withdraw staked cryptoassets and their rewards from the staking product on behalf of their clients. 9.11 We propose that firms conducting custodial staking would need to adhere to both the rules for staking in CP 25/40 and the applicable sections of CASS 17. Where a firm is conducting staking, but is not providing safeguarding or arranging for the safeguarding of client cryptoassets (non-custodial staking), our proposed CASS 17 rules would not apply. Cryptoasset trading platforms 9.12 Cryptoasset trading platforms (CATPs) and intermediaries often safeguard client cryptoassets, which enables operational efficiencies and supports faster, more seamless access to services for clients. Our consumer research shows that most clients continue to hold their cryptoassets with the CATP where they were purchased. CATPs

54 and intermediaries that are providing custody would therefore need to adhere to the applicable sections of CASS 17 (as well as other applicable rules for trading platforms). This includes instances where CATPs use clients’ cryptoassets to pre-fund transactions via an integrated custody offering. 9.13 In the course of trading, CATPs may operate a ‘float’ model, where cryptoassets are moved from the client wallet to a global settlement wallet to settle transactions off￾chain with an internal ledger. Firms that use this model may look to demonstrate they are able to offer better execution outcomes for their clients, by matching their orders within global liquidity pools, and in a cost-effective way, by not needing to pay gas fees on every trade. However, this model may not be compatible with holding client cryptoassets on trust, as we proposed in CP 25/14, based on our understanding that: • firms take ownership of the cryptoassets in the global settlement wallet, and instead give clients a right of return for these cryptoassets, rather than retaining clients’ ownership rights; and • the global settlement wallet may contain cryptoassets pertaining to clients who are protected under non-UK safeguarding regimes, adding complexity and cost in returning cryptoassets to clients on insolvency. 9.14 We want to enable clients’ access to global liquidity pools, while minimising the risks of harm to clients. We are therefore proposing to allow up to 1% of client cryptoassets to leave and be held outside of the trust when UK CATP operators use this float model, subject to the following conditions: • The cryptoassets are first held on trust by the UK CATP operator via a UK subsidiary (please see our proposed Approach to International Cryptoasset firms for more details). • Firms must obtain explicit client consent for cryptoassets to be held in this way, with the associated risks clearly outlined (please see 9.46). 9.15 This 1% would be calculated based on cryptoassets held in the trust for each client and by asset type. 9.16 Cryptoassets permitted to leave the trust under this model would no longer be considered client cryptoassets and would therefore not be subject to our proposed CASS 17 rules nor afforded the CASS protections outlined in this chapter, particularly if the CATP entered an insolvency process. Clients would continue to have a contractual right of return over these cryptoassets. 9.17 We are also proposing that overseas-based authorised CATP operators that operate this float model could be exempt from all CASS 17 rules provided that their permission is subject to a requirement which limits the extent of their safeguarding to that which is necessary for settlement only (see CASS 17.1.3R and our proposed Approach to International Cryptoasset firms). 9.18 There may be potential competition impacts of our proposal, and we welcome feedback on client choice, including alternative services available were client to opt out of their cryptoassets being held in this way.

55 9.19 We considered whether to propose all client cryptoassets remain on trust when held in this settlement wallet. However, we are concerned that either the wallet’s inherent features outlined in 9.13 would weaken the protections provided by the UK trust or to meet our trust requirements, would result in CATPs having to settle transactions on-chain which would be more costly and slower. We welcome feedback on this proposal, including whether the float model could be structured in a way that continues to meet our proposed trust requirements. If not, we want to maintain the robustness of the trust for client cryptoassets remaining within it and therefore want to clearly distinguish between client cryptoassets held on trust and those that would not have CASS protections. 9.20 We have proposed a 1% limit at this stage, based on our understanding of CATP business models to date. We welcome feedback on the optimal amount, including any supporting evidence of the associated benefits and risks. 9.21 This proposal would only apply to UK CATP operators that safeguard and settle transactions for qualifying cryptoassets, rather than specified investment cryptoassets, given that the Cryptoasset Regulations do not specify trading the latter in the definition of operating a CATP. 9.22 There may also be instances where cryptoassets temporarily flow through UK CATPs and intermediaries, and these firms do not otherwise safeguard client cryptoassets. The Cryptoasset Regulations exclude arrangements where client cryptoassets are held temporarily to facilitate the settlement of a transaction from the 9N safeguarding activity. We plan to consult on guidance covering the impact of this exclusion in a separate consultation on PERG guidance. Assets which have been lent to firms (Cryptoasset Lending) 9.23 Cryptoasset lending is the disposal of a qualifying cryptoasset from a person to or via a qualifying cryptoasset firm subject to an obligation or right to reacquire the same or equivalent qualifying cryptoasset from the qualifying cryptoasset firm, typically with compensation paid to that person by the qualifying cryptoasset firm in the form of yield. 9.24 Firms offering cryptoasset lending services by way of business in the UK may be carrying on the new regulated activities of ‘dealing in qualifying cryptoassets as principal’, ‘dealing in qualifying cryptoassets as agent’, and/or ‘arranging deals in qualifying cryptoassets’, in which case they will need to seek authorisation. The structure of firms’ lending services will determine if they need permission for one or more of these activities. 9.25 Depending on their business model, they may also need the 9N safeguarding permission – for example, where the client has a right against the firm for the return of the cryptoasset. We’ve proposed in Chapter 4 that firms must conduct appropriateness assessments of a client’s knowledge and experience and in CP 25/40 Chapter 5 we’ve proposed that a firm must obtain express consent from clients to conduct cryptoasset lending. As a result, clients who are entering into contracts for cryptoasset lending should have an understanding of the risks of lending their cryptoassets and how their ownership rights to those cryptoassets (or any yield earned) will be impacted.

56 9.26 While firms may need the 9N permission, we do not propose to apply the CASS 17 rules to assets that clients lend to regulated qualifying cryptoasset firms to ensure a proportionate approach. Firms would still be required to comply with requirements that apply when they are providing that service, as consulted on in CP 25/40. Collateral posted under a cryptoasset borrowing arrangement (Cryptoasset Borrowing) 9.27 Cryptoasset borrowing is the disposal of a qualifying cryptoasset from or via a qualifying cryptoasset firm to a person subject to an obligation or right to reacquire the same or equivalent qualifying cryptoasset from the person. Cryptoasset borrowing may include providing qualifying cryptoasset borrowing collateral (as defined in CP25/40) and/or payment of interest from the person to the qualifying cryptoasset firm. 9.28 Some firms providing cryptoasset borrowing services take ownership of the collateral provided by clients and use it themselves. This can provide those firms with greater liquidity of cryptoassets, and the possibility of generating yield from onward lending or investing of the collateral. 9.29 While this may allow firms to offer lower charges or interest rates to clients, there is a risk of harm if the collateral is lost, for example due to counterparty defaults or failed investment strategies. 9.30 We are therefore proposing in CRYPTO 9 (alongside other rules for cryptoasset lending and borrowing that we proposed in CP 25/40) that firms offering cryptoasset borrowing services must not take ownership of collateral provided by a retail client and use it themselves, except where the client has provided express prior consent to this to discharge their debt to the firm. For qualifying cryptoassets or specified investment cryptoassets, firms must either hold permission to safeguard cryptoassets and directly safeguard the collateral, or arrange for an authorised person to safeguard it, ensuring no full ownership transfer. For securities or contractually based investments, firms must either hold permission to safeguard and administer investments and directly safeguard the collateral, or arrange for an authorised person to safeguard it, ensuring no full ownership transfer. For money, firms must ensure no full ownership transfer occurs. The application of the CASS 7 rules to cryptoasset activities will be considered later. 9.31 This serves to mitigate the risk that the firm does not have the collateral available to return to the retail client when the borrowing arrangement ends. Based on market developments, we will consider whether to allow firms to use collateral provided by clients in certain forms in the future. Question 27: Do you agree with our proposed approach to applying CASS 17 in these scenarios? If not, why not, and please describe any scenarios we may not have considered.

57 Protecting clients’ ownership rights 9.32 In CP25/14, we proposed that firms must protect clients’ ownership rights by holding their cryptoassets on trust. We also proposed that firms could draft the terms of the trust in a manner which would suit their business models, including different wallet arrangements. Firms could hold cryptoassets on trust per client, per asset type, per virtual address or alternatively, within a single “tenants in common” trust covering all clients, cryptoassets and virtual addresses. 9.33 Respondents broadly supported our proposals, with 66% in agreement. Some respondents proposed we require the use of nominee companies as a means of segregating client assets, instead of a trust, in line with CASS 6. Others were concerned that there could be inconsistency in standards of protection, given the flexibility afforded to firms in preparing the terms of the trust. Several respondents expressed concern about how the trust would be recognised and if necessary, enforced, in jurisdictions with different legislative frameworks. 9.34 Given the challenges in evidencing ownership rights for cryptoassets, we are continuing to propose client cryptoassets are held on trust. We want to provide firms with sufficient flexibility in drafting the terms of the trust to align with their business models, while establishing a consistent baseline of protection across the market. 9.35 We are also proposing that firms record the means by which the trust is segregated, including the name of clients who are beneficiaries and the class or classes of cryptoassets held under the trust. 9.36 We recognise that other jurisdictions may have different legislative frameworks and that there is a risk of harm if a firm fails and is subject to an insolvency regime elsewhere that does not afford the same protections as our CASS trust rules. We have sought to mitigate this to some extent through our proposed Approach to International Cryptoasset firms (please see Annex 4). 9.37 We welcome feedback on whether our proposed rules are compatible with applicable legal requirements for trusts in the UK, noting the Property (Digital Assets etc) Act 2025 and the Digital Assets (Scotland) Bill. Segregation of client assets 9.38 Having considered feedback where firms provide other services alongside cryptoasset custody, we are now proposing to permit: • Co-mingling of client cryptoassets and firm cryptoassets (operational surplus): only where necessary to deliver additional services, such as custodial staking, and subject to certain conditions. The co-mingled firm cryptoassets, which we have called an operational surplus, would remain within the trust. Firms would be required to always subordinate their claims to this operational surplus to clients’ claims to their cryptoassets in the trust. • Permitted routes to exit the trust: client cryptoassets can be removed from the trust to fulfil a client instruction, discharge a fee or debt as agreed by the client

58 (for example, via T&Cs), to facilitate the settlement of transactions by a CATP that uses the float model or where it is necessary to effect an absolute transfer of title in order to deliver a product or service. Co-mingling of client cryptoassets and firm cryptoassets (operational surplus) 9.39 In CP25/14 we did not consult on the interaction between safeguarding and other activities. But some respondents proposed we permit co-mingling of firm assets and client assets to enable firms to provide other services. Examples include staking, where a firm may need to deposit their own assets in a staking wallet to meet the minimum denomination required to to participate in blockchain validation. 9.40 While there are potential cost efficiencies by permitting firms to hold their assets within the trust alongside client cryptoassets – for example reduced gas fees – we want to ensure client cryptoassets remain adequately protected, particularly if the firm fails and there is a loss, or delay in the return, of client cryptoassets. 9.41 To address this risk, we are proposing to permit firms to hold an operational surplus made up of their own cryptoassets, within the same trust as client cryptoassets, provided that: • It is necessary to have an operational surplus within the trust to provide services, and the surplus is made up of the same cryptoasset class as client cryptoassets held in that trust. • The amount of cryptoassets held in the operational surplus does not exceed a level that would reasonably be expected to be necessary, considering the firm’s other services. • The terms of the trust clearly set out that the firm’s claim to the operational surplus is always subordinated to the clients’ claims to their cryptoassets for the relevant cryptoasset class in the trust, both as a going concern and on firm failure. We will consider the impact on distribution costs when we consult on our proposed approach to cryptoasset firm failure. • The operational surplus cannot be removed or reduced other than in line with excess requirements (see 9.57). • Firms keep and maintain a written record for a period of 5 years after the firm ceases to use the surplus in that trust, detailing the reason the operational surplus is necessary. • Firms apply the same rules to the operational surplus as client cryptoassets held on trust (including on adequate organisational arrangements, record-keeping, means of access and use of third parties). 9.42 We are not currently proposing to mandate a specified fixed amount or percentage of firm assets that may be held within the trust. However, based on feedback from firms we expect this amount to be minimal. We want to take a proportionate approach and provide firms flexibility to determine and justify the appropriate amount of the surplus based on their business models.

59 Question 28: Do you agree with our proposed approach to protecting clients’ ownership rights, including the approach to the operational surplus and class of cryptoasset? If not, why not? Exceptions to the trust 9.43 Some respondents to CP25/14 were concerned that our proposed trust requirements could impede a custodian from offering other services, such as staking, operating a trading platform or lending. This concern stemmed from a firm having to act as trustee as part of a bare trust arrangement. 9.44 We have considered this feedback and are now proposing that a firm can apply exceptions to safeguarding client cryptoassets as a trustee if:

1. The firm is providing lending services in relation to those cryptoassets. See 9.26 for more details.
2. The client instructs a firm to transfer their cryptoassets to another person or to the client themselves;
3. It is necessary to use the cryptoassets to discharge a debt owed to the firm as agreed by the client in T&Cs;
4. The firm is a QCATP operator or the group company of a QCATP operator that uses a float model to settle transactions and has obtained the client’s informed consent (up to 1% of client cryptoassets based on cryptoassets received into the trust for each client and by asset type). See 9.12-9.22 for more details.
5. The firm determines that an absolute transfer of title and ownership from the client to the firm or another person is necessary to deliver the product or service and has obtained the client’s informed consent. 9.45 Once cryptoassets are removed from the trust, they would no longer be considered client cryptoassets and clients would no longer benefit from CASS protections in relation to those assets. 9.46 In obtaining clients’ consent, we are proposing that the firm must explain the risks to clients of their cryptoassets not being held on trust, including if the firm fails, and for retail market business, this process must be compatible with the Consumer Duty. We are also proposing that the record of this consent be kept for a period of 5 years after the firm stops relying on it to exempt client cryptoassets from the trust. 9.47 Disclosures can help clients provide informed consent. We are therefore proposing in chapter 4 that firms must disclose how clients’ cryptoassets are being held on trust, whether the firm is using an exception to holding cryptoassets on trust and the risks to those cryptoassets, and whether a third party is being used and the consequences to clients if the third party fails. 9.48 We plan to consult separately on our proposed approach to cryptoasset firm failure, including distribution rules for client cryptoassets held on trust.

60 Question 29: Do you agree with our proposed approach to exempting firms from holding cryptoassets on trust in certain scenarios? If not, why not? Record-keeping 9.49 In CP25/14, we proposed that firms must maintain client specific records which would enable a firm to correctly identify, for each client: • The type of cryptoasset held by the firm for that client; • The quantity of the cryptoasset; • Which blockchain address each cryptoasset is held in; • The nature of an individual’s claim to the cryptoasset; and • Where there are other parties that have the capacity/control to effect a transfer of the cryptoasset, and who those parties are. 9.50 We proposed that firms must maintain these records independently from the relevant DLT used, and that firms cannot rely on records kept by third parties. Most respondents agreed (66%), with 16% remaining neutral and 18% disagreeing. 9.51 Respondents asked us to clarify what ‘independent’ means with regards to the relevant DLT used. We mean that the firm must maintain these records and not rely on a public DLT. This could result in a combination of on-chain and off-chain records being used to create the firm’s client specific record. 9.52 One respondent highlighted the security risk posed by requiring firms to include the identities of third parties that could effect a transfer in their records. Recording the identities of third parties, as well as any other persons involved, helps to reduce the risk of internal fraud or theft. We are now, however, proposing to permit firms not to include the actual name of a person if doing so would compromise their ability to protect client cryptoassets, provided that the record includes sufficient information to identify the person using the firm’s other records. 9.53 Considering other changes to our rules, we are now proposing that the record-keeping rules only apply to firms safeguarding client cryptoassets as trustee. Cryptoassets held outside the trust (including where the client has a contractual right of return) would no longer be considered client cryptoassets. Question 30: Do you agree with our proposed approach to record￾keeping requirements, including only applying them to client cryptoassets held on trust? Please explain your answer and indicate whether this approach would create a gap in consumer protection.

61 Reconciliations, addressing shortfalls and excesses 9.54 Reconciliations are checks that firms conduct to ensure the accuracy of their records and enable them to identify and resolve any discrepancies. This involves firms comparing their books and records against their actual holdings. In CP25/14, we proposed that a firm must check the total amount of each cryptoasset in their client specific records against the content of the wallet addresses controlled by the firm, and (where relevant) against any cryptoassets held by third parties, within one business day. 9.55 We also proposed that, upon identifying a shortfall in client cryptoassets, firms must assess the reasons to determine whether and how to resolve the shortfall and when to notify the FCA and clients if it could not be covered by the next reconciliation. 9.56 Most respondents (around 63%) agreed with our proposals, with 25% disagreeing, and the remainder responding neutrally. Some respondents requested materiality thresholds for shortfalls, below which firms would not need to notify the FCA, while others requested additional flexibility in how shortfalls must be resolved by permitting firms to use firm money and other assets similar to CASS 6.6.54R(2)(b). 9.57 Having considered feedback, and other services a firm may be providing alongside custody, we are now proposing that firms must: • Calculate the per trust/client/class cryptoasset requirement, which is the amount of each class of cryptoasset the firm is required to hold, under the rules for trusts, for each client that is a beneficiary under each trust the firm operates. • Confirm the per trust/class cryptoasset resource, which is the amount of client cryptoassets of a particular class the firm is safeguarding under each trust it operates. • Having investigated discrepancies, remove all excess cryptoassets in the relevant class from the trust unless they are part of the firm’s permitted operational surplus. We welcome feedback on whether there may be other reasons for an excess, for example, if a firm erroneously receives client cryptoassets or receives cryptoassets that have not yet been identified or allocated to its clients, and if so, mitigants to address this risk. • Top up shortfalls in the relevant class, either with the firm’s own cryptoassets, using its own resources to acquire them or procuring a third party to do so (for example due to illiquidity). This is to mitigate the risk of loss of client cryptoassets, while enabling firms to move cryptoassets outside of the trust to provide other services. • Notify the FCA in writing if: a shortfall has not been topped up by the next reconciliation, including the reasons for the shortfall and the impact on clients; the firm’s approach to notifying clients; the firm’s internal records are materially out of date, inaccurate or invalid; or the firm is unable or materially fails to comply with the requirements for the per trust/class cryptoasset resource and reconciliation. • If the firm decides not to immediately notify affected clients about a shortfall, review that decision at least once a day until the shortfall is resolved.

62 Question 31: Do you agree with our proposed approach to reconciliations, topping up shortfalls and removing excesses? If not, why not? Private key management and security 9.58 In CP25/14, we proposed a technology agnostic and outcomes-based approach to key management and security, noting that the market is continually evolving. We proposed that firms have adequate organisational controls and arrangements to make sure: • Private keys and the means of access to cryptoassets are generated, stored, and controlled securely throughout their lifecycle. • Firms maintain accurate and verifiable ‘key-mapping’ records, which detail the cryptoassets safeguarded, the relevant wallets in which those cryptoassets are held, the means of access to those cryptoassets, and how they correspond to the relevant clients. • Firms implement strategies to mitigate the loss or compromise of the means of access to cryptoassets, including arrangements for secure back-ups. • Firms maintain accurate and up-to-date records of their policies and procedures for wallet/means of access management. 9.59 Around 60% of respondents agreed with our approach, with 25% being neutral and 15% disagreeing. Respondents supported our principles-based and technology agnostic approach, considering emerging custody technologies. Some respondents requested greater clarity on the definition of ‘means of access’. The Cryptoasset Regulations explain that references to the ‘means of access’ include a private cryptographic key to that cryptoasset. We also have proposed additional guidance, including instances where a firm is holding one or more shards – distinct parts of a private cryptographic key split and distributed amongst different parties to reduce security risks – that would enable it to exercise control and therefore need to meet our requirements. This may include so￾called ‘signing keys’ and ‘withdrawal keys’ generated in the staking process, if the firm has the requisite degree of control and can transfer the benefit of the cryptoasset to another person. 9.60 Others queried how the private key management and security rules would interact with any operational resilience or business continuity requirements. At the time we outlined our CASS 17.4 proposals in CP25/14, CP25/25, which details SYSC requirements, had not yet been published. The CASS 17.4 private key management and security rules, which relate to business-as-usual practices, should be read in conjunction with, but are separate to, the SYSC requirements in chapter 4 of CP25/25 which provides guidance to firms on their cryptoasset operational resilience and relate to a firm’s wider preparedness for business and/or service disruptions. 9.61 In line with our other proposed changes, we are now proposing that: • the means of access (private key) rules apply to client cryptoassets, including the operational surplus held under trust.

63 • The means of access record explains how a firm holding shards exercises control, for example the reconstruction threshold for the relevant private key. • The record is reviewed at least once per business day. Question 32: Do you agree with our proposed approach to private key management and security? If not, why not? Appointment of third parties 9.62 In cryptoasset custody, firms use third parties to improve the security and/or efficiency of their cryptoasset custody services. This could be due to specialist services offered, technology infrastructure or to facilitate transactions. Using third parties in cryptoasset custody arrangements can, however, expose clients to a risk of loss, or delay in the return, of their cryptoassets. For example, this could occur if the third party: • Has weak or inadequate systems and controls; • Conducts fraudulent activity; or • Enters insolvency and clients’ ownership rights are not protected (for example, if the third party is in a jurisdiction that does not recognise clients’ proprietary rights in the manner CASS rules and UK insolvency law intend). 9.63 We want to maintain adequate protection of client cryptoassets, while not preventing firms from appointing third parties where it may be beneficial to do so. Given the use cases and risks of harm identified for third parties in cryptoasset custody, we had proposed that firms must meet the following requirements: • Any appointment of a third party must be in the client’s best interests, and necessary for safeguarding, which firms must evidence in a written policy. • Firm must undertake due diligence in the selection of the third party and keep this up to date by undertaking periodic reviews of the third party. • Firms must have considered the expertise and market reputation of the third party, including any security, market infrastructure and legal requirements for holding cryptoassets which could negatively impact clients’ ownership rights. • Any client cryptoassets held by a third party must continue to be held on trust separately from the assets belonging to the custodian, or the third party. • The firm must have a written agreement when custodians place client cryptoassets, or the means of access to them, with a third party. 9.64 Approximately 63% of respondents agreed, and 30% disagreed, with our proposed rules on the appointment of third parties for safeguarding. Respondents suggested that we: • Reconsider the requirements that the third party be necessary for safeguarding and in the clients’ best interests. • Include a provision similar to CASS 6.3.1R, where firms must ‘exercise all due skill, care and diligence in the selection, appointment and periodic review’ of third parties, instead of the preconditions we previously consulted on. • Distinguish between direct and indirect (intermediate) custodial models (where the indirect custodian does not hold the means of access).

64 • Reconsider the requirement that firms seek board approval for the selection and appointment of third parties. • Permit firms to allow third parties to recover debts with client cryptoassets they hold subject to conditions, similar to CASS 6.3.6R. • Clarify the scope of our rules and the interaction between those third parties appointed for safeguarding and critical third parties. 9.65 Given this feedback and other changes to CASS 17, we are now proposing that: • The requirements in CASS 17.6 apply only to third parties appointed to safeguard client cryptoassets where they are being held on trust. • Rather than being necessary for safeguarding, any appointment of a third party for safeguarding must not increase the risk of loss or diminution of client cryptoassets. This assessment would be based on the firm’s due diligence requirements and adequate organisational arrangements (CASS 17.2). Firms would need to evidence this assessment in a written policy on a case-by-case basis. This proposal is to take a more proportionate approach, while minimising the risk of harm to client cryptoassets. • Where there are safeguarding chains, i.e. an appointed third party using another third party, firms may rely on the appointee to conduct due diligence on the third party and report back its conclusions. • Firms can delegate Board approval for use of a third party to either the PRz or a committee including the PRz. 9.66 We are not proposing to allow firms to grant liens to third parties over client cryptoassets, as we do not consider this compatible with ensuring appointing third parties does not increase the risk of loss or diminution to client cryptoassets. 9.67 We welcome views on the balance we are seeking to achieve between mitigating the risk of harm to client cryptoassets held with third parties while enabling firms to use services that help them safeguard client cryptoassets and accommodating different custody business models. Question 33: Do you agree with our proposed approach to the use of third parties? If not, why not?

65 Chapter 10 Safeguarding specified investment cryptoassets 10.1 In CP25/14, we consulted on rules for firms that were only safeguarding clients’ qualifying cryptoassets without conducting other regulated cryptoasset activities alongside custody, such as operating a trading platform or staking. We proposed requirements for these firms to: • Maintain adequate organisational arrangements. • Segregate client cryptoassets under a non-statutory trust. • Keep accurate books and records. • Perform daily reconciliations and address any discrepancies appropriately. • Safeguard access credentials. • Establish and oversee third party relationships appropriately. 10.2 Chapter 9 in this CP sets out our proposed amendments to CASS 17 for firms conducting custody alongside other regulated cryptoasset activities. 10.3 We also noted in CP 25/14 that we would consult separately on proposals for custody of specified investment cryptoassets (SICs). This chapter outlines these proposals, and applies to firms that conduct custody of SICs, alongside other regulated cryptoasset activities. What are Specified Investment Cryptoassets (SICs)? 10.4 A ‘specified investment cryptoasset’, as defined in the Cryptoasset Regulations, is something that meets both the FSMA definition of a ‘cryptoasset’ and the FSMA definition of a specified investment (for instance an equity or a bond). An example of this would be a token on a blockchain that represents an interest in or right to an equity. We have identified two broad categories of SICs:

1. Non-digitally native SICs – these are backed by traditional finance specified investments; and
2. Digitally native SICs – these are issued initially and solely on a blockchain/DLT network, and are not backed by a traditional finance specified investment. What is SIC custody? 10.5 As set out in CP25/14, ‘custody’ refers to a firm holding an asset on behalf of another. Our Client Assets Sourcebook (CASS) sets out detailed requirements for how firms must safeguard client assets. These rules are designed to make sure that assets are protected and can be returned as quickly and wholly as possible to clients if a firm

66 becomes insolvent. The CASS regime supports our statutory objectives and underpins Principle 10 of the Principles for Business, which requires firms to arrange adequate protection for client assets when they hold or control them. 10.6 Firms safeguarding and administering SICs are already within the FCA’s regulatory perimeter under Article 40 of the Regulated Activities Order (RAO) (safeguarding and administering investments) and are subject to CASS 6 rules. However, these rules do not account for the unique characteristics of SICs, such as the need to control cryptoassets on behalf of a client, typically through means of access such as private keys. This presents a gap in consumer protection. Under the new regulatory regime for cryptoassets, safeguarding of SICs will be defined as: • Control of the cryptoasset on behalf of another, which allows the cryptoasset custodian, through any means, to bring about a transfer of the benefit of the cryptoasset to another person. • ‘On behalf of another’ includes situations where the client has: i. both legal and beneficial title; ii. the beneficial title only; or iii. a right against the firm for the return of a qualifying cryptoasset or relevant SIC, except for in circumstances where there has been a repo transaction as part of a collateral arrangement. 10.7 At the time of publication, we are aware of only a few firms providing custody of SICs. We anticipate that as more SICs are available in the market, demand for custodians will increase, and the number of firms safeguarding these assets for clients will grow. Proposed regulatory approach 10.8 In line with our objective for qualifying cryptoasset custody, we want to ensure adequate protection of clients’ SICs, and that these assets are returned as quickly and wholly as possible in the event of a firm’s insolvency. So, we are proposing bespoke CASS rules for the custody of SICs, in place of existing CASS 6 rules, to ensure these clients’ cryptoassets are safeguarded effectively. 10.9 As the SIC market is new and developing, we want to create a framework that is proportionate and futureproofed. Given that SICs share characteristics with both specified investments in traditional finance and cryptoassets, we also want to make sure our proposed rules are suitable for both traditional finance and crypto-native firms. We therefore considered whether to amend CASS 6, apply CASS 17 (our proposed rules for qualifying cryptoasset custody, as set out in Chapter 9), with targeted modifications to reflect the features of SICs, or to create a bespoke sourcebook with a mixture of rules from CASS 6 and CASS 17. We dismissed the latter option to ensure a proportionate approach.

67 10.10 We propose applying CASS 17 to SIC custody for the following reasons: • CASS 17 is better suited to address the unique risks of the SIC market, such as those arising from private key management, and the use of third parties, compared with traditional custody models. • CASS 17 recognises that for many cryptoassets, there is no external party such as a registrar, Central Securities Depository, or Digital Securities Depository that ensures legal ownership is accurately recorded and updated. To mitigate the associated risks of harm, CASS 17 includes trust rules that we propose to apply to SICs. 10.11 In Chapter 9, we set out the changes we are proposing to CASS 17 rules, given the interaction between custody and other regulated activities, and the feedback we received to CP25/14. While that feedback was specifically on qualifying cryptoasset custody, we are proposing to apply the same amended CASS rules to SIC custody, and welcome feedback on our approach. 10.12 We also welcome feedback on any potential transitional challenges for SIC custodians currently applying CASS 6 rules that will be subject to CASS 17. 10.13 The rest of this chapter explains how the key components of CASS 17 align with our proposed approach to regulating SIC custody. 10.14 In CP 25/25, we proposed applying Senior Management Arrangements, Systems and Controls (SYSC) and SUP rules that were relevant to qualifying cryptoasset custodians. We are proposing to extend those rules to specified investment cryptoasset custodians, namely SYSC 4-10, SYSC 15A and SUP 3. Where relevant, we are proposing to apply these rules specifically to qualifying cryptoassets and specified investment cryptoassets held on trust. 10.15 In CP 25/25, we also proposed a rule requiring an auditor to produce a limited assurance engagement report on whether a firm is safeguarding qualifying cryptoassets, stablecoin backing assets or stablecoin backing funds, when the firm claims not to be (SUP 3.10.4R(2)). We proposed to apply this rule to qualifying cryptoasset custodians and stablecoin issuers, as well as all other traditional finance firms to whom SUP 3.10 applies. We are considering whether this rule should be extended to other regulated cryptoasset firms and welcome feedback. Protecting clients’ ownership rights 10.16 A key foundation to protecting clients’ ownership rights is making sure clients’ assets are segregated from the firm’s own assets, so they are ringfenced and protected if the firm fails. In CASS 17, we have proposed to achieve this with a non-statutory trust, where the custodian holds the clients’ qualifying cryptoassets as a trustee. We propose to apply the same trust rules to SIC custodians to provide the same level of protection for clients’ specified investment cryptoassets.

68 10.17 As set out in Chapter 9, we are proposing changes to CASS 17 rules on the segregation of client cryptoassets, including permitting co-mingling of client cryptoassets and firm cryptoassets in specific circumstances (operational surplus), and exceptions to safeguarding client cryptoassets as a trustee. Private key management and security 10.18 SIC custody involves controlling assets on behalf of clients, namely through private keys that provide access to the wallet addresses where the assets are held. As with qualifying cryptoasset custody, keys can be compromised if they are not generated robustly, or if they are used incorrectly, stored inappropriately or managed manually. These vulnerabilities can introduce human error or create a single point of failure, potentially leading to the loss of clients’ SICs, weakening consumer protection, and undermining trust and confidence in this emerging market. 10.19 Our proposed requirements in CASS 17 aim to reduce the risk of firms losing clients’ SICs, by ensuring that: • Private keys and the means of access to SICs are generated, stored, and controlled securely throughout their lifecycle. • Firms maintain accurate and verifiable means of access records which detail the SICs safeguarded, the relevant wallets in which those SICs are held and the means of access to those SICs. • Firms implement strategies to prevent compromise of the means of access to SICs and thereby reduce the risk of loss, including arrangements for secure back￾ups. • Firms maintain accurate and up-to-date records of their policies and procedures for means of access. • The means of access (private key) rules apply to client cryptoassets, including the operational surplus held under trust. • The means of access record explains how a firm holding shards exercises control, for example the reconstruction threshold for the relevant private key. • The record is reviewed at least once per day, rather than per business day, in line with our amended record-keeping proposals. Appointment of third parties 10.20 Cryptoasset firms use third parties to improve the security and/or efficiency of their services, whether through technology infrastructure, specialist expertise or storage facilities, to help safeguard clients’ cryptoassets, including SICs. 10.21 We therefore propose to apply the same CASS 17 rules on appointment of third parties to SIC custodians. The proposed rules would require a firm to meet certain conditions before appointing a third party to safeguard qualifying cryptoassets or SICs being held on trust (see 9.65 for more details).

69 Question 34: Do you agree with our proposed approach to applying CASS 17 rules on protecting clients’ ownership rights, private key management and appointment of third parties, applying SYSC and SUP rules to SIC custodians and amending the application of SUP 3.10.4R(2)? If not, why not? Question 35: Do you foresee challenges for firms currently safeguarding SICs and subject to CASS 6 when transitioning to CASS 17? Please explain why. Application of exemptions to CASS rules 10.22 In traditional finance custody, there are permitted exemptions to certain CASS rules, for example: • Title transfer collateral arrangements (TTCAs): exclusions from CASS apply to firms that undertake TTCAs with professional clients. • Business in the name of the firm: A firm may be exempt from CASS 6 rules when conducting business in its own name on behalf of a client, but only if the client provides written agreement. This exemption applies in specific situations where it is necessary due to the nature of the transaction, and the firm must retain the written consent throughout the period it uses the exemption for that client. • Managers of AIFMs and UCITS: As part of implementing the Alternative Investment Fund Managers Directive (AIFMD), the RAO was updated so that certain firms would not need to seek authorisation to perform certain regulated activities. As managers of UK UCITS and AIFs must appoint a depositary to safeguard fund assets, they are not required to hold or apply for Part 4A authorisation for safeguarding and administering investments. The Cryptoasset Regulations maintain this position in respect of safeguarding qualifying cryptoassets and relevant SICs for these firms, and they are therefore not required to apply for 9N authorisation. In traditional finance, specific rules in CASS 6 were introduced to capture small AIFMs that are not required to appoint a depositary by virtue of the AIFMD, to ensure adequate protection for fund assets. These firms are deemed to be conducting ‘excluded custody activities’ and are subject to our custody rules. Our proposed CASS 17 rules do not currently include a similar provision to capture fund assets which are qualifying cryptoassets and relevant SICs, being managed by a small AIFM. 10.23 Given that outside of custody, traditional finance rules will continue to apply to regulated activities for SICs, we are exploring whether existing exemptions in traditional finance custody should be extended to SIC custody. Depending on feedback, we may propose rule changes in a future consultation. Question 36: What are the potential use cases for and the rationale for SIC custodians to use these exclusions?

70 Question 37: Do you agree that rules applying to small AIFMs due to exclusions applying to UK UCITS and AIF managers should be extended to SIC and cryptoasset custodians under CASS 17? Please explain why. Reuse agreements 10.24 CASS 6 permits the use of clients’ safe custody assets for securities financing transactions (SFTs) provided that firms comply with rules on obtaining express client consent, keeping accurate records, and maintaining adequate organisational arrangements to prevent any use of a client’s assets to which they did not explicitly agree. 10.25 We welcome feedback on whether similar provisions should apply to SICs and/or qualifying cryptoassets, including whether these cryptoassets may be used for SFTs in future, and if so, whether the requirements in CASS 6 should be adapted. Question 38: Do you anticipate SICs being used for SFTs in future? If so, should the requirements in CASS 6 permitting the use of clients’ safe custody assets for SFTs be applied? Please explain why.

71 Annex 1 CP Questions Chapter 1 – Summary Question 1: Do you agree with our proposed approach on guidance for international crypto firms? If not, provide details. a. In particular, we would be interested in views as to whether any of our proposed rules in this should be applied differently to a UK QCATP which is authorised via a UK branch of an overseas firm, in relation to non￾UK users. Question 2: Do you consider that the SUP 3.3-3.8 should be extended to all cryptoasset activities? If not, explain why. Chapter 2 – Consumer Duty Question 3: Do you agree with our proposals to apply Principle 12 and PRIN 2A to cryptoasset firms supplemented by non￾Handbook guidance to clarify how the duty applies to cryptoasset activities? Question 4: Do you agree with our approach that the Duty will not apply to trading between participants of a UK QCATP? Question 5: Do you agree with our approach that the Duty will apply to all activities carried out in relation to UK-issued qualifying stablecoins, including activities relating to public offers and admissions to trading? Question 6: Do you have any comments on our proposed guidance on how cryptoasset firms should comply with the Consumer Principle and three cross‑cutting rules? Question 7: Do you have any comments on our proposed guidance on application of the Duty’s: (a) products and services outcome; (b) price and value outcome; (c) consumer understanding outcome; and (d) consumer support outcome?

72 Question 8: Are there any areas where cryptoasset firms could benefit from additional guidance to better understand their obligations? Please provide examples. Chapter 3 – Redress Question 9: Do you agree with our proposal to apply the DISP 1 complaint handling requirements to all cryptoasset firms? Question 10: Do you agree with the proposal to add requirements to the crypto sourcebook for stablecoin issuers to put in place contractual arrangements with third parties that carry out activities on their behalf? Question 11: Do you agree that the Financial Ombudsman should consider complaints about all new cryptoasset activities carried out by all UK authorised firms? If not, are there specific activities it should not be able to consider complaints for? Question 12: Do you agree that the Financial Ombudsman should not extend the voluntary jurisdiction to cover complaints about the proposed new cryptoasset activities? Question 13: Do you agree with our approach to not extend FSCS coverage to new regulated cryptoasset activities and all types of qualifying cryptoassets? Question 14: Given that the move of Specified Investment Cryptoasset (SIC) safeguarding from Article 40 to Article 9N may remove it from the scope of FSCS protection, do you agree with our approach to SIC safeguarding even though it may give rise to potential inconsistent outcomes, for example, safeguarding a traditional share would fall within FSCS scope, while safeguarding its tokenised equivalent would not? Chapter 4 – COBS Question 15: What is your view on whether COBS generally (subject to COBS 1 Annex 1 carve-outs) should apply to non-UK retail and professional clients of a UK QCATP operator that is incorporated overseas and authorised via a UK branch? Question 16: Do you have any views on what qualifying cryptoassets should be assessed as Category A or Category B qualifying cryptoassets? If so, please provide details.

73 Question 17: Do you agree with our proposals on express consent, appropriateness testing, and strengthening retail clients’ understanding? If not, please explain why not? If there is an issue of timing or cost in relation to our proposals on appropriateness assessments and express consent, including as they apply to existing clients, please share details. Chapter 5 – The use of Credit N/a Chapter 6 – SM&CR Tiering Question 18: Do you agree with our proposals to introduce thresholds for becoming an SM&CR Enhanced firm for authorised stablecoin issuance firms and authorised cryptoasset custodians? If not, please explain why. Chapter 7 – Training and Competence Question 19: Do you agree with our proposals to apply the TC Sourcebook to certain cryptoasset activities similar to the existing approach for traditional finance? If not, please explain why? Chapter 8 – Regulatory Reporting Question 20: Do you agree with our proposed application of the existing regulatory returns to qualifying cryptoasset firms? Question 21: Do you agree with our phased approach to introducing regulatory returns for qualifying cryptoasset firms? Question 22: Do you agree with the proposed approach for: a. Stablecoin issuance b. Operating a Qualifying Cryptoasset Trading platform c. Dealing and Arranging (intermediation) d. Cryptoasset Staking

74 e. Cryptoasset Lending and Borrowing Question 23: Do you agree with our approach to qualifying cryptoasset safeguarding reporting? Question 24: Do you agree with our approach to cryptoasset complaint and active client reporting? Question 25: Do you agree with our proposed approach to supplementary data collections? Question 26: Do you agree with our approach to prudential reporting? Chapter 9 – Safeguarding client cryptoassets Question 27: Do you agree with our proposed approach to applying CASS 17 in these scenarios? If not, why not, and please describe any scenarios we may not have considered. Question 28: Do you agree with our proposed approach to protecting clients’ ownership rights, including the approach to the operational surplus and class of cryptoasset? If not, why not? Question 29: Do you agree with our proposed approach to exempting firms from holding cryptoassets on trust in certain scenarios? If not, why not? Question 30: Do you agree with our proposed approach to record￾keeping requirements, including only applying them to client cryptoassets held on trust? Please explain your answer and indicate whether this approach would create a gap in consumer protection. Question 31: Do you agree with our proposed approach to reconciliations, topping up shortfalls and removing excesses? If not, why not? Question 32: Do you agree with our proposed approach to private key management and security? If not, why not? Question 33: Do you agree with our proposed approach to the use of third parties? If not, why not?

75 Chapter 10 – Safeguarding specified investment cryptoassets Question 34: Do you agree with our proposed approach to applying CASS 17 rules on protecting clients’ ownership rights, private key management and appointment of third parties, applying SYSC and SUP rules to SIC custodians and amending the application of SUP 3.10.4R(2)? If not, why not? Question 35: Do you foresee challenges for firms currently safeguarding SICs and subject to CASS 6 when transitioning to CASS 17? Please explain why. Question 36: What are the potential use cases for and the rationale for SIC custodians to use these exclusions? Question 37: Do you agree that rules applying to small AIFMs due to exclusions applying to UK UCITS and AIF managers should be extended to SIC and cryptoasset custodians under CASS 17? Please explain why. Question 38: Do you anticipate SICs being used for SFTs in future? If so, should the requirements in CASS 6 permitting the use of clients’ safe custody assets for SFTs be applied? Please explain why. Cost Benefit Analysis Question 39: Do you agree with our assumptions and findings as set out in this CBA on the relative costs and benefits of the proposals contained in this consultation paper? Please give your reasons. Question 40: Do you have any views on the cost benefit analysis, including our analysis of costs and benefits to consumers, firms and the market?

76 Annex 2 Cost benefit analysis Summary

1. Cryptoassets are increasingly popular with UK consumers. Our Cryptoasset Consumer Research indicates demand among UK adults doubled between 2020 and 2025 (from 4% to 8%), with consumers primarily motivated by large asset price rises and the potential opportunity to make money quickly.
2. Despite growth in retail participation, cryptoasset markets are characterised by information asymmetries, misaligned incentives and behavioural biases, impacting both firms and consumers. These factors have resulted in widespread harm in cryptoasset markets, with many retail consumers experiencing financial losses from purchasing unsuitable products.
3. Firms face weak incentives to address these issues due to limited regulatory oversight and the potential adverse impact on their profitability of making changes. Our assessment is that in the absence of regulatory intervention, the harms we currently observe would likely continue in UK cryptoasset markets.
4. The FCA’s current regulatory remit for cryptoassets is limited to the Money Laundering, Terrorist Financing, and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), the financial promotions regime, and consumer protection legislation (including the Consumer Rights Act 2015 and Consumer Protection from Unfair Trading Regulations 2008).
5. The Government has recently introduced legislation to bring new cryptoasset activities within our regulatory remit (the Cryptoasset Regulations). Our proposed intervention in this Consultation Paper will introduce rules that currently apply to FSMA regulated firms to authorised cryptoasset firms. This includes the Consumer Duty, the Conduct of Business Sourcebook (COBS), Redress requirements and regulatory reporting.
6. We are also proposing to apply Client Asset Sourcebook (CASS) requirements to firms safeguarding specified investment cryptoassets (SICs) and providing staking services (as outlined in CP 25/40), where these activities relate to the requirement that collateral must be held in compliance with CASS 17.
7. This CBA assesses the impact of our proposed rules and guidance within UK cryptoasset markets. In this CBA, benefits accrue to consumers through firms applying the consumer duty, and consumers being able to access the Financial Ombudsman, which we anticipate will provide improved redress to consumers who experience harm. Other benefits include improved regulatory clarity to firms and consumers, better-informed investment decisions, and increased trust in the UK as a jurisdiction that combines high regulatory standards with support for innovation.

77 8. Costs are primarily driven by compliance, familiarisation and business model changes that our regulation will introduce for firms. Firms will need to become familiar with our rules and guidance, and update their internal processes, which will result in costs to them. Firms may pass on increased operating costs to consumers through higher prices or reduced quality of product offerings. 9. Our quantification of costs indicates a net cost of £96.7m over a 10-year appraisal period, as outlined in the table below. We anticipate significant benefits to consumers, associated with improved outcomes due to firms applying the consumer duty, although these are not quantified. Our breakeven analysis indicates our intervention will be beneficial if the value of these benefits exceeds £1.10 per consumer per year over our appraisal period. Table 1: Summary of costs and benefits (10 years, present values, central estimates) Group Affected Item Description PV Benefits PV Costs Firms Consumer Duty £24.7m Redress and Dispute Resolution £6.5m COBs £1.4m Regulatory Reporting £7.4m Training and Competence £14.8m Safeguarding rules for SICs £12.2m Amendments to CASS requirements £0.5m CASS requirements for Staking £24.1m Cryptoasset Lending and Borrowing £5.2m Net Impact £-96.7m 10. Our rules may impact competition in cryptoasset markets, through raising barriers to entry for firms. We consider the potential adverse impacts of our intervention on competition to be proportionate in order to reduce the harms we currently observe in cryptoasset markets. 11. Overall, we anticipate our proposed rules will deliver net benefits to consumers while being proportionate to firms. We expect benefits will materialise in the form of improved products and services, reduced need to seek compensation or redress, time savings for consumers, and enhanced customer confidence and participation in financial markets. Our analysis indicates these benefits will be more substantial than the higher compliance costs to firms our rules will create.

78 Introduction 12. The Financial Services and Markets Act (2000) requires us to publish a cost benefit analysis (CBA) of our proposed rules. Specifically, section 138I requires us to publish a CBA of proposed rules, defined as ‘an analysis of the costs, together with an analysis of the benefits that will arise if the proposed rules are made’. 13. As set out in the Cryptoasset Regulations, the Treasury has established a UK financial services regulatory regime for cryptoassets and introduced a number of cryptoasset activities into our regulatory perimeter (CP 25/14 and CP 25/40). Firms will also need to comply with prudential requirements associated with the cryptoasset specific activity they are undertaking (CP 25/15 and CP 25/42) and comply with rules relating to market abuse and disclosures to clients (CP 25/41). 14. In addition to these activity-specific rules and prudential requirements, we are proposing authorised cryptoasset firms be subject to wider FCA Handbook rules and standards, as set out in this CP and in CP 25/25. This will ensure cryptoasset firms face similar regulatory requirements as other regulated traditional financial services firms when operating in UK financial markets, in line with HMT’s stated “Same Risk, Same Regulatory outcome” approach. We these rules will reduce harm to consumers, support market integrity and promote competition in UK cryptoasset markets.

79 Figure 1- how our cross-cutting rules impact with our wider crypto regime Activities assessed in CP 25/40  Activities in scope of this CBA  Activities assessed in CP 25/14  Activity-Specific rules Operating a Trading Platform Cryptoasset intermediation Lending and Borrowing Staking Cryptoasset Custody (SICs) Cryptoasset Custody (QCs) Stablecoin Issuance Activity-Specific prudential requirements Prudential requirements for Operating a Trading Platform Prudential requirements for Cryptoasset intermediation Prudential requirements for Lending and Borrowing Prudential requirements for Staking Prudential requirements for Cryptoasset Custody (SICs) Prudential requirements for Cryptoasset Custody (QCs) Prudential requirements for Stablecoin Issuance Additional Cryptoasset firm requirements Market Abuse rules and Admissions and Disclosures requirements (CP 25/41) Firm Standard and Cross-Cutting rules Training, Redress, Consumer Duty, COBs (This CBA) Existing FCA rules for cryptoasset firms Including: Financial Promotions rules, MLRs, and Travel Rule FCA Cryptoasset Regime CP 25/25: SYSC, High level standards (PRIN)

80 15. This analysis presents estimates of the impact of applying FCA Handbook rules to authorised cryptoasset firms. We provide monetary values for the impacts where we believe it is practicable to do so or otherwise provide a qualitative assessment. Our proposals are based on consideration of the expected impacts and judgement on the appropriate level of regulatory intervention. 16. This CBA has the following structure: • The Market • Problem and rationale for intervention • Our proposed intervention • Options assessment • Baseline and key assumptions • Summary of impacts • Benefits • Costs • Competition assessment and wider economic impacts • Monitoring and evaluation The Market 17. The term ‘qualifying cryptoasset’ is defined in the Cryptoasset Regulations and includes both unbacked (Bitcoin, Ethereum, Dogecoin) and backed (stablecoins) forms of digital assets. Unbacked cryptoassets are digital assets whose value is not backed by an underlying asset, instead it is determined based on supply and demand. In Comparison, stablecoins are digital assets that have their value determined by an underlying asset, with the most popular stablecoins referencing fiat currencies. 18. Our consumer research indicates cryptoassets today are primarily considered an investment product by UK consumers, with limited opportunities to use cryptoassets for payments across UK merchants. The global cryptoasset market is characterised by limited regulatory oversight, with its size reported as $3.3trn based on market capitalisation as of November 2025. 19. We have previously described cryptoasset markets within CP 25/14 (Stablecoins and Custody), CP 25/25 (Cross-Cutting Firm Standards), CP 25/41 (Admissions and Disclosures and Market Abuse), and CP 25/40 (Regulating Cryptoasset Activities). In this CBA, we limit our focus on aspects of the market relevant to our proposed intervention and which we have not previously addressed within these previous analyses. Consumer outcomes and experiences 20. Cryptoassets are owned by a small minority of UK consumers. Demand is concentrated among younger, male consumers, from higher income households and who consider themselves to be more comfortable with risk.

81 21. Consumers who own cryptoassets generally report positive experiences from engaging in the market despite limited regulatory protections. Many consumers also report that they would purchase more cryptoassets if they had a higher disposable income (61%) or if the market were regulated (49%). Figure 2 – Attitudes among UK Cryptoasset consumers Agree Don’t know Disagree Crypto is a risk I'm prepared to take I'm happy trading in a largely unregulated market I would be more likely to buy crypto if it was regulated Positive experience with crypto and I am more likely to buy more I would buy more crypto if I had a larger disposable income I know that at some stage, I will make money out of the crypto market I regret ever having bought crypto I believe that crypto and other alternative investments are better than investments provided in the mainstream financial sector I believe I have a good understanding of how cryptocurrencies and the underlying technology work 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 22. Despite positive sentiment, scams are common in UK cryptoasset markets, with our research suggesting many consumers consider these an accepted feature of the market. 9% of UK cryptoasset holders say they have been a victim of a scam or fraud involving cryptoassets, with social media scams the most common. Security Tokens 23. “Specified investment cryptoassets” (SICs), also called security tokens, are cryptoassets that are linked to a security or contractually based investments. This can also include tokenised funds. These are typically tokens on a Distributed Ledger Technology (DLT) that represent an interest or right to an existing financial instrument (such as an equity or bond). This is a technological consideration specific to cryptoassets but does not have a separately identifiable market. 24. There is increasing institutional interest in SICs, due to potential efficiencies offered by DLT relative to legacy financial infrastructure. This includes novel forms of asset issuance (including fractional ownership), enhanced liquidity through atomic settlement, and potentially lower costs from a reduced reliance on intermediaries. 25. As of November 2025, there were an estimated $36bn in global real-world assets issued on publicly available DLTs (excluding stablecoins, which had a combined value of $298bn). This is an increase from ~$5bn at the start of 2023 and does not include any assets issued on private DLTs. Assets issued include a mixture of government

82 debt (~9bn US Treasuries), commodities (~$3bn Gold) and equities linked such as Tesla, MicroStrategy and Nvidia stocks. Drivers of Harm and Rationale for Intervention Description of the Harm 26. The limited regulatory oversight cryptoasset firms currently face has resulted in lower standards, with fraud and scams being more common compared to other financial markets. There were an estimated 9,000 cryptoasset scams or frauds reported to the FCA in both 2022 and 2023 in the UK, compared to approximately 3,000 in 2020 (a 200% increase). For comparison, our Financial Lives Survey (FLS) data suggests “Banking and Payments” related frauds and scams (such as APP) increased by about 30% during this time period (from affecting 10% of adults in 2020, to 13% in 2024). 27. We have observed numerous harms from consumer engagement in products and services offered within cryptoasset markets, including: • Unsuitable products being sold to UK consumers. Cryptoasset firms may offer products which are not appropriate or in the best interest of their UK consumers. This can result in harm if UK consumers are exposed to higher levels of risk, due to lack of understanding. For example, prior to an explicit FCA restriction, complex and high-risk products such as Crypto CFDs and Derivatives were available to UK customers via popular exchanges with minimal safeguards for consumers in place. Some more anecdotical evidence includes: – Firms not being transparent on risks: During the period 2020-2022 cryptoasset markets underwent a strong increase in demand for lending products. However, many firms providing these activities did not clearly communicate the risk associated with these products. This may have resulted in some consumers being unaware of the level of risk they were taking on when purchasing these cryptoasset and associated products, ultimately resulting in harm when several of these firms (Celsius, BlockFi) failed. – Consumers permitted access to complex products: Prior to their ban in 2021, many trading platforms allowed UK consumers to access cryptoasset derivatives, despite limited evidence to suggest consumers understand leverage or margin calls. • Poor or limited redress. Cryptoasset firms may not have redress mechanism to solve clients’ complaints. This can result in consumers relying on the firm to resolve any issues they experience, which may lead to sub-optimal outcomes. Analysis published by the Consumer Finance Protection Bureau (CFPB) found high number of complaints associated with Cryptoasset firms, with frauds and scams, and issues related to transactions the most common category. An example from this report is a consumer who was unable to access the app where he kept his cryptoassets for six hours, being unable to make any transaction. He complained but did not receive any compensation from the app.

83 • Harmful firm practices. Firms may hinder consumers’ ability to properly assess and use products or services or introduce unreasonable barriers in their processes known as ‘sludge’. Customers may also be sold cryptoasset products and services that do not represent fair value. We have previously identified harmful firm marketing behaviours, including not providing sufficient information on risks, or risk warnings being intentionally hard to read • Inadequate safeguarding of client assets. We have observed repeated instances of harm materialising from firms providing custody of cryptoassets (primarily in global markets), with much of this materialising due to poor management practices within the firm. Inadequate safeguarding can result in custodians with fewer assets than liabilities, with limited possibility for recourse (particularly if the custodian firm fails). In 2023, Prime Trust, a US-based custodian declared it had lost access to private keys for certain wallets, with funds sent to those addresses effectively lost. This resulted in the firm entering receivership, with $85m owed to clients. Similarly, Quadriga, a Canadian exchange relied on a private key to the firm’s wallets holding clients’ assets which was known only by the firm’s CEO. The CEO’s unexpected death in 2018 led to clients losing access to their assets with no possibility of recourse. 28. The above harms can be exacerbated due to limited consumer understanding of risks and features of cryptoasset markets. Our consumer research has highlighted that many consumers do not undertake adequate research prior to their purchase of cryptoassets and have poor awareness of the levels of financial protections they have when engaging in cryptoasset markets. 29. These harms are primarily limited to individuals who choose to engage in cryptoasset markets, and so their impact on the wider UK economy is currently limited. However, as cryptoassets have grown in popularity, the risk of harmful behaviour from firms spilling over and adversely impacting the wider UK financial services sector has increased. In addition, there is increasing interconnectedness between the traditional financial sector and cryptoasset markets, as noted by the Financial Stability Board (FSB). Drivers of Harms 30. The drivers of the above harm are market failures which include information asymmetries, behavioural biases and misaligned incentives for firms: • Asymmetric information. Our consumer research suggests most UK consumers have a limited understanding of cryptoasset products. Instead, their primary motivation in owning cryptoassets is to make money quickly. They may also have limited knowledge of firm standards and regulatory requirements and may assume higher levels of protections that are actually in place, based on their experience with UK financial markets more broadly. This is supported by our consumer research which suggests many cryptoasset consumers considered the cryptoasset trading platforms they engaged with as being equivalent to banking or other investment services.

84 • Behavioural distortions. FCA research with UK consumers suggests a strong culture of optimism in the sector, with recent price rises have led many consumers to conclude that prices will continue to rise. As evidenced in our behavioural research, consumers may be overconfident in their ability to choose investment products, attributing success to skill rather than luck and heavily discounting the likelihood of future risks. Consumers also demonstrate ‘herding’ behaviour, often relying on the activities of their peers or endorsement by celebrities/influencers to support their decision making. • Concentration risk and misaligned incentives: While consumers would benefit from a more transparent and risk-mitigating approach, firms themselves may face weak incentives to do so, as it would likely increase their costs and they face limited competitive pressure. As noted above, cryptoasset consumers exhibit evidence of herding behaviour by relying heavily on advice from peers and conduct limited research prior to investment. This has resulted in demand concentrated in key products and firms, creating weak competitive pressures for firms to prevent consumers experiencing harm. 31. While global regulation of cryptoassets is increasing and may partially mitigate some of these failures, these are likely to continue to materialise and negatively impact UK consumers. The FCA, through its experience regulating cryptoassets for AML/CTF and financial promotions, is best placed to deliver a new regime for cryptoassets which mitigates harms to consumers, is proportionate to firms and encourages financial innovation. Proposed Intervention 32. We are designing a regime based on our operational and strategic objectives, with a view to mitigate the risks cryptoasset firms may present. These are: a. Protecting Consumers b. Protecting the integrity of the UK financial system. c. Promote effective competition in the interests of consumers. 33. Our rules will look to achieve these objectives through reducing factors which drive harm, while encouraging innovation in UK financial services markets. Our rules also advance our Secondary International Competitiveness and Growth Objective, through creating a well-functioning cryptoasset market. Proposed rules 34. Our proposed intervention includes: • Applying the Consumer Duty to Cryptoasset firms. Cryptoasset firms will be required to comply with the Consumer Duty. • Conduct of Business Sourcebook (COBS). We are proposing to extend our Handbook glossary definition of ‘designated investment business’ (DIB) to include the cryptoasset regulated activities.

85 • Redress requirements. We are proposing cryptoasset firms follow the dispute resolution requirements (including consumer access to FOS). This will require cryptoasset firms to properly handle consumer complaints, and report complaints data on a regular basis to the FCA. • Regulatory Reporting Requirements. Firms will be required to submit regular reports on redress activity, complaint and client volume data and outcomes, with specific metrics for crypto-related products and services. • Training and Competence. Firms will be required to comply with the Training and Competence Sourcebook. • Cryptoasset custody: Our proposed intervention will expand upon our proposals set out in CP 25/14 to include safeguarding of Specified Investment Cryptoassets (SICs). We are also proposing minor amendments to rules consulted on in CP25/14. • Cryptoasset Lending and Borrowing (additional requirements): Firms will need to comply with the rules we set out in order to provide cryptoasset borrowing services to UK customers. 35. Our proposed rules are intended to provide the appropriate levels of consumer protection we believe necessary to reduce harm and encourage innovation and UK competitiveness. Our rules will create a broadly equivalent regime along the design principles of “same risk, same regulatory outcome” for cryptoasset activities and traditional financial products, with variations to reflect unique aspects of cryptoasset markets. 36. In identifying how our rules can support both FCA strategic and operational objectives, we consider our approach from a perspective of “rebalancing risk”. In “rebalancing risk” we look to assess the relationship between the benefits being sought and the potential harm that could be caused in pursuing these benefits. This approach is not about accepting harm, but rather about ensuring we make balanced, risk-informed decisions that reflect the real-world complexity of dynamic markets, and allow us to be a smarter, more adaptive regulator. 37. We expect our approach will reduce harms for consumers currently engaging in UK cryptoasset markets. However, our approach may inadvertently encourage new consumers to enter the market (‘halo effect’) and engage with high-risk cryptoasset products they have not previously encountered. This could result in changes to the distribution of risk, with our consumer research suggesting new entrants to cryptoasset markets are more likely to be below 34 and female. 38. We believe our approach rebalances risk appropriately, through significantly reducing harm in cryptoasset markets, while ensuring our regulation is proportionate to firms and providing opportunities for growth which benefit consumers. This has informed our overall policy interventions and consideration of a range of regulatory approaches. Options Assessment 39. In identifying our proposed intervention, we considered alternative approaches within the framework set by the government which sought to achieve similar outcomes.

86 Options were assessed in terms of how well they would support the FCA’s Strategy and Objectives, their constraints and potential delivery risks, in addition to any unintended consequences they could create. 40. Our assessment of alternative options for regulating the above cryptoasset activities regimes focused on proportionality, feasibility and alignment with international standards. These alternative approaches included: • Applying Financial Services Compensation Scheme (FSCS) to cryptoasset investments: Our research shows there is significant demand among cryptoasset consumers for FSCS-style protection. However, as cryptoassets are classified as high-risk investments, they are not eligible for FSCS coverage—just as other high-risk investments in traditional financial markets are excluded. Introducing FSCS protection for cryptoassets could also create a pronounced “halo effect,” potentially leading consumers to overestimate the level of protection available. Additionally, the FSCS levy could pose a barrier to entry for firms, particularly smaller ones, if cryptoasset firms tend to faced high volumes of redress complaints. This could result in higher fees, and an increased burden on smaller market participants. • Not applying the Consumer Duty: In CP25/25, we noted that the Consumer Duty is a relatively new requirement the FCA places on firms, and cryptoasset firms may struggle to understand how to apply it correctly within the context of the products and services they offer to UK consumers. However, findings from our behavioural research and responses to CP25/25 highlighted that not having the Consumer Duty for cryptoasset markets in place could create an unlevel playing field between cryptoasset firms and the wider financial sector, particularly for firms who offer products and services in both. • Restricting the use of Credit for purchasing Cryptoasset products In DP 25/1 we proposed restricting the use of credit cards for the purchase of cryptoassets. We noted that our consumer research had suggested an increasing use of credit cards to purchase cryptoassets and highlighted a potential risk of vulnerable consumers becoming indebted. Additional consumer research we have undertaken suggests credit card users are less financially vulnerable than other cryptoassets owners and appear motivated by financial protections provided by credit card schemes. It also indicated banning cryptoasset purchases with credit card purchases would likely have limited impact on investment decisions.

87 How it would support FCA Strategy and Objectives Constraints and delivery risks Likelihood of unintended consequences Overall Assessment Allow FSCS to cover cryptoasset firms Consistent with our strategy to reduce consumer harm The levy may act as a barrier to entry for smaller firms Consumer could move resources from traditional financial assets to crypto, which would impact growth. Not clear that this approach would incrementally reduce harm beyond our other requirements, and strong likely of unintended side effects Restrict use of Credit to purchase Cryptoasset products Could reduce consumer harm by protecting vulnerable consumers May be difficult to prevent in practice Could result in some consumers being worse off (as many use credit cards for financial protections) Not proportional relative to expected benefits of approach Do not apply the Consumer Duty and only rely on our Handbook Would not align with our design principle of “Same Risk, Same Regulatory Outcome”, as different rules would apply to cryptoasset firms. Could create an unlevel playing field between cryptoasset firms and the wider financial sector, particularly for firms who offer products and services in both Traditional financial firms might separate their cryptoasset activities to avoid the Consumer Duty, exposing consumers to a higher likelihood of harm Consumer would be less protected when investing in cryptoassets Proposed approach Consistent with global approach. Risks to consumers are reduced but not eliminated Consistent with current FCA approach to traditional financial instruments Risk of halo effect of regulation from consumers Consistent with IOSCO standards, option reduces harm while also creating opportunities for innovation

88 Causal chain 41. The below figure presents the causal way we expect the above changes will improve outcomes for consumers and support our secondary competitiveness and growth objective. Our interventions seek to reduce harm to consumers and the wider markets, and balance risk in such a way to support our International Competitiveness and Growth secondary objective. 42. Our causal chain demonstrates how we expect our regulatory intervention results in changes in the market which have knock-on effects which ultimately result in reduced harm for consumers. 43. Our key assumptions are: • Introducing regulation provides greater clarity and regulatory certainty to firms, which results in increased market entry and engagement. • Market participants change their behaviour as a result of our intervention, including adjusting business models in line with our proposed requirements. • Standards and governance rules create strong incentives for market participants to minimise fraud and scams on their platforms

89 Proposal: Introduce additional cross-cutting requirements Proposal: Additional Safeguarding rules Redress and Financial Ombudsman Scheme (FOS) Consumer Duty (CD) Conduct Business Sourcebook (COBS) Training and Competence Reporting Requirements Regulating Cryptoasset Lending and Borrowing (L&B) Introduce CASS rules for Specified Investment in Cryptoassets (SICs) Firms adjust the redress schemes and pay FOS fees Higher standard of care provided by firms to consumers through appropriate information disclosure The inducements firms receive from third parties are reduced and transparent. They disclose relevant information to clients Firms ensure that employees have the necessary skills to deal with clients Firms report data on redress and complaints to the FCA Firms require additional appropriateness testing and comply with safeguarding rules Firms properly safeguard client assets Easier to receive a compensation payment Increased transparency and information Employees offer better products and services FCA has better information Reduced risk of unexpected payments for consumers Reduced likelihood of safeguarding failure Better information handling alongside reduced consumer scams and frauds. Increased consumer confidence and trust Consumers receive better and more adequate treatment. Trading with cryptoassets is safer Improved regulatory clarity and firm entry Proportionate approach to regulation reduces harm while promoting fair and effective competition  Interventions  Firm changes  Intermediate outcomes  Outcomes   Drivers of international growth and competitiveness   Eff ect on international growth and competitiveness Potential improved international competitiveness due to higher trust, participation and confidence in the UK HARM REDUCED

90 Our Analytical Approach Baseline 44. In our CBA, we assess the costs and benefits of our proposals against a baseline, which describes what we expect will happen in the cryptoasset market (both domestic and international) in the absence of our proposed policy change. We compare a ‘future’ under the new policy, with an alternative ‘future’ without the new policy. Our “future” may be considered as a “Do minimum”, wherein we authorise cryptoasset firms within the UK, but do not apply the cross-cutting requirements proposed in this CP (i.e. Consumer Duty, DISP, COBS, etc). 45. We consider the assumptions used to establish our baseline as comprising our “central scenario” as they represent our best estimate of the likely costs and benefits, we expect to materialise from our proposals. 46. We recognise the limited regulation of cryptoassets currently creates challenges for the accuracy of this central scenario, and our estimates and analysis above are subject to significant uncertainty. To account for this, we consider an additional scenario where the impact of our intervention is more costly for firms to implement than within our central scenario. We examine the impact of this additional scenario relative to the baseline in our sensitivity analysis below. 47. We assume that without our proposed rules, the harm we outlined earlier in this document will continue to the same frequency over the next 10 years. Data Sources Engagement with firms 48. We have published a series of Discussion Papers detailing the anticipated impacts of the proposed regulations on firms. DP responses largely agreed with our assessment of the type of costs which would materialise, including both direct compliance costs and business model changes. We used responses to our DP questions to build the assumptions we utilise within this CBA. 49. In July 2025 we sent cost surveys to firms we identified as potentially being in scope of our future cryptoasset regime. In total, we received 40 responses from firms, who provided detailed costs estimates for complying with elements of our proposed rules. Firms who provided responses represent a significant share of firms we expect to be impacted by our proposed rules and included responses from both larger and smaller firms. 50. Our analysis and assumptions are further informed by responses to our earlier cryptoasset CPs (CP25/14 and CP 25/25).

91 Consumer data 51. Since 2019, the FCA has published a regular series of cryptoasset research notes based on survey data of UK cryptoasset consumers. Our most recent publication (Wave 6, with fieldwork taking place in August 2025) involved over 3,000 respondents and provides us with the opportunity to identify trends in consumer behaviour. We use this survey data for estimating the current baseline in the market, and how demand for products could change following regulation. Previously published FCA CBAs 52. Several of the Handbook requirements (including the Consumer Duty) we are proposing applying to cryptoasset firms have been consulted on in recent years. These consultations have been supported by CBAs, which have provided indication of the type of costs and benefits we could expect to materialise for firms subject to these areas of the FCA Handbook. In using cost estimates from previously published CBAs, we update cost estimates to our current price year (2025). 53. Reliance on these previous CBA estimates may result in additional uncertainty for our cost estimates, as it requires us to assume cryptoasset firms will incur costs at a similar rate as existing FSMA-authorised firms. We welcome feedback on potential limitations with this assumption. Data limitations 54. Our surveys for previous consultation and discussion papers along with firm engagement have helped us in better understanding of how the cryptoasset sector currently operates within the UK, and the potential costs and challenges which may arise because of our proposed intervention. This is particularly true in our understanding of retail demand for cryptoasset, where our various research outputs have provided us strong insight into how and why UK consumers engage with cryptoassets. However, in gathering our data to assess the impact on firms, we face several limitations which affect our analysis, namely: • Cryptoasset sector is new and fast evolving: Many firms who will be in scope of Treasury legislation and thereby affected by our rules are currently outside our regulatory perimeter and may have limited experience of the regulation our proposed intervention would introduce. • Reliance on previous FCA CBAs and our SCM: We have used data from previously FCA CBAs, and our Standardised Cost Model to assess likely impacts of our proposed rules to firms. This creates a risk of inaccurate estimates of costs to cryptoasset firms, due to different business models relative to other FSMA firms we regulate. • Uncertain number of firms: Costs estimated scale with the number of firms in our future regulatory regime. A smaller population than we estimate would result in lower aggregate costs, and vice versa.

92 55. We have taken several steps to address any adverse impact of these limitations. To better understand costs to firms, we undertook a comprehensive review of cryptoasset related cost-benefit analyses (or equivalent) published by international regulators and used these to inform our evidence base. We have also used data from other areas we regulate cryptoasset firms, such as financial promotions, as assessed in CP 22/2 (financial promotion rules for cryptoassets). 56. While we recognise the limitations of our evidence base, we are satisfied it is of sufficient quality to estimate impacts of our proposed intervention. We are open to views in response to the Panel consultation. Key Assumptions 57. To estimate the impact of our proposed rules, we require assumptions for our analysis. These assumptions are based on our understanding of UK and global cryptoasset markets, but are subject to uncertainty, due to the novel and fast-evolving nature of cryptoassets. Our analysis is highly sensitive to these assumptions, and we welcome feedback and challenges on our assumptions. 58. We consider the impact of our proposals over a 10-year period with costs and benefits occurring from the assumed time of implementation. We account for any costs and benefits arising from moving between the interim and end-state rules. When estimating net present value of costs and benefits, we use a 3.5% discount rate as per Treasury’s Green Book. Prices are provided in 2025 figures. 59. Our assumptions are consistent with the CBAs we have previously published in (CP 25/14, CP 25/15, CP 25/25, CP25/40, CP 25/41, and CP 25/42), including: • Full compliance with new rules by firms. • UK consumers only engage with UK authorised firms who comply with our rules. • Costs estimated for FSMA firms to comply with FCA regulation in previous FCA CBAs are reasonable approximations for costs cryptoasset firms will incur to comply with similar regulatory requirements. 60. Many firms that will seek authorisation under the FCA’s cryptoasset regime may already be regulated by the FCA for other activities, and so already be familiar with our Handbook requirements. For simplicity, we assume all costs to firms are additional. Actual costs incurred by firms may be lower if they are already regulated and compliant with our rules. 61. In estimating volumes of complaints, we use data relating to “Investment Products” to approximate future frequencies in UK regulated cryptoasset markets. We assume these are the most appropriate comparison for the types of products and services cryptoasset firms will offer and so have provide an indication of the frequency of consumer complaints we anticipate occurring in cryptoasset markets following our intervention.

93 Assumptions on number of firms affected. 62. Overall, we anticipate that firms of different sizes will incur different costs. We categorise firms as Large, Medium or Small based on our CBA Statement of Policy. Firm populations are based on survey responses (both consumers and firms), in addition to our expectation of how attractive our rules will be to firms and business model restrictions they will place. Table 2- estimated firm population Small Medium Large Total Regulated Cryptoasset firms 120 50 10 180 Assumed UK firm population following our intervention Large Medium Small 0 100 150 50 200 1 2 3 4 5 6 7 8 9 10 Years 63. We assume larger firms enter the market immediately, to avoid disruption to their current business operations. We assume most other firms enter the market gradually as they become familiar with our rules and requirements. 64. We assume that absent of our intervention a large number of firms will keep operating in UK cryptoasset markets, although the market will be dominated by a small number of large cryptoasset firms. We currently have 50 registered firms for MLR, and internal FCA analysis has identified about 500 firms operating in the UK and global cryptoasset markets. Assumptions on Consumers 65. Following our intervention, we assume demand for cryptoassets increases. As outlined in our consumer research, a significant share (8%) of non-crypto owners indicate they would be more likely to purchase cryptoassets if it were regulated, even if this did not involve financial protections against losses. We assume these individuals enter the UK cryptoasset market after our cryptoasset regulatory regime has been established.

94 66. The type of users may change due to our intervention, with women and more risk￾averse individuals more likely to invest in cryptoassets if regulatory protections are introduced. We assume any new users in the market hold similar portfolios as existing users, in both our proposed option and counterfactual. Assumptions on the wider cryptoasset market 67. Our data indicates most cryptoasset firms used by UK consumers are based internationally. Given uncertainty as to when international regimes will introduce regulation, we assume standards introduced internationally will not apply similar levels of protection for UK consumers as our proposed intervention. 68. We also make the following assumptions: • Benefits result from imposing new requirements to firms within the FCA’s regulatory perimeter and not what other jurisdictions impose elsewhere. • The overall regulatory treatment of firms aligns with IOSCO recommendations for jurisdictions (e.g. EU, Singapore) in the long-term. 69. And use the following terms: • Unless stated otherwise, all references to ‘average’ are the mean average. • All price estimates are nominal. 70. Individual firms may in practice bear costs greater or lower than the per-firm averages used to estimate overall costs to the industry. This will depend, among other things, on the participants’ individual size, makeup, and current practices. Summary of Impacts 71. This section summarises benefits and costs of our intervention, the net present value (NPV) over the appraisal period and the net direct cost to firms. Benefits and costs include those incurred by firms, consumers, the FCA and wider society. Direct impacts are unavoidable whilst indirect impacts depend on how consumers and firms respond. Costs and benefits will be both one-off, and ongoing. 72. The key expected benefits are: • Improved market confidence due to regulatory clarity • Improved consumer protections, including redress in the event of harm • Reduced risk of harm to consumers due to higher regulatory protections • Firms will benefit from increased revenue due to higher levels of regulatory protections leading to increased consumer demand. 73. The key expected costs are: • Compliance costs to firms, including IT and personnel costs, which will be both one-off implementation and ongoing costs for firms to comply with the new requirements.

95 • Changes to business models as a result of our regulations. • Authorisation and supervisory costs for the FCA to ensure new and existing firms meet the requirements. • Reduced consumer investment in existing regulated financial products, due to substitution toward cryptoassets. 74. A summary of our expected costs and benefits, in our central scenario, is set out in the table below: Total Impacts (10-year Present Value) Group Affected Item Description PV Benefits PV Costs Firms Consumer Duty £24.7m Redress and Dispute Resolution £6.5m COBs £1.4m Regulatory Reporting £7.4m Training and Competence £14.8m Safeguarding rules for SICs  £12.2m  Amendments to CASS requirements £0.5m CASS requirements for Staking £24.1m Cryptoasset Lending and Borrowing £5.2m Net Impact £-96.7m 75. The Estimated Annual Net Direct Cost to Business (EANDCB) from our proposals, affecting qualifying cryptoasset firms is set out in the table below. Due to measurement challenges, we could not quantify all benefits and, as a result, our quantified net costs exceed our quantified net benefits. However, as detailed below, our assessment is that the non-monetised value of our benefits exceeds the costs of our intervention. Total (Present Value) Net Direct Cost to Business (10 yrs) EANDCB Annual Total (Present Value) Net Direct Cost to Business (10 yrs) EANDCB £96.7m £11.3m

96 Benefits Benefits to Consumers 76. The primary benefits to consumers relate to reduced incidence of harm through greater regulatory protections. We anticipate the following benefits to consumers. • More appropriate consumer transactions: The Consumer Duty will lead to increased vigilance by firms, while clearer information and greater transparency will enhance consumers’ ability to make informed decisions. • Improved consumer protections: Consumers will have similar protections to those in traditional finance, such as clearer disclosures, fair treatment, and access to redress mechanisms through FOS. • Clarity on rights: Consumers will better understand what protections they have and what to expect from crypto service providers, enhancing customer confidence and participation in financial markets. 77. We discuss each of these benefits and how we expect them to materialise below. More appropriate consumer transactions 78. Cryptoassets are complex products, and their risks are often not understood by consumers. Under the Consumer Duty and certain provisions in COBS, firms will have to provide consumers with appropriate information to make decisions to meet their financial goals, ensuring products offered are fit for purpose and consumer behavioural biases are not exploited. 79. Our consumer research provides an indication of how consumers will benefit from more appropriate information. Currently, 26% of cryptoasset users say they do not have a good understanding of how cryptoassets or the underlying technology work, with many relying on advice from family and friends for investment decisions. Transactions will ensure consumers have confidence that firms are acting in line with consumer interest, where they can effectively access information and assess how specific cryptoassets offered by firms can best meet the demand. 80. Our consumer research suggests a substantial minority of cryptoasset users have limited knowledge of cryptoasset products and markets. By making firms responsible for sharing appropriate information with consumers, our package of remedies should increase transparency and aid consumers with making informed decisions, enabling them to properly assess products without hindering their ability to conduct transactions. These measures should result in better product matching and welfare improvements from reduced stress.

97 Improved consumer protections 81. Our proposed new standards for cryptoasset firms would extend many protections that currently exist for traditional finance to cryptoasset holders. The benefits of these protections are not all possible to quantify. Consumers will benefit from a formal complaints process with a fixed cap on the amount of time a firm can spend on handling complaints. This will likely provide greater accountability and reduced stress for consumers compared to firms’ existing complaints handling processes. 82. Under HMT Green Book guidelines, financial transfers between parties do not, in themselves, constitute net economic costs or benefits and are not treated as such in a CBA. Any future redress payments in this context between UK consumers and cryptoasset firms would represent transfers from firms to consumers to address future non-compliance, rather than new resource costs and benefits generated by the proposed intervention. 83. As such, we do not directly quantify the expected impact of FOS access in terms of consumer benefits within our CBA estimates. For clarity, we provide additional context on the expected impacts and redress payments UK consumers might receive, as outlined in our sensitivity analysis below. Clarity on rights 84. In the absence of clear guidance and regulation from the FCA, consumers are likely to be unsure of their rights. For example, our Financial Lives Survey found that around a quarter of cryptoasset holders are unsure about their entitlement to FCSC protections. Consumers may incorrectly assume that they benefit from the same safeguards that apply to regulated financial products and may be substituting investments towards cryptoassets more than is beneficial. 85. By publishing clear standards, we will standardise rights across different firms and reduce uncertainty for consumers. This will enable more consumers to take advantage of protections offered to them and help them to make better-informed decisions about investments, enhancing customer confidence and participation in financial markets. Consumers will have higher trust in authorised firms and raise conduct standards over the longer term. Benefits to firms 86. We expect our new regime to have the following benefits for firms: • Enhanced regulatory clarity: Our intervention will clarify standards, provide guidance, and reduce speculation over future regulatory actions, leading to lower uncertainty. There will be a reduced reliance on unsuitable business models and excessive risk, leading to improved business practices • Reduced risk aversion from traditional finance in participating in cryptoasset markets: By applying operational resilience, governance, and other standards to cryptoasset firms, we expect our regulation will enhance credibility and standardise practice within the UK cryptoasset market. This may increase engagement with traditional finance firms and alleviate challenges some cryptoassets firms have raised in accessing banking services.

98 • Greater consumer trust: Our requirements around transparency, operational resilience, and governance will increase consumer confidence in firms, potentially leading to higher demand for cryptoasset products. Improved consumer transactions ensure they can access a larger sized market following the familiarisation period for smaller and well-established firms. As outlined in our behavioural research paper, we anticipate regulation will read to significantly higher demand for cryptoassets among UK consumers, which will benefit firms through increased revenue and customer volumes. Costs Cost to firms 87. Costs will be both one-off (associated with implementation) and ongoing (which firms will incur in order to be compliant with our rules). As noted previously, the cost estimates below are subject to reporting inaccuracies and small sample size bias of our survey data. To account for this potential variation, we have included a sensitivity analysis assuming higher costs for firms. Applying the Consumer Duty 88. To estimate the cost of implementing the Consumer Duty, we reproduce the upper￾bound cost outlined in the Consultation Paper (CP) (CP21/36). We anticipate the majority of costs associated with applying the Consumer Duty will be one-off costs, through business model changes. We estimate for the average cryptoasset firm, this will be £140k in one-off costs. 89. Ongoing costs from applying the Consumer Duty will primarily be associated with monitoring and evaluation, such as collecting data on a regular basis to support the monitoring of consumer outcomes. These are estimated at £3k annual average costs to firms Regulatory Requirement Transition Costs (per firm) Transition Costs (population)* Ongoing Costs (per firm) Ongoing Costs (population)* Total population cost (10-year PV) Familiarisation and gap analysis £3k £0.6m £0.6m Training £0.6k £0.1m £0.1m IT Project £100k £19m £19m Change Project £22k £4m £3k £0.5m £5m Total Costs £126k £24m £3k £0.5m £24.7m

• Population estimates account for assumed incremental impact of rules

99 Redress and Dispute Resolution 90. Firms will face one-off costs associated with reading relevant sourcebooks DISP and COMP, in order to become familiar with our Redress standards. Firms will also need to train their staff on dealing with complaints from consumers appropriately, complaints reporting, and other compliance processes. 91. Our dispute resolution rules entitle consumers to refer complaints to the Financial Ombudsman Service. Using a comparison with complaints made for investment products and adjusting to reflect the size of the cryptoasset consumer market, we estimate 18,500 complaints will be made by consumers to firms on an annual basis. 92. We expect most complaints will be resolved by firms, and only a small portion of complaints will be brought to FOS. Using data from investment firms as a comparison, we estimate 5% of complaints will not be resolved by firms and require consideration by FOS. This results in an estimated 700 complaints annually going to FOS in relation to regulated cryptoasset firms. 93. Firms do not need to pay a case fee for the first 3 complaints against them. From the 4th complaint onwards in a given financial year the Financial Ombudsman charges a case fee of £650. We assume only complaints relating to large and medium sized firms will be brought to FOS. This resulted in an estimated average 16 complaints brought to FOS each year for each of our large-/medium-sized regulated cryptoasset firms. 94. As outlined in our benefits section, any redress payments would represent transfers from firms to consumers to address non-compliance. As our CBA assumes full compliance with our rules, we do not quantify potential redress payments as a cost to firms (although do provide discussion in our sensitivity analysis section as outlined below). 95. Total one-off costs for applying our redress framework are estimated at £8k average per firm, with ongoing costs of £3k. Regulatory Requirement Transition Costs (per firm) Transition Costs (population)* Ongoing Costs (per firm) Ongoing Costs (population)* Total population cost (10-year PV) Familiarisation and gap analysis £3k £0.5m £0.5m Training £3k £0.5m £0.5m IT Project £2k £0.4m £0.4m Case fees associated with FOS £3k £0.5m £5.1m Total Costs £8k £1.4m £43k £7.5m £6.5m

• Population estimates account for assumed incremental impact of rules

100 COBS 96. To govern Business and Conduct Standards we will apply sections of COBS, PROD, Financial Promotions and ESG from the Handbook. COBS is a key component of the FCA’s regulatory framework. It sets rules and standards for how firms should interact with clients, and ensures that they conduct business in a fair, transparent, and professional manner. Firms will be required to become familiar with these sourcebooks, and may undertake some staff training, as outlined below. 97. Compliance with COBS may require firms to undertake significant business model changes, which may result in substantive costs to them. Due to limited data on the likely changes required by our future population of firms, the cost estimates provided below for COBS only include the costs to firms associated with familiarisation with the relevant sourcebook chapters, and not any business model changes they will be required to undertake. We welcome feedback from firms on the likely costs. Regulatory Requirement Transition Costs (per firm) Transition Costs (population)* Ongoing Costs (per firm) Ongoing Costs (population)* Total population cost (10-year PV) Familiarisation and gap analysis £6k £1m £1m Training £1k £0.1m £0.1m IT project £2k £0.3m £0.3m Total Costs £9k £1.4m £1.4m

• Population estimates account for assumed incremental impact of rules Regulatory reporting

98. Cryptoasset firms will be supervised in line with the existing framework for FSMA￾authorised firms, applying relevant provisions from the Supervision (SUP) sourcebook. Firms must be familiarised with SUP 16 which includes about 900 pages of text, and conduct a gap analysis.
99. Once firms are familiar with reporting requirements, they will be required to submit data on a regular basis to the FCA. We have previously considered these regular reporting requirements to firms in our previous CBAs (e.g. Access to cash, CP23/29). As such, we assume that entities will spend approximately 10 working days (2 weeks) to set up the process to complete the data submissions.

101 Regulatory Requirement Transition Costs (per firm) Transition Costs (population)* Ongoing Costs (per firm) Ongoing Costs (population)* Total population cost (10-year PV) Familiarisation and gap analysis £9k £1.7m £1.7m Training £2k £0.3m £0.3m IT project £2k £0.3m £28k £0.6m £5.3m Total Costs £13k £2.4m £28k £0.6m £7.4m

• Population estimates account for assumed incremental impact of rules Training and competence

100. The Training and Competence Sourcebook will apply to cryptoasset firms which engage in dealing in qualifying cryptoassets as principal or agent (including cryptoasset lending and borrowing), safeguarding qualifying cryptoassets or a relevant specified investment cryptoasset (including arranging for a person to carry on that activity) where those cryptoassets are held on trust, and arranging qualifying cryptoasset staking for retail clients, similar to traditional finance. We assume firms will undertake training costs annually as set out within our CP, resulting in an ongoing cost of £10k per firm. Regulatory Requirement Transition Costs (per firm) Transition Costs (population)* Ongoing Costs (per firm) Ongoing Costs (population)* Total population cost (10-year PV) Familiarisation and gap analysis £1k £0.2m £0.2m Annual Training £10k £1.8m £14.6m Total Costs £1k £0.2m £10k £1.8m £14.8m

• Population estimates account for assumed incremental impact of rules Costs associated with safeguarding Specified Investments in Cryptoassets (SICs)

101. In CP 25/14 and CP 25/25, we estimated the costs of applying CASS rules to firms safeguarding “qualifying cryptoassets”. In this CP, we propose expanding these CASS rules to firms safeguarding relevant Specified Investments Cryptoassets (SICs). These requirements are the same whether a firm is only safeguarding qualifying cryptoassets, only safeguarding SICs or is safeguarding both.
102. We estimated 50 firms would be impacted by our proposed rules for qualifying cryptoasset custody. Following a review of market data, we identified up to 4 additional authorised firms that could be look to become authorised for cryptoasset custody in order to safeguard SICs. These firms will face additional costs associated with our custody rules for cryptoassets, as outlined in CP 25/14.
103. Custodians of SICs will be required to segregate clients’ cryptoassets from their own through the introduction of a trust structure, recording of ownership

102 and wallet labelling. One-off implementation costs are estimated at £405k per firm and £4.1m across our firm population. Ongoing costs are estimated at an average annual cost of £235k per firm, with an annual population cost £2.3m. 104. Firms will need to keep records as necessary to distinguish cryptoassets held for one client from cryptoassets held for any other client, and from the firm’s own cryptoassets. One-off costs are estimated at £24k per firm, with a population cost of £0.2m. Ongoing costs at £180k per firm, equivalent to £1.8m across our firm population.   105. Costs associated with introduced and applying our rules for custodians of SICs are outlined in the table below:  Regulatory Requirement Transition Costs (per firm) Transition Costs (population)* Ongoing Costs (per market participant) Ongoing Costs (population)* Total population cost   (10 year-PV)* Familiarisation  £5k  £0.1m  £0.1m  Segregation of Client Assets  £405k  £1.4m  £235k  £0.9m  £7.6m  Organisational Arrangements  £25k  £0.1m  £180k  £0.7m  £4.5m  Total Costs  £435k  £1.5m  £415k  £1.6m  £12.2m 

• Population estimates account for assumed incremental impact of rules CASS rules for Staking

106. In this CP, we are proposing that where staking services are offered on a custodial basis, the relevant firm must comply both with the applicable sections of CASS 17 and the CP 25/40 rules for staking. As a result, custodially staked assets will in most instances be held subject to the safeguarding trust. In scenarios where the staking service being provided requires the assets to exit the trust, a firm will be required to adhere to the applicable requirements for evidencing the necessity of the assets exiting the trust and receiving informed consent from the client.
107. Only firms safeguarding client assets will need to comply with our safeguarding requirements. In line with our estimates in CP 25/14, we assume this will be 50 firms (of the 60 firms total we expect to be authorised for staking).
108. The one-off implementation costs related to conforming with our rules is estimated to be £115k per firm or £6.9m across our population. Ongoing annual costs are estimated at £43k per firm or £2.6m across all firms.

103 Regulatory Requirement  Transition Costs (per firm)  Transition Costs (population)  Ongoing Costs (per market participant)  Ongoing Costs (population)  Total population cost  (PV across 10 year appraisal period)  Segregating client assts £115k £6.9m £43k £2.6m £24.1m Total Costs £115k £6.9m £43k £2.6m £24.1m Amendments to requirements for Cryptoasset Custodians 109. In CP25/14 (Stablecoin Issuance and Cryptoasset Custody) and CP 25/25 (Application of FCA Handbook for Regulated Cryptoasset Activities), we consulted on proposed rules that would apply to cryptoasset custodians that were only providing custody services. In this CP, we are proposing amendments to certain requirements we have consulted on previously and proposing new requirements to account for firms that provide other regulated cryptoasset services in addition to custody. These include: • Co-mingling of firm assets with client assets permitted in specific circumstances • Exceptions to requirements to hold client assets in trust (including for CATPs to settle transactions) • Changes to our proposed to appointing third parties. 110. Firms will need to become familiar with our new requirements and how they differ from the rules we have previously consulted on. We assume this will involve 10 pages of legal text review, in addition to a very small change project to identify business model changes required. We estimate this familiarisation cost to be £10k average per firm cost, with a total population cost of £0.5m (assuming 54 future authorised cryptoasset custodians). We assume no ongoing familiarisation costs. 111. Some amendments will permit more flexible business processes for firms authorised to conduct cryptoasset custody. Our assessment is that, other than familiarisation costs, these amendments to our proposed rules will reduce direct costs to firms relative to the previously estimated costs outlined in CP 25/14 and CP25/25. As a result, we assume the net impact of these proposed amendments will be a marginal reduction in costs to firms, relative to costs we have previously estimated. We welcome feedback on the likely cost savings the above amendments would create for authorised firms. 112. In addition to reducing direct costs to firms, our assessment is that these proposed changes to our requirements will not adversely impact future safeguarding standards within UK cryptoasset markets (i.e. they are a Pareto improvement). As a result, we do not believe these changes increase risk of safeguarding failures in authorised cryptoasset firms and so will not reduce benefits to consumers through avoided losses from improved safeguarding, as estimated in CP25/14. We welcome feedback on this assumption.

104 113. Total costs associated with our additional safeguarding requirements are outlined in the table below. Regulatory Requirement  Transition Costs (per impacted market participant)  Transition Costs (population))  Ongoing Costs (per impacted market participant)  Ongoing Costs (population)  Total population cost  (PV across 10 year appraisal period)  Familiarisation with amendments to proposed rules £10k £0.5m £0.5m Total costs £10k £0.5m £0.5m Cryptoasset Lending and Borrowing 114. Our rules will require that firms must determine whether the client has the necessary experience and knowledge to understand the risks involved with cryptoasset lending and borrowing activities specifically. We assume this will be an additional cost for 100% of firms. The one-off implementation costs related to conforming with our rules are estimated to be £40k per firm or £590k across our population. Ongoing annual costs are estimated at £35k per firm or £0.5m across all firms. 115. Borrowing firms will also have to safeguard collateral and be compliant with all safeguarding rules. 116. Costs associated with introducing and applying our rules for lending and borrowing activities in UK cryptoasset markets are outlined in the table below: Regulatory Requirement  Transition Costs (per firm)  Transition Costs (population)* Ongoing Costs (per firm)  Ongoing Costs (population)*  Total population cost  (10 year-PV)*  Familiarisation £5k £0.1m £0.1m Additional appropriateness testing  £39k  £0.6m  £35k  £0.5m  £5.1m  Total Costs £45k  £0.7m  £35k  £0.5m  £5.2m

• Population estimates account for assumed incremental impact of rules

105 Total costs to firms 117. In the below table, we aggregate the estimated costs of applying our existing Handbook rules to regulated cryptoasset firms that will be in scope of FCA regulation, once we introduce our proposed regime. Regulatory Requirement  Transition Costs (per firm)  Transition Costs (population)* Ongoing Costs (per firm)  Ongoing Costs (population)*  Total population cost  (10 year-PV)*  Applying the Consumer Duty £100k £24m £3k £0.5m £24.7m Redress and Dispute Resolution £8k £1.4m £43k £7.5m £6.5m COBs £9k £1.4m £1.4m Regulatory Reporting £13k £2.4m £28k £0.6m £7.4m Training and Competence £1k £0.2m £10k £1.8m £14.8m Costs to firms safeguarding SICs  £435k  £2.3m  £415k  £1.8m  £12.2m  CASS rules for staking £115k £6.9m £43k £2.6m £24.1m Amendments to proposed CASS rules £10k £0.5m £0.5m Cryptoasset Lending and Borrowing £45k  £0.7m  £35k  £0.5m  £5.2m Total Costs £611k £33.6m £496k £10.3m £96.7m

• Population estimates account for assumed incremental impact of rules

118. These cost estimates primarily relate to compliance costs that will be incurred by firms. There will likely be additional costs to firms associated with changes in business models which we have not captured above. New requirements could force companies to exit the market if they cannot meet the costs of our requirements, which may involve wind-up costs or stranded assets. We welcome feedback from firms on the likely scale of these additional costs. Costs to consumers
119. Firm may pass on their additional costs to consumers through higher prices. This may be exacerbated if our intervention raises barriers to entry and reduces competition in the market. If firms cannot pass through costs, it may lead to them cutting operating costs by reducing the quality of their offering, which would also impact consumers.

106 120. There is also a risk the increased consumer protection under the new regime, consumers will assume that they have protection in areas they do not. This halo effect of regulation could result in consumers purchasing products which they would not do otherwise. 121. We will take measures to address and minimise the above costs to consumers. We will ensure our communication is clear, to help consumers understand the regulatory protection our regime provides. However, costs may still materialise to consumers and while we do not consider it reasonably practicable to estimate these costs, we recognise they may be significant for some consumers. Costs to the FCA 122. We will incur costs for authorising firms in the new regime. The average time a case officer spends on one firm is around 40 hours, although that number can vary significantly with the size of the firm. We will recover these costs from firms through charging authorisation fees (which could be passed on to consumers). 123. There will also be costs associated with supervising additional firms and familiarisation with new and emerging business models. Costs could materialise from communication and publication of new rules. The FCA may incur additional costs to review monthly returns and reports we will require from firms. Risks and Uncertainty 124. We recognise that establishing potential costs and benefits before the intervention takes effect is inherently subject to uncertainties. If our assumptions do not hold or if we have not accounted for all market dynamics, the costs and benefits discussed in this CBA may be over or understated. In addition, data challenges and limitations in our methodologies could lead to inaccuracies in our estimates. Given the presence of the international market, the assumption of standards introduced internationally not applying similar levels of protection for UK consumers as our proposed intervention will also be monitored. 125. There may be unintended consequences of our intervention. We will continue to monitor the cryptoasset market for signs of any unintended consequences as described in further detail below. Break-even analysis 126. Our quantified benefits are estimated based on improved consumer redress in UK cryptoasset markets. We anticipate further benefits will materialise to consumers due to our proposed intervention, particularly through the application of the consumer duty. To account for the potential value of these non-quantified benefits, we have conducted a breakeven analysis to contextualise the benefits scope of our proposals. This illustrates the benefits that would need to be realised for each UK cryptoasset consumer for the proposed changes to be net beneficial.

107 127. To estimate the breakeven benefits, we used the total quantified costs that we estimate firms would incur over the 10-year appraisal period, in present value terms (£96.7m). We divided this by the total number of UK consumers currently engaged, and those who we expect to engage in cryptoasset markets in our counterfactual scenario (9.3m). 128. Our cost estimates are based on a combination of survey responses, previous CBAs and our Standardised Cost Model. However, costs incurred per market participant may be higher, particularly if they need more time to adjust their business models to our proposed rules. Given this uncertainty, we apply an uplift of 50% to our central estimates to illustrate the impact this could have on our cost estimates and the breakeven value required. 129. Results of our breakeven analysis are presented in the table below. PV Costs Breakeven-Point per consumer (10 year) Breakeven-Point per consumer (annual) Central Estimate £96.7m +£10.58 +£1.10 50% Higher Cost scenario £193.4m +£19.20 +£1.90 130. Our breakeven analysis suggests that our intervention will be net beneficial to consumers if they obtain an additional benefit of £10.58 over the course of our appraisal period (or up to £20 in our higher cost scenario). This is equivalent to £1.10 per consumer, per year within our central estimate scenario. 131. The increased demand as a result of the regulatory protections is assumed to attract consumers of similar portfolios. This result requires the regulatory certainty provided to firms to increase market entry and engagement. Given UK average cryptoasset portfolios were £2,250 as of August 2025, and that our research suggests most consumers would welcome additional regulatory protections, we consider it plausible that the benefits from our intervention to consumers will exceed the estimated breakeven threshold. Potential Redress payments to Consumers 132. In the event of firm non-compliance, consumers will benefit from access to FOS, which has the power to issue redress. To estimate the potential impacts and redress volumes, we use data on existing redress payments from firms selling “Investment products” to estimate the redress cryptoasset holders may receive under our new regime, accounting for the smaller size of cryptoasset markets. 133. There were an average 110,000 investments complaints made per year between 2020- 2024 against investment firms. Accounting for the smaller size of the cryptoasset market relative to investment products, we estimate 13,000 complaints will be made by consumers to firms on an annual basis.

108 134. We anticipate most complaints will be resolved by firms, and only a small portion of complaints will be brought to FOS. Using data from investment firms as a comparison, we assume 5% of complaints will not be resolved by firms and require consideration by FOS. This results in an estimated 700 complaints annually going to FOS in relation to regulated cryptoasset firms. 135. We assume the learning process outlined above to put downward pressure on redress costs over the first five years of the policy. However, we also assume the market to grow over our appraisal period, which puts upwards pressure on redress costs, as more consumers will make complaints. Not discounted Discounted 0 4 8 1 2 3 4 5 6 7 8 9 10 Redress paid (£, mn) Years after implementation 136. Over our ten-year period, we estimate consumers will receive a (discounted) £61 million in redress from firms, an average of £7 million annually (undiscounted). These payments represent avoided harm because of our regulatory intervention, as consumers will only be awarded redress if they have been considered to have experienced harm because of the firms’ actions. Competition Assessment 137. Our regime aims to reduce consumer harm by setting clear and proportionate standards for firms. These standards are designed to promote effective competition by ensuring a level playing field and enabling firms to compete on fair terms. Longer term, the measures are expected to strengthen both consumer protection and competition in UK crypto asset markets by enhancing trust and driving fairer market outcomes. 138. We recognise trade-offs between competition and consumer protection, and that our intervention may result in lower levels of competition in UK cryptoasset markets in the short run than if we introduced lower standards for firms. Longer term, the measures are expected to strengthen both consumer protection and competition in UK cryptoasset markets by enhancing trust and driving fairer market outcomes.

109 139. We have previously assessed the expected competition impacts of our cryptoasset regime in CP25/25 and CP 25/40. We expect the impact of rules and guidance within this CP to be similar as the impacts we have previously assessed. Overall, we believe the policy interventions strike a proportionate balance between improving outcomes for consumers and maintaining a competitive market. We will monitor the impact of our intervention on the degree of competition in UK cryptoasset markets. Wider economic impacts, including on secondary objective. 140. Our proposals will help to support competitiveness and growth in the UK through reducing the likelihood of market disruption. Protecting consumers and firms in this way builds confidence in UK institutions and provides a foundation for increasing investment in the UK. These characteristics can support FS productivity and IC by supporting market stability, building trust and confidence amongst consumers and firms, and improving information flows. In turn, this increases participation and supports better decision-making in UK FS markets. 141. Firm response will vary depending on size, where larger firms that are likely to already be regulated by the FCA and are familiar with the Handbook would be assumed to enter the market first, with the added benefit of economies of scale. Smaller firms will require increased familiarisation time for rules as well as any changes to their business model. 142. Our rules have been designed to be consistent with international peers, following recommendations for regulation of cryptoassets published by IOSCO. We anticipate the standards we introduce will support UK competitiveness by supporting high standards that allow firms to compete internationally. We recognise an interaction between developing a cryptoassets regime that protects consumers and supports market integrity, and the resulting impact on growth. Many cryptoasset consumers considered the cryptoasset trading platforms they engaged with as being equivalent to banking or other investment services, hence the predicted market growth as a result of regulations should also involve a similar movement away from substitute assets. 143. From our review of the relevant literature, we did not identify evidence to suggest economic growth directly materialising from consumers purchasing cryptoassets. Any benefits would instead be due to consumers increasing their consumption from converting gains in cryptoasset holdings to increased income, which we anticipate as being limited. Growth may also materialise due to increased exports (i.e. if UK based cryptoasset market participants attract business from overseas customers). 144. Our assessment suggests potential for our intervention to improve international competitiveness and growth in the medium-to-long term through the above factors. However, this is subject to a significant uncertainty and dependent on the extent to which crypto market participants establish in the UK and how international cryptoasset regulation evolves over time. Growth is also dependent on several exogenous variables, in particular, the ability of DLT to create efficiencies at scale and compete with legacy financial infrastructure.

110 Monitoring and evaluation 145. We anticipate our intervention will result in reduced harm to consumers who choose to engage with cryptoassets. We also expect consumers who currently engage in cryptoassets to invest more in the market due to increased regulatory protections. We also expect more firms to enter UK markets over time due to increased regulatory clarity. 146. We intend to measure the effectiveness of our interventions through: • Regulatory returns information submitted to the FCA by cryptoasset firms as part of their regulatory requirements. • Survey data, including our Consumer Research series and FLS. These will allow us to track changes in attitudes, behaviour, and demand. • Monitoring competition within UK cryptoasset markets, as measured by the number of firms and our consumer research indicating how willing consumers are to shop around and compare prices. Consumer outcomes 147. We expect our rules to reduce consumer harm from their involvement in cryptoasset markets, through introducing regulatory requirements for firm behaviours. We also expect consumers will be better informed to make appropriate investment decisions across cryptoasset markets and products. 148. We will monitor this through our consumer research series, which includes measures of the following: • Understanding of products • Scams, losses, and other negative experiences • Awareness of regulation and understanding of risks Firm outcomes 149. We expect our regulation will result in reduced uncertainty for firms. It may also increase demand for cryptoassets, as consumer confidence increases, and more consumers enter the market, as suggested by our behavioural research. 150. To monitor the effect of these standards on firms, we will continue to gather information on the market. We will engage with firms to identify challenges to regulation and any improvements to proportionality and appropriateness.

111 Consultation with the FCA Cost Benefit Analysis Panel 151. We have consulted the CBA Panel in the preparation of this CBA in line with the requirements of s138IA(2)(a) FSMA. A summary of the main group of recommendations provided by the CBA Panel and the measures we took in response to Panel advice is provided in the table below. In addition, we have undertaken further changes based on wider feedback from the CBA Panel on specific points of the CBA. The CBA Panel publishes a summary of their feedback on their website, which can be accessed here. CBA Panel Main Recommendations Our Response Embed the CBA in an overarching economic analysis of the cryptoasset market. This is a succinct and well-presented CBA. However, like previous CBAs in this area (e.g. (i) CP25/25 Application of the FCA Handbook for regulated cryptoasset activities, and (ii) CP25/40 Regulating cryptoasset activities), it suffers from the lack of a coherent, overarching economic analysis of the market for cryptoasset activities. While a range of data points is presented, they do not amount to a clearly conceptualised and well evidenced explanation of how the market functions, how different cryptoasset activities relate to one another, or how the market is expected to evolve over time. This limits the clarity of the problem definition and contributes to weaknesses in the counterfactual, cumulative impact assessment, and analysis of competition and international effects. We have strengthened our explanation of market functions including clarifying the relationships between different cryptoasset activities, and provided a more robust account of how the market may evolve over time. In addition, we have added additional context to the counterfactual, the analysis of competition and international effects, and the cumulative impact assessment. As stated in our previous CBAs, we intend to conduct an “aggregate CBA” assessing the total impact of all our proposed rules for the UK cryptoasset sector. This aggregate CBA will be published alongside our Policy Statements in 2026, and will include an overarching economic analysis of the UK cryptoasset market Specify more clearly the baseline and counterfactual. The baseline and counterfactual underpin several key figures in the CBA, including the break-even cost per consumer and assumptions about market growth and harm. However, they are not specified with sufficient clarity or consistency. Assumptions about customer numbers, firm growth, and complaint volumes are introduced without adequate explanation of their plausibility or of the degree to which they reflect counterfactual developments or regulation-induced effects. This limits confidence in the quantitative results. We have provided further detail and clarity on our methodology and assumptions, for our baseline and counterfactual. We have also cross-referenced our assumptions with analysis in our previous cryptoassets CBAs, which are consistent in their approach.

112 CBA Panel Main Recommendations Our Response Rebalance analysis and presentation of costs and benefits. The CBA should ensure that the resources devoted to the analysis of particular cost and benefit items is more proportionate to their magnitude. This is particularly important given that the CBA’s quantified NPV is negative and the case for intervention therefore relies heavily on qualitative benefits, which however receive relatively cursory treatment. Benefits are described in multiple places and expressed in different ways, without a single, consistent narrative. We have restructured our assessment of impacts to more clearly set out the expected benefits and expected costs of our proposals. We have also provided further description of our qualitatively assessed benefits. Analyse more clearly cumulative impact, competition, and international context. The CBA largely assesses individual measures in isolation and aggregates their costs and benefits without adequately considering interactions or cumulative impacts. This is especially relevant for smaller firms, which may face disproportionately higher burdens, and for understanding whether economies of scale advantage larger or already-regulated firms. In addition, the international nature of cryptoasset markets is not clearly integrated into the analysis, despite evidence that many UK consumers transact with non-UK firms. We recognise that within the context of our cryptoasset regime, the nature of our CP publications has meant our CBAs have focused on the incremental nature of particular rules, which has limited our analysis of the wider impacts of our cryptoasset regime. To account for this limitation, as stated above, we intend to conduct an “aggregate CBA” alongside our Policy Statements in 2026, which will more clearly consider the cumulative impact of our proposed regime, and potential impacts on competition for firms. Question 39: Do you agree with our assumptions and findings as set out in this CBA on the relative costs and benefits of the proposals contained in this consultation paper? Please give your reasons. Question 40: Do you have any views on the cost benefit analysis, including our analysis of costs and benefits to consumers, firms and the market?

113 Annex 3 Compatibility statement Compliance with legal requirements

1. This Annex records the FCA’s compliance with a number of legal requirements applicable to the proposals in this consultation, including an explanation of the FCA’s reasons for concluding that our proposals in this consultation are compatible with certain requirements under the Financial Services and Markets Act 2000 (FSMA).
2. When consulting on new rules, the FCA is required by section 138I(2)(d) FSMA to include an explanation of why it believes making the proposed rules (a) is compatible with its general duty under section 1B(1) FSMA, so far as reasonably possible, to act in a way which is compatible with its strategic objective and advances one or more of its operational objectives, (b)so far as reasonably possible, advances the secondary international competitiveness and growth objective, under section 1B (4A) FSMA, and (c) complies with its general duty under section 1B(5)(a) FSMA to have regard to the regulatory principles in section 3B FSMA. The FCA is also required by s 138K(2) FSMA to state its opinion on whether the proposed rules will have a significantly different impact on mutual societies as opposed to other authorised persons.
3. This Annex also sets out the FCA’s view of how the proposed rules are compatible with the duty on the FCA to discharge its general functions (which include rule-making) in a way which promotes effective competition in the interests of consumers (section 1B(4)). This duty applies in so far as promoting competition is compatible with advancing the FCA’s consumer protection and/or integrity objectives.
4. In addition, we have considered the recommendations made by the Treasury under s 1JA FSMA about aspects of the economic policy of His Majesty’s Government to which we should have regard in connection with our general duties.
5. This Annex includes our assessment of the equality and diversity implications of these proposals.
6. Under the Legislative and Regulatory Reform Act 2006 (LRRA) the FCA is subject to requirements to have regard to a number of high-level ‘Principles’ in the exercise of some of our regulatory functions and to have regard to a ‘Regulators’ Code’ when determining general policies and principles and giving general guidance (but not when exercising other legislative functions like making rules). This Annex sets out how we have complied with requirements under the LRRA.

114 The FCA’s objectives and regulatory principles: Compatibility statement 7. The proposals set out in this consultation paper are primarily intended to advance the FCA’s operational objectives of: • Delivering consumer protection- securing an appropriate degree of protection for consumers • Enhancing market integrity – protecting and enhancing the integrity of the UK financial system • Building competitive markets – promoting effective competition in the interests of consumers. 8. We consider that, so far as possible, these proposals advance the FCA’s secondary international competitiveness and growth objective by improving confidence in the UK as a place where cryptoasset activities can be carried out in a trusted market with clear and proportionate requirements. Our proposals for firms on the Consumer Duty, Redress, the Senior Managers & Certification Regime (SM&CR), and the use of credit to purchase cryptoassets intend to ensure that the UK remains a suitable and stable environment and destination for doing business. We have also had regard to relevant international standards set by bodies including the Financial Stability Board and IOSCO, both of which the FCA played a role in developing. 9. In preparing the proposals set out in this CP, the FCA has had regard to the regulatory principles set out in s 3B FSMA The need to use our resources in the most efficient and economic way 10. These proposals will help us to improve our supervisory oversight of cryptoasset businesses. We are consulting on High Level Standards which are core principles that define the fundamental obligations that apply to all FCA-authorised firms. These standards are intended to ensure that firms follow high standards of retail customer protection, handle complaints fairly and pay redress when appropriate amongst other changes. Setting out high standards for firms is intended to reduce the risk of consumer harm and the need for supervisory interventions. The principle that a burden or restriction should be proportionate to the benefits 11. We have carefully considered the proportionality of our proposals, including through consultation with internal stakeholders through the development of our proposals.

115 12. The proposals may require firms to make changes, with associated costs, as to how they conduct their business. However, we consider that our proposals are proportionate, and the benefits outweigh the costs. The CBA in Annex 2 sets out the costs and benefits of our proposals. The need to contribute towards achieving compliance by the Secretary of State with section 1 of the Climate Change Act 2008 (UK net zero emission target) and section 5 of the Environment Act 2021 (environmental targets) 13. We have considered our duty under sections 1B(5) and 3B(1)(c) of FSMA to have regard to contributing towards the Secretary of State achieving compliance with the net zero emissions target under section 1 of the Climate Change Act 2008 (UK net zero emissions target) and environmental targets under s. 5 of the Environment Act 2021, alongside the wider environmental, social and governance (ESG) implications of our proposals. 14. On balance, we do not think there is any contribution the proposals outlined in this consultation can make to these targets. However, we recognise the impact cryptoassets can have on energy consumption and greenhouse gas emissions. We proposed in our CP on conduct and firm standards for RAO activities (CP25/25) that our anti-greenwashing rule (ESG 4.3.1R), which applies broadly to all FSMA-authorised firms and requires that sustainability claims be fair, clear, and not misleading, apply equally to crypto. We have also explored ESG implications for RAO authorised firms in CP25/25. We welcome the feedback we have received to CP25/25 and will confirm final rules in the corresponding Policy Statement. The general principle that consumers should take responsibility for their decisions 15. Our proposals will provide greater protection for consumers. They do not inhibit consumers’ ability to access a range of products, nor do they seek to remove from consumers the need to take responsibility for their own decisions in relation to their use of regulated and unregulated products and services. The responsibility of senior management 16. Our approach to SM&CR for cryptoasset firms is provided in Chapter 6. These proposals follow on from CP25/25 by providing further detail on how SM&CR Tiering (whether a firm is classified as Limited, Core or Enhanced under the regime) will work for authorised cryptoasset firms. The proposals for senior management set out in both CP25/25 and this publication align with the approach taken by the FCA across all regulated firms, with minimal changes. We are proposing to apply SM&CR, a regime which aims to reduce

116 harm to consumers and strengthen market integrity by creating a system that enables firms and regulators to hold people to account. The SM&CR regime is designed to be sufficiently broad to apply across financial sectors. The desirability of recognising differences in the nature of, and objectives of, businesses carried on by different persons including mutual societies and other kinds of business organisation 17. Our proposals will apply equally to any regulated firm, regardless of whether it is a mutual society. We recognise that firms of differing sizes and business models will require different approaches and rules to ensure proportionality. Our proposals apply differently depending on activities and quantitative thresholds, and the Consumer Duty is underpinned by the principle of ‘reasonableness’. We therefore consider that our proposals recognise and adjust for differences in the nature and objectives of businesses where appropriate. The desirability of publishing information relating to persons subject to requirements imposed under FSMA, or requiring them to publish information 18. We have had regard to this principle and believe our proposals are compatible with it, including through our proposed rules on the information authorised cryptoasset firms should disclose. We may publish data on aggregate trends in the cryptoasset market. The principle that we should exercise of our functions as transparency as possible 19. By explaining the rationale for our proposals and the anticipated outcomes, we have had regard to this principle.

117 In formulating these proposals, the FCA has had regards to the importance of taking action intended to minimise the extent to which it is possible for a business carried on (i) by an authorised person or a recognised investment exchange; or (ii) in contravention of the general prohibition, to be used for a purpose connected with financial crime (as required by s 1B(5)(b) FSMA). 20. Our CP proposals are intended to support firms to act as a strong line of defence against financial crime. Compatibility with the duty to promote effective competition in the interests of consumers 21. In preparing the proposals as set out in this consultation, we have had regard to the FCA’s duty to promote effective competition in the interests of consumers. This is discussed in paragraphs 1.12 to 1.15 of this CP. Equality and diversity 22. We are required under the Equality Act 2010 in exercising our functions to ‘have due regard’ to the need to eliminate discrimination, harassment, victimisation and any other conduct prohibited by or under the Act, advance equality of opportunity and foster good relations between persons who share a relevant protected characteristic and those who do not. 23. As part of this, we ensure the equality and diversity implications of any new policy proposals are considered. Legislative and Regulatory Reform Act 2006 (LRRA) 24. We have had regard to the principles in the LRRA and Regulators’ Code (together the ‘Principles’) for the parts of the proposals that consist of general policies, principles or guidance. We consider that these parts of our proposals are compliant with the five LRRA principles- that regulatory activities should be carried out in a way which is transparent, accountable, proportionate, consistent and targeted only at cases in which action is needed. • Transparent – We are consulting on our policy proposals with industry to articulate changes. Through consultation and pro-active engagement both before and during consultation, we are being transparent and providing a simple and straightforward way to engage with the regulated community.

118 • Accountable – We are consulting on proposals and will publish final rules after considering all feedback received in our Policy Statement in 2026 as per the Crypto Roadmap. We are acting within our statutory powers, rules and processes. • Proportionate – We recognise that firms may be required to make changes to how they carry out their business and have provided for an implementation period to give them time to do so. The CBA sets out further details on the costs and benefits of our proposals. • Consistent – Our approach would apply in a consistent manner across firms carrying out cryptoasset activities. • Targeted – Our proposals will enhance our ability to provide targeted firm engagement and consider how to best deploy our resources. • Regulators’ Code- Our proposals are carried out in a way that supports firms to comply and grow through our consideration of their feedback via the CP and refining our proposals where necessary. Our CP, CBA, draft instrument, accompanying, annexes, public communications and communications with firms are provided in a simple, straightforward, transparent and clear way to help firms meet their responsibilities.

119 Annex 4 Approach to International Cryptoasset Firms (AICF) Glossary Term Definition UK legal entity UK individual, or partnership, body corporate or unincorporated association incorporated or formed under the law of any part of the United Kingdom UK branch One (or more) permanent place(s) of business which: i. is (are) in the UK ii. has (have) no legal personality of its (their) own; and iii. is (are) legally dependent on the international cryptoasset firm Executive Summary

1. This proposed handbook guidance sets out our general approach to international cryptoasset firms providing or seeking to provide cryptoasset services that require authorisation in the UK. It aims to provide clarity on how we will assess international cryptoasset firms against minimum standards both when they apply for authorisation and on an ongoing basis.
2. Our baseline expectation is for firms requiring FCA authorisation to carry out their regulated cryptoasset activities from a UK legal entity. This is subject to some specific exceptions where we see a case for overseas cryptoasset firms serving UK customers through a UK branch to be authorised as a CATP operator. In such cases we expect the home regulator to have comparable levels of regulatory protection and regulatory requirements in place, as determined by the FCA. Background and context
3. The government’s legislation (the Regulated Activities Order) determines whether a person needs to be authorised for cryptoasset activities. The Threshold Conditions in Schedule 6 FSMA – supplemented with FCA guidance – determine the minimum standards that need to be met for successful authorisation for these activities. Part of this is consideration of the legal structure of the applicant, including where it is incorporated or established and what this means when it comes to, for example, our ability to adequately supervise the firm. In CP25/25, we have proposed applying existing, general COND guidance on interpreting the threshold conditions to cryptoasset firms.

120 4. This guidance does not change existing rules for cryptoasset firms or other provisions in the FCA Handbook. It should be read in conjunction with: • The government’s legislation • The FCA’s Approach to International Firms • The FCA’s consultations and rules on cryptoasset activities Our objectives and approach for considering applications of crypto firms 5. We are seeking a competitive and open financial system, but we also need to approach our assessment of the threshold conditions with our statutory objectives in mind. 6. Additionally, we are looking to provide as much clarity as possible to firms about our requirements and expectations so that they can get ready for the commencement date set by government legislation and get authorised under Part 4A of the Financial Services and Markets Act 2000 (FSMA). Who this guidance applies to 7. This guidance is relevant to firms that require FSMA authorisation in the UK for any of the following activities in Table 1 below. This includes (i) firms who are already FSMA authorised for other, non-crypto, regulated activities (who will need a variation of permission), (ii) crypto MLR-registered firms which are not yet FSMA authorised, (iii) firms currently serving UK customers by making use of the ‘section 21 gateway’ who are not yet FSMA authorised, nor registered under the crypto MLR regime. Table 1 Activity name Legislation ref. Issuing qualifying stablecoin Article 9M Safeguarding of qualifying cryptoassets or relevant specified investment cryptoassets Article 9N(1)(a) Arranging for another person to safeguard qualifying cryptoassets or relevant specified investment cryptoassets Article 9N(1)(b) Operating a qualifying cryptoasset trading platform Article 9S Dealing in qualifying cryptoassets as principal Article 9T Dealing in qualifying cryptoassets as agent Article 9W Arranging (bringing about) deals in qualifying cryptoassets Article 9Y(1) Making arrangements with a view to transactions in qualifying cryptoassets Article 9Y(2) Arranging qualifying cryptoasset staking Article 9Z6

121 8. It is important to consider the government legislation in the first instance as some international crypto firms may not require authorisation in the UK, depending on the nature of their activities and customer base. Firms should consider carefully: • The nature and scope of their activity against the definitions of the regulated activities (see Articles 9M, 9N, 9S, 9T, 9W, 9Y, 9Z6). • The various exclusions in the government’s legislation; for example, the “group activity” exclusion, the “temporary settlement arrangements” exclusion, the “absence of holding out” exclusion and the “introducing” exclusion (see Articles 9M, 9N, 9S, 9T, 9W, 9Y, 9Z6). • The composition of their UK client base and whether their activity meets the “carrying on regulated activities in the United Kingdom” test (see amendments to section 418 of FSMA under Part 4 of the legislation). • Whether their activity meets the “by way of business test” (see the Regulated Activities Order, and regulation 44 of the legislation). 9. For firms outside our regulatory perimeter, our cryptoasset firm location policy guidance does not apply (although we will have regard to an applicant’s close links and connections with other persons, as per the Threshold Conditions). 10. In addition to this guidance, dual regulated firms who are intending to carry out any of the activities in Table 1 should refer, for further information, to: • The FCA’s approach to International Firms. • Any rules or guidance from the Bank of England on systemically important payment systems that use digital settlement assets (DSA), such as stablecoins, and DSA service providers. • The PRA’s approach to international firms. Assessment of Threshold Conditions and key considerations 11. The threshold conditions for authorised persons (who are not PRA authorised persons) are as follows: Threshold Condition Legislation ref.FCA guidance ref. Location of Offices FSMA Schedule 6 Para 2B COND 2.2 Effective Supervision FSMA Schedule 6 Para 2C COND 2.3 Appropriate Resources FSMA Schedule 6 Para 2D COND 2.4 Suitability FSMA Schedule 6 Para 2E COND 2.5 Business Model FSMA Schedule 6 Para 2F COND 2.7 12. We have set out below a consideration of these, including some examples of the risks of harm we are most concerned to mitigate for international crypto firms.

122 Location of Offices 13. The location of offices threshold condition creates requirements for firms which are incorporated in the UK and/or have head offices in the UK. Since this is not directly relevant to overseas firms, we have not considered this further here. Effective supervision 14. Firms must be capable of being effectively supervised by the FCA at all times. In simple terms, the FCA needs to be able to monitor and oversee a firm’s activities without obstructions. We pay close attention to the way in which the firm’s business is organised, taking into account group structures, close links, and arrangements with third parties. 15. The FCA recognises the highly digital, mobile and cross-border nature of the crypto industry; that crypto firms may have existing headquarters overseas as well as relatively geographically dispersed profiles of infrastructure, employees and key decision makers. However, as with all international firms, it is important for us to ensure that an appropriate amount of a crypto firm’s control function activity, leadership and decision￾making (“mind and management”) is in the UK. Taking stablecoin issuance, for example, we anticipate that qualifying stablecoins will be used as money-like instruments within the UK and internationally. This will require effective supervision to ensure oversight of controls and ability to intervene when necessary to address harms quickly. Another key element of effective supervision is the ability to have efficient access to information about a firm’s business, products, customers and activities as well as the ability to intervene to prevent or mitigate risks of harm. 16. Cryptoasset regulatory frameworks are evolving and being implemented at difference scales and paces across different jurisdictions. In some jurisdictions, comprehensive supervisory cooperation arrangements between regulators have not yet been developed. This heightens the risk that, where firms do not provide direct access to relevant supervisory information or otherwise do not act in accordance with our expectations, we are unable to secure effective outcomes and address harms in line with our objectives. We will assess potential mitigants proposed by firms for these increased risks of harm to consumers or markets. 17. In line with the Approach to International Firms, we will pay close attention to the supervisory cooperation with the firm’s home state regulator. This is important to be able to share information, and to rely on the home state regulator to take action, where we might not be able to because of geographical or legal constraints. The way in which crypto firms are organised also requires scrutiny, noting the challenges which can arise from extensive and complex group structures, close links, and outsourcing arrangements of some international firms. Appropriate Resources 18. The appropriate resources condition exists to ensure that firms have sufficient financial resources – including capital and liquidity buffers – to meet their ongoing obligations and withstand stress events.

123 19. We are particularly concerned about the risk of harm if an international firm safeguarding client cryptoassets fails. It is more likely that an overseas firm (including one operating with a UK branch) is subject to the insolvency regime and procedures of the firm’s home state, which may not provide the same protections as CASS rules and UK insolvency law, and which the FCA may have limited ability to effectively participate in or influence. Insolvency regimes across different jurisdictions can vary considerably and there is little harmonisation of insolvency law at an international level, and in particular with cryptoassets. An insolvency practitioner appointed in the home state may not therefore be in a position to observe UK protections when distributing cryptoassets. 20. As a result, the protections offered by the applicable provisions of CASS, in conjunction with UK property and insolvency law, might not be applied if the insolvency is administered in line with the home state’s laws, might only be partially applied, or might be applied only if certain conditions are met. 21. Client cryptoassets may not be ring-fenced as CASS and UK law had intended. This could be an issue if, for example, the client cryptoassets are made available to the international firm’s general creditors as part of the general insolvency estate of the firm, and clients for whom cryptoassets were safeguarded under CASS have to prove their claims as creditors rather than beneficiaries to property. 22. This risk of harm is amplified by: • Legal uncertainty: there is limited clarity and consistency on property and ownership rights for cryptoassets (and a lack of relevant case law and precedent) as legal frameworks across jurisdictions are being revised and clarified. Foreign courts may develop a different basis to determine clients’ ownership rights, which may negatively impact outcomes in insolvency for UK consumers. • Cryptoassets are safeguarded and settled in fundamentally different ways to traditional assets, and safeguarding technologies are still evolving and maturing. 23. The appropriate resources condition also requires us to consider whether there are adequate non-financial resources such as staff and experienced senior managers. Our Approach to International Firms clarifies that we typically expect senior managers who are directly involved in the firm’s UK activities to spend an adequate and proportionate amount of time in the UK. This expectation will apply equally to cryptoasset firms, notwithstanding the digital and mobile nature of many crypto businesses. Suitability 24. The suitability condition focuses on whether the firm is fit and proper, with competent leadership, prudent risk management, and behaviour which is in line with good practices and standards. 25. Relevant considerations such as competence, capability, integrity – are a function of the firm’s key personnel and risk management frameworks and should be considered case-by-case. We generally do not see reason for structural or systematic differences between crypto and traditional regulated financial activities.

124 Business model 26. The Business Model condition requires the FCA to think carefully about how a firm’s business works, and whether it is sustainable and well-controlled. Firms should operate in a sound and prudent manner, protect consumers, and uphold the integrity of the UK financial system. 27. Again, we do not see any reason for significant structural or systematic differences between crypto and traditional regulated financial activities. However, we have previously pointed towards deficiencies in business plans as a common reason for unsuccessful MLR registration applications by crypto firms. 28. Cryptoasset activities are also characterised by a high degree of direct retail participation. Stablecoin issuers will also be required to provide redemption to all tokenholders, the majority of whom are likely to be retail customers in the UK. What this means for future regulated cryptoasset firms 29. Potential harms to consumers and markets could be more likely to occur where regulated activities are undertaken by international firms from UK branches or overseas offices rather than through UK legal entities. It is more challenging for the FCA to monitor current and emerging risks, obtain timely and accurate information from firms or third parties, and to intervene to require firms to take or refrain from certain actions. Furthermore, customers – especially retail consumers – may be unclear on these higher risks of harm when engaging with an international firm versus a UK crypto firm. Our recent consumer research shows that consumer misunderstandings of cryptoasset risks remain high and in some cases are rising (for example, in relation to compensation if they experience losses). 30. For cryptoasset activity, some of the risks of harm are more acute. This is in part because it may be more complex for us to take certain actions in relation to international firms, such as successfully participating in insolvency proceedings or requesting and obtaining information in the absence of well-developed domestic and cross-border legal and regulatory frameworks. 31. In all cases, therefore, we expect firms seeking FCA authorisation for cryptoasset activities (Table 1) to have a presence in the UK. This is aligned to our position in the Approach to International Firms. We cannot adequately supervise the conduct of a firm’s UK business without this. 32. Further, our baseline expectation is for firms requiring FCA authorisation to carry out their regulated cryptoasset activities (Table 1) from a UK legal entity. Generally, we do not expect a UK branch alone to be compatible with our minimum standards or to mitigate risks of harm, especially for client assets upon firm failure, and supervisory cooperation.

125 33. However, we have outlined some exceptions to this position regarding a UK legal entity below. 34. Notwithstanding the expectations set out above, all individual applications will still need to be considered on their merits and on a case-by-case basis, considering all relevant factors. Exceptions Operating a Cryptoasset Trading Platform (article 9S) 35. In line with DP 25/1 and CP 25/40, we see a case for the activity of operating a CATP to be carried out through a UK branch where this can facilitate access to global liquidity in order to achieve better price and execution outcomes for clients. Where possible, we want to avoid restrictions or frictions – whether created by legal entity fragmentation or other reasons – which prevent UK orders from being able to match with overseas orders. 36. A CATP is a marketplace where multiple third party buy and sell orders interact. This is different, for example, from a principal dealer model where the dealer acts as the counterparty to the buyer or seller. The multilateral nature of trading on a CATP together with a CATP’s admission requirements and unique role in the functioning of the market abuse regime point, in our view, towards a differentiated approach to authorisation of their operators. This is further supported, in some cases, by the advantage of access to global liquidity in enabling a CATP’s more effective functioning and better service to its users. 37. This may give international firms, depending on their business model, more flexibility to deliver better execution outcomes for UK customers. 38. For the avoidance of doubt there is no obligation to carry out the activity through a UK branch; we expect that some CATP operators may carry out this activity through a UK legal entity. 39. Where a firm seeks authorisation, the FCA will authorise the whole firm, including its UK and overseas offices. For an overseas firm making use of a UK branch to be authorised, we expect the home regulator to have comparable levels of regulatory protection and regulatory requirements in place, as determined by the FCA. We would not consider a letter of good standing on its own to be sufficient. 40. Figure 1 shows one potential example of a legal entity structure we believe could be compatible with our regulatory target outcomes. In the example in Figure 1, an international crypto firm would have both a UK branch and a UK legal entity. The UK branch would handle functions which are central to a CATP’s operation, enabling UK investors’ orders to interact with orders of overseas investors. This is one way in which UK investors would have access to superior price and execution outcomes than if they were restricted to isolated liquidity pools.

126 41. The UK legal entity could handle other regulated activities like safeguarding. Individual CATP applications will still need to be considered on their merits and on a case-by-case basis, considering all relevant factors including the needs of and risks to consumers. Figure 1 – CATP serving UK customers through branch model Key Overseas parent company Overseas trading platform company Handles the core matching and execution activities of a trading platform to facilitate access to international liquidity Handles various other activities such as safeguarding Legal entity branch UK physical presence UK Branch UK subsidiary Restricted principal dealer permission for CATP matched principal trading (restricted 9T) in a model relying on the exception above 42. In CP 25/40, we propose permitting a firm that is authorised to operate a qualifying CATP to also provide matched principal trading (MPT) services provided it obtains a principal dealer permission. However, given our general expectation that principal dealers should have a UK legal entity presence to meet our threshold conditions, a CATP operator authorised via a UK branch (as illustrated above, a ‘branch-authorised CATP operator’) would be unlikely to benefit from this MPT option. It would either need to apply for the principal dealer permission via its affiliated UK legal entity – or set up a second UK legal entity under the overseas trading platform entity to do so instead of (or in addition to) establishing a UK branch. 43. We believe this would be a poor outcome in cases where the branch-authorised CATP operator is seeking to use the principal dealer permission only to provide matched principal dealing services on its own platform because: • Legally separating the matched principal dealing service from the platform to which it relates risks creating friction that could undermine the value of that service. It may also be disproportionate given the more limited risks of the matched principal dealing service as discussed in CP 25/40. • In addition, setting up a second legal entity underneath the overseas entity would undermine the benefits of the ‘sub + branch’ model we intend to offer to overseas CATP operators seeking UK authorisation.

127 44. We therefore propose that overseas firms that: i. are branch-authorised CATP operators, and ii. seek a restricted principal dealer permission to be used only for facilitating matched principal dealing on the firm’s own platform 45. Should in principle be able to obtain that restricted matched principal dealer permission based on their UK branch presence, provided they meet the other threshold conditions. (Such firms would also have to meet certain other conditions to carry out matched principal trading as set out in CP 25/40). 46. For the avoidance of doubt, where an overseas firm meets conditions (i) above but seeks a principal dealer permission to carry out proprietary trading (or any other trading that does not meet the matched principal trading conditions set out in CP 25/40), the general expectation that principal dealers should have a UK legal entity continues to apply. Restricted safeguarding permission to facilitate CATP settlement (restricted 9N) 47. Certain CATP operators rely on the operation of a ‘float’ to achieve efficient settlement of trades executed on the CATP. This settlement float consists of a percentage of clients’ and (potentially the firm’s) assets held in a settlement wallet controlled by the CATP operator. 48. In line with the geographic scope of safeguarding set out in FSMA s418 (as amended by the Crypto Regulations 2025), and under Article 9N, the entity that uses such a settlement float must have the safeguarding permission. To ensure proportionality, we propose that the safeguarding permission for this entity could be restricted, with fewer rules applying, subject to certain conditions (please see the relevant chapter in this CP package for more details). In particular, cryptoassets in this settlement wallet would not be held under trust and so would not be afforded the same protections from CASS rules. 49. Further, analogous to the exception for MPT above, we propose that a branch￾authorised CATP operation seeking a restricted safeguarding permission to operate a settlement wallet (and meeting the associated conditions) would, in principle, not be expected to carry out the operation of this settlement wallet from a UK legal entity to meet the threshold conditions. 50. However, in all other cases, the general expectation that safeguarding firms should operate from a UK subsidiary would continue to apply. Next steps 51. We will consider feedback to this guidance before publishing final guidance alongside our final rules this year (2026). 52. This guidance does not preclude or prejudge any recognition or deference arrangements which may be legislated for by the government in the future. 53. We intend to review our guidance periodically as cryptoassets legal and regulatory frameworks and supervisory cooperation arrangements mature.

128 Annex 5 Guidance Consultation The Consumer Duty Guidance can be found at - https://www.fca.org.uk/publication/ guidance-consultation/gc26-2.pdf The relevant consultation questions are found in Chapter 2 of this CP.

129 Annex 6 SUP16.34 Regulatory Reporting Guidance

1. The purpose of SUP 16.34 Regulatory Reporting Guidance is to ensure that the FCA receives regular information in a standard format that supports its supervisory oversight of relevant firms. Definitions Customer Categorisation Definitions Retail customer A “retail customer” is an individual who is not acting in the course of their trade, business or profession. This category excludes natural UK persons who are acting in the course of business (e.g., sole traders trading for their own account or on behalf of others, whether authorised or not). Client who is qualifying cryptoasset firm This category includes all firms and natural persons (including sole traders) who hold a Part 4A permission under FSMA to carry out qualifying cryptoasset activities. Client who is not retail customer or qualifying cryptoasset firm This category captures all clients not included above, including but not limited to: • Natural persons/individuals acting for themselves (outside the “retail customer” definition, i.e., acting in the course of business but not authorised) • Registered firms in savings or run-off • Corporates acting on their own account • Corporates acting for others’ account in perimeter use cases where that activity is not required to be authorised

130 All Firms 2. All qualifying cryptoasset firms are required to submit the following information to the FCA on a quarterly basis. SUP 16.34.6R Metric Guidance 1 The total number of complaints received by the firm during the reporting period “The total number of complaints received by the firm within the reporting period. For this metric: “Complaint” means that as defined in the Glossary. Include all complaints received within the reporting period, regardless of whether the complainant is an existing client or a prospective client (e.g., complaints at account registration stage). Count each complaint once, regardless of outcome or whether it was subsequently withdrawn. Exclude feedback or queries that do not meet the FCA’s definition of a complaint 2 The total number of complaints upheld by the firm during the reporting period The total number of complaints received by the firm within the reporting period that were upheld following investigation. For this metric: “Upheld” means where the firm has assessed the complaints and where it accepts the customer’s grievance is valid. Where a complaint is upheld in part, or where the firm does not have enough information to make a decision yet but chooses to make a goodwill payment to the complainant, a firm should treat the complaint as upheld for reporting purposes. Include all complaints upheld within the reporting period, regardless of whether the complainant is an existing client or a prospective client (e.g., complaints at account registration stage). Exclude complaints not meeting the FCA’s definition of a complaint, and those not upheld after investigation.

131 All Firms except Stablecoin Issuance 3. All qualifying cryptoasset firms, except those authorised for stablecoin issuance, are required to submit the following information to the FCA on a quarterly basis. SUP 16.34.6R Metric Guidance 3 The total number of clients with at least one active qualifying cryptoasset activity arrangement as at the end of the reporting period, except for firms issuing qualifying stablecoin The total number of individual clients with at least one active qualifying cryptoasset activity arrangement as at the end of the reporting period. For this metric: • “Active” means an arrangement that is open at period end with a non-zero balance (including qualifying cryptoassets or fiat funds) and not fully closed before period end. This includes clients with open positions, as well as those holding fiat funds pending reinvestment or withdrawal. • Count unique individual clients: a client with multiple active arrangements is counted once. • Exclude test/demo accounts and arrangements with zero balance at period end. • Do not include clients whose only activity is pending account closure or who have no funds or qualifying cryptoassets held with the firm at period end. 4 The total number of retail customers with at least one active qualifying cryptoasset activity arrangement who have been identified as having characteristics of vulnerability, except for firms issuing qualifying stablecoin. The total number of individual retail customers with at least one active qualifying cryptoasset activity arrangement who have been identified as having characteristics of vulnerability as at the end of the reporting period. For this metric: • “Active” follows the same definition as above • “Vulnerable” retail customers are those identified by the firm as having characteristics of vulnerability, in line with FCA Guidance (FG21/1: Guidance for firms on the fair treatment of vulnerable customers). This includes, but is not limited to, clients with health, life events, resilience, or capability factors that may make them especially susceptible to harm. • Count unique individual retail customers: a customer with multiple active arrangements is counted once. • Exclude test/demo accounts and arrangements with zero balance at period end. • Firms should have appropriate processes to identify and record vulnerability.

132 Safeguarding cryptoassets 4. All firms authorised for safeguarding cryptoassets are required to submit the following information to the FCA on a monthly basis. SUP 16.34.7R Metric Guidance 1 The name of CASS audit firm The legal name of the CASS audit firm 2 The regulated activities carried on by the firm List of regulated activities subject to CASS 17 performed by the firm. 3 The total number of clients The total number of clients the firm has in relation to its safeguarding cryptoasset activity. 4 The number of each type of clients State if the firm is providing services to (1) retail customers; (2) clients who are qualifying cryptoasset firms; and (3) clients that do not fall under either of the preceding categories. 5 The total value of all qualifying cryptoassets being safeguarded The value of qualifying cryptoassets held on trust at reporting period end. 6 The highest total value of qualifying cryptoasset being safeguarded The highest total value of qualifying cryptoassets held on trust during the reporting period. 7 The lowest total value of qualifying cryptoassets being safeguarded The lowest total value of qualifying cryptoassets held on trust during the reporting period 8 The class(es) of qualifying cryptoassets being safeguarded The class of qualifying cryptoassets held on trust, on behalf of clients, as at the end of the reporting period. E.g. Bitcoin (BTC), Ethereum (ETH), wrapped Bitcoin (WBTC) etc 9 The number of each class of qualifying cryptoasset being safeguarded The number of qualifying cryptoassets being held on trust on behalf of clients, by class, as at the end of the reporting period. 10 The value of qualifying cryptoassets being safeguarded, by class The value in GBP of the qualifying cryptoassets held on trust on behalf of clients, by class, as at the end of the reporting period. 11 The total value of all relevant specified investment cryptoassets being safeguarded The value of relevant specified investment cryptoassets being held on trust at reporting period end. 12 The highest total value of relevant specified investment cryptoassets being safeguarded The highest total value of relevant specified investment cryptoassets held on trust during the reporting period. 13 The lowest total value of relevant specified investment cryptoassets being safeguarded The lowest total value of relevant specified investment cryptoassets held on trust during the reporting period. 14 The class(es) of relevant specified investment cryptoassets being safeguarded The class of relevant specified investment cryptoasset held on trust, on behalf of clients, as at the end of the reporting period.

133 SUP 16.34.7R Metric Guidance 15 The number of each class of relevant specified investment cryptoasset being safeguarded The number of relevant specified investment cryptoassets, being held on trust, on behalf of clients, by class, as at the end of the reporting period. 16 The value of relevant specified investment cryptoassets being safeguarded, by class The value in GBP of the relevant specified investment cryptoassets held on trust on behalf of clients, by class, as at the end of the reporting period. 17 Name, role and location of any institutions appointed for safeguarding as per CASS 17.6 Specify the identity of any third-party institutions with which the firm has deposited client cryptoassets (or means of access of assets) as per CASS 17.6. The firm should detail the rationale for appointment of the third party, the role it has been appointed to perform by the custodian and the location of the registered/head office. 18 Wallet structure for safeguarding of client cryptoassets Detail the structure of the wallet where the client cryptoassets are held on behalf of clients. Are they pooled in omnibus wallets or are they kept in individually segregated wallets? 19 The excess or shortfall of client cryptoassets Detail the amount by which the firm’s client cryptoasset holdings differ from its actual holdings of its client cryptoassets as per the reconciliation carried out on the first business day following the reporting period in question. 20 Adjustments made to withdraw an excess or rectify a shortfall identified as a result of client cryptoasset reconciliation A firm should report the action taken to correct a shortfall or withdraw an excess 21 Operational surplus A firm should indicate whether it is currently utilising an operational surplus. It should list the asset class, number held and value, in which it is utilising an operational surplus. 22 Client cryptoasset unresolved items A firm should identify in this data field the number of client cryptoasset items which have remained unresolved for (6-29)/(30-59)/(60-90) (90+) days.

134 SUP 16.34.7R Metric Guidance 23 Total revenue during the reporting period from safeguarding cryptoassets in relation to qualifying cryptoassets Total revenue during the reporting period from safeguarding cryptoassets in relation to qualifying cryptoassets, recognised per the firm’s accounting policies. For this metric: • Include safeguarding, custody or wallet maintenance fees charged to clients for holding qualifying cryptoassets. • Include recurring account level fees, cold storage fees, and any other directly attributable safeguarding related charges. • Exclude transaction related fees (e.g. execution, withdrawal, brokerage fees) unless they are specifically charged for safeguarding services. 24 Total revenue during the reporting period from safeguarding cryptoassets in relation to relevant specified investment cryptoassets Total revenue during the reporting period from safeguarding cryptoassets in relation to relevant specified investment cryptoassets, recognised per the firm’s accounting policies. For this metric: • Include all fees charged specifically for safeguarding relevant specified investment cryptoassets (e.g. custody charges, vaulting fees, wallet security fees). • Include both fixed and variable revenue linked directly to the safeguarding activity. • Exclude revenues from advisory, execution, arranging or lending activities, even if provided to the same client. 25 Total revenue from arranging cryptoasset safeguarding in relation to qualifying cryptoassets Total revenue from arranging cryptoasset safeguarding in relation to qualifying cryptoassets during the reporting period, recognised per the firm’s accounting policies. For this metric: • Include fees, commissions or agent spreads earned for introducing clients to safeguarding providers or arranging custody solutions. • Include ongoing revenue shares or rebates received from third‑party custodians as part of an arranging/introducing agreement. • Exclude fees for safeguarding performed directly by the firm (those should be reported under safeguarding revenue, not arranging). • Exclude revenue from unrelated brokerage, trading or platform activities.

135 SUP 16.34.7R Metric Guidance 26 Total revenue from arranging cryptoasset safeguarding in relation to relevant specified investment cryptoassets Total revenue from arranging cryptoasset safeguarding in relation to relevant specified investment cryptoassets during the reporting period, recognised per the firm’s accounting policies. For this metric: • Include revenue earned for arranging or facilitating safeguarding by third party custodians for relevant specified investment cryptoassets. • Include introducing fees, commissions, distribution fees and any revenue share derived from partner custody providers. • Exclude direct safeguarding fees (reported separately). • Exclude revenues linked to other regulated activities (e.g. dealing, advisory, portfolio management).

136 Issuing qualifying stablecoin 5. All firms authorised for stablecoin issuance are required to submit the following information to the FCA on a quarterly basis. SUP 16.34.8R Metric Guidance 1 The total qualifying stablecoin minted The total number of UK-issued qualifying stablecoin minted (by and on behalf of the firm) during the reporting period. This includes any qualifying stablecoin not yet distributed/ sold/subscribed for For this metric: • Include all cryptoassets created on-chain or via internal ledger events, regardless of whether they have been distributed, sold, or subscribed for. • Exclude cryptoassets that have been burned or cancelled before issuance. 2 The total qualifying stablecoin sold The total number of UK qualifying stablecoins sold or subscribed for through primary issuance during the reporting period. For this metric: • Include only qualifying stablecoin sold or subscribed for as part of primary issuance; exclude secondary market sales. • “Subscribed for” includes qualifying stablecoins allocated to customers but not yet settled, provided the allocation is contractually binding. 3 The balance of stablecoin backing assets The total value, in GBP, of backing assets held in safeguarding accounts to support UK qualifying stablecoin as at the end of the reporting period. For this metric: • Include assets that form part of the issuer’s backing asset pool as defined in CASS 16 (core assets and any expanded assets permitted and notified under CASS 16). • Value positions using end‑of‑day prices on the last business day of the reporting period, using a consistent, auditable rate source. • Include both segregated and non-segregated backing assets if they meet eligibility criteria. • Exclude any assets not held for the purpose of backing outstanding qualifying stablecoins.

137 SUP 16.34.8R Metric Guidance 4 The balance of stablecoin backing funds The total value of cash held in safeguarding accounts to support UK qualifying stablecoins as at the end of the reporting period. For this metric: • Include only funds that meet CP25/14 eligibility for on‑demand deposits where applicable under CP25/14. • Value positions using end‑of‑day prices on the last business day of the reporting period, using a consistent, auditable rate source. • Exclude any assets not held for the purpose of backing outstanding qualifying stablecoins. 5 The total number of redemption requests received The total number of redemption requests for stablecoins for UK qualifying stablecoins received within the reporting period. For this metric: • A “redemption request” is any valid instruction from a holder of a UK qualifying stablecoin to the qualifying stablecoin issuer to redeem UK qualifying stablecoin for their equivalent value in fiat currency, as defined in FCA CP25/14. • A request is considered valid when it is made by the holder in accordance with the issuer’s procedures and includes all required information and documentation (such as completion of KYC, if applicable). • Include both completed and pending requests received during the period. • Exclude requests that have been withdrawn or rejected prior to processing.

138 SUP 16.34.8R Metric Guidance 6 The total value of qualifying stablecoin redeemed The total value, in GBP, of UK qualifying stablecoin redeemed and settled during the reporting period, calculated at the value at the time of redemption completion. For this metric: • “Settled” means the point at which the redemption process is complete and the equivalent fiat funds have been transferred to the UK qualifying stablecoin holder, in line with FCA CP25/14 (i.e., payment order placed by the end of the business day following receipt of a valid redemption request). • Value each redemption at the GBP consideration at completion using a consistent, auditable rate source. • The value should reflect the amount at the time of redemption completion, which may differ from the value at the time of request if market conditions change. • Exclude pending or uncompleted redemptions. • Include fees only if they are deducted from the redemption proceeds; if fees are charged separately, report the gross redemption value before fees. 7 The total number of pending or incomplete redemption requests The total number of redemption requests for UK qualifying stablecoin that remain pending or unfulfilled as at the end of the reporting period. For this metric: • Include requests that are pending beyond the standard service level agreement or regulatory timeframe. • Exclude requests that have been withdrawn or rejected prior to completion. • Include requests that are awaiting customer documentation. • Do not include requests that have already been settled or completed. 8 The total number of delayed redemption requests The total number of redemption requests for UK qualifying stablecoin that were not settled within the standard timeframe as defined in regulatory requirements (e.g., by the end of the business day following receipt of a valid redemption request). For this metric: Include requests where redemption was delayed due to issuer processes or operational reasons. Include requests delayed solely due to incomplete KYC from the issuer. Use the regulatory definition of “delayed” as set out in CP25/14.

139 SUP 16.34.8R Metric Guidance 9 The total number of suspension events The total number of full suspension events, as defined in regulatory requirements, occurring within the reporting period. For this metric: Include only events that meet the FCA’s definition of a “full suspension” (e.g., a complete halt to redemption or issuance for all holders). Exclude partial, temporary, or limited suspensions that do not meet the regulatory definition. 10 The names of third parties appointed under CASS 16 requirements The name, or LEI, of any third parties conducting activities related to UK qualifying stablecoin issuance, backing, or redemption within the reporting period. For this metric: Include only material service providers involved in the safeguarding of backing assets, distribution, or redemption processes. Specify the role or type of activity performed by each third party. 11 Any notifiable CASS 16 breaches A firm should indicate whether at any point during the reporting period one of the situations referred to in CASS 16.2.41R arose, in which the firm was obligated to notify the FCA. If in data field 11 the firm has answered “Yes”, it should confirm in this data field whether all notifications were made to the FCA in accordance with CASS 16.2.41R A firm should indicate whether at any point during the reporting period one of the situations referred to in CASS 16.4.20R arose, in which the firm was obligated to notify the FCA. 12 The name of CASS audit firm The legal name of the CASS audit firm

140 SUP 16.34.8R Metric Guidance 13 Total revenue from issuing qualifying stablecoin during the reporting period. Total revenue, in GBP, earned from issuing qualifying stablecoins during the reporting period, recognised per the firm’s accounting policies For this metric: • Include all revenue streams directly linked to the issuance of qualifying stablecoins (e.g. issuance fees, minting/spread revenue, redemption related fees charged to customers). • Include any net revenue earned from issuance related services provided on behalf of group entities or third party partners. • Where issuance activities are outsourced, include the firm’s retained revenue share from outsourced arrangements (e.g. platform fees, agent fees, distribution fees). • Exclude revenue from unrelated activities (e.g. custody fees, trading fees, investment income on reserve assets). Operating a qualifying cryptoasset trading platform 6. All firms authorised for operating a qualifying cryptoasset trading platform are required to submit the following information to the FCA on a monthly basis. SUP 16.34.9R Metric Guidance (1)(a) The total number of retail customers who executed at least one trade on a UK QCATP The total number of UK retail customers who executed at least one live trade on the UK QCATP during the reporting period. For this metric: • “Live trade” means a trade matched and executed on the platform, excluding test/ demo/simulated trades and cancelled/failed/ pending orders. • Count each client once, regardless of the number of trades.

141 SUP 16.34.9R Metric Guidance (1)(b) The total value of completed fiat to qualifying cryptoasset transactions executed by retail customers on a UK QCATP The total cumulative value, in GBP, of completed fiat-to-qualifying cryptoasset transactions executed by retail customers on the UK QCATP during the reporting period. For this metric: • Include only trades executed and settled on the platform; exclude pending/failed/cancelled orders, deposits/withdrawals, and non-trade movements. • Value each transaction at the GBP consideration at execution time using a consistent, auditable rate source. (1)(c) The total value of completed qualifying cryptoasset to qualifying cryptoasset transactions executed by retail customers on a UK QCATP The total cumulative value, in GBP, of completed qualifying cryptoasset to qualifying cryptoasset transactions executed by retail customers on the UK QCATP trading platform during the reporting period. For this metric: • Include only trades executed within the activity perimeter; exclude pending/failed/cancelled orders and non‑trade movements. • Value each transaction at the GBP consideration at execution time using a consistent, auditable rate source. (1)(d) The total value of completed qualifying cryptoasset to fiat transactions executed by retail customers on a UK QCATP The total cumulative value, in GBP, of completed qualifying cryptoasset -to-fiat transactions executed by retail customers on the trading platform during the reporting period. For this metric: • Include only trades executed on the platform; exclude pending/failed/cancelled orders, withdrawals, and non-trade movements. • Value each transaction at the GBP proceeds at execution/settlement.

142 SUP 16.34.9R Metric Guidance (1)(e) The highest transacting retail customers with the highest total transactions by value of qualifying cryptoassets on a UK CATP The anonymised unique identifiers and cumulative GBP transaction value of the top 10 retail customers by executed trading volume on the UK QCATP during the reporting period. For this metric: • “Cumulative GBP transaction value” means the sum of executed trade consideration in GBP for buys and sells, measured at execution time; exclude deposits/withdrawals, transfers, and pending/failed/cancelled orders. • Use stable anonymisation so the same client can be tracked across periods without revealing identity. (2)(a) The total number of this category of clients who executed at least one trade on a UK QCATP The total number of qualifying cryptoasset firms who executed at least one live trade on the UK QCATP during the reporting period. For this metric: • “Live trade” means a trade matched and executed on the platform, excluding test/ demo/simulated trades and cancelled/failed/ pending orders. • Count each client once, regardless of the number of trades. (2)(b) The total value of completed fiat to qualifying cryptoasset transactions executed by this category of clients The total cumulative value, in GBP, of completed fiat-to-qualifying cryptoasset transactions executed by qualifying cryptoasset firms on the UK QCATP the reporting period. For this metric: • Apply the same inclusion/exclusion and valuation rules as above. (2)(c) The total value of completed qualifying cryptoasset to qualifying cryptoasset transactions executed by this category of clients The total cumulative value, in GBP, of completed qualifying cryptoasset to qualifying cryptoasset transactions executed by qualifying cryptoasset firms on the UK QCATP during the reporting period. For this metric: • Apply the same inclusion/exclusion and valuation rules as above. (2)(d) The total value of completed qualifying cryptoasset to fiat transactions executed by this category of clients The total cumulative value, in GBP, of completed qualifying cryptoasset to fiat transactions executed by qualifying cryptoasset firms on the UK QCATP during the reporting period. For this metric: • Apply the same valuation and exclusion rules as above.

143 SUP 16.34.9R Metric Guidance (2)(e) The clients under this category with the highest total transactions by value of qualifying cryptoassets The legal names (and LEIs where available) and cumulative GBP transaction value of the top 10 qualifying cryptoasset firms ranked by executed trading volume on the UK QCATP during the reporting period. • “Cumulative GBP transaction value” means the sum of executed trade consideration in GBP for buys and sells, measured at execution time; exclude deposits/withdrawals, transfers, and pending/failed/cancelled orders. (3)(a) The total number of this category of clients who executed at least one trade on a UK QCATP The total number of other UK clients who executed at least one live trade on the UK QCATP during the reporting period. For this metric: • “Live trade” means a trade matched and executed on the platform, excluding test/ demo/simulated trades and cancelled/failed/ pending orders. • Count each client once, regardless of the number of trades. (3)(b) The total value of completed fiat to qualifying cryptoasset transactions executed by this category of clients The total cumulative value, in GBP, of completed fiat to qualifying cryptoasset transactions executed by other UK clients on the UK QCATP during the reporting period. For this metric: • Apply the same inclusion/exclusion and valuation rules as above. (3)(c) The total value of completed qualifying cryptoasset to qualifying cryptoasset transactions executed by this category of clients The total cumulative value, in GBP, of completed qualifying cryptoasset to qualifying cryptoasset transactions executed by other UK clients on the UK QCATP during the reporting period. For this metric: • Apply the same inclusion/exclusion and valuation rules as above. (3)(d) The total value of completed qualifying cryptoasset to fiat transactions executed by this category of clients The total cumulative value, in GBP, of completed qualifying cryptoasset to fiat transactions executed by other UK clients on the UK QCATP during the reporting period. For this metric: • Apply the same valuation and exclusion rules as above.

144 SUP 16.34.9R Metric Guidance (3)(e) The clients under this category with the highest total transactions by value of qualifying cryptoassets The legal names (and LEIs where available) and cumulative GBP transaction value of the top 10 other UK clients ranked by executed trading volume on the UK QCATP during the reporting period. • “Cumulative GBP transaction value” means the sum of executed trade consideration in GBP for buys and sells, measured at execution time; exclude deposits/withdrawals, transfers, and pending/failed/cancelled orders. (4) Total firm revenue from operating a UK QCATP during the reporting period The total revenue, in GBP, earned from the UK QCATP activities during the reporting period, recognised per the firm’s accounting policies (state accrual or cash basis and apply consistently). For this metric: • Include trading fees, commissions, deposit/ withdrawal charges and other account maintenance fees linked to use of the platform.

145 Cryptoasset Intermediaries 7. All firms authorised for dealing in qualifying cryptoassets as principal; dealing in qualifying cryptoassets as agent; arranging deals in qualifying cryptoassets (excluding qualifying cryptoasset lending firms and qualifying cryptoasset borrowing firms) are required to submit the following information to the FCA on a quarterly basis. SUP 16.34.10R Metric Guidance (1)(a) Total number of retail customers for whom the firm executed or received and transmitted for execution at least one trade The total number of retail customers for whom the firm received and transmitted for execution or executed at least one live trade during the reporting period, whether executed by the intermediary itself or by another qualifying cryptoasset execution venue. For this metric: • “Live trade” means a trade matched and executed, excluding test/demo/simulated trades and cancelled/ failed/pending orders. • Count each client once, regardless of the number of trades. • The concept of a qualifying cryptoasset execution venue is defined in the Glossary) (1)(b) The total value of completed fiat to qualifying cryptoasset transactions executed or received and transmitted for execution by the firm The total cumulative value, in GBP, of completed fiat-to￾qualifying cryptoasset transactions received and transmitted for execution or executed by the firm during the reporting period for retail customers. For this metric: • Include trades executed by the intermediary itself or by another qualifying cryptoasset execution venue; exclude pending/failed/cancelled orders, deposits/withdrawals, and non‑trade movements. • Value each transaction at the GBP consideration at execution time using a consistent, auditable rate source. (1)(c) The total value of completed qualifying cryptoasset transactions executed or received and transmitted for execution by the firm that do not fall under (b) or (d) The total cumulative value, in GBP, of completed qualifying cryptoasset to qualifying cryptoasset transactions received and transmitted for execution or executed by the firm during the reporting period for retail customers. For this metric: • Include trades executed by the intermediary itself or by another qualifying cryptoasset execution venue; exclude pending/failed/cancelled orders and non‑trade movements. • Value each transaction at the GBP consideration at execution time using a consistent, auditable rate source.

146 SUP 16.34.10R Metric Guidance (1)(d) The total value of completed qualifying cryptoasset to fiat transactions executed or received and transmitted for execution by the firm The total cumulative value, in GBP, of completed qualifying cryptoasset to fiat transactions received and transmitted for execution or executed by the firm during the reporting period for retail customers. For this metric: • Include trades executed by the intermediary itself or by another qualifying cryptoasset execution venue; exclude pending/failed/cancelled orders, withdrawals, and non‑trade movements. • Value each transaction at the GBP proceeds at execution time using a consistent, auditable rate source. (1)(e) The retail customerswith the highest total transactions by value of qualifying cryptoassets The anonymised unique identifiers and cumulative GBP transaction value of the retail customers by executed trading volume during the reporting period. For this metric: • “Cumulative GBP transaction value” means the sum of executed trade consideration in GBP for buys and sells, measured at execution time; exclude deposits/ withdrawals, transfers, and pending/failed/cancelled orders. • Use stable anonymisation so the same client can be tracked across periods without revealing identity. (2)(a) The total number of this category of clients for whom the firm executed or received and transmitted for execution at least one trade The total number of qualifying cryptoasset firms for whom the firm received and transmitted for execution or executed at least one live trade during the reporting period, whether executed by the intermediary itself or by another qualifying cryptoasset execution venue. For this metric: • “Live trade” means a trade matched and executed, excluding test/demo/simulated trades and cancelled/ failed/pending orders. • Count each client once, regardless of the number of trades. • The concept of a qualifying cryptoasset execution venue is defined in the Glossary). (2)(b) The total value of completed fiat to qualifying cryptoasset transactions orders executed or received and transmitted for execution by the firm The total cumulative value, in GBP, of completed fiat to qualifying cryptoasset transactions received and transmitted for execution or executed by the firm during the qualifying cryptoasset firms. For this metric: • Include trades executed by the intermediary itself or by another qualifying cryptoasset execution venue; exclude pending/failed/cancelled orders, deposits/withdrawals, and non‑trade movements. • Value each transaction at the GBP consideration at execution time using a consistent, auditable rate source.

147 SUP 16.34.10R Metric Guidance (2)(c) The total value of completed qualifying cryptoasset transactions executed or received and transmitted for execution by the firm that do not fall under (b) or (d) The total cumulative value, in GBP, of completed qualifying cryptoasset to qualifying cryptoasset transactions received and transmitted for execution or executed by the firm during the qualifying cryptoasset firms. For this metric: • Include trades executed by the intermediary itself or by another qualifying cryptoasset execution venue; exclude pending/failed/cancelled orders and non‑trade movements. • Value each transaction at the GBP consideration at execution time using a consistent, auditable rate source. (2)(d) The total value of completed qualifying cryptoasset to fiat transactions executed or received and transmitted for execution by the firm The total cumulative value, in GBP, of completed qualifying cryptoasset to fiat transactions received and transmitted for execution or executed by the firm during the qualifying cryptoasset firms. For this metric: • Include trades executed by the intermediary itself or by another qualifying cryptoasset execution venue; exclude pending/failed/cancelled orders, withdrawals, and non‑trade movements. • Value each transaction at the GBP proceeds at execution time using a consistent, auditable rate source. (2)(e) The clients under this category with the highest total transactions by value of qualifying cryptoassets The legal names (and LEIs where available) and cumulative GBP transaction value of the top 10 qualifying cryptoasset firms ranked by executed trading volume during the reporting period. • “Cumulative GBP transaction value” means the sum of executed trade consideration in GBP for buys and sells, measured at execution time; exclude deposits/ withdrawals, transfers, and pending/failed/cancelled orders. (3)(a) The total number of this category of clients for whom the firm executed or received and transmitted for execution at least one trade The total number of other clients for whom the firm received and transmitted for execution or executed at least one live trade during the reporting period, whether executed by the intermediary itself or by another qualifying cryptoasset execution venue. For this metric: • “Live trade” means a trade matched and executed, excluding test/demo/simulated trades and cancelled/ failed/pending orders. • Count each client once, regardless of the number of trades. • The concept of a qualifying cryptoasset execution venue is defined in the legal instrument (Glossary).

148 SUP 16.34.10R Metric Guidance (3)(b) The total value of completed fiat to qualifying cryptoasset transactions the executed or received and transmitted for execution by the firm The total cumulative value, in GBP, of completed fiat to qualifying cryptoasset transactions received and transmitted for execution or executed by the firm during the reporting period for other UK clients. For this metric: • Include trades executed by the intermediary itself or by another qualifying cryptoasset execution venue; exclude pending/failed/cancelled orders, deposits/withdrawals, and non‑trade movements. • Value each transaction at the GBP consideration at execution time using a consistent, auditable rate source. (3)(c) The total value of completed qualifying cryptoasset transactions executed or received and transmitted for execution by the firm that do not fall under (b) or (d) The total cumulative value, in GBP, of completed qualifying cryptoasset to qualifying cryptoasset transactions received and transmitted for execution or executed by the firm during the reporting period for other UK clients. For this metric: • Include trades executed by the intermediary itself or by another qualifying cryptoasset execution venue; exclude pending/failed/cancelled orders and non‑trade movements. • Value each transaction at the GBP consideration at execution time using a consistent, auditable rate source. (3)(d) The total value of completed qualifying cryptoasset to fiat transactions executed or received and transmitted for execution by the firm The total cumulative value, in GBP, of completed qualifying cryptoasset to fiat transactions received and transmitted for execution or executed by the firm during the reporting period for other UK clients. For this metric: • Include trades executed by the intermediary itself or by another qualifying cryptoasset execution venue; exclude pending/failed/cancelled orders, withdrawals, and non‑trade movements. • Value each transaction at the GBP proceeds at execution time using a consistent, auditable rate source. (3)(e) The clients under this category with the highest total transactions by value of qualifying cryptoassets The legal names (and LEIs where available) and cumulative GBP transaction value of the top 10 other UK clients ranked by executed trading volume during the reporting period. • “Cumulative GBP transaction value” means the sum of executed trade consideration in GBP for buys and sells, measured at execution time; exclude deposits/ withdrawals, transfers, and pending/failed/cancelled orders.

149 SUP 16.34.10R Metric Guidance (4) The qualifying cryptoasset execution venues where the firm executed or transmitted for execution of client orders The names (and LEIs where available) and cumulative GBP transaction value of the top 10 execution venues the reporting entity uses for client trades, including the firm itself or an affiliated entity where applicable and other qualifying cryptoasset execution venues, ranked by executed trading volume for client trades during the reporting period. • “Cumulative GBP transaction value” means the sum of executed trade consideration in GBP for buys and sells, measured at execution time; exclude deposits/ withdrawals, transfers, and pending/failed/cancelled orders. • Include a breakdown of the top 10 execution venues for • Retail customers, • Qualifying cryptoasset firms, and • Other UK clients respectively. (5) When dealing in qualifying cryptoassets as principal and executing orders for clients, where the firm sourced liquidity Where a firm deals as principal and executes orders for clients, the names (and LEIs where available) and cumulative GBP transaction values of the top 5 liquidity sources (by transaction value) it uses during the reporting period. [liquidity sources refer to counterparties or qualifying cryptoasset execution venues via which a firm purchases or sells qualifying cryptoassets for own accounts] • “Cumulative GBP transaction value” means the sum of executed trade consideration in GBP for buys and sells, measured at execution time; exclude deposits/ withdrawals, transfers, and pending/failed/cancelled orders. (6) Total revenue from dealing in qualifying cryptoassets as principal, dealing in qualifying cryptoassets as agent and arranging deals in qualifying cryptoasset during the porting period, recognized per the firm’s accounting policies The total revenue, in GBP, earned from qualifying cryptoasset intermediation activities during the reporting period, recognised per the firm’s accounting policies. For this metric: • Include agency/brokerage fees, commissions, proprietary trading revenues and execution‑related spreads earned for arranging or executing trades. • Include a breakdown of the total revenue by type of activity: • dealing in qualifying cryptoassets as principal; • dealing in qualifying cryptoassets as agent; • arranging deals in qualifying cryptoassets.

150 Cryptoasset Lending 8. All firms that are authorised for dealing in qualifying cryptoassets as principal; dealing in qualifying cryptoassets as agent; arranging deals in qualifying cryptoassets, and undertake qualifying cryptoasset lending services, are required to submit the following information to the FCA on a quarterly basis. SUP 16.34.11R Metric Guidance (1)(a) The total number of retail customers with whom the firm engages in qualifying cryptoasset lending The total number of retail customers with at least one active qualifying cryptoasset lending arrangement as at the end of the reporting period. For this metric: • “Active” means an arrangement that is open at period end with a nonzero outstanding balance owed by the firm to the retail customer (including rolled/renewed arrangements), and not fully closed before period end. • Count unique retail customers: a retail customer with multiple lending arrangements is counted once. • Exclude test/demo accounts and arrangements with zero balance at period end. • Include a breakdown of retail and non-retail clients. (1)(b) The total number of clients who are qualifying cryptoasset firms with whom the firm engages in cryptoasset lending services The total number of clients who are qualifying cryptoasset firms with at least one active qualifying cryptoasset lending arrangement as at the end of the reporting period. For this metric: • “Active” means an arrangement that is open at period end with a nonzero outstanding balance owed by the firm to the customer (including rolled/ renewed arrangements), and) and‑ not fully closed before period end. • Count unique clients who are qualifying cryptoasset firms: one per person. • Exclude test/demo accounts and arrangements with zero balance at period end.

151 SUP 16.34.11R Metric Guidance (1)(c) The total number of clients that do not fall under the categories in (a) and (b) with whom the firm engages in qualifying cryptoasset lending The total number of clients that do not fall under the categories in SUP 16.34.11R(1)(a) and (1)(b) with at least one active qualifying cryptoasset lending arrangement as at the end of the reporting period. For this metric: • “Active” means an arrangement that is open at period end with a nonzero outstanding balance owed by the firm to the customer (including rolled/ renewed arrangements), and) and‑ not fully closed before period end. • Count unique other customers: one per legal entity/ sole trader. • Exclude test/demo accounts and arrangements with zero balance at period end. (1)(d) The total number of qualifying cryptoasset lending arrangements The total number of new qualifying cryptoasset lending arrangements contractually agreed during the reporting period, with both new and existing customers. For this metric: • “New” includes originations and contractual renewals that reset economic terms (e.g., new tenor/rate/amount). • Exclude amendments or parameter changes that do not constitute a contractual renewal. • Count per contract, multiple contracts with the same customer each count once. (1)(e) The total value of qualifying cryptoasset lending arrangements The total value, in GBP, of active qualifying cryptoasset lending arrangements as at the end of the reporting period. For this metric: • Measure the firm’s outstanding obligations to customers under lending arrangements at period end (principal only). • Convert to GBP using end‑of‑day prices on the last business day of the period; use a consistent, auditable price source. • Exclude accrued but unpaid interest unless it is contractually capitalised into principal.

152 SUP 16.34.11R Metric Guidance (1)(f) The lending counterparties For the 10 counterparties with the largest aggregate outstanding exposures from the firm’s lending activities at period end, report: legal name, LEI (where available), principal outstanding (GBP), nature of the arrangement (collateralised, uncollateralised, staked, rehypothecated, or other—specify), and whether the counterparty is in the firm’s group. For this metric: • Report exposure on a gross principal basis; do not net against collateral or apply internal haircuts. • If multiple facilities with the same counterparty exist, aggregate to one counterparty line. (1)(g) The location of the registered office (if no registered office, the head office) of the lending counterparties in the United Kingdom Report the location of the registered office (or head office) for each of the top 10 counterparties identified above that are not UK-based. (1)(h) The total value of qualifying cryptoassets the firm has transacted with other parties to generate yield for retail clients The total value, in GBP, at period end, the gross value of client assets received under qualifying cryptoasset lending arrangements that have been reused by the firm (including onward lending, rehypothecation, or other reuse—specify). • Convert to GBP using end of day prices on the last business day of the period; use a consistent, auditable price source. (1)(i) The types of qualifying cryptoassets used in qualifying cryptoasset lending Report the top 10 qualifying cryptoasset underlying active qualifying cryptoasset lending arrangements (i.e., owed by the firm to customers), ranked by market value (GBP) at period end. For this metric: • Value cryptoassets using end ‑of day prices on the last business day of the period; use a consistent, auditable source. • Exclude zero balance‑ arrangements closed before period end. (1)(j) Total revenue during the reporting period from qualifying cryptoasset lending The total revenue, in GBP, earned from qualifying cryptoasset lending activities for the reporting period, recognised per the firm’s accounting policies for both its UK and global business. For this metric: • Report net revenue retained by the firm (e.g., fees/ commissions/agent spreads) and exclude lending yield credited to clients. • Exclude revenue from unrelated activities.

153 Cryptoasset Borrowing 9. All firms that are authorised for dealing in qualifying cryptoassets as principal; dealing in qualifying cryptoassets as agent; arranging deals in qualifying cryptoassets, and undertake qualifying cryptoasset borrowing services, are required to submit the following information to the FCA on a quarterly basis. SUP 16.34.11R Metric Guidance (2)(a) The total number of retail customers with whom the firm engages in qualifying cryptoasset borrowing The total number of retail customers with at least one active qualifying cryptoasset borrowing arrangement as at the end of the reporting period. For this metric: • “Active” means an arrangement open at period end where the customer owes a nonzero principal amount of qualifying cryptoassets‑ to the firm under a qualifying cryptoasset borrowing product. • Count unique retail customers: a retail customer with multiple qualifying cryptoasset borrowing arrangements is counted once. • Exclude test/demo accounts and arrangements with zero principal outstanding at period end. (2)(b) The total number of clients who are qualifying cryptoasset firms with whom the firm engages in qualifying cryptoasset borrowing The total number of clients who are qualifying cryptoasset firms with at least one active qualifying cryptoasset borrowing arrangement as at the end of the reporting period. For this metric: • “Active” means an arrangement open at period end where the customer owes a nonzero principal amount of qualifying cryptoassets to the firm under a qualifying cryptoasset borrowing‑ product. • Count unique other customers. • Exclude test/demo accounts and arrangements with zero balance at period end. (2)(c) The total number of clients that do not fall under the categories in (a) and (b) with whom the firm engages in qualifying cryptoasset borrowing The total number of clients that do not fall under the categories in SUP 16.34.11R(2)(a) and (2)(b) with at least one active qualifying cryptoasset borrowing arrangement as at the end of the reporting period. For this metric: • “Active” means an arrangement open at period end where the customer owes a nonzero principal amount of qualifying cryptoassets to the firm under a qualifying cryptoasset borrowing‑ product. • Count unique authorised customers. • Exclude test/demo accounts and arrangements with zero balance at period end.

154 SUP 16.34.11R Metric Guidance (2)(d) The total number of qualifying cryptoasset borrowing arrangements The total number of new qualifying cryptoasset borrowing arrangements contractually agreed during the reporting period, with both new and existing customers. For this metric: • “New” includes originations and contractual renewals that reset economic terms. • Exclude amendments that do not constitute a renewal. • Count per contract; multiple contracts with the same customer each count once. (2)(e) The total value of qualifying cryptoasset borrowing arrangement The total principal value, in GBP, of qualifying cryptoassets outstanding under qualifying cryptoasset borrowing arrangements (i.e., owed by customers to the firm) as at the end of the reporting period. For this metric: • Report principal outstanding only; exclude accrued interest unless capitalised. • Convert to GBP using end of day prices on the last business day of the period; use a consistent, auditable price source. • Do not net against collateral (2)(f) The total value of qualifying cryptoasset borrowing collateral The total market value, in GBP, at period end, of collateral provided by customers to secure qualifying cryptoasset borrowing arrangements. For this metric: • Include collateral provided under both security ‑interest and title transfer (TTCA) mechanisms. • Value collateral using end of day prices on the last business day of the period; use a consistent, auditable price source. • Report gross posted collateral; do not subtract haircuts or add excess collateral re‑used elsewhere. (2)(g) The types of qualifying cryptoassets used in qualifying cryptoasset borrowing Report the top 10 qualifying cryptoasset used as customer collateral for qualifying cryptoasset borrowing arrangements, ranked by market value (GBP) at period end. For this metric: • Value cryptoassets using end of‑day prices on the last business day‑ of the period; use a consistent, auditable price source. • Where multiple qualifying cryptoassets tie for 10th place, use internal rank rules and note methodology.

155 SUP 16.34.11R Metric Guidance (2)(h) Total revenue during the reporting period from qualifying cryptoasset borrowing The total revenue, in GBP, earned from qualifying cryptoasset borrowing activities for the reporting period, recognised in line with the firm’s accounting policies. For this metric: • Include fees, spreads, and interest income directly attributable to customers borrowing qualifying cryptoassets from the firm. • Exclude income from unrelated activities (e.g., trading) unless directly linked to qualifying cryptoasset borrowing products and disclosed as such. Cryptoasset Staking 10. All firms authorised for arranging qualifying cryptoasset staking are required to submit the following information to the FCA on a quarterly basis. SUP 16.34.12R Metric Guidance 1 The total number of retail customers with at least one active qualifying cryptoasset staking arrangement with the firm The total number of retail customers with at least one active qualifying cryptoasset staking arrangement as at the end of the reporting period. For this metric: • “Active” staking includes positions that are staked/delegated at period end (including bonded, locked, or in un-bonding where rewards/validation rights continue per protocol), and auto‑staking settings that result in a staked balance at period end. • Count unique retail customers: multiple staking positions across networks/protocols count once. • Include both custodial and firm facilitated‑ noncustodial staking; exclude off platform/self- directed staking that is neither custodied nor facilitated by the firm (no visibility). • Exclude test/demo accounts and arrangements with zero balance at period end.

156 SUP 16.34.12R Metric Guidance 2 The total number of clients who are qualifying cryptoasset firms with at least one active qualifying cryptoasset staking arrangement with the firm The total number of clients who are qualifying cryptoasset firms with at least one active qualifying cryptoasset staking arrangement as at the end of the reporting period. For this metric: • “Active” staking includes positions that are staked/delegated at period end (including bonded, locked, or in un-bonding where rewards/validation rights continue per protocol), and auto-staking settings that result in a staked balance at period end. • Count unique clients who are qualifying cryptoasset firms: multiple staking positions across networks/protocols count once. • Include both custodial and firm facilitated non‑custodial staking; exclude off‑platform/self-directed staking that is neither custodied nor facilitated‑ by the firm (no visibility). • Exclude test/demo accounts and arrangements with zero balance at period end. 3 The total number of clients that do not fall under the categories in (a) and (b) with at least one active qualifying cryptoasset staking arrangement with the firm The total number of clients that do not fall under the categories in SUP 16.34.12R(1) and (2) with at least one active qualifying cryptoasset staking arrangement as at the end of the reporting period. For this metric: • “Active” staking includes positions that are staked/delegated at period end (including bonded, locked, or in un-bonding where rewards/validation rights continue per protocol), and auto-staking settings that result in a staked balance at period end. • Count unique other customers: multiple staking positions across networks/protocols count once. • Include both custodial and firm facilitated non‑custodial staking; exclude off‑platform/self-directed‑ staking that is neither custodied nor facilitated by the firm (no visibility). • Exclude test/demo accounts and arrangements with zero balance at period end. 4 The total number of new qualifying cryptoasset staking arrangements that started during the reporting period The total number of new qualifying cryptoasset staking arrangements established during the reporting period (custodial and firm facilitated non‑custodial). For this metric: • Count per customer protocol pair at initial opt-in/enablement or contractual renewal that resets economic terms. • Exclude granular position top ups/partial re-stakes under an existing arrangement. • If a customer opts into multiple protocols, count each protocol once; multiple wallets on the same protocol under one arrangement count once.

157 SUP 16.34.12R Metric Guidance 5 The total value of qualifying cryptoasset staking arrangements where the firm is also safeguarding the staked qualifying cryptoassets The total market value, in GBP, at period end, of client cryptoassets held in custody by the firm and staked on behalf of clients (where the firm has a safeguarding obligation). For this metric: • Value positions using end of day prices on the last business day of the period; use a consistent, auditable price source. • Include assets staked directly by the firm or via sub‑custodians where the safeguarding obligation to clients remains with the firm. 6 The total value of qualifying cryptoasset staking arrangements where the firm is not also safeguarding qualifying cryptoassets The total market value, in GBP, at period end, of client cryptoassets staked directly by clients in arrangements facilitated by the firm where the firm has no safeguarding obligation at the time of staking. For this metric: • Include only non‑custodial staking that is initiated, routed, or otherwise facilitated through the firm’s systems (so the firm can evidence amounts). • Exclude off‑platform/self-directed staking that the firm neither facilitates nor observes. • Value using end‑of-day prices on the last business day of the period; use a consistent, auditable price source. 7 The types of qualifying cryptoassets used in qualifying cryptoasset staking Report the amount of top 10 qualifying cryptoassets staked by clients via the firm (custodial and firm facilitated non‑custodial), ranked by market value (GBP) at period end. 8 Total revenue during the reporting period from arranging qualifying staking The total revenue, in GBP, earned from qualifying cryptoasset staking activities for the reporting period, recognised per the firm’s accounting policies. For this metric: • Report net revenue retained by the firm (e.g., fees/ commissions/agent spreads) and exclude staking rewards credited to clients. • Exclude revenue from unrelated activities.

158 Annex 7 Abbreviations used in this paper Abbreviation Description A&D Admissions & Disclosure regime AIF/AIFM Alternative Investment Fund / Manager CASS Client Assets Sourcebook CATP Cryptoasset Trading Platform CBA Cost Benefit Analysis CDA Crypto and Digital Assets CMAR Client Money and Assets Return COBS Conduct of Business Sourcebook COMP Compensation sourcebook CP Consultation Paper CRYPTO Cryptoasset Sourcebook DIB Designated Investment Business DISP Dispute Resolution: Complaints DLT Distributed Ledger Technology ECP Eligible Counterparty EMI Electronic Money Institution ESG Environmental, Social and Governance FATF Financial Action Task Force FCA Financial Conduct Authority FOS Financial Ombudsman Service

159 Abbreviation Description FSB Financial Stability Board FSCS Financial Services Compensation Scheme FSMA Financial Services and Markets Act 2000 FG Finalised Guidance HMT His Majesty’s Treasury IOSCO International Organization of Securities Commissions L&B Lending and Borrowing MLRs Money Laundering Regulations MTF Multilateral Trading Facility PDCOB Pensions Dashboard Conduct of Business PERG Perimeter Guidance PRIN Principles for Businesses PROD Product Intervention and Product Governance PRU Prudential requirements QCATP Qualifying Cryptoasset Trading Platform QCDD Qualifying Cryptoasset Disclosure Document RAG Regulated Activity Group RAO Regulated Activities Order RMMI Restricted Mass Market Investment SI Statutory Instrument SIC Specified Investment Cryptoasset SMF Senior Management Functions SM&CR Senior Managers & Certification Regime SUP Supervision Sourcebook

160 Abbreviation Description SYSC Senior Management Arrangements, Systems and Controls TC Training and Competence TTCA Title Transfer Collateral Arrangement UK UCITS UK Undertakings for Collective Investment in Transferable Securities

Appendix 1 Draft Handbook text

FCA 202X/XX CRYPTOASSET SOURCEBOOK (AMENDMENT) INSTRUMENT 202X Powers exercised A. The Financial Conduct Authority (“the FCA”) makes this instrument in the exercise of the powers and related provisions in or under: (1) the following sections of the Financial Services and Markets Act 2000 (“the Act”): (a) section 71N (Designated activities: rules); (b) section 137A (The FCA’s general rules); (c) section 137B (FCA general rules: clients; money and right to rescind etc) (c) section 137R (Financial promotion rules); (d) section 137T (General supplementary powers); and (e) section 139A (Power of the FCA to give guidance). (2) the following provisions of the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 (SI 2025/XXXX):  (a) regulation 6 (“Qualifying cryptoasset disclosure document” and “supplementary disclosure document”); (b) regulation 9 (Designated activity rules: qualifying cryptoasset public offers and admissions to trading);  (c) regulation 12 (Responsibility for disclosure documents); (d) regulation 13 (General requirements to be met by a qualifying cryptoasset disclosure document or supplementary disclosure document); (e) regulation 15 (Withdrawal rights);  (f) regulation 21 (Designated activity rules: market abuse in qualifying cryptoassets and related instruments); (g) regulation 30 (Systems and procedures for trading relevant qualifying cryptoassets and related instruments);  (h) regulation 36 (Disapplication or modification of rules); and (i) paragraph 8 (“Protected forward-looking statement”) of Part 2 (Further exemption relating to forward-looking statement) of Schedule 2 (Compensation: exemptions); and (3) the other rule and guidance making powers listed in Schedule 4 (Powers exercised) to the General Provisions of the FCA’s Handbook. B. The rule-making powers listed above are specified for the purpose of section 138G(2) (Rule-making instruments) of the Act. Commencement C. This instrument comes into force on [date].

FCA 202X/XX Page 2 of 14 Amendments to the Handbook [Editor’s note: The Annex to this instrument takes into account the proposals and legislative changes suggested in the following consultation papers: (1) ‘Stablecoin Issuance and Cryptoasset Custody’ (CP25/14); (2) ‘Regulating Cryptoasset Activities’ (CP25/40); and (3) ‘Regulating Cryptoassets: Admissions & Disclosures and Market Abuse Regime for Cryptoassets’ (CP25/41), as if they were made final.] D. The Cryptoasset sourcebook (CRYPTO) is amended in accordance with the Annex to this instrument. Notes E. In this instrument, the notes (indicated by “Editor’s note:”) are included for the convenience of readers. Citation F. This instrument may be cited as the Cryptoasset sourcebook (Amendment) Instrument 202X. By order of the Board [date]

FCA 202X/XX Page 3 of 14 Annex Amendments to the Cryptoasset sourcebook (CRYPTO) In this Annex, underlining indicates new text and striking through indicates deleted text, unless otherwise stated. 2 Stablecoins … 2.3 Appointment of third parties … Appointing a third party: contractual requirements 2.3.15 R Where a firm appoints a third party to carry out all or part of the activity of issuing qualifying stablecoin, it must have in place a contract with that third party which meets all of the following conditions: … (2) it enables the firm to request and obliges the third party to provide to the firm information that is sufficient to enable the firm to meet the rules to which it is subject in the regulatory system; and (3) it enables the firm to request and obliges the third party to provide to the firm further information where requested for the purposes of enabling the firm to make an informed assessment of whether it is compliant with its obligations under the regulatory system.; and (4) it includes provisions requiring the third party to: (a) immediately forward any complaint it receives relating to the activity of issuing qualifying stablecoin to the firm; (b) provide appropriate information on the firm’s procedures for the handling of complaints on the third party’s website and in any other communications or medium through which the third party provides key information about the activity of the firm or features of the qualifying stablecoin product to holders; and (c) provide appropriate information on how the holder of a qualifying stablecoin may contact the firm, including making clear what role (if any) the third party plays in customer service on the third party’s website and in any other communications or medium through which the third party provides key information about the activity of the firm or features of the qualifying stablecoin product to holders.

FCA 202X/XX Page 4 of 14 Insert the following new section, CRYPTO 3.12, after CRYPTO 3.11 (Offers to the public of qualifying cryptoassets admitted to trading). All the text is new and is not underlined. 3.12 Advertisements and other disclosures of information Application 3.12.1 R (1) This section applies to the communication of an advertisement that relates to: (a) the admission to trading of a qualifying cryptoasset on a UK QCATP; (b) the proposed admission to trading of a qualifying cryptoasset on a UK QCATP; or (c) the offer of a qualifying cryptoasset to the public that is conditional on the admission of the qualifying cryptoasset to trading on a UK QCATP by virtue of paragraph 6(a) of Schedule 1 to the Cryptoassets Regulations. (2) This section does not apply to the communication of an advertisement: (a) where a QCDD is not required to be published by CRYPTO 3.3; or (b) that relates to a UK qualifying stablecoin. Consistency of information 3.12.2 R All information disclosed in oral or written form as an advertisement must be consistent with the QCDD or a supplementary disclosure document and must: (1) not contradict information in the QCDD or a supplementary disclosure document, where already published; (2) not contradict information to be included in the QCDD or a supplementary disclosure document which is to be published at a later date; and (3) not refer to information which contradicts information in the QCDD or a supplementary disclosure document. Disclosure of information 3.12.3 G The requirements in regulation 11(2) of the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 apply for the purposes of this chapter as if they were guidance, except insofar as they relate to an offer of a UK qualifying stablecoin by virtue of paragraph 5 of Part 1 of

FCA 202X/XX Page 5 of 14 Schedule 1 (Exceptions from prohibition of offers to the public) to the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025, in which case they do not apply. Advertisements 3.12.4 R An advertisement must: (1) state that, where applicable, a QCDD or supplementary disclosure document has been, or will be, published and indicate where investors are, or will be, able to obtain it, noting the identification requirements in CRYPTO 3.12.6R; (2) be clearly recognisable as an advertisement and identify itself as such; and (3) be accurate and not misleading. 3.12.5 R Information disclosed in the advertisement in oral or written form must not present the information in the QCDD or supplementary disclosure document in a materially unbalanced way, including by: (1) presenting negative aspects of information with less prominence than the positive aspects, or (2) omitting or selectively presenting certain information. Identification of the QCDD or supplementary disclosure document 3.12.6 R An advertisement must clearly identify the relevant QCDD or supplementary disclosure document by: (1) identifying the website on which the QCDD or supplementary disclosure document is published, or will be published, where the advertisement is disseminated in written form and by means other than electronic means; (2) including a hyperlink to the QCDD or supplementary disclosure document where the advertisement is disseminated in written form by electronic means, or by including a hyperlink to the page of the website where the QCDD or supplementary disclosure document will be published if those documents have not yet been published; and (3) including accurate information about where the QCDD or supplementary disclosure document may be obtained and accurate information about the admission to trading of the qualifying cryptoassets on a UK QCATP to which it relates, where the advertisement is disseminated in a form or by means not falling within the scope of (1) or (2).

FCA 202X/XX Page 6 of 14 Further content requirements for an advertisement disseminated to potential retail investors 3.12.7 R (1) Advertisements disseminated to potential retail investors must include: (a) the word ‘advertisement’ in a prominent manner; and (b) a recommendation that potential investors read the QCDD before making an investment decision in order to fully understand the potential risks and rewards associated with the decision to invest in the qualifying cryptoasset. (2) Where an advertisement is disseminated in an oral form, the purpose of the communication must be clearly identified at the beginning of the message. 3.12.8 R Advertisements in written form which are disseminated to potential retail investors must be sufficiently different in format and length from the QCDD or supplementary disclosure document that no confusion with the QCDD or supplementary disclosure document is possible. Dissemination of advertisements 3.12.9 R Advertisements disseminated to potential investors must be amended where: (1) a supplementary disclosure document is subsequently published in accordance with the rule required by CRYPTO 3.3.1R(2) or CRYPTO 3.3.3R(2); and (2) the significant new factor, material mistake or material inaccuracy mentioned in the supplementary disclosure document renders the previously disseminated advertisement materially inaccurate or misleading. 3.12.10 R With the exception of orally disseminated advertisements, advertisements amended pursuant to CRYPTO 3.12.9R must be disseminated through, at a minimum, the same method as the previous advertisement. 3.12.11 R CRYPTO 3.12.9R does not apply after the time when trading on a qualifying CATP begins. 3.12.12 R Advertisements amended pursuant to CRYPTO 3.12.9R must be disseminated to potential investors without undue delay following the publication of the supplementary disclosure document and must contain all of the following: (1) a clear reference to the inaccurate or misleading version of the advertisement;

FCA 202X/XX Page 7 of 14 (2) an explanation that the advertisement has been amended as it contained materially inaccurate or misleading information; and (3) a clear description of the differences between the two versions of the advertisement. Amend the following as shown. 3 Admission of qualifying cryptoassets to trading on a UK QCATP and offers to the public of qualifying cryptoassets admitted to trading 3.1 Purpose and application … Application 3.1.2 G This chapter applies as follows, unless the provisions of a section or rule state otherwise: … (8) CRYPTO 3.10 (Record keeping) applies to a UK QCATP operator; and (9) CRYPTO 3.11 (Offers to the public of qualifying cryptoassets admitted to trading) applies to any person making an offer of a qualifying cryptoasset to the public.; and (10) CRYPTO 3.12 (Advertisements and other disclosures of information) applies to the communication of advertisements in relation to the admission to trading of a qualifying cryptoasset on a UK QCATP, the proposed admission to trading of a qualifying cryptoasset on a UK QCATP, or the offer of a qualifying cryptoasset to the public. 3.1.3 G CRYPTO 3.2 to CRYPTO 3.7, and CRYPTO 3.11 and CRYPTO 3.12 do not apply to offers of qualifying cryptoassets to the public which relate to UK qualifying stablecoins or the admission to trading of UK qualifying stablecoins on a UK QCATP. There are specific rules in respect of UK qualifying stablecoins in CRYPTO 2, CRYPTO 3.8 and CRYPTO 3.9. … 8 Record keeping and reporting: client orders and transactions 8.1 Purpose and application … Application

FCA 202X/XX Page 8 of 14 8.1.2 R … 8.1.3 R This chapter does not apply to the reporting of qualifying cryptoasset lending or borrowing transactions. … 9 Cryptoasset lending and borrowing … 9.6 Qualifying cryptoasset borrowing collateral Provision of qualifying cryptoasset borrowing collateral … 9.6.2 R … 9.6.2A G CRYPTO 9.6.2R(1) does not require the firm itself to receive the qualifying cryptoasset borrowing collateral from the retail client; instead, the firm may arrange for another person to safeguard the qualifying cryptoasset borrowing collateral for the retail client, in accordance with the conditions set out in CRYPTO 9.6.6R. Additional qualifying cryptoasset borrowing collateral … 9.6.5 R … Restriction on re-use of qualifying cryptoasset borrowing collateral 9.6.6 R (1) Where the qualifying cryptoasset borrowing collateral provided by a retail client pursuant to CRYPTO 9.6.2R(1) is a qualifying cryptoasset or relevant specified investment cryptoasset, a firm must ensure the outcome in either (a) or (b), and must also comply with (c): (a) provided the firm has Part 4A permission to carry on safeguarding cryptoassets, the firm structures the collateral arrangements so that it is itself carrying on the regulated activity of safeguarding cryptoassets in relation to the qualifying cryptoasset borrowing collateral; or (b) provided the firm has Part 4A permission to carry on arranging cryptoasset safeguarding, the firm structures the collateral arrangements so that it carries on the regulated activity of arranging cryptoasset safeguarding in relation to the qualifying cryptoasset borrowing collateral, with the effect that an authorised person with permission to carry on the regulated activity of safeguarding cryptoassets is carrying on that

FCA 202X/XX Page 9 of 14 regulated activity for the firm’s retail client in relation to the qualifying cryptoasset borrowing collateral; and (c) the firm must ensure that any collateral arrangements in the course of either (a) or (b) do not result in the firm or any other person obtaining full ownership of the qualifying cryptoasset borrowing collateral other than where the retail client has provided express prior consent to a transfer of full ownership in order to discharge the retail client’s indebtedness to the firm in accordance with CASS 17.3.10R. (2) Where the qualifying cryptoasset borrowing collateral provided by the retail client pursuant to CRYPTO 9.6.2R(1) is a security or a contractually based investment, a firm must ensure the outcome in either (a) or (b), and must also comply with (c): (a) provided the firm has Part 4A permission to carry on safeguarding and administration of assets (without arranging), the firm structures the collateral arrangements so that it is itself carrying on the regulated activity of safeguarding and administering investments in relation to the qualifying cryptoasset borrowing collateral; or (b) provided the firm has Part 4A permission to carry on arranging safeguarding and administration of assets, the firm structures the collateral arrangements so that it arranges for one or more other persons to safeguard the qualifying cryptoasset borrowing collateral, with the effect that an authorised person with permission to carry on the regulated activity of safeguarding and administering investments is carrying on that regulated activity for the firm’s retail client in relation to the qualifying cryptoasset borrowing collateral; and (c) the firm must ensure that any collateral arrangements in the course of either (a) or (b) do not result in the firm or any other person obtaining full ownership of the qualifying cryptoasset borrowing collateral other than where the retail client has provided express prior consent to a transfer of full ownership in order to discharge the retail client’s indebtedness to the firm. (3) Where the qualifying cryptoasset borrowing collateral is money, the firm must ensure that the collateral arrangements do not result in the firm or any other person obtaining full ownership of the qualifying cryptoasset borrowing collateral other than where the retail client has provided express prior consent to a transfer of full ownership in order to discharge the retail client’s indebtedness to the firm. 9.6.7 G (1) A consequence of CRYPTO 9.6.6R(1) is that the retail client has the benefit of the protections of the cryptoasset safeguarding rules in CASS 17 in relation to any qualifying cryptoasset borrowing collateral which is a qualifying cryptoasset or specified investment cryptoasset.

FCA 202X/XX Page 10 of 14 (2) The rules at CASS 17.3.4R(4) and CASS 17.3.6R(6) restrict how that qualifying cryptoasset borrowing collateral may be used. (3) A consequence of CRYPTO 9.6.6R(2) is that the retail client has the benefit of the protections of the custody rules in CASS 6 in relation to any qualifying cryptoasset borrowing collateral which is a security or a contractually based investment. … Insert the following new section, CRYPTO 9.9, after CRYPTO 9.8 (Loan levels and limits). All the text is new and is not underlined. 9.9 Client reporting requirements 9.9.1 R This section applies to a qualifying cryptoasset firm when providing a qualifying cryptoasset lending or borrowing service to a client. Reporting transactions 9.9.2 R (1) A firm must provide a report to each client on the execution of each qualifying cryptoasset lending or borrowing transaction that relates to them. (2) This report must be provided promptly and no later than 23:59:59 UTC on the day on which the order was executed or on which the information was received by the firm. 9.9.3 R A firm does not need to provide a report in accordance with CRYPTO 9.9.2R where a client has agreed in writing they do not want to receive it on this basis. 9.9.4 G Where a firm and its client agree to proceed in accordance with CRYPTO 9.9.3R, the firm may provide reports to that client on an aggregated basis on terms to be agreed with that client. 9.9.5 G For the purposes of CRYPTO 9.9.2R(1), a qualifying cryptoasset lending or borrowing transaction includes all transactions between the firm and its client in the course of a qualifying cryptoasset lending or borrowing arrangement. 9.9.6 R A firm must provide the information required in this section in a durable medium or via a website, mobile application or any other digital medium that the firm may be using in relation to the provision of its qualifying cryptoasset lending or borrowing service (where it does not constitute a durable medium) where the website conditions are satisfied. Cancellations

FCA 202X/XX Page 11 of 14 9.9.7 R (1) Where a qualifying cryptoasset lending or borrowing transaction has been cancelled, a firm must provide the client with confirmation of, and a reason for, the cancellation. (2) The information in (1) must be provided promptly and no later than 23:59:59 UTC on the day on which the order was cancelled. Client requests for information 9.9.8 R A client may request, at any time, that a firm provide them with the information in CRYPTO 9.9.9R, in relation to that client: (1) for all qualifying cryptoasset lending or borrowing transactions (including cancellations); (2) for the period of 3 years preceding the request; and (3) in a medium compliant with CRYPTO 9.9.6R, irrespective of whether they agree with the firm not to receive a report in accordance with CRYPTO 9.9.2R. Content of client reports 9.9.9 R The report provided by a firm under CRYPTO 9.9.2R(1) must include all information identified in column (2) of CRYPTO 9 Annex 1R. Periodic reporting 9.9.10 R (1) A firm which provides qualifying cryptoasset lending or borrowing services to a client must provide the client with a periodic statement unless: (a) such a statement is provided by another person; or (b) all of the conditions in (2) are satisfied. (2) The conditions referred to (1)(b) are that: (a) the firm provides the client with access to an online system, application or digital medium which meets the requirements in CRYPTO 9.9.6R; (b) the system in (a) provides the client with easy access to up-to￾date valuations of the information identified in column (3) of CRYPTO 9 Annex 1R; and (c) the firm has evidence that the client has accessed the online system in (a) at least once during the previous quarter. (3) The periodic statement must include the information identified in column (3) of CRYPTO 9 Annex 1R.

FCA 202X/XX Page 12 of 14 9.9.11 R The periodic statement must be provided once every 6 months, except in the following cases: (1) if the retail client so requests, the periodic statement must be provided every 3 months; (2) if the client has agreed in writing they do not want to receive it on this basis and elects to solely receive information about a qualifying cryptoasset lending or borrowing arrangement on a transaction-by￾transaction basis, the periodic statement must be provided at least once every 12 months. 9.9.12 R A firm must inform a retail client that they have the right to request the provision of a periodic statement every 3 months. 9 Annex 1R Information to be provided to qualifying cryptoasset lending or borrowing clients (1) Data field (2) Trade confirmation information (3) Periodic report information (1) The name of the firm N Y (2) The name or other designation of the retail client’s account N Y (3) The amount of qualifying cryptoassets provided by the firm to the client in the qualifying cryptoasset lending or borrowing transaction; Y Y (4) The total amount of qualifying cryptoassets provided to or received by the client in a qualifying cryptoasset lending or borrowing arrangement N Y (5) The type of each qualifying cryptoasset provided in a qualifying cryptoasset Y Y

FCA 202X/XX Page 13 of 14 lending transaction or arrangement by the client to the firm ( 6 ) The total amount of yield owed to the client by the firm in relation to the qualifying cryptoasset lending arrangement N Y ( 7 ) The total amount of yield paid to the client by the firm in relation to the qualifying cryptoasset lending arrangement N Y ( 8 ) The fees, charges, interest or commission charged to the client for the qualifying cryptoasset lending or borrowing transaction Y N ( 9 ) The total fees, charges, interest or commission charged to the client for each qualifying cryptoasset lending or borrowing arrangement N Y ( 1 0 ) The total amount of qualifying cryptoassets provided or received in the qualifying cryptoasset lending or borrowing arrangement lost per day due to operational disruptions N Y (1 1 ) The qualifying cryptoasset borrowing collateral provided by the client for each qualifying cryptoasset borrowing arrangement N Y

FCA 202X/XX Page 14 of 14 (12) The value of the qualifying cryptoasset borrowing collateral provided by the client for each qualifying cryptoasset borrowing arrangement in GBP Y Y (13) Whether the qualifying cryptoassets provided by the client for qualifying cryptoasset borrowing collateral are safeguarded by the firm or another party Y Y (14) The identity of any third party safeguarding the qualifying cryptoasset borrowing collateral provided by the client Y Y (15) The outstanding balance owed by the client to the firm in a qualifying cryptoasset borrowing arrangement N Y (16) Details of the remainder of any loan period of a qualifying cryptoasset borrowing arrangement N Y

FCA 202X/XX CRYPTOASSETS (SAFEGUARDING) INSTRUMENT 202X

Powers exercised A. The Financial Conduct Authority (“the FCA”) makes this instrument in the exercise of the powers and related provisions in or under: (1) the following powers and related provisions in the Financial Services and Markets Act 2000 (“the Act”): (a) section 137A (The FCA’s general rules); (b) section 137T (General supplementary powers); and (c) section 139A (Power of the FCA to give guidance); and (2) the other powers and related provisions listed in Schedule 4 (Powers exercised) to the General Provisions of the FCA’s Handbook. B. The rule-making provisions listed above are specified for the purposes of section 138G(2) (Rule-making instruments) of the Act. Commencement C. This instrument comes into force on [date]. Amendments to the Handbook D. The Client Assets sourcebook (CASS) is amended in accordance with the Annex to this instrument. Notes E. In the Annex to this instrument, the notes (indicated by “Editor’s note:”) are included for the convenience of readers but do not form part of the legislative text. Citation F. This instrument may be cited as the Cryptoassets (Safeguarding) Instrument 202X. By order of the Board [date]

FCA 202X/XX Page 2 of 35 Annex Amendments to the Client Assets sourcebook (CASS) In this Annex, underlining indicates new text and striking through indicates deleted text, unless otherwise stated. [Editor’s note: This Annex takes into account the proposals and legislative changes in relation to CASS 16 (Stablecoin backing assets) included in the consultation paper ‘Stablecoin Issuance and Cryptoasset Custody’ (CP25/14) as if they were made final.] 6 Custody rules 6.1 Application 6.1.1 R This chapter (the custody rules) applies to a firm: … (1A) when it holds financial instruments belonging to a client which are not relevant specified investment cryptoassets in the course of its MiFID business; … … Insert the following new chapter, CASS 17, after CASS 16 (Stablecoin backing assets). All the text is new and is not underlined. 17 Cryptoasset safeguarding rules 17.1 Application 17.1.1 R Subject to CASS 17.1.3R, this chapter (the cryptoasset safeguarding rules) applies to a firm in relation to regulated activities carried on by it from an establishment in the UK. 17.1.2 G (1) Specific sections within the cryptoasset safeguarding rules have a narrower application than that set out in CASS 17.1.1R. (2) CASS 17.3 (Cryptoasset safeguarding trusts) also applies to a firm when it is safeguarding cryptoassets. However, the rule at CASS 17.3.3R requires the firm to act as a trustee when it is safeguarding cryptoassets, subject to certain exceptions. The rule at CASS 17.3.18R permits the firm to hold other cryptoassets within the same trust or trusts, as an operational surplus, and subject to certain conditions. Cryptoassets that are required or permitted to be held in trust under those provisions of CASS 17.3 (Cryptoasset safeguarding

FCA 202X/XX Page 3 of 35 trusts) are termed ‘client cryptoassets’ in the cryptoasset safeguarding rules. (3) CASS 17.2 (General safeguarding requirements), CASS 17.4 (Means of access) and CASS 17.5 (Records of cryptoassets and reconciliations) apply to a firm when it is, as a trustee under CASS 17.3.3R, safeguarding cryptoassets which are client cryptoassets (and therefore including any operational surplus that is permitted under CASS 17.3.18R). (4) CASS 17.6 (Appointing third parties to safeguard cryptoassets) applies to a firm when it is both safeguarding cryptoassets and arranging cryptoasset safeguarding in relation to the same client cryptoassets. (5) CASS 17.7 (Arranging cryptoasset safeguarding) applies to a firm when it merely arranges cryptoasset safeguarding. 17.1.3 R This chapter does not apply to a UK QCATP operator which is an overseas firm and whose Part 4A permission for cryptoasset safeguarding is subject to a requirement (or a requirement imposed under section 55L(5) of the Act) to: (1) not carry on the regulated activity of cryptoasset safeguarding other than by having control of qualifying cryptoassets to facilitate the settlement of transactions executed on a UK QCATP; and (2) in the course of carrying on the regulated activity of cryptoasset safeguarding in accordance with (1), not accept any qualifying cryptoassets from any UK user other than qualifying cryptoassets received via a member of its group who is subject to and acting in accordance with CASS 17.3.5R. 17.1.4 G (1) The exemption at CASS 17.1.3R permits a UK QCATP operator whose settlement arrangements would involve the regulated activity of cryptoasset safeguarding (for example, because users of the UK QCATP have a right against the UK QCATP operator for the return of cryptoassets) to not have to treat qualifying cryptoassets which it controls as part of those settlement arrangements as client cryptoassets. (2) The exemption at CASS 17.1.3R only applies to a UK QCATP operator if its Part 4A permission is subject to a requirement, either at the FCA’s own initiative or following the voluntary application by the firm, in the terms set out at CASS 17.1.3R(1) and (2). (3) The effect of the part of that requirement which is set out at CASS 17.1.3R(2), together with CASS 17.3.5R, is to limit the amount of qualifying cryptoassets which would be owed to UK users which do not have the protection of CASS 17.

FCA 202X/XX Page 4 of 35 17.1.5 G (1) For the purposes of the cryptoasset safeguarding rules, any two cryptoassets should be considered as falling within the same ‘class’ of cryptoasset if they are fungible with each other and are both instances of the same single product. (2) For example, two qualifying stablecoins which are both instances of the same qualifying stablecoin product should be considered to be in the same ‘class’. (3) Similarly, two qualifying cryptoassets should not be considered as falling within the same ‘class’ of cryptoasset unless they are both instances of the same single product. This means that a wrapped token or a liquid staking token would not fall within the same ‘class’ as the relevant underlying cryptoasset. Requirement to act compatibly with consumer duty 17.1.6 R When applying the cryptoasset safeguarding rules in relation to a firm’s retail market business, the firm must act compatibly with its obligations under Principle 12 and PRIN 2A (The Consumer Duty). 17.2 General safeguarding requirements 17.2.1 R This section applies to a firm when it is safeguarding cryptoassets which are client cryptoassets. Requirement for adequate organisational arrangements 17.2.2 R A firm must, when safeguarding cryptoassets which are client cryptoassets, introduce and maintain adequate organisational arrangements to: (1) protect the relevant client’s rights in relation to the client cryptoassets, including in the event of the firm’s insolvency; and (2) minimise the risk of the loss or diminution of client cryptoassets being safeguarded by the firm, or of the rights in connection with those client cryptoassets, as a result of the misuse of the client cryptoassets, fraud, poor administration, inadequate record-keeping or negligence. 17.3 Cryptoasset safeguarding trusts 17.3.1 R This section applies to a firm when it is safeguarding cryptoassets. Context and purpose 17.3.2 G (1) The scope of the regulated activity of safeguarding cryptoassets covers a range of legal relationships between the firm and the client in relation to a qualifying cryptoasset or relevant specified investment cryptoasset. It does not only apply where a cryptoasset that is controlled by a firm belongs to a client.

FCA 202X/XX Page 5 of 35 (2) Where the other conditions of the scope of the activity are met, the regulated activity of safeguarding cryptoassets is carried on in cases where the client is the beneficial owner of the cryptoasset, and also in certain cases where the client has a right against the firm for return of a cryptoasset. The scope of the regulated activity for the latter type of case (where the client has a right for return) depends on whether the firm and client have entered into a title transfer collateral arrangement or repurchase agreement and on whether the client is a ‘consumer’. (3) It is important that, in line with the requirements in CASS 17.2, clients’ rights to cryptoassets which are being safeguarded are adequately protected through the use of trusts which can withstand competing claims to those cryptoassets, for example in the insolvency of the firm which is carrying on the regulated activity of safeguarding cryptoassets. However, certain other services which clients may engage a firm which is carrying on the regulated activity of safeguarding cryptoassets to provide in relation to cryptoassets would not be compatible with cryptoassets being held on trust. (4) The purpose of this section is to: (a) set out a general requirement which would prohibit a firm from carrying on the regulated activity of safeguarding cryptoassets under any of those sorts of legal relationships that are within the scope of that regulated activity other than as a trustee; (b) provide certain exceptions to that requirement to act as a trustee, subject to particular conditions being met; and (c) set out other more specific requirements which a firm must meet when that requirement to act as a trustee applies. Requirement to safeguard as a trustee 17.3.3 R Unless otherwise permitted in this section, a firm must ensure that it is, at all times, a trustee of any cryptoasset in relation to which it carries on the regulated activity of safeguarding cryptoassets, under trust arrangements which comply with CASS 17.3.12R. Exception from acting as a trustee for cryptoasset lending 17.3.4 R (1) A firm is not required to hold a cryptoasset as a trustee under CASS 17.3.3R or, if it is already holding a client cryptoasset as a trustee under CASS 17.3.3R, the firm may cease to treat a cryptoasset as a client cryptoasset, where the client on behalf of whom the firm is safeguarding the cryptoasset has engaged the firm to provide a qualifying cryptoasset lending service in relation to that cryptoasset. (2) The exemption in (1) only applies during the period for which the qualifying cryptoasset lending service is being provided in relation to that cryptoasset.

FCA 202X/XX Page 6 of 35 (3) Once that qualifying cryptoasset lending service in relation to a cryptoasset has ended for any reason, including by prior agreement or if the client has exercised any right to require that service to cease in relation to a cryptoasset, the exemption in (1) no longer applies. (4) A firm may not use the exemption in (1) in relation to any cryptoasset which represents qualifying cryptoasset borrowing collateral, whether the obligations which the cryptoasset secures are owed to the firm itself or to another authorised person who has, under CRYPTO 9.6.6R(1)(b), arranged for the firm to carry on the regulated activity of safeguarding cryptoassets. Exception from acting as a trustee for qualifying cryptoasset trading platforms 17.3.5 R A firm may cease to treat a qualifying cryptoasset as a client cryptoasset, where: (1) the client on behalf of whom the firm is safeguarding the qualifying cryptoasset is also a user of a UK QCATP operated by the firm itself or another person in the firm’s group; (2) that client is trading, or has made it clear to the firm that they intend to trade, with qualifying cryptoassets of that class using that UK QCATP; (3) as part of the day-to-day operation of that UK QCATP, the UK QCATP operator needs to take control of qualifying cryptoassets to facilitate the settlement of transactions executed on that UK QCATP; (4) the firm has obtained the client’s prior informed consent, in accordance with CASS 17.3.11R, to the qualifying cryptoasset ceasing to be a client cryptoasset in order for transactions executed on the UK QCATP in that class of qualifying cryptoasset to settle; and (5) at all times, the amount of cryptoassets of a particular class which the firm is not treating as client cryptoassets under this rule for the client does not exceed 1% of the total amount of cryptoassets of that particular class which remain in the firm’s trusteeship for that client under CASS 17.3.3R. Exception from acting as a trustee where necessary for other services 17.3.6 R (1) A firm is not required to hold a cryptoasset as a trustee under CASS 17.3.3R or, if it is already holding a client cryptoasset as a trustee under CASS 17.3.3R, the firm may cease to treat that cryptoasset as a client cryptoasset, where: (a) the client on behalf of whom the firm is safeguarding the cryptoasset has engaged the firm to provide a service (other than services described in CASS 17.3.4R or CASS 17.3.5R);

FCA 202X/XX Page 7 of 35 (b) in order to provide that service to the client, the firm has concluded that it is necessary: (i) for the firm to have ownership of the cryptoasset; and/or (ii) for the firm to effect a transfer of ownership of the cryptoasset to another person; and (c) the firm has obtained the client’s prior informed consent, in accordance with CASS 17.3.11R, to that transfer of ownership in order for the service to be provided. (2) Where a service for which the firm has relied on under (1) ends, or where it is no longer necessary for the firm or another person to have ownership of cryptoassets, the exemption in (1) no longer applies. (3) For each distinct service for which the firm intends to rely on (1), and prior to providing that service to any client, the firm must make a record of the reasons for concluding that it is necessary for the firm to have ownership of cryptoassets, or to effect a transfer of ownership of cryptoassets to another person, in order to provide that service (the ‘client cryptoasset trust exemption record’). (4) For the purposes of (3), a service must be considered ‘distinct’ if it has different technical features, a different purpose, or a different type of risk to the client to a service which has already been assessed by the firm. (5) The firm must retain each client cryptoasset trust exemption record made under (3) for a period of 5 years after it has stopped providing the relevant service. (6) A firm may not use the exemption in (1) in relation to any cryptoasset which represents qualifying cryptoasset borrowing collateral, whether the obligations which the cryptoasset secures are owed to the firm itself or to another authorised person who has, under CRYPTO 9.6.6R(1)(b), arranged for the firm to carry on the regulated activity of safeguarding cryptoassets. 17.3.7 G (1) The reference to ‘distinct’ service in CASS 17.3.6R(3) should be interpreted on a granular basis, meaning that a firm should investigate and conclude that a transfer of ownership is necessary in relation to the specific features of the service. For example, if a firm intends to rely on CASS 17.3.6R(1) in order to carry on the activity of arranging qualifying cryptoasset staking, it should make a record under CASS 17.3.6R(3) for each staking protocol in relation to which it will provide services. (2) For the purposes of CASS 17.3.6R(1), the term ‘service’ should not be limited to services which only comprise regulated activities.

FCA 202X/XX Page 8 of 35 Exception from acting as a trustee to act on client instructions to transfer 17.3.8 R A firm may cease to treat a cryptoasset as a client cryptoasset where: (1) the relevant client has given the firm an express and specific instruction to effect a transfer of an amount or value of their client cryptoassets to another person, or to the client themselves; and (2) the firm has acted on that instruction. 17.3.9 G (1) The reference to an ‘express and specific instruction’ at CASS 17.3.8R(1) means that the rule cannot be relied on where the client has given the firm a mandate in relation to their client cryptoassets without any specific instruction for any particular transfer, for example, a discretionary investment mandate. For such a service where there is no express and specific client instruction, a firm may be able to rely on CASS 17.3.6R provided that the conditions in that rule are met. (2) Following a transfer under CASS 17.3.8R to another person, the firm would be required to hold the cryptoasset in accordance with the requirements in this section if it is carrying on the regulated activity of safeguarding cryptoassets for that other person in relation to that cryptoasset. This may mean that the firm will be required to hold that cryptoasset as a trustee for that other person. Exception from acting as a trustee where the client is indebted to the firm 17.3.10 R A firm may cease to hold a client cryptoasset as a trustee under CASS 17.3.3R for the benefit of the client on behalf of whom the firm is safeguarding the cryptoasset where: (1) that client has given the firm a right, through a written binding agreement, to take ownership of their cryptoassets in order to discharge an obligation that the client owes to the firm; and (2) the firm has exercised that right in accordance with the terms of that written agreement in relation to that client cryptoasset. Obtaining a client’s consent 17.3.11 R (1) This rule sets out steps which a firm must take in the course of obtaining a client’s prior informed consent under CASS 17.3.5R(4) or CASS 17.3.6R(1)(c). (2) For any retail market business, the firm’s process for obtaining prior informed consent must be compatible with the firm’s obligations under Principle 12 and PRIN 2A (The Consumer Duty).

FCA 202X/XX Page 9 of 35 (3) In the course of seeking consent, the firm must specifically and clearly explain to the client the risks to the client of the cryptoasset not being held in trust, including in the event of the firm’s failure. (4) Any consent provided by a client must be obtained in writing and a record of it (the ‘client cryptoasset trust exemption consent record’) must be retained for a period of 5 years after the firm has stopped relying on the consent to use the exemption at CASS 17.3.5R(1) or CASS 17.3.6R(1), as applicable. Setting up and operating client cryptoasset trusts 17.3.12 R For any client cryptoasset, the firm must ensure that: (1) the trust under which it is held is created and operated by the firm in accordance with applicable legal requirements for trusts in the UK; (2) the terms of any such trust are clearly documented with the effect that it is clear the trust is intended and it is clear what the terms are; and (3) the terms and operation of the trust by the firm deliver the objectives and include the provisions set out in CASS 17.3.15R. 17.3.13 G To comply with CASS 17.3.12R(2) a firm may, for example, execute a deed or similar formal instrument. 17.3.14 R (1) A firm must retain any document required under CASS 17.3.12R(2) setting out the terms of a trust from the point at which the trust is created or the terms of the trust amended. (2) A firm must retain any document required under CASS 17.3.12R(2) setting out the terms of a trust and details of any amendments which were made to the terms after the trust was first created, until 5 years after the trust has been brought to an end. 17.3.15 R A firm must ensure that the terms and operation of any trust under which a client cryptoasset is held deliver the objectives at (1) and (2) and include the provisions at (3) and (4): (1) the firm must act as a trustee in relation to the client cryptoassets as well as in relation to any rights which can be exercised by virtue of the firm safeguarding cryptoassets, with the effect that: (a) the firm must be required to respond to the lawful instructions of the relevant client in relation to the client cryptoassets; and (b) save for having the necessary powers to comply with any applicable rules or legal requirements, or unless otherwise agreed with the client, the firm must not have any discretion in applying, investing or otherwise using any client cryptoassets which are trust property;

FCA 202X/XX Page 10 of 35 (2) subject to CASS 17.3.18R, the client cryptoassets held under the trust must be segregated from all other assets, with the effect that: (a) the client cryptoassets pertaining to the trust are not co-mingled with any other assets (for example, any assets for which the firm is not carrying on safeguarding cryptoassets, any assets for which the firm is relying on an exception to act as a trustee under this section, and any assets which are held under any other separate trust that is created to meet CASS 17.3.3R); (b) it is not possible for any creditor of the firm who is not a beneficiary of the trust to claim the client cryptoassets pertaining to the trust; and (c) where there is, or is intended to be, more than one beneficiary of a trust, it is not possible for one beneficiary to claim the entitlement in the trust of another beneficiary; (3) where there is, or is intended to be, more than one beneficiary of a trust, the terms of that trust must set out how any shortfalls in the trust property, whether within a particular class of client cryptoasset or across all classes of client cryptoassets within the trust, are to be allocated between the beneficiaries; and (4) the terms of the trust must set out whether or not the client cryptoassets held in trust may be applied towards funding the distribution costs of the trust on the failure of the trustee and, if the terms do provide for this, the basis on which that funding will be deducted from the entitlements of the beneficiaries. 17.3.16 G (1) A firm should decide on an approach to settling and operating trusts under the rules in this section which is suitable for its business model, its client base and the types of client cryptoassets for which it will be safeguarding. In particular: (a) a firm may decide whether to operate separate trusts for each client or one or more ‘tenants in common’ trusts for a particular class of clients (which may include all clients); (b) a firm may decide whether to operate separate trusts for different classes of client cryptoasset; and (c) a firm may decide whether to segregate separate trusts using separate virtual addresses or devices or to combine client cryptoassets at different virtual addresses or devices into the same trust. (2) (a) A firm should consider whether the objective in relation to segregation at CASS 17.3.15R(2) can be achieved through the

FCA 202X/XX Page 11 of 35 use of different virtual addresses, with regard to the operation of the relevant network. (b) A particular network relevant to a type of client cryptoasset may affect the choices available to a firm in deciding how to implement a trust which complies with the rules in this section. (c) Where the network relies on another network for its functioning, a firm should ensure that the ownership of the client cryptoassets cannot be challenged or reversed through the operation of technology. (d) Allocating client cryptoassets which are safeguarded at the same single virtual addresses or same single device into different trusts would not meet the requirement for segregation at CASS 17.3.15R(2). (3) (a) A firm may decide how any shortfall in a trust should be allocated between beneficiaries, but in doing so a firm should consider the requirement at CASS 17.1.6R. (b) The FCA would generally expect a shortfall in a particular class of cryptoasset within a trust to be borne ‘pro rata’ by all clients for whom the firm is safeguarding cryptoassets of that particular class in that particular trust, in proportion to their beneficial interest in those cryptoassets. (4) The way in which a firm decides to set up its trust environment and the way in which it achieves the required segregation should be recorded in the firm’s client cryptoasset trust records. The client cryptoasset trust record 17.3.17 R (1) A firm must make and keep updated a record of each trust that it has created under CASS 17.3.3R which sets out the following details for that trust (the ‘client cryptoasset trust record’): (a) a unique identifier code for the trust; (b) the means by which the trust is segregated including, where applicable: (i) each relevant virtual address or device controlled by the firm at which cryptoassets pertaining to the trust are being safeguarded by the firm; (ii) the name of each third party who has been appointed to safeguard cryptoassets pertaining to the trust under CASS 17.6; and

FCA 202X/XX Page 12 of 35 (iii) the identifier of the relevant network for the trust property; (c) the name of each client who is a beneficiary of the trust; (d) the class or classes of cryptoassets held under the trust; (e) the location of the record of the terms of the trust required under CASS 17.3.14R; (f) whether or not the firm has decided for the trust to include an operational surplus under CASS 17.3.18R; and (g) if the trust has been brought to an end, the date of that occurring and the reason why it was brought to an end. (2) A client cryptoasset trust record must be made at the same time as the relevant trust is created, and it must be updated immediately: (a) upon making any changes to that trust; and (b) as necessary following any client cryptoasset reconciliation under CASS 17.5. (3) A client cryptoasset trust record must be retained for a period of 5 years after the relevant trust has been brought to an end. Permitted operational surplus in trusts 17.3.18 R A firm may decide to include, within any trust required to be created under CASS 17.3.3R, an amount of additional qualifying cryptoassets or relevant specified investment cryptoassets funded from the firm’s own resources in order to meet the firm’s operational needs (an ‘operational surplus’), provided the following conditions are met: (1) An operational surplus in a particular class of cryptoasset in a trust is only permitted if it is necessary in order for the firm to provide services to one or more clients for whom the firm is safeguarding cryptoassets of that class of cryptoasset in the same trust. (2) The amount of cryptoassets which form the operational surplus in any trust must not exceed a level that would be reasonably expected to be necessary, taking into account those services. (3) The terms of the trust required under CASS 17.3.12R(2) and CASS 17.3.15R(3) must clearly set out that the firm’s claim in the trust to the operational surplus in a particular class of cryptoasset is always and unconditionally subordinated to the claims of clients to client cryptoassets of that class of cryptoasset in the trust. (4) When deciding to use a operational surplus in any trust that a firm operates under CASS 17.3.3R, the firm must make and retain a written

FCA 202X/XX Page 13 of 35 record of the reason for the operational surplus to be necessary in order for the firm to provide services to one or more clients for whom the firm is safeguarding cryptoassets in the same trust (the ‘per-trust operational surplus record’). (5) The firm must not remove or reduce an operational surplus unless the amount removed represents an excess, and is removed following a client cryptoasset reconciliation, in accordance with CASS 17.5.12R. 17.3.19 R A firm must retain any per-trust operational surplus record made under CASS 17.3.18R(4) for a period of 5 years until after the firm ceases to use the operational surplus in that particular trust. Guidance on trusts and appointing third parties 17.3.20 G (1) In cases where a firm appoints a third party to carry on the activity of safeguarding cryptoassets in accordance with CASS 17.6, the effect of CASS 17.3.3R and CASS 17.3.15R(1) means that the firm’s contractual rights against that third party in relation to the relevant client cryptoassets should be held on trust, because these are rights which can be exercised by virtue of the firm safeguarding cryptoassets. (2) A firm in the position referred to in (1) should also comply with the other requirements of CASS 17.6. 17.4 Means of access 17.4.1 R This section applies to a firm when it is safeguarding cryptoassets which are client cryptoassets. 17.4.2 R The rules in this section apply where a firm undertakes any of the following activities in relation to the means of access to a client cryptoasset: (1) generating or creating the means of access, or any similar process; (2) storing the means of access, in any form or medium of storage; (3) exercising any form of control over the means of access; (4) subjecting the means of access to any type of process; and (5) destroying the means of access. 17.4.3 G (1) Because the rules in this section apply where a firm is safeguarding cryptoassets which are client cryptoassets, this means that they do not apply where the firm does not have the requisite degree of ‘control’ as described at article 9N(4) of the Regulated Activities Order. (2) The definition of means of access includes part of a private cryptographic key, such as a shard.

FCA 202X/XX Page 14 of 35 (3) The requirements of this section will therefore apply to a firm when it is undertaking any of the processes set out at CASS 17.4.2R in relation to one or more shards, in cases where, for example: (a) the firm can direct other persons who hold shards in order for the firm to exercise ‘control’; or (b) the firm itself has a sufficient quantity of shards to exercise ‘control’ itself. (4) The record required at CASS 17.4.9R(1)(d) should explain how the firm’s holding of a particular shard enables it to exercise ‘control’, for example by setting out the reconstruction threshold for the relevant private cryptographic key. 17.4.4 G The scope of CASS 17.4.2R is broad and therefore the provisions in this section will apply to a range of activities and aspects of safeguarding cryptoassets, for example: (1) using ‘hot’ or ‘cold’ devices or facilities to store the means of access; (2) making and storing written records of the means of access; and (3) processing the means of access by sharding a private cryptographic key, and (if relevant) distributing the shards amongst the firm’s staff or other persons outside of the firm. 17.4.5 R A firm must have robust security and organisational arrangements to ensure that, throughout the entire lifecycle of any means of access to a client cryptoasset, the means of access are protected against the risks of inoperability, inaccessibility, loss and irrecoverability. 17.4.6 R A firm must promptly identify incidents of inoperability, inaccessibility, loss and irrecoverability to any means of access to a client cryptoasset. 17.4.7 R A firm must promptly resolve any incidents of inoperability, inaccessibility, loss and irrecoverability to any means of access to a client cryptoasset. 17.4.8 G In complying with CASS 17.4.5R to CASS 17.4.7R, a firm should, for example, consider whether, as relevant: (1) its security and organisational arrangements adhere to any relevant international and industry standard practices; (2) it is addressing any vulnerabilities to hacking and other risks of fraud and theft, including risks which originate from among the firm’s own staff; (3) it has a culture of detecting and acting on suspicious activity, including appropriate whistleblowing systems;

FCA 202X/XX Page 15 of 35 (4) it is addressing any risks of ‘single point of failure’ – for example, as a result of a concentration of means of access with too few members of staff or on too few devices; (5) it has appropriate back-up and recovery systems; (6) it has appropriate checks to ensure that the means of access remain accessible and operable, which themselves do not add undue security risks; and (7) it employs random and non-deterministic methods as part of its security arrangements to minimise the risk of irreproducibility of any important data. 17.4.9 R (1) For each means of access that a firm controls at any particular point in time, and from the point at which the firm has such control, the firm must make and maintain a record which sets out the following information (the ‘client cryptoasset means of access record’): (a) the location (whether digital or physical) at which that means of access is being held including, where relevant, the virtual address for that means of access; (b) a summary of the security measures which the firm has deployed for that means of access in accordance with CASS 17.4.5R, which must include the name of any other persons involved; (c) the name of any natural person, such as a member of staff of the firm, who the firm is aware is in a position to use that means of access; (d) the way in which the means of access, whether by itself or in combination with other means of access, affords the firm ‘control’ over the relevant cryptoasset or cryptoassets which it is safeguarding; and (e) whether the means of access has been destroyed (and, if so, when and the reason why it was destroyed). (2) The client cryptoasset means of access record under (1) must not contain or reproduce the means of access itself. (3) The components of the client cryptoasset means of access record under (1)(b) and (c) do not have to include the actual name of a person if doing so would compromise the firm’s ability to comply with CASS 17.4.5R, provided that the record includes sufficient information from which the person can be identified using other records maintained by the firm.

FCA 202X/XX Page 16 of 35 17.4.10 R (1) A firm must promptly update its client cryptoasset means of access records required to be made under CASS 17.4.9R as often as is necessary for the details within them to remain accurate. (2) A firm must review each client cryptoasset means of access record at least once each business day in order to ascertain whether any updates that were required by (1) remain outstanding. 17.4.11 R A firm must ensure that each client cryptoasset means of access record is retained for a period of 5 years starting from whichever is the later of: (1) the date it was created; or (2) the date it was most recently modified. 17.4.12 R (1) A firm must create, retain and maintain a means of access policy document and a means of access procedures document which, taken together, explain the firm’s means of complying with the requirements in CASS 17.4.5R to CASS 17.4.7R and CASS 17.4.9R to CASS 17.4.11R in clear and non-technical terms. (2) A firm must review the documents under (1) at least once every year and make any necessary changes. (3) A firm must retain each version of the documents required under (1) for a period of 5 years until after that version has been superseded with a new version. 17.5 Records of cryptoassets and reconciliations 17.5.1 R This section applies to a firm when it is safeguarding cryptoassets which are client cryptoassets. General requirements 17.5.2 R A firm must keep such records as necessary to enable it at any time and without delay to distinguish client cryptoassets held on behalf of one client from client cryptoassets held on behalf of any other client, and from any cryptoassets which are not client cryptoassets. 17.5.3 R A firm must maintain its records in a way that ensures their accuracy at all times, having regard to the business model of the firm and in particular the risks of: (1) records becoming unreliable due to the nature of the firm’s services and the networks relevant to the client cryptoassets; and (2) the firm breaching the rule at CASS 17.3.3R.

FCA 202X/XX Page 17 of 35 17.5.4 R (1) A firm must establish and maintain systems and controls so that it can accurately determine the following and promptly identify and resolve any discrepancies in accordance with the rules in this section: (a) for each trust that the firm has created under CASS 17.3.3R and in accordance with CASS 17.5.6R (The per-trust/client/class cryptoasset requirement), the number of client cryptoassets of a particular class it is required to be safeguarding for a particular client, taking into account its agreements with that client and any services that have been provided or are being provided to that client; and (b) for each trust that the firm has created under CASS 17.3.3R and in accordance with CASS 17.5.7R (The per-trust/class cryptoasset resource), how many client cryptoassets of a particular class it is safeguarding, whether itself or through the appointment of a third party under CASS 17.6. (2) A firm’s systems and controls under (1) must be designed to minimise the risks of inaccuracy, taking into account in particular: (a) the time of day at which any processes to comply with CASS 17.5.6R to CASS 17.5.10R are run; and (b) its arrangements for obtaining information from any third party appointed under CASS 17.6 in order to comply with CASS 17.5.7R. (3) A firm must create, retain and maintain a reconciliations policy document and a reconciliations procedures document which, taken together, explain and set out: (a) the firm’s rationale for its procedures to comply with the rules in this section in clear and non-technical terms; and (b) those procedures. (4) A firm must review the documents under (3) at least once every year, and make any necessary changes. (5) A firm must retain each version of the documents required under (2) for a period of 5 years until after that version has been superseded with a new version. 17.5.5 G A firm’s processes for maintaining its records under the rules in this section should be consistent with its client cryptoasset trust records. The per-trust/client/class cryptoasset requirement 17.5.6 R (1) A firm must calculate the per-trust/client/class cryptoasset requirement using the formula in (2) at least once each business day,

FCA 202X/XX Page 18 of 35 with the result that, for each trust that the firm has created under CASS 17.3.3R, it produces, separately for each client that is a beneficiary of that trust, the quantity of each class of client cryptoasset that the firm is required to hold for that client under that trust in accordance with the rules in CASS 17.3 (Cryptoasset safeguarding trusts). (2) The per-trust/client/class cryptoasset requirement in (1) is calculated as follows: (a) the firm’s previous per-trust/client/class cryptoasset requirement for the relevant trust, client and class of cryptoasset, plus: (b) the total of the following, each for the relevant trust: (i) the number of client cryptoassets of the relevant class which the firm has received from the client since the previous calculation; (ii) the number of client cryptoassets of the relevant class which the firm has received on behalf of that client from any other person since the previous calculation; (iii) (to the extent not covered by (ii)) the number of client cryptoassets of the relevant class which have become due to the client, whether from the firm or earned in some other way, since the previous calculation; and (iv) (to the extent not covered by (ii) or (iii)) the number of client cryptoassets of the relevant class which were required to be reinstated into the trust since the previous calculation under the rules at CASS 17.3 (Cryptoasset safeguarding trusts), including because of the end of a particular service, less: (c) the total of the following, each for the relevant trust: (i) the number of client cryptoassets of the relevant class which the client has withdrawn from the firm since the previous calculation; (ii) the number of client cryptoassets of the relevant class which the firm has transferred to another person on the client’s instruction since the previous calculation; (iii) the number of client cryptoassets of the relevant class which have become due to the firm since the previous

FCA 202X/XX Page 19 of 35 calculation, in respect of which the firm has a right to take ownership of the cryptoasset under CASS 17.3.10R; (iv) the number of client cryptoassets of the relevant class in respect of which the firm has relied on an exception under CASS 17.3.4R, CASS 17.3.5R or CASS 17.3.6R to not hold the cryptoassets under the trust since the previous calculation; and (v) (to the extent not covered by (iii) or (iv)) the number of client cryptoassets of the relevant class which, since the previous calculation and as a result of services being provided by the firm, the client has been required to surrender. The per-trust/class cryptoasset resource 17.5.7 R (1) For each trust that a firm has created under CASS 17.3.3R, the firm must confirm the quantity of client cryptoassets of a particular class that it is safeguarding under that trust at least once each business day (the ‘per-trust/class cryptoasset resource’). (2) The confirmation required under (1) must take account of both: (a) the client cryptoassets of that particular class which the firm can access in virtual addresses or devices; and (b) where the firm has, under CASS 17.6, appointed a third party to carry on the activity of safeguarding cryptoassets which the firm has undertaken to its client to safeguard, the client cryptoassets for which either: (i) the third party has confirmed to the firm that it has the means of access to itself; or (ii) in cases where that third party has appointed a further third party with the firm’s consent under CASS 17.6.9R, the third party appointed by the firm has confirmed to the firm that the further third party has the means of access to. (3) The confirmation required under (1) must not use any source of information which the firm uses to calculate any per-trust/client/class cryptoasset requirement under CASS 17.5.6R. 17.5.8 G (1) The requirement at CASS 17.5.7R(3) is to ensure that a firm’s cryptoasset reconciliations will use an independent source of information, with the effect that the cryptoasset reconciliations will be effective in their purpose of identifying discrepancies.

FCA 202X/XX Page 20 of 35 (2) A firm should use its internal records of client instructions, transactions and services to calculate any per-trust/client/class cryptoasset requirement and not use information from an external source such as information contained on a blockchain or distributed ledger technology. (3) A firm should use external sources of information to confirm any per￾trust/class cryptoasset resource, subject to the following: (i) a firm may use information from an external source such as information contained on the appropriate distributed ledger technology network to confirm the information described at CASS 17.5.7R(2)(a); and (ii) although information contained on a blockchain or distributed ledger technology may give an indication as to the information described at CASS 17.5.7R(2)(b), a firm may only use information provided from a third party appointed under CASS 17.6 in order to confirm that information. (4) However, the requirement at CASS 17.5.7R(3) should not prevent a firm from investigating and resolving any discrepancy under CASS 17.5.10R(3) or CASS 17.5.11R(1). (5) When a firm is ascertaining the quantity for the per-trust/class cryptoasset resource under CASS 17.5.7R, it should not make any adjustment or allowance for cryptoassets in the relevant trust environment that may be part of an operational surplus which the firm has decided to include under CASS 17.3.18R. 17.5.9 R (1) Each time a firm calculates a per-trust/client/class cryptoasset requirement or confirms a per-trust/class cryptoasset resource, it must make a record of: (a) the date and time it carried out that calculation or confirmation, as appropriate; (b) the actions the firm took in order to carry out that calculation or confirmation, as appropriate; and (c) the calculation result or confirmation outcome, as appropriate. (2) A firm must retain each record made under (1) for a period of 5 years. Client cryptoasset reconciliations 17.5.10 R (1) For each trust that a firm has created under CASS 17.3.3R, a firm must perform a client cryptoasset reconciliation under this rule at least once each business day, to check whether it has breached the rules in CASS 17.3 to hold client cryptoassets on trust.

FCA 202X/XX Page 21 of 35 (2) For each class of cryptoasset that is required to be held in the relevant trust, the firm must compare the total of the per-trust/client/class cryptoasset requirements for all clients who are beneficiaries of that trust with the per-trust/class cryptoasset resource for that trust at the same point in time. (3) If the firm identifies a discrepancy as a result of carrying out a client cryptoasset reconciliation, the firm must promptly investigate the reason for the discrepancy and resolve it without delay or, where there is a shortfall, in accordance with CASS 17.5.13R. (4) Each time a firm performs a client cryptoasset reconciliation, it must make a record (a ‘client cryptoasset reconciliation record’) of: (a) the date and time of the client cryptoasset reconciliation; (b) whether or not the client cryptoasset reconciliation identified any discrepancies, and if so, the extent of them; (c) where there were any discrepancies, the reasons for them; and (d) any actions taken or attempted by the firm in relation to those discrepancies, including under CASS 17.5.12R and CASS 17.5.13R. (5) A firm must retain each client cryptoasset reconciliation record made under (4) for a period of 5 years. Other discrepancies 17.5.11 R (1) If a firm identifies a discrepancy related to its safeguarding of client cryptoassets outside of its processes for a client cryptoasset reconciliation, the firm must promptly investigate the reason for the discrepancy and resolve it without delay or, where there is a shortfall, in accordance with CASS 17.5.13R. (2) Each time a firm identifies a discrepancy under (1), it must make a record (a ‘client cryptoasset discrepancy record’) of: (a) the date and time the discrepancy was identified; (b) the reasons for the discrepancy and the extent of it; and (c) any actions taken or attempted by the firm in relation to the discrepancy, including under CASS 17.5.12R and CASS 17.5.13R. (3) A firm must retain each client cryptoasset discrepancy record made under (2) for a period of 5 years. Client cryptoasset reconciliation excesses

FCA 202X/XX Page 22 of 35 17.5.12 R (1) This rule applies where a firm’s client cryptoasset reconciliation for a particular trust shows that the firm, having investigated any discrepancies under CASS 17.5.10R(3) or CASS 17.5.11R(1), has confirmed there to be a greater amount of cryptoassets within that trust for a particular class than the total of the per-trust/client/class cryptoasset requirements for all clients who are beneficiaries of that trust for that class. (2) Subject to (3), the firm must, before its next client cryptoasset reconciliation for that trust, remove all the excess cryptoassets of that particular class from that trust. (3) The firm may only retain excess cryptoassets of that particular class within that trust if: (a) it had previously decided to use an operational surplus in that trust and in that class of cryptoasset in accordance with CASS 17.3.18R; and (b) the firm’s retention of the excess does not cause the firm to be in breach of CASS 17.3.18R(2) or (3); (c) the amount of any excess that is withdrawn under this rule, and the amount of any excess that is retained under this rule, is recorded in the relevant client cryptoasset reconciliation record under CASS 17.5.10R(4)(d) or the relevant client cryptoasset discrepancy record under CASS 17.5.11R(2)(c), as appropriate. Client cryptoasset reconciliation shortfalls 17.5.13 R (1) This rule applies where a firm’s client cryptoasset reconciliation for a particular trust identifies a discrepancy as a result of, or that reveals, a shortfall which the firm has not yet resolved. (2) A shortfall for the purposes of this rule is a situation for a particular trust under CASS 17.3.3R in which the firm’s per-trust/class cryptoasset resource shows that there is a lesser amount of cryptoassets within that trust for a particular class than the total of the per-trust/client/class cryptoasset requirements for all clients who are beneficiaries of that trust for that class. (3) This rule also applies where, outside of its processes for client cryptoasset reconciliations, a firm identifies a discrepancy as a result of, or that reveals, a shortfall which the firm has not yet resolved. (4) The firm must address the shortfall by ensuring that, within up to 24 hours of identifying the discrepancy, the firm holds the correct number of client cryptoassets on trust. (5) Where necessary to comply with the requirement at (4), the firm must either:

FCA 202X/XX Page 23 of 35 (a) appropriate its own cryptoassets in the relevant class; (b) acquire cryptoassets in the relevant class using its own resources; or (c) procure a third party appointed under CASS 17.6 to apply or acquire its own cryptoassets in the relevant class to resolve the shortfall. (6) Each measure taken by a firm to comply with (4) must be recorded in the relevant client cryptoasset reconciliation record under CASS 17.5.10R(4)(d) or the relevant client cryptoasset discrepancy record under CASS 17.5.11R(2)(c), as appropriate. (7) A shortfall will not be considered to be addressed under (4) if cryptoassets of another class, or some other type of asset (e.g. money), are placed in the trust. 17.5.14 R (1) Where a firm fails to address a shortfall as required by CASS 17.5.13R it must immediately: (a) decide whether it would be appropriate to notify each affected client in writing and, if so, the timing and content of that notification; and (b) notify the FCA in writing, setting out: (i) the reasons for the shortfall and the reasons for the firm failing to address it; (iii) the name of each class of cryptoasset for which there is a shortfall and the amount of the shortfall; (iii) the number of clients in the relevant trust affected by the shortfall and by how much each affected client is affected; (iv) the firm’s expected timeframe for resolution of the shortfall, including detail on the steps which the firm and any third parties intend to follow to achieve resolution; and (v) the approach the firm is taking in relation to client notifications under (a). (2) If a firm decides not to immediately notify affected clients under (1)(a), it must review that decision at least once each business day until the shortfall is resolved. Other notification requirements

FCA 202X/XX Page 24 of 35 17.5.15 R A firm must notify the FCA in writing without delay if any of the following apply: (1) its internal records relating to safeguarding cryptoassets are materially out of date, or materially inaccurate or invalid; or (2) it will be unable, or materially fails, to comply with CASS 17.5.6R, CASS 17.5.7R or CASS 17.5.10R. 17.6 Appointing third parties to safeguard cryptoassets 17.6.1 R This section applies to a firm when it safeguards cryptoassets which are client cryptoassets and, in the course of carrying on that activity, it arranges cryptoasset safeguarding. Purpose of this section 17.6.2 G (1) Where a firm carries on the activity of safeguarding cryptoassets, it may be necessary for the firm to appoint a third party to carry on the activity of safeguarding cryptoassets under the firm’s direction in relation to a particular client cryptoasset or one or more particular types of client cryptoasset. (2) That third party appointed by the firm may itself be a firm or may, for example, be an overseas person who is not required to be authorised to carry on the activity of safeguarding cryptoassets in these circumstances. (3) This section sets out the rules that apply to such an appointment by a firm of a third party to carry on that activity in order to address the risk of harm to the firm’s clients that might result from that appointment, particularly in cases where the third party is not itself authorised. (4) In the FCA’s view, where a firm appoints a third party to carry on the activity of safeguarding cryptoassets in relation to any client cryptoasset, the firm will be carrying on the activities of both safeguarding cryptoassets and arranging cryptoasset safeguarding. In that situation, the firm, whilst remaining a trustee who is safeguarding cryptoassets, arranges for another person to safeguard cryptoassets under the firm’s direction. (5) The scenario described in (4) is different to one in which a firm only carries on arranging cryptoasset safeguarding and does not itself carry on safeguarding cryptoassets. In that situation, in making the arrangements which will result in the client receiving the service of safeguarding cryptoassets from another person, the firm is not itself a trustee of the cryptoassets. (6) This section would not apply to the scenario described in (5) in which a firm only carries on arranging cryptoasset safeguarding. The rules

FCA 202X/XX Page 25 of 35 in CASS 17.7 apply to a firm that only carries on arranging cryptoasset safeguarding. (7) This section would not apply where the firm appoints a third party to hold part of a means of access where the third party would not be safeguarding cryptoassets because it lacks the requisite degree of ‘control’. An example of this is where the firm appoints a third party to hold a shard of a private cryptographic key, but possession or knowledge of that shard, by itself, would not put the third party in a position to be able to transfer the benefit of the relevant client cryptoasset. The conditions for appointing third parties to safeguard cryptoassets 17.6.3 R A firm may appoint and retain another person (a ‘third party’) to carry on the activity of safeguarding cryptoassets which the firm has undertaken to its client to safeguard, but only if the following conditions are met: (1) the third party operates in a jurisdiction which specifically regulates the safeguarding of cryptoassets through mandatory requirements concerning financial and operational resilience, security of the means of access to cryptoassets, and record-keeping, and the activities of the third party pursuant to the appointment by the firm are supervised in that jurisdiction; (2) the firm has concluded, having completed the due diligence and any periodic review required under CASS 17.6.5R, that the appointment of the third party would not increase the risk of loss or diminution of any client cryptoassets which are subject to the arrangement, having regard to the firm’s compliance with CASS 17.2.2R and CASS 17.2.3R; (3) in relation to a firm’s retail market business, the appointment of the third party is compatible with the firm’s obligations under Principle 12 and PRIN 2A (The Consumer Duty); (4) prior to the appointment commencing, the firm has entered into an agreement with the third party in the form required at CASS 17.6.6R; and (5) the firm has met the governance requirements at CASS 17.6.9R. Client agreements or instructions to appoint a third party 17.6.4 G Where a client has instructed a firm to appoint a particular third party, the firm should still ensure that the conditions for the appointment at CASS 17.6.3R are met. Mandatory due diligence 17.6.5 R (1) A firm must exercise all due skill, care and diligence in the selection, appointment and periodic review of the third party and of the

FCA 202X/XX Page 26 of 35 arrangements for the safeguarding of the relevant client cryptoassets, in order to conclude that the appointment of the third party would not increase the risk of loss or diminution of any client cryptoassets which are subject to the arrangement. (2) When a firm makes the selection and appointment and conducts the periodic review referred to under this rule, it must take into account: (a) whether the third party has the appropriate regulatory permissions to carry out the appointment; (b) the arrangements that the third party has in place for safeguarding cryptoassets; (c) the capacity and capability of the third party to provide the contracted services; (d) the capital or financial resources of the third party; (e) the creditworthiness of the third party; (f) the potential impact on the contracted services of any other activities undertaken by the third party and, if relevant, any affiliated company; (g) the expertise and market reputation of the third party; (h) any legal requirements relating to the safeguarding of the relevant cryptoassets that could adversely affect the firm’s clients’ rights; (i) market practices relating to the safeguarding of the cryptoassets that could adversely affect the firm’s clients’ rights; (j) any relevant industry standard reports, including in relation to security; and (k) where the third party appointed by the firm has appointed a further third party with the firm’s consent under CASS 17.6.9R, all the factors set out above in relation to that further third party. (3) The firm must conduct the periodic review required under this rule at least once each year. The agreement condition 17.6.6 R A firm must have entered into a written agreement with any third party that it appoints to carry on the activity of safeguarding cryptoassets under CASS 17.6.3R. This agreement must, at minimum: (1) set out the binding terms of the arrangement between the firm and the third party;

FCA 202X/XX Page 27 of 35 (2) be in force for the duration of the appointment; (3) clearly set out the service(s) that the third party is contracted to provide; (4) require the third party to seek and obtain the firm’s written consent prior to the third party being able to appoint a further, different third party to carry on the activity of safeguarding cryptoassets; (5) in recognition that the firm is acting as a trustee in relation to the client cryptoassets that are subject to the appointment: (a) require that any client cryptoassets that are subject to the appointment are segregated from any assets belonging to the third party; (b) require that any client cryptoassets that are subject to the appointment are segregated from any assets belonging to the firm for which it is not acting as a trustee; (c) require the third party to recognise that the client cryptoassets are held by the firm on trust for the firm’s clients; and (d) exclude any rights of the third party to exercise set-off or counterclaim against the client cryptoassets in respect of any debt owed to it or to any other person; (6) require the third party to notify the firm whenever cryptoassets are no longer subject to the terms of the agreement for any reason; (7) include provisions detailing the extent of the third party’s liability in the event of the loss of a client cryptoasset caused by the fraud, wilful default or negligence of the third party or an agent appointed by them; and (8) set out the procedures and authorities for the passing of instructions to, or by, the firm. 17.6.7 R A firm must take the necessary steps to ensure that to ensure that the firm and the third party adhere to the agreement referred to at CASS 17.6.6R at all times. Consenting to safeguarding chains 17.6.8 R (1) This rule applies where, under the mandatory term described at CASS 17.6.6R(4), a third party appointed by the firm seeks the firm’s consent to itself appoint a further, different third party to carry on the activity of safeguarding cryptoassets in relation to client cryptoassets which the firm has undertaken to its client to safeguard. (2) The firm must withhold such consent unless it is satisfied that:

FCA 202X/XX Page 28 of 35 (a) the further appointee operates in a jurisdiction which specifically regulates the safeguarding of cryptoassets through mandatory requirements concerning financial and operational resilience, security of the means of access to cryptoassets, and record-keeping, and the activities of the further appointee are supervised in that jurisdiction; (b) the firm has concluded, having completed due diligence on the further appointee in line with the requirements under CASS 17.6.5R, that the further appointment would not increase the risk of loss or diminution of any client cryptoassets which are subject to the arrangement, having regard to the firm’s compliance with CASS 17.2.2R and CASS 17.2.3R; (c) in relation to a firm’s retail market business, the further appointment is compatible with the firm’s obligations under Principle 12 and PRIN 2A (The Consumer Duty); and (d) the agreement under which the further appointment will be governed (as between the third party appointed directly by the firm and the further third party) contains terms which provide equivalent safeguards to those set out at CASS 17.6.6R(1) to (8). (3) (a) The firm may approach its assessment under (2)(b) by requiring the third party it has appointed under CASS 17.6.3R to apply the factors set out at CASS 17.6.5R(2) in relation to the further appointee and to report its conclusions to the firm. (b) Where a firm takes the approach in (a), it still remains fully responsible for complying with the rules in this section in relation to the further appointment. (4) Any consent given by the firm under this rule must be periodically reviewed, at least once each year. The governance condition 17.6.9 R (1) Each proposed appointment by the firm of a third party under CASS 17.6.3R and each proposed consent under CASS 17.6.8R, together with the firm’s considerations and conclusions to support that proposal, must be approved by the firm’s governing body before the appointment is made or the consent is given, or by a person or persons within the firm to whom the firm’s governing body has delegated that role (the ‘governing body’s delegate’). (2) Where the governing body has delegated one or more persons for the purposes of the approval under (1), that delegation must include the SMF manager to whom the firm has appointed the FCA-prescribed

FCA 202X/XX Page 29 of 35 senior management responsibility (Reference letter (z)) in the table in SYSC 24.2.6R (functions in relation to CASS). (3) The outcome of each periodic review of a firm’s selection and appointment of a third party that it conducts under CASS 17.6.5R, together with the firm’s considerations and conclusions, must be approved by the firm’s governing body or the governing body’s delegate within 3 months of the review being concluded. Policy on appointing third parties 17.6.10 R (1) A firm must produce and maintain a written policy that sets out its methodology for any selections, appointments, periodic reviews and consents that are required to be carried out under CASS 17.6.3R, CASS 17.6.5R and CASS 17.6.8R. (2) A firm must retain the written policy under (1) until 5 years after it has been superseded by any new version of the written policy, or otherwise indefinitely. Records 17.6.11 R (1) A firm must make a record of how the requirements of CASS 17.6.3R(1) to (4) or CASS 17.6.8R(2) are met in relation to any appointment of a third party under CASS 17.6.3R or consent to a further appointment of a third party under CASS 17.6.8R. That record must include the conclusions of any due diligence exercise carried out in accordance with those rules, making explicit reference to the factors set out at CASS 17.6.5R(2)(a) to CASS 17.6.5R(2)(j) (a ‘client cryptoasset third party due diligence record’). (2) A firm must make the record under (1) prior to the relevant appointment commencing or the relevant consent being given. (3) Whenever a firm undertakes a periodic review of its selection and appointment of a third party under CASS 17.6.5R or of the firm’s consent to an appointment under CASS 17.6.8R(4), the firm must make a record of the conclusions of its review, making explicit reference to the factors set out at CASS 17.6.5R(2)(a) to CASS 17.6.5R(2)(j) (a ‘client cryptoasset third party review record’). (4) A firm must make the record under (3) on the date it completes the review. (5) A firm must make a record of each approval given by its governing body or its governing body’s delegate under CASS 17.6.9R(1) or (3) (a ‘client cryptoasset third party governance record’). (6) A firm must make the record under (5) on the date of the governing body’s or its governing body’s delegate’s approval.

FCA 202X/XX Page 30 of 35 (7) A firm must retain the records under (1), (3) and (5) until 5 years after the relevant appointment ceases. 17.7 Arranging cryptoasset safeguarding 17.7.1 R This section applies to a firm when it arranges cryptoasset safeguarding, but is not safeguarding cryptoassets in relation to which it is arranging cryptoasset safeguarding. Agreements 17.7.2 R Each time a firm, on behalf of a client, arranges cryptoasset safeguarding with another person, it must enter into an agreement with that other person. This agreement must, at minimum: (1) set out the obligations between the firm and the other person, including any ongoing obligations of the firm; (2) set out the basis for any payments or other consideration between the two parties; and (3) include provisions detailing the extent of either party’s liability in the event of the loss of a cryptoasset. Records 17.7.3 R (1) When a firm arranges cryptoasset safeguarding, it must ensure that proper records of the arrangements are made at the time the arrangements are put in place, and at the time the arrangements are amended (a ‘cryptoasset safeguarding arrangement record’). (2) A firm must retain the records made under (1) for a period of 5 years after they are made. Amend the following as shown. Sch 1 Record keeping requirements … Sch 1.3 G Handbook reference Subject of record Contents of record When record must be made Retention period … CASS 13.11.13R … … … …

FCA 202X/XX Page 31 of 35 CASS 17.3.6R(3) Client cryptoasset trust exemption record A record of a firm’s reasons for concluding that it is necessary for the exemption at CASS 17.3.6R(1) to be used to provide a service Prior to providing the relevant service to any client 5 years after it has stopped providing the relevant service CASS 17.3.11R Client cryptoasset trust exemption consent record A record of a firm’s client’s written consent under CASS 17.3.5R(4) or CASS 17.3.6R(1)(c) for the firm to use the exemption at CASS 17.3.5R(1) or CASS 17.3.6R(1) respectively Prior to making use of the exemption in relation to the client’s client cryptoasset 5 years after it has stopped relying on the consent to use the exemption at CASS 17.3.5R(1) or CASS 17.3.6R(1) CASS 17.3.14R The document required under CASS 17.3.12R(2) setting out the terms of a trust (e.g. a deed) The terms of the trust and details of any amendments which were made to the terms after the trust was first created At the time the trust is created 5 years after the trust has been brought to an end CASS 17.3.17R Client cryptoasset trust record Details of a trust that a firm has created under CASS 17.3.3R At the time the firm creates the trust to which the client cryptoasset trust record pertains 5 years after the relevant trust has been brought to an end

FCA 202X/XX Page 32 of 35 CASS 17.3.19R Per-trust operational surplus record The reason for it being necessary for the firm to use an operational surplus for a particular trust created under CASS 17.3.3R When the firm decides to use an operational surplus in a trust that the firm operates under CASS 17.3.3R 5 years until after the firm ceases to use the operational surplus in that particular trust CASS 17.4.9R Client cryptoasset means of access record Details of each means of access that the firm controls When the firm starts to control the means of access 5 years after the later of the date the record was created and the date it was most recently modified CASS 17.4.12R Each version of a firm’s means of access policy document and means of access procedures document An explanation of the firm’s means of complying with the requirements in CASS 17.4.5R to CASS 17.4.7R and CASS 17.4.9R to CASS 17.4.11R in clear and non-technical terms Not specified 5 years after the version has been superseded with a new version CASS 17.5.4R(3) Each version of a firm’s reconciliations policy document and reconciliations procedures document The firm’s rationale for its procedures to comply with the rules in CASS 17.5 in clear and non-technical terms, and Not specified 5 years after the version has been superseded with a new version

FCA 202X/XX Page 33 of 35 those procedures CASS 17.5.9R The firm’s per￾trust/client/ class cryptoasset requirement and per￾trust/class cryptoasset resource The date and time, the actions taken and the outcome Whenever the firm calculates a per￾trust/client/class cryptoasset requirement or confirms a per￾trust/class cryptoasset resource 5 years CASS 17.5.10R(4) Client cryptoasset reconciliation record The date and time, whether there were any discrepancies and the reasons for them, and any actions taken Each time a firm performs a client cryptoasset reconciliation 5 years CASS 17.5.11R(2) Client cryptoasset discrepancy record The date and time, the reasons for the discrepancy and any actions taken Each time a firm identifies a discrepancy related to its safeguarding of client cryptoassets outside of its processes for a client cryptoasset reconciliation 5 years CASS 17.6.10R Each version of a firm’s policy for the appointment of third parties under CASS 17.6 The firm’s methodology for any selections, appointments , periodic reviews and consents that are required to be carried out under CASS Not specified 5 years after the version has been superseded with a new version

FCA 202X/XX Page 34 of 35 17.6.3R, CASS 17.6.5R and CASS 17.6.8R. CASS 17.6.11R(1) Client cryptoasset third party due diligence record The grounds upon which the firm’s governing body was satisfied of meeting the requirements of CASS 17.6.3R(1) to (4) or CASS 17.6.8R Prior to the relevant appointment commencing 5 years after the relevant appointment ceases CASS 17.6.11R(3) Client cryptoasset third party review record The conclusions of any periodic review performed under CASS 17.6.5R The date the firm completes the review 5 years after the relevant appointment ceases CASS 17.6.11R(5) Client cryptoasset third party governance record A firm’s governing body’s or its governing body’s delegate’s approval under CASS 17.6.9R(3) The date of the governing body’s or its governing body’s delegate’s approval 5 years after the relevant appointment ceases CASS 17.7.3R(1) Cryptoasset safeguarding arrangement record A record of arranging cryptoasset safeguarding When the firm arranges cryptoasset safeguarding 5 years Sch 2 Notification requirements Sch 2.1 G

FCA 202X/XX Page 35 of 35 Handbook reference Matter to be notified Contents of notification Trigger event Time allowed … CASS 13.10.21R(6) … … … … CASS 17.5.14R Failure to address a shortfall as required by CASS 7.5.12R The reasons and other details as set out at CASS 17.5.14R(1)(b) Failure to address a shortfall Immediately CASS 17.5.15R(1) The firm’s internal records relating to safeguarding cryptoassets being materially out of date, or materially inaccurate or invalid The fact of this issue The firm’s internal records relating to safeguarding cryptoassets being materially out of date, or materially inaccurate or invalid Without delay CASS 17.5.15R(2) The firm being unable or materially failing to comply with CASS 17.5.6R, CASS 17.5.7R or CASS 17.5.10R The fact of this issue The firm being unable or materially failing to comply with CASS 17.5.6R, CASS 17.5.7R or CASS 17.5.10R Without delay

FCA 202X/XX FOS 202X/YY CRYPTOASSETS: CONDUCT AND FIRM STANDARDS (No 2) INSTRUMENT 202X Powers exercised A. The Financial Conduct Authority (“the FCA”) makes this instrument in the exercise of the powers and related provisions in or under: (1) the following powers and related provisions in the Financial Services and Markets Act 2000 (“the Act”), including as applied by articles 98 and 99 of the Financial Services and Markets Act (Regulated Activities) Order 2000 (as amended by the Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025) as applied by paragraph 3 of Schedule 6 to the Payment Services Regulations 2017 (SI 2017/752) (“the PSRs”) and paragraph 2A of Schedule 3 to the Electronic Money Regulations 2011 (SI 2011/99) (“the EMRs”): (a) section 59 (Approval for particular arrangements); (b) section 59AB(1) (Specifying functions as controlled functions: transitional provision); (c) section 60 (Applications for approval); (d) section 60A (Vetting candidates by authorised persons); (e) section 61 (Determination of applications); (f) section 62A (Changes in responsibilities of senior managers); (g) section 63ZA (Variation of senior manager’s approval at request of authorised person); (h) section 63ZD (Statement of policy relating to conditional approval and variation); (i) section 63C (Statement of policy); (j) section 63E (Certification of employees by authorised persons); (k) section 63F (Issuing of certificates); (l) section 64A (Rules of conduct); (m) section 64C (Requirement for authorised persons to notify regulator of disciplinary action); (n) section 69 (Statement of policy); (o) section 137A (The FCA’s general rules); (p) section 137B (FCA general rules: clients’ money, right to rescind etc) (q) section 137D (FCA general rules: product intervention) (r) section 137R (Financial promotion rules) (s) section 137T (General supplementary powers); (t) section 138D (Actions for damages) (u) section 139A (Power of the FCA to give guidance); (v) section 213 (The compensation scheme); (w) section 214 (General); (x) section 226 (Compulsory jurisdiction); and (y) paragraph 13 (FCA’s rules) of Schedule 17 (the Ombudsman Scheme). (2) regulation 120 (Guidance) of the PSRs; (3) regulation 60 (Guidance) of the EMRs; and

FCA 202X/XX FOS 202X/YY Page 2 of 52 (4) the other powers and related provisions listed in Schedule 4 (Powers exercised) to the General Provisions of the FCA’s Handbook B. The rule-making provisions listed above are specified for the purposes of section 138G(2) (Rule-making instruments) of the Act. C. The FCA consents and approves the Voluntary Jurisdiction rules and guidance made and amended, the standard terms fixed and varied and the scheme rules made and amended by the Financial Ombudsman Service Limited, as set out in paragraph D below. Powers exercised by the Financial Ombudsman Service Limited D. The Financial Ombudsman Service Limited makes and amends the rules and guidance for the Voluntary Jurisdiction, and fixes and varies the standard terms for Voluntary Jurisdiction participants, as set out in Annex E to this instrument and incorporates the changes to the Glossary as proposed in the Glossary (Cryptoassets) (No 2) Instrument 202X, in the exercise of the following powers and related provisions in the Act: (1) section 227 (Voluntary jurisdiction); and (2) paragraph 8 (Information, advice and guidance) of Schedule 17; (3) paragraph 14 (The scheme operator’s rules) of Schedule 17; (4) paragraph 18 (Terms of reference to the scheme) of Schedule 17; and (5) paragraph 20 (Voluntary Jurisdiction rules: procedure) of Schedule 17. E. The making and amendment of the Voluntary Jurisdiction rules and guidance, the fixing and varying of standard terms for Voluntary Jurisdiction participants and the incorporation of the changes to the Glossary as proposed in the Glossary (Cryptoassets) (No 2) Instrument 202X by the Financial Ombudsman Service Limited, as set out at paragraph D, is subject to the consent and approval of the FCA. Commencement F. This instrument comes into force on [date]. Amendments to the Handbook G. The modules of the FCA’s Handbook of rules and guidance listed in column (1) below are amended in accordance with the Annexes to this instrument listed in column (2). (1) (2) Senior Management Arrangements, Systems and Controls sourcebook (SYSC) Annex A Training and Competence manual (TC) Annex B Conduct of Business sourcebook (COBS) Annex C Supervision manual (SUP) Annex D Dispute Resolution: Complaints sourcebook (DISP) Annex E [Editor’s note: The Annexes to this instrument take into account the proposals suggested in the following consultation papers:

FCA 202X/XX FOS 202X/YY Page 3 of 52 (1) ‘Stablecoin issuance and cryptoasset custody’ (CP25/14); (2) ‘A prudential regime for cryptoasset firms’ (CP25/15); (3) ‘Application of FCA Handbook for Regulated Cryptoasset Activities (CP25/25); (4) ‘Client categorisation and conflicts of interest (CP25/36); (5) ‘Regulating cryptoasset activities (CP25/40); (6) ‘Regulating Cryptoassets: Admissions & Disclosure and Market Abuse Regime for Cryptoassets’ (CP25/41); (7) ‘A prudential regime for cryptoasset firms’ (CP25/42); (8) ‘Operational Incident and Third Party Reporting’ (CP24/28); and (9) ‘Senior Managers & Certification Regime Review’ (CP25/21), as if they were made final.] Notes H. In the Annexes to this instrument, the notes (indicated by “Notes” or “Editor’s note:”) are included for the convenience of readers but do not form part of the legislative text. Citation I. This instrument may be cited as the Cryptoassets: Conduct and Firm Standards (No 2) Instrument 20XX. By order of the Board   [date]  By order of the Board of the Financial Ombudsman Service Limited [date]

FCA 202X/XX FOS 202X/YY Page 4 of 52 Annex A Amendments to the Senior Management Arrangements, Systems and Controls sourcebook (SYSC) 23 Senior managers and certification regime: Introduction and classification … 23 Annex 1 Definition of SMCR firm and different types of SMCR firms … Part Eight: Financial qualification condition for being an enhanced scope SMCR firm The financial qualification tests … 8.2 R Table: Financial qualification conditions (1) Qualification condition (2) How to do the calculation and corresponding reporting requirement (3) Comments Part One: Point in time measurements … (2) … … … (3) The total value of the firm’s stablecoin issuance backing asset pool (calculated as a three-year rolling average) is £65 billion or more The total value of the firm’s stablecoin issuance backing asset pool is calculated in accordance with the method that must be used to calculate the amount to be recorded in the data element specified in SUP 16.34.8R(3) (the balance of stablecoin backing asset) in the firm’s cryptoasset regulatory report. SYSC 23 Annex 1 8.8R(2) and SYSC 23 Annex 1 8.11R apply to this calculation. (4) Either the amount in (a) or (b) is more than £100 billion. (1) This row only applies to a firm that has permission for safeguarding cryptoassets.

FCA 202X/XX FOS 202X/YY Page 5 of 52 (a) The amount in this sub-paragraph (a) is the highest amount of the sum of the following amounts in any month of the previous calendar year: (i) the total value of the firm’s client cryptoassets; and (ii) the total value of safe custody assets held by the firm. (b) The amount in this sub-paragraph (b) is the sum of: (i) the total forecast value of the firm’s client cryptoassets that it will hold during the current calendar year; and (ii) the total forecast value of the firm’s safe custody assets that it will hold during the current calendar year. However, it does not apply if that permission is limited solely to safeguarding cryptoassets in the way described in article 9N(2)(b)(iii) (right for the return of the cryptoasset) of the Regulated Activities Order. (2) SYSC 23 Annex 1 8.34R (Special requirements for calculating custody assets for crypto firms) explains how to make the calculations in column (1) of this row. Part Two: Revenue measurements (3) (1) The average amount of the firm’s total intermediary regulated business revenue (calculated as a three￾year rolling average) is £45 million per annum or more … … (4) (2) The average amount of the firm’s annual revenue generated by regulated consumer credit lending (calculated as a three-year rolling average) is £130 million or more … … …

FCA 202X/XX FOS 202X/YY Page 6 of 52 8.3 G … (2) The boxes referred to in row (2) of Part One (outstanding regulated mortgages) correspond to the online version of the MLAR as follows: … … General calculation principles … 8.7 R … (4) Where row (2) of column (1) of Part One of the table in SYSC 23 Annex 1 8.2R refers to a firm’s current financial figures it refers to the figures as at the calculation date for its most recent reporting period in column (2). … … Special requirements for calculating intermediary regulated business revenue 8.18 R The qualification condition in row (3) (1) of Part Two of the table in SYSC 23 Annex 1 8.2R may also apply to a firm that meets the following conditions, even though the financial reporting requirement referred to in that row does not apply to it: … … 8.21 R (1) This rule deals with how the qualification condition in row (3) (1) of Part Two of the table in SYSC 23 Annex 1 8.2R applies to a firm in SYSC 23 Annex 1 8.18R. (2) The calculation is made in accordance with the requirements for Section B (Profit and Loss account) of the RMAR and otherwise as described in column (2) of row (3) (1) of Part Two of the table in SYSC 23 Annex 1 8.2R. … 8.22 G (1) There is only one qualification condition in row (3) (1) of Part Two the table in SYSC 23 Annex 1 8.2R.

FCA 202X/XX FOS 202X/YY Page 7 of 52 … … Automatic adjustment of financial thresholds: Purpose and general rule 8.24 R (1) SYSC 23 Annex 1 8.24R to SYSC 23 Annex 1 8.33G provide for the automatic adjustment of the financial figures in the table in SYSC 23 Annex 1 8.2R (Table: Financial qualification conditions) listed in this rule once every 5 years in line with inflation over that period. (2) The financial figures to be adjusted are the ones in the following rows of column (1) of the table: (a) row (1) of Part One of the table (assets under management); (b) row (3) (1) of Part Two of the table (total intermediary regulated business revenue); and (c) row (4) (2) of Part Two of the table (revenue generated by regulated consumer credit lending). ; (d) row (3) of Part One of the table (stablecoin issuance backing asset pool); and (e) row (4) of Part One of the table (client cryptoassets and safe custody assets pool). … Automatic adjustment of financial thresholds: Rounding 8.31 R (1) … … (3) The amounts referred to in (1) and (2) are: (a) (in the case of the threshold thresholds referred to in SYSC 23 Annex 1 8.24R(1) SYSC 23 Annex 1 8.24R(2)(a), SYSC 23 Annex 1 8.24R(2)(d) and SYSC 23 Annex 1 8.24R(2)(e)) £1 billion; and (b) … … 8.33 G … Special requirements for calculating custody assets for crypto firms

FCA 202X/XX FOS 202X/YY Page 8 of 52 8.34 R (1) This rule describes how to make the calculations in row (4) of Part One of the table in SYSC 23 Annex 1 8.2R (crypto and safe custody assets). (2) The amount in sub-paragraph (a)(i) of column (1) is calculated as the sum of the amounts calculated in accordance with the method that must be used to calculate the amount to be recorded in the following data elements in the firm’s cryptoasset regulatory report: (a) the data element specified in SUP 16.34.7R(5) (the total value of all qualifying cryptoassets being safeguarded); and (b) the data element specified in SUP 16.34.7R(11) (the total value of all relevant specified investment cryptoassets being safeguarded). (3) The amount in sub-paragraph (a)(ii) in column (1) of row (4) is to be calculated in accordance with the method that must be used to calculate the amount to be recorded in data element 8D (Value of safe custody assets as at reporting period end date) in the firm’s CMAR. (4) The amount in sub-paragraph (b)(i) in column (1) of row (4) is to be calculated in the same way as the calculation in (5), but as if the rules in CASS referred to in (5) referred to client cryptoassets not safe custody assets. (5) The amount in sub-paragraph (b)(ii) in column (1) of row (4) is to be calculated by applying CASS 1A.2.3R, CASS 1A.2.9R(2) and CASS 1A.2.9R(3) (CASS firm classification). (6) The rules in CASS referred to in (4) and (5) apply on the basis that references to client money and notification to the FCA do not apply. 8.35 R (1) This rule contains notification requirements about meeting or ceasing to meet the qualification condition in row (4) of Part One of the table in SYSC 23 Annex 1 8.2R, referred to in this rule as ‘the crypto custody qualification condition’. (2) A firm must notify the FCA if it: (a) meets the crypto custody qualification condition after it has previously not met it; or (b) ceases to meet the crypto custody qualification condition after it has previously met it. (3) A firm must make the notification in (2) no later than 30 business days after meeting or ceasing to meet the crypto custody qualification condition, as the case may be (see SYSC 23 Annex 1

FCA 202X/XX FOS 202X/YY Page 9 of 52 10.2AR and SYSC 23 Annex 1 11.2R(2A) for when a firm first meets or ceases to meet that condition). (4) A firm does not have to use the form in SUP 15 Annex 4R (Notification form) to make a notification under this rule but must include the details required by Section A of that form (Personal Details). 8.36 G (1) A firm should: (a) make the notification that it meets the crypto custody qualification condition whether or not it is already an enhanced scope SMCR firm; and (b) make the notification that it has ceased to meet the crypto custody qualification condition whether or not it will cease to be an enhanced scope SMCR firm. (2) A firm need not include in its notification the calculations or figures that show it to meet or to have ceased to meet the crypto custody qualification condition but should include the date it did so. (3) The notification obligation applies whether this is the first time the event in question has occurred or whether it has happened before. (4) Subject to SYSC 23 Annex 1 8.35R(4), SUP 15.7 (Form and method of notification) applies to notifications under this rule. (5) The crypto custody qualification condition has the same meaning as it does in SYSC 23 Annex 1 8.35R. 8.37 G (1) A firm should have the systems and procedures, should collect the information, should make the calculations and should apply the rules in CASS 1A referred to in SYSC 23 Annex 1 8.34R to ensure that it is able to make the notifications required by SYSC 23 Annex 1 8.35R within the specified time. (2) However, (1) does not apply to a firm that can never be an enhanced scope SMCR firm or meet the crypto custody qualification condition whatever the amount (or the projected amount) of its client cryptoassets or of its safe custody assets. (3) Therefore, a firm is not required to do the things in (1) if the firm: (a) does not have permission for safeguarding cryptoassets; (b) is an SMCR banking firm or an SMCR insurance firm; (c) is exempt under Part Three of this Annex (Part Three: Definition of exempt firm); or

FCA 202X/XX FOS 202X/YY Page 10 of 52 (d) is excluded from the enhanced regime under Part Seven of this Annex (Part Seven: Exclusion from enhanced regime). (4) However, a firm is required to do the things in (1) notwithstanding that: (a) CASS 1A (CASS firm classification and operational oversight) does not apply to the firm; or (b) the firm does not have to submit some or all of the data elements or data items referred to in row (4) of Part One of the table in SYSC 23 Annex 1 8.2R or SYSC 23 Annex 1 8.34R. (5) Paragraph (4)(b) applies despite SYSC 23 Annex 1 8.4R because: (a) the calculation can still be made without those data elements because of sub-paragraph (b) of the calculation in row (4) of Part One of the table in SYSC 23 Annex 1 8.2R (projected values); and (b) even if the firm does not have to complete a CMAR, sub￾paragraph (a) of the calculation in row (4) of Part One of the table in SYSC 23 Annex 1 8.2R (actual values) still applies if the firm has to submit a cryptoasset regulatory report. (6) The crypto custody qualification condition has the same meaning as it does in SYSC 23 Annex 1 8.35R. … Part Ten: When a firm becomes an enhanced scope SMCR firm … Meeting the financial thresholds in Part 8 10.2 R (1) Subject to (4) and SYSC 23 Annex 1 10.2AR, a firm first meets one of the qualification conditions in Part 8 of this Annex (financial qualification conditions) on the due date for submission of the relevant data item (see (2) and (3) for the meaning of relevant data item). … (3) Where the qualification condition is the one in row (2) of Part One of the table in SYSC 23 Annex 1 8.2R, the relevant data item is the one for the reporting period for which the firm first meets the condition in column (1) of that row.

FCA 202X/XX FOS 202X/YY Page 11 of 52 (4) In the case of a firm in SYSC 23 Annex 1 8.18R, the firm meets the qualification condition in row (3) (1) of Part Two of the table in SYSC 23 Annex 1 8.2R on the reporting date for the final reporting period applicable to the averaging period for which the firm first meets the condition in column (1) of that row. 10.2A R (1) The purpose of this rule is to specify the date on which a firm first meets the qualification condition in row (4) of Part One of the table in SYSC 23 Annex 1 8.2R (crypto and safe custody assets). (2) A firm first meets the qualification condition on the potential reporting date for the financial figure whose inclusion in the calculation in column (1) of row (4) of Part One of the table in SYSC 23 Annex 1 8.2R results in the firm first meeting the qualification condition. (3) The potential reporting dates for the purposes of this rule are as follows: (a) the potential reporting date for each of the financial figures in paragraph (a) of the calculation in column (1) (highest total value of the firm’s client cryptoassets and safe custody assets) is the due date for submission of the applicable data item for the last reporting period in the previous calendar year; (b) the potential reporting date for the financial figure in paragraph (b) of the calculation in column (1) (forecast crypto and safe custody assets) so far as it is based on CASS 1A.2.9R(2) as applied by SYSC 23 Annex 1 8.34R(4) and SYSC 23 Annex 1 8.34R(5), is the 15th business day of January of the current calendar year; (c) the potential reporting date for the financial figure in paragraph (b)(i) of the calculation in column (1) so far as it is based on CASS 1A.2.9R(3) as applied by SYSC 23 Annex 1 8.34R(4) is the business day before the firm begins to hold client cryptoassets; and (d) the potential reporting date for the financial figure in paragraph (b)(ii) of the calculation in column (1) so far as it is based on CASS 1A.2.9R(3) as applied by SYSC 23 Annex 1 8.34R(5) is the business day before the firm begins to hold safe custody assets. 10.2B G (1) This paragraph, SYSC 23 Annex 1 10.2BG, gives 2 examples to illustrate how SYSC 23 Annex 1 10.2AR works. (2) In SYSC 23 Annex 1 10.2BG:

FCA 202X/XX FOS 202X/YY Page 12 of 52 (a) year 2 means the current calendar year; (b) year 1 means the previous calendar year as referred to in column (1) of row (4) of Part One of the table in SYSC 23 Annex 1 8.2R; and (c) the crypto custody qualification condition has the same meaning as it does in SYSC 23 Annex 1 8.35R. (3) In the first example, the figure calculated by adding the total value of the firm’s client cryptoassets during any single month during year 1 to the total value of safe custody assets held by the firm in the same month ranged from £70bn to £110bn. The highest corresponding amount for the previous year was £80bn. (4) In the first example, the 15th business day of January in year 2 is the potential reporting date for both the financial figures in sub￾paragraph (a) of the calculation in column (1) of row (4) of Part One of the table in SYSC 23 Annex 1 8.2R. This is the date the firm first meets the crypto custody qualification condition. (5) In the second example, the firm held no client cryptoassets or safe custody assets in year 1. The 15th business day of January in year 2 is the reporting date for the financial figures in sub-paragraph (a) of the calculation in column (1) of row (4) of Part One of the table in SYSC 23 Annex 1 8.2R. That financial figure is zero. The firm does not at this stage meet the crypto custody qualification condition. (6) On the 15th business day of January in year 2, the firm in the second example projects that the largest amount of client cryptoassets it will hold in year 2 is £70bn but that it will hold no safe custody assets in year 2. (7) The 15th business day of January in year 2 is the potential reporting date for the financial figure in sub-paragraph (b)(i) of the calculation in column (1) of row (4) of Part One of the table in SYSC 23 Annex 1 8.2R. The firm does not at this stage meet the crypto custody qualification condition. It makes no difference if later in year 2 the firm increases its projection for client cryptoassets. (8) Later on in year 2, the firm in the second example decides that it will after all hold safe custody assets in year 2. As at the business day before the firm begins to hold safe custody assets, the firm projects that the largest amount of safe custody assets it will hold in year 2 is £40bn. (9) The business day before the firm begins to hold safe custody assets is the potential reporting date for the financial figure in sub￾paragraph (b)(ii) of the calculation in column (1) of row (4) of Part

FCA 202X/XX FOS 202X/YY Page 13 of 52 One of the table in SYSC 23 Annex 1 8.2R. That is also the date that the firm meets the crypto custody qualification condition in the second example. It makes no difference if later in year 2 the firm decreases its projection for safe custody assets. … Part Eleven: When a firm stops being an enhanced scope SMCR firm … Ceasing to meet the financial thresholds in Part 8 11.2 R (1) A firm ceases to meet one of the qualification conditions in Part 8 of this Annex (financial qualification conditions) on whichever of the following is applicable: … (2) (where the qualification condition is the one in row (2) of Part One of the table in SYSC 23 Annex 1 8.2R) the due date for submission of the data item for the reporting period for which the firm first ceases to meet the condition in column (1) of that row; or (2A) (where the qualification condition is the one in row (4) of Part One of the table in SYSC 23 Annex 1 8.2R) the potential reporting date (as defined in SYSC 23 Annex 1 10.2AR) for the financial figure whose inclusion in the calculation in column (1) of row (4) of Part One of the table in SYSC 23 Annex 1 8.2R results in the firm first ceasing to meet that qualification condition; or … … TP 13 Miscellaneous transitional provisions relating to the Senior Managers and Certification Regime Insert the following new transitional provisions, TP 13.2 (Part 2), after TP 13.1 in TP 13 (Miscellaneous transitional provisions relating to the Senior Managers and Certification Regime). All the text is new and is not underlined. TP 13.2 Part 2 TP 13.2.1 G SYSC TP 13.2 deals with how the calculations in row (4) of Part One of the table in SYSC 23 Annex 1 8.2R (crypto and safe custody assets) should be

FCA 202X/XX FOS 202X/YY Page 14 of 52 made in the initial period after the coming into force of the Cryptoassets: Conduct and Firm Standards Instrument (No 2) 20XX. TP 13.2.2 G A firm may hold cryptoassets for clients in the year before the instrument in SYSC TP 13.2.1G came into force but they will not be client cryptoassets because by definition they would not have been held under CASS 17.3.3R. Hence sub-paragraph (a) of the calculation in row (4) of Part One of the table in SYSC 23 Annex 1 8.2R will not apply. TP 13.2.3 R If a relevant specified investment cryptoasset was a safe custody asset at a time covered by the calculation in row (4) of Part One of the table in SYSC 23 Annex 1 8.2R but, following the amendments to the Glossary made by the Glossary (Cryptoassets) (No 2) Instrument 202X, it ceases to be treated as a safe custody asset, it is to be treated as not having been a safe custody asset for the purposes of that calculation and the revised Glossary definition applies. TP 13.2.4 G The effect of SYSC TP 13.2 is that initially: (1) the calculation of the amount of a firm’s client cryptoassets for the purpose of deciding whether it meets the conditions for being an enhanced scope SMCR firm under row (4) of Part One of the table in SYSC 23 Annex 1 8.2R is based on projections for client cryptoassets held for the current year; and (2) relevant specified investment cryptoassets (which were excluded from the definition of safe custody assets by the instrument referred to in SYSC TP 13.2.1G) that were treated as safe custody assets at the relevant time should be included in the projections for client cryptoassets under (1) and should not be treated as safe custody assets under the calculation under sub-paragraph (a) in row (4) of Part One of the table in SYSC 23 Annex 1 8.2R.

FCA 202X/XX FOS 202X/YY Page 15 of 52 Annex B Amendments to the Training and Competence Sourcebook (TC) In this Annex, underlining indicates new text. App 1 Appendix 1 App 1.1 Activities and Products/Sectors to which TC applies subject to TC Appendices 2 and 3 TC App 1.1.1 R Activity Products/Sectors Is there an appropriate qualification requirement? Designated investment business carried on for a retail client … 19. … … Qualifying cryptoasset activities 19A. Dealing in qualifying cryptoassets as principal No 19B. Dealing in qualifying cryptoassets as agent No 19C. Arranging qualifying cryptoasset staking No 19D. Safeguarding cryptoassets No 19E. Arranging cryptoasset safeguarding No …

FCA 202X/XX FOS 202X/YY Page 16 of 52 Annex C Amendments to the Conduct of Business sourcebook (COBS) In this Annex, underlining indicates new text and striking through indicates deleted text, unless stated otherwise. 1 Annex 1 Application (see COBS 1.1.2R) Part 1: What? Modifications to the general application of COBS according to activities

1. Eligible counterparty business … 1A. CATPS 1A.1 R This sourcebook applies to a firm operating a CATP only when it is operating a UK QCATP. 1B. CATPs and professional clients 1B.1 R The COBS provisions shown below do not apply between a UK CATP operator and its professional clients in relation to the operation of a UK QCATP. COBS provision Description COBS 2 (other than COBS 2.4) Conduct of business obligations COBS 4 Communicating with clients including financial promotions COBS 6.1 Information about the firm, its services and remuneration. COBS 8 Client agreements COBS 10 Appropriateness COBS 11 Dealing and managing COBS 16.1 to COBS 16.3 Reporting information to clients …

FCA 202X/XX FOS 202X/YY Page 17 of 52 3A. … 3B. Transactions concluded on a CATP 3B.1 R The COBS provisions in COBS 1 Annex 1 1B.1R do not apply to transactions concluded under the rules governing a CATP between users of the CATP. However, the member or participant must comply with those provisions where relevant in respect of its clients if, acting on its clients’ behalf, it is executing their orders on a CATP. … Part 2: Where? Modifications to the general application according to location … 3. Public offer platforms … 4. Overseas cryptoasset business 4.1 R This sourcebook applies to a firm which carries out qualifying cryptoasset activities with a client in the United Kingdom from an establishment overseas. 4.2 R This sourcebook does not apply to a firm carrying on qualifying cryptoasset activities for or on behalf of a client, wherever located, where that client is a professional client or eligible counterparty and where those activities are carried on from an establishment overseas. … 1 Annex 2 Application to TP firms and Gibraltar-based firms (see COBS 1.1.1CR) … Part 2: Gibraltar-based firms …

FCA 202X/XX FOS 202X/YY Page 18 of 52 2. Application of COBS 2.1 R In addition to those rules applying by virtue of GEN 2.3.1R, a Gibraltar-based firm must also comply with: … (2) … (3) (in relation to qualifying cryptoasset activities), those rules, as in force from time to time, as apply to a firm carrying on qualifying cryptoasset activity. 2 Conduct of business obligations … 2.2 Information disclosure before providing services (other than MiFID and insurance distribution) … Information disclosure before providing services … 2.2.2 G (1) A firm to which the rule on providing appropriate information (COBS 2.2.1R) applies should also consider the rules on disclosing information about a firm, its services, costs and associated charges and designated investments in COBS 6.1 and COBS 14. (2) In addition, firms undertaking a qualifying cryptoasset activity: (a) should be aware of the disclosure requirements in CRYPTO which may apply when offering and providing services to clients. CRYPTO places requirements on firms which may be separate and complementary to the requirements in COBS; and (b) firms have flexibility in how their systems and operations discharge the requirements in COBS and CRYPTO. … 3 Client categorisation … 3.6 Eligible counterparties …

FCA 202X/XX FOS 202X/YY Page 19 of 52 Per se eligible counter parties 3.6.2 R Each of the following is a per se eligible counterparty (including an entity that is not from the UK that is equivalent to any of the following) unless and to the extent it is given a different categorisation under this chapter: … (9) a central bank; and (10) a supranational organisation.; and (11) a qualifying cryptoasset firm. … … 4 Communicating with clients, including financial promotions 4.1 Application … Who? What? Application to registered persons promoting qualifying cryptoassets 4.1.7C R … 4.1.7CA G The exemption in article 73ZA of the Financial Promotion Order will only be available to a registered person within scope of article 53 of the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025. … Where? General position 4.1.8 R (1) In relation to communications by a firm to a client in relation to its designated investment business this chapter applies in accordance with the general application rule and the rule on business with UK clients from an overseas establishment (COBS 1 Annex 1 Part 2 paragraphs 2.1R or 4.1R, as applicable). … 4.6 Past, simulated past and future performance (non-MiFID provisions) Application 4.6.1 R … 4.6.1A G Firms should be aware of the disclosure requirements in CRYPTO which may apply when offering and providing services to clients. CRYPTO places

FCA 202X/XX FOS 202X/YY Page 20 of 52 requirements on firms which may be separate and complementary to the requirements in COBS. Firms should refer to the guidance in COBS 2.2.2G(2) when complying with the requirements in COBS and CRYPTO. … 4.7 Direct offer financial promotions … Other direct offer financial promotions 4.7.1 R (1) Subject to (3), a firm must ensure that a direct offer financial promotion that is addressed to, or disseminated in such a way that it is likely to be received by, a retail client contains: (a) the information referred to in the rules on information disclosure (COBS 6.1.4R, COBS 6.1.6R, COBS 6.1.7R, COBS 6.1.7BR, COBS 6.1.9R, COBS 14.3.2R, COBS 14.3.3R, COBS 14.3.4R and COBS 14.3.5R) as is relevant to that offer or invitation; and … … Guidance … 4.7.2A G … 4.7.2B G Firms should be aware of the disclosure requirements in CRYPTO which may apply when offering and providing services to clients. CRYPTO places requirements on firms which may be separate and complementary to the requirements in COBS. Firms should refer to the guidance in COBS 2.2.2G(2) when complying with the requirements in COBS and CRYPTO. … 4.9 Financial promotions with an overseas element Application 4.9.1 … 4.9.1A R In this section, a reference to an overseas person includes a person who undertakes a qualifying cryptoasset activity but does not carry on any such activity, or offer to do so, from a permanent place of business maintained by them in the United Kingdom. …

FCA 202X/XX FOS 202X/YY Page 21 of 52 4.12A Promotion of restricted mass market investments … Risk warning … 4.12A.1 1 R (1) For the purposes of COBS 4.12A.10R, the financial promotion must contain: … (d) the following risk warning if the financial promotion relates to: (i) one or more qualifying cryptoassets other than a qualifying stablecoin; or (ii) UK RIE cryptoasset exchange traded notes a UK RIE cryptoasset exchange traded note: … (e) the following risk warning if the financial promotion relates to one or more qualifying stablecoins: This stablecoin is not issued by a person with permission in the UK for issuing stablecoins. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong 4 Annex 1R Risk Summaries … … 8 Risk summary for qualifying cryptoassets

FCA 202X/XX FOS 202X/YY Page 22 of 52 What are the key risks? … 2. You should not expect to be protected if something goes wrong • The Financial Services Compensation Scheme (FSCS) doesn’t protect this type of investment because it’s not a ‘specified investment’ under the UK regulatory regime – in other words, this type of investment isn’t recognised as the sort of investment that the FSCS can protect. Learn more by using the FSCS investment protection checker here. [https://www.fscs.org.uk/check/investment-protection-checker/] … … … 4 Annex 5R Restricted investor statement This Annex belongs to COBS 4.12A.22R. RESTRICTED INVESTOR STATEMENT Putting all your money into a single business or type of investment is risky. Spreading your money across different investments makes you less dependent on any one to do well. You should not invest more than 10% of your net assets in high-risk investments. Doing so could expose you to significant losses. For the purposes of this statement, net assets do NOT include: your home (primary residence), your pension (or any pension withdrawals) or any rights under qualifying contracts of insurance. For the purposes of this statement high-risk investments are: peer-to-peer (P2P) loans; investment based crowdfunding; units in a long-term asset fund; cryptoassets (such as bitcoin but excluding UK-issued stablecoin); cryptoasset exchange traded notes; and unlisted debt and equity (such as in companies not listed on an exchange like the London Stock Exchange). … 5 Distance communications 5.1 The distance marketing disclosure rules Application

FCA 202X/XX FOS 202X/YY Page 23 of 52 5.1.-1 R (1) This section applies to a firm that carries on any distance marketing activity from an establishment in the United Kingdom, with or for a consumer in the United Kingdom. (2) … (3) COBS 5 does not apply to qualifying cryptoasset activities. … 6 Information about the firm, its services and remuneration 6.1 Information about the firm and compensation information (non-MiFID and non-insurance distribution provisions) Application 6.1.1 R … 6.1.1A R In this chapter, in relation to issuing qualifying stablecoin, a reference to a client does not include a holder of a qualifying stablecoin until that holder is identifiable to the firm. … 6.1.3 G … 6.1.3A G (1) Firms undertaking a qualifying cryptoasset activity should be aware of the requirements in CRYPTO which may apply when offering and providing services to clients. CRYPTO places requirements on firms that are separate and complementary to the requirements in this chapter. (2) Firms have flexibility in how their systems and operations discharge the requirements in COBS 6 and CRYPTO. … Information concerning safeguarding of designated investments belonging to clients and client money … 6.1.7A G … Information concerning safeguarding of cryptoassets 6.1.7B R (1) This rule applies to a firm that safeguards cryptoassets for a client which are client cryptoassets. (2) All of the information that is required to be provided under this rule must be given in plain language. To the extent that that

FCA 202X/XX FOS 202X/YY Page 24 of 52 information needs to include any legal or technical terms, these must be explained and should not assume any prior knowledge or particular expertise of the client. (3) The firm must provide the client with the following information which relates to the firm’s approach to compliance with CASS 17.3 (Cryptoasset safeguarding trusts) in relation to any trust in which the client’s client cryptoassets will, or may be, held by the firm. (a) An explanation of the protections which the client will have, and any potential risks that may affect them, as a result of the firm’s approach to setting up the trust in accordance with CASS 17.3.15R, including: (i) whether or not that trust will, or may, contain client cryptoassets belonging to other clients, and any associated risks of that which may affect the client; (ii) a description of how, in the event of the firm’s failure, the existence of a shortfall in the trust property would affect the client, taking account of any provision for the allocation of shortfalls between beneficiaries in that trust that has been set out in the trust terms; and (iii) an explanation of whether the client’s client cryptoassets held in that trust would be applied towards funding the distribution costs of the trust on the failure of the firm and, if so, the basis on which those costs would be deducted from the client’s entitlement. (b) An explanation of whether, in the course of the firm’s dealings with the client, the firm will or might not hold cryptoassets in trust for the client as a result of any of the exceptions at CASS 17.3.4R to CASS 17.3.6R and, if so, any potential risks resulting from that which could impact the client, including on the failure of the firm (such explanation must also be given to the client in the course of seeking any informed consent that is required under CASS 17.3.5R(4) or CASS 17.3.6R(1)(c)). (4) The firm must provide the client with the following information which relates to the firm’s policies and procedures relating to means of access under CASS 17.4 (Means of access) in relation to any means of access which relate, or may relate, to the client’s client cryptoassets. (a) An explanation of the firm’s security and organisational arrangements in relation to the means of access. (b) Whether or not the firm relies on third parties to hold part of the means of access.

FCA 202X/XX FOS 202X/YY Page 25 of 52 (c) Any responsibilities which the client themselves has in relation to those security and organisational arrangements. (5) The firm must provide the client with the following information which relates to the firm’s use of third parties appointed under CASS 17.6 where the client’s client cryptoassets will, or may, be held by such a third party. This information must be given in relation to each arrangement that the firm has with such a third party that involves, or may involve, the client’s client cryptoassets: (a) The fact that the client’s client cryptoassets will, or may, be held by the third party, the name of the third party and the country in which it is headquartered. (b) Whether any of the client’s client cryptoassets will, or may, be held by a further person who has been appointed by the third party with the firm’s consent and, if so, that person’s name and the country in which they are headquartered. (c) The responsibility of the firm, taking into account its agreement with the client and applicable law, for any acts or omissions of the third party (or any person appointed by that third party with the firm’s consent) that may affect the client. (d) The consequences for the client of the insolvency of the third party, taking into account: (i) applicable law applying to the third party; and (ii) any arrangements which the third party may be authorised by the firm to use which involve safeguarding the client’s client cryptoassets together (for example, in the same virtual address or device) with client cryptoassets belonging to other clients of the firm. … 8 Client agreements (non-MiFID provisions) 8.1 Client agreements: non-MiFID designated investment business Application 8.1.1 R … (3A) …

FCA 202X/XX FOS 202X/YY Page 26 of 52 (4) In this chapter, in relation to issuing qualifying stablecoin, a reference to a client does not include a holder of a qualifying stablecoin until that holder is identifiable to the firm. 8.1.1A G (1) Firms undertaking a qualifying cryptoasset activity should be aware of the requirements in CRYPTO which may apply when offering and providing services to clients. CRYPTO places requirements on firms that are separate and complementary to the requirements in this chapter. (2) Firms have flexibility in how their systems and operations discharge the requirements in COBS 8 and CRYPTO. … 10 COBS 10 Appropriateness (for non-advised services) (non-MiFID and non￾insurance-based investment products provisions) 10.1 Application … 10.1.2 R … (3) … (4) This chapter also applies to a firm offering qualifying cryptoasset lending or borrowing services to a retail client. … 10.2 Assessing appropriateness: the obligations … Restricted mass market investments 10.2.9 G (1) When determining whether a client has the necessary knowledge to understand the risks involved in relation to a restricted mass market investment, a firm should consider asking the client questions that cover, at least, the matters in: … (m) COBS 10 Annex 3G in relation to units in a long-term asset fund; or (n) COBS 10 Annex 4G in relation to qualifying cryptoassets; or [deleted]

FCA 202X/XX FOS 202X/YY Page 27 of 52 (o) COBS 10 Annex 5G in relation to UK RIE cryptoasset exchange traded notes. 10.2.10 R In addition to the rule in COBS 10.2.1R, when determining whether a retail client has the necessary knowledge to understand the risks involved in relation to a restricted mass market investment, a firm must ask the client questions that cover at least the matters in COBS 10 Annex 4R in relation to qualifying cryptoassets. Insert the following new section, COBS 10.2A, after COBS 10.2 (Assessing appropriateness: the obligations). All the text is new and is not underlined. 10.2A Assessing appropriateness: qualifying cryptoasset lending and borrowing 10.2A.1 R (1) A firm must not provide qualifying cryptoasset lending or borrowing services to a retail client unless it has assessed that the client has the necessary experience or knowledge to understand the risks involved in qualifying cryptoasset lending or borrowing. (2) The rule in (1) does not need to be satisfied if the qualifying cryptoasset lending or borrowing service has previously been assessed as appropriate for the retail client by the same person as would otherwise need to undertake the assessment. 10.2A.2 G When determining whether a client has the necessary knowledge to understand the risks involved in relation to qualifying cryptoasset lending or borrowing, a firm should consider asking the client questions that cover at least the matters in COBS 10 Annex 6G. 10.2A.3 R In addition to the rules and the guidance in this section, the following sections of COBS 10 apply to assessing a retail client for qualifying cryptoasset lending and borrowing: (1) COBS 10.2 (Assessing appropriateness: the obligations); (2) COBS 10.3 (Warning the client); (3) COBS 10.5 (Assessing appropriateness: guidance); and (4) COBS 10.7 (Record keeping and retention periods for appropriateness records). 10.2A.4 G (1) Firms that undertake qualifying cryptoasset lending or borrowing services for a retail client may choose to assess appropriateness for qualifying cryptoasset lending and borrowing services as part of the appropriateness assessment required under COBS 4.12A.28R. Firms may also assess appropriateness for qualifying lending or borrowing separately and at a later stage.

FCA 202X/XX FOS 202X/YY Page 28 of 52 (2) An appropriateness assessment is only required on the first occasion that a firm provides a qualifying cryptoasset lending or borrowing service to a particular retail client. (3) A firm should consider whether it is in the retail client’s best interest for a further assessment to be undertaken even where this is not required – for example, due to lapse of time. (4) An assessment solely in respect of qualifying cryptoasset lending will not discharge the requirement on the firm to assess appropriateness for a particular client should the firm subsequently seek to provide qualifying cryptoasset borrowing and vice versa. 10.2A.5 G Where a firm chooses to satisfy the requirement in COBS 4.12A.28R (Appropriateness) and COBS 10.2A.1R at the same time, it may combine the matters in COBS 10 Annex 6G with the matters required in COBS 10 Annex 4R in order to undertake a single assessment of the client’s knowledge and experience. 10.2A.6 R (1) This rule applies if: (a) a qualifying cryptoasset lending or borrowing service is assessed as not being appropriate for a particular retail client; and (b) the assessment of appropriateness is based on a series of questions which the retail client is required to answer. (2) The retail client must not be informed of the particular answers which led to a qualifying cryptoasset lending or borrowing service being assessed as not appropriate for them. (3) Any further assessment of the appropriateness of a qualifying cryptoasset lending or borrowing service for that retail client must not be based on the same questions that were used for the purpose of a previous assessment of the appropriateness of a qualifying cryptoasset lending or borrowing for that retail client. 10.2A.7 R (1) This rule applies where a first and second assessment have both determined that a qualifying cryptoasset lending or borrowing service is not appropriate for a particular retail client. (2) Following the second, and each and every subsequent, determination that a qualifying cryptoasset lending or borrowing is not appropriate for a retail client, any further assessment of the appropriateness of a qualifying cryptoasset lending or borrowing for that retail client must not be undertaken for at least 24 hours. 10.2A.8 G When gathering information regarding a retail client’s knowledge and experience for the purpose of assessing whether a qualifying cryptoasset lending or borrowing service is appropriate for that retail client, the firm or person undertaking the assessment should:

FCA 202X/XX FOS 202X/YY Page 29 of 52 (1) avoid asking the retail client questions that invite binary (yes/no) answers; (2) if asking multiple-choice questions, use questions which offer at least 3 plausible answers (excluding the option to answer ‘do not know’, or similar); and (3) ensure that questions address matters that are relevant to a qualifying cryptoasset lending or borrowing service in which the retail client has expressed interest (see COBS 10.2.2R) 10.2A.9 G (1) A retail client should only be informed of the outcome of an appropriateness assessment once they have provided all of the information required for the assessment to be undertaken. (2) COBS 10.2A.6R does not prevent a retail client from being informed of the broad reasons why qualifying cryptoasset lending or borrowing was assessed not to be appropriate for them or of the nature of the deficiencies identified in their knowledge or experience. The rule is intended to prevent a retail client from being informed only of the questions within an assessment which led to a qualifying cryptoasset lending or borrowing service being assessed not to be appropriate such that the client is able simply to change their answer in any subsequent assessment without improving their own understanding. (3) For the purposes of COBS 10.2A.6R(3), any questions used to undertake a further assessment of appropriateness should be sufficiently different such that the retail client could not simply infer the answers that would lead to an assessment of appropriateness from the outcome of their responses to a previous set of questions. (4) A firm should consider whether the particular features of the qualifying cryptoasset lending or borrowing service mean that an interval of greater than 24 hours should be applied following a second assessment (and any subsequent assessment) that that qualifying cryptoasset lending and borrowing is not appropriate for a retail client (COBS 10.2A.6R(2)). (5) A retail client may be informed of the option to re-apply to use qualifying cryptoasset or borrowing service following a determination that it is not appropriate for them. However, the retail client should not be encouraged to do so. Amend the following as shown. 10 Annex 4 Assessing appropriateness: qualifying cryptoassets

FCA 202X/XX FOS 202X/YY Page 30 of 52 10 Annex 4 G R This Annex belongs to COBS 10.2.9G(1)(n) COBS 10.2.10R. When determining whether a retail client has the necessary knowledge to understand the risks involved in relation to a qualifying cryptoasset, a firm should consider asking must ask the client questions that cover, at least, the matters in (1) to (12). Firms may need to ask additional or alternative questions to ensure that the retail client has the necessary knowledge to understand the risks involved in relation to the specific type of qualifying cryptoasset offered. … Insert the following new annex, COBS 10 Annex 6, after COBS 10 Annex 5 (Assessing appropriateness: UK RIE cryptoasset exchange traded notes). All the text in new and not underlined. 10 Annex 6 Assessing appropriateness: qualifying cryptoasset lending or borrowing 10 Annex 6.1 G This annex belongs to COBS 10.2A.1R. 10 Annex 6.2 G When determining whether a retail client has the necessary knowledge to understand the risks involved in relation to qualifying cryptoasset lending or borrowing services, a firm should consider asking the client questions that cover at least the matters in COBS 10 Annex 6.4G(1) to (7) as applicable. 10 Annex 6.3 G Firms may need to ask additional or alternative questions to ensure that the retail client has the necessary knowledge to understand the risks involved in relation to qualifying cryptoasset lending or borrowing services. 10 Annex 6.4 G The matters are: (1) the role of the business offering or marketing the qualifying cryptoasset (the business) and the scope of its services in relation to qualifying cryptoasset lending or borrowing, including what the business does and does not do on behalf of clients, such as what due diligence is and is not undertaken by the business on any underlying investments; (2) that the client can lose all of the money that they invest in a qualifying cryptoasset; (3) the risk of losing qualifying cryptoassets or money due to failure of a firm offering qualifying cryptoasset lending or borrowing;

FCA 202X/XX FOS 202X/YY Page 31 of 52 (4) the risk that qualifying cryptoasset lending or borrowing can involve a firm transferring control of assets to a third party, which may fail to return them, particularly in the absence of robust legal protections; (5) that the firm may reuse or reinvest qualifying cryptoassets used in qualifying cryptoasset lending to generate yield, which may increase risks of losses for clients lending qualifying cryptoassets; (6) that qualifying cryptoassets committed to qualifying cryptoasset lending or borrowing may be locked into contracts for a fixed term, during which they cannot be sold, transferred or withdrawn by the client. (7) where a firm offers qualifying cryptoasset borrowing, the possibility of a margin call, the possibility of liquidation of the client’s collateral as a result of market volatility, and the potential for losses resulting from liquidation. Amend the following as shown. 11 Dealing and managing 11.1 Application 11.1.1 R This chapter applies to a firm except in relation to activities within the scope of CRYPTO 5 (Execution and order handling). … Application of section on personal account dealing 11.1.4 R … 11.1.5 R COBS 11.7 does not apply to designated investment business in relation to qualifying cryptoasset activities. … 15 Cancellation … 15 Annex 1 Exemptions from the right to cancel … Exemptions for distance contracts (all products and services) 1.10 R There is no right to cancel a distance contract:

FCA 202X/XX FOS 202X/YY Page 32 of 52 … (3) to deal as agent, advise or arrange if the distance contract is concluded merely as a stage in the provision of another service by the firm or another person.; or (4) for a qualifying cryptoasset activity. … … 16 Reporting information to clients (non-MiFID provisions) 16.1 Application 16.1.2 R (1) COBS 16.2 to COBS 16.4 apply in relation to designated investment business other than MiFID, equivalent third country or optional exemption business. (2) COBS 16.2 to COBS 16.3 do not apply to transactions within scope of the reporting requirements in CRYPTO 8 or CRYPTO 9. (3) COBS 16.4.1R to COBS 16.4.6G do not apply to a firm in relation to client designated investments which are qualifying cryptoassets or relevant specified investment cryptoassets. … 16.4 Statements of client designated investments or client money … 16.4.6 G … Statements of client cryptoassets 16.4.7R R (1) This rule applies to a firm that safeguards cryptoassets for a client which are client cryptoassets. (2) A firm must provide a client with access to an online system, which qualifies as a durable medium, where the client can easily access up￾to-date statements of their client cryptoassets. (3) Those up-to-date statements must set out the quantity of each type of client cryptoasset which the firm is safeguarding for the client.

FCA 202X/XX FOS 202X/YY Page 33 of 52 Annex D Amendments to the Supervision manual (SUP) In this Annex, underlining indicates new text and striking through indicates deleted text. 15 Notifications to the FCA … 15.15 Notification by retail intermediaries of qualification as an enhanced scope SMCR firm … Application: Firm moving between different reporting requirements 15.15.2 G (1) Subject to SUP 15.15.3R, this section also applies to a firm: … (b) that is subject to the reporting requirement in column (2) of row (3) (1) of Part Two of the table in SYSC 23 Annex 1 8.2R (Table: Financial qualification conditions) for another part of that averaging period. … … Obligation to make calculations 15.15.8 R A firm must calculate, for each averaging period, whether or not it meets the qualification condition in row (3) (1) of Part Two of the table in SYSC 23 Annex 1 8.2R (Table: Financial qualification conditions). [Editor’s note: This following amendments take into account the changes proposed in the Notification of Third Party Arrangements and Operational Incident Reporting Instrument 202X being consulted on in consultation paper ‘Operational Incident and Third Party Reporting’ (CP24/28) as if they were made final.] 16 Reporting requirements … 16.1 Application …

FCA 202X/XX FOS 202X/YY Page 34 of 52 Application of different sections of SUP 16 (excluding SUP 16.13, SUP 16.15, SUP 16.22 and SUP 16.26) 16.1.3 R (1) Section(s) (2) Categories of firm to which section applies (3) Applicable rules and guidance … SUP 16.7A A firm that is subject to the requirement in SUP 16.7A.3R or, SUP 16.7A.3AR, SUP 16.7A.5R or SUP 16.7A.5AR Sections as relevant … SUP 16.33 A firm that is: Entire sections ... (5) a Solvency II firm; or (6) a CASS large firm.; or (7) a qualifying cryptoasset firm. SUP 16.34 a qualifying cryptoasset firm Entire section 16.3 General provisions on reporting … Structure of the chapter 16.3.2 G This chapter has been split into the following sections, covering: … (27) access to cash reporting (SUP 16.32); and (28) material third party arrangements register (SUP 16.33).; and (29) cryptoasset regulatory reporting (SUP 16.34). … 16.7A Annual report and accounts Application

FCA 202X/XX FOS 202X/YY Page 35 of 52 16.7A.1 R … 16.7A.1A R This section also applies to a qualifying cryptoasset firm whether or not included in the tables in SUP 16.7A.3R and SUP 16.7A.5R. … Requirement to submit annual report and accounts 16.7A.3 R … 16.7A.3A R A qualifying cryptoasset firm must submit its annual report and accounts to the FCA annually on a single entity basis. … Requirement to submit annual report and accounts for mixed activity holding companies 16.7A.5 R … 16.7A.5A R A qualifying cryptoasset firm, whose ultimate parent is a mixed activity holding company, must: (1) submit the annual report and accounts of the mixed activity holding company to the FCA annually; and (2) notify the FCA that it is covered by this reporting requirement by email using the email address specified in SUP 16.3.10G(3), by its accounting reference date. … Time period for firms submitting their annual report and accounts 16.7A.8 R Firms must submit their annual report and accounts in accordance with SUP 16.7A.3R and SUP 16.7A.3AR within the following deadlines: … Time period for firms submitting annual report and accounts for mixed activity holding companies 16.7A.9 R Firms must submit the annual report and accounts of a mixed activity holding company in accordance with SUP 16.7A.5R and SUP 16.7A.5AR within 7 months of their accounting reference date. … 16.23 Annual Financial Crime Report

FCA 202X/XX FOS 202X/YY Page 36 of 52 Application … 16.23.2 R Table: Firms to which SUP 16.23.1R applies (subject to the exclusions in SUP 16.23.1R). … a firm that has permission to carry on one or more of the following activities: … operating a multilateral trading facility; and/or operating an organised trading facility.; issuing qualifying stablecoin; safeguarding cryptoassets; operating a qualifying cryptoasset trading platform; dealing in qualifying cryptoassets as principal; dealing in qualifying cryptoassets as agent; arranging deals in qualifying cryptoassets, provided that during the relevant financial year the firm held specified investment cryptoassets or qualifying cryptoassets under CASS 17; and/or arranging qualifying cryptoasset staking. a firm that has reported total revenue of £5 million or more as at its last accounting reference date and has permission to carry on one or more of the following activities: … credit-related regulated activity; and operating an electronic system for public offers of relevant securities.; and/or arranging deals in qualifying cryptoassets. … 16.33 Material third party arrangements register

FCA 202X/XX FOS 202X/YY Page 37 of 52 Application 16.33.1 R This section applies to: (1) a firm that is: … (e) a Solvency II firm; or (f) a CASS large firm; or (g) a qualifying cryptoasset firm; … … Insert the following new section, SUP 16.34, after SUP 16.33 (Material third party arrangements register). All the text is new and is not underlined. 16.34 Cryptoasset regulatory reporting Application: who? 16.34.1 R This section applies to a qualifying cryptoasset firm. The list of respective qualifying cryptoasset activities is contained in SUP 16.34.4R. How to submit a cryptoasset regulatory report 16.34.2 R A firm must provide a cryptoasset regulatory report containing the information specified in the table in SUP 16.34.4R and the information in SUP 16.34.6R to the FCA electronically in a standard format provided by the FCA and in accordance with the frequency prescribed in the table in SUP 16.34.4R and SUP 16.34.5R(1). Guidance notes for data items to be reported are set out in SUP 16 Annex 60G. Purpose 16.34.3 G The purpose of this section is to require firms to submit information about the qualifying cryptoasset activity they carry on. This information will assist the FCA in pursuing the purposes set out in SUP 16.2.1G. Reporting requirement 16.34.4 R Table of applicable rules containing data items, frequency and submission periods. The due dates are the last day of the periods given in the table below following the relevant reporting reference dates set out in SUP 34.5R(2), unless indicated otherwise.

FCA 202X/XX FOS 202X/YY Page 38 of 52 (1) (2) (3) (4) Regulated activities Provisions containing: Applicable data items Reporting frequency Due date Safeguarding cryptoassets SUP 16.34.7R Monthly 15 business days of the end of each month (Note) Issuing qualifying stablecoin SUP 16.34.8R Quarterly 20 business days Operating a qualifying CATP SUP 16.34.9R Quarterly 20 business days Dealing in qualifying cryptoassets as principal (except where qualifying cryptoasset lending or borrowing) SUP 16.34.10R Quarterly 20 business days Dealing in qualifying cryptoassets as agent and arranging deals in qualifying cryptoassets (except where qualifying cryptoasset lending or borrowing) SUP 16.34.10R Quarterly 20 business days Qualifying cryptoasset lending SUP 16.34.11R Quarterly 20 business days Qualifying cryptoasset borrowing SUP 16.34.11R Quarterly 20 business days Arranging qualifying SUP 16.34.12R Quarterly 20 business days

FCA 202X/XX FOS 202X/YY Page 39 of 52 cryptoasset staking Note: ‘Month’ means a calendar month and SUP 16.3.13R(4) does not apply. Frequency and timing of reports 16.34.5 R (1) A firm must submit the information required under SUP 16.34.6R to the FCA quarterly and within 20 business days of the end of the relevant reporting reference date. (2) For the purpose of this rule, a firm’s reporting reference dates are: (a) its accounting reference date; (b) 3 months after its accounting reference date; (c) 6 months after its accounting reference date; and (d) 9 months after its accounting reference date. Reporting: general 16.34.6 R All firms carrying on any of the activities in column (1) of the table in SUP 16.34.4R must provide the following information for each reporting period when reporting to the FCA: (1) the total number of complaints received by the firm during the reporting period; (2) the total number of complaints upheld by the firm during the reporting period; (3) the total number of clients with at least one active qualifying cryptoasset activity arrangement as at the end of the reporting period, except for firms issuing qualifying stablecoin; and (4) the total number of retail customers with at least one active qualifying cryptoasset activity arrangement who have been identified as having characteristics of vulnerability, except for firms issuing qualifying stablecoin. Reporting: safeguarding of cryptoassets 16.34.7 R A firm carrying on the activity of safeguarding cryptoassets must provide the FCA with the following information for each reporting period regarding this activity, and each data item reported must reflect the firm’s safeguarding of cryptoassets which are client cryptoassets: (1) the name of the CASS audit firm;

FCA 202X/XX FOS 202X/YY Page 40 of 52 (2) the regulated activities carried on by the firm; (3) the total number of clients; (4) the number of each type of clients: (a) retail customers; (b) clients who are qualifying cryptoasset firms; and (c) clients that do not fall under either of the preceding categories; (5) the total value of all qualifying cryptoassets being safeguarded; (6) the highest total value of qualifying cryptoassets being safeguarded; (7) the lowest total value of qualifying cryptoassets being safeguarded; (8) the class(es) of qualifying cryptoassets being safeguarded; (9) the number of each class of qualifying cryptoassets being safeguarded; (10) the value of qualifying cryptoassets being safeguarded, by class; (11) the total value of all relevant specified investment cryptoassets being safeguarded; (12) the highest total value of relevant specified investment cryptoassets being safeguarded; (13) the lowest total value of relevant specified investment cryptoassets being safeguarded; (14) the class(es) of relevant specified investments cryptoassets being safeguarded; (15) the number of each class of relevant specified investment cryptoassets being safeguarded; (16) the value of relevant specified investment cryptoassets being safeguarded, by class; (17) the name of any third party appointed by the firm to safeguard cryptoassets for the firm’s clients, including the role and the location of the registered office (or if no registered office, the head office) of the third party; (18) the wallet structure(s) for safeguarding client cryptoassets; (19) the excess or shortfall of client cryptoassets;

FCA 202X/XX FOS 202X/YY Page 41 of 52 (20) adjustments made to withdraw an excess or rectify a shortfall as a result of client cryptoasset reconciliation; (21) any use of an operational surplus; (22) the number of client cryptoasset items that have been unresolved for the following periods of time: (a) 6 to 29 days; (b) 30 to 59 days; (c) 60 to 90 days; and (d) more than 90 days. (23) total revenue during the reporting period from safeguarding cryptoassets in relation to qualifying cryptoassets; (24) total revenue during the reporting period from safeguarding cryptoassets in relation to relevant specified investment cryptoassets; (25) total revenue from arranging cryptoasset safeguarding in relation to qualifying cryptoassets; and (26) total revenue from arranging cryptoasset safeguarding in relation to relevant specified investment cryptoassets. Reporting: qualifying stablecoin issuance 16.34.8 R A firm carrying on the activity of issuing qualifying stablecoin must provide the FCA with the following information in respect of each UK qualifying stablecoin product for which it is the qualifying stablecoin issuer for each reporting period regarding this activity: (1) the total number of qualifying stablecoins minted; (2) the total number of qualifying stablecoin sold; (3) the balance of stablecoin backing assets; (4) the balance of stablecoin backing funds; (5) the total number of redemption requests received; (6) the total value of qualifying stablecoin redeemed; (7) the total number of pending or incomplete redemption requests; (8) the total number of delayed redemption requests;

FCA 202X/XX FOS 202X/YY Page 42 of 52 (9) the total number of suspension events; (10) the names of third parties appointed under CASS 16 requirements; (11) any notifiable CASS 16 breaches; (12) the name of the CASS audit firm; and (13) total revenue from issuing qualifying stablecoin during the reporting period. Reporting: operation of a qualifying cryptoasset trading platform 16.34.9 R A firm carrying on the activity of operating a qualifying cryptoasset trading platform is required to provide the FCA with the following information for each reporting period regarding this activity: (1) information concerning retail customers, which includes but is not limited to: (a) the total number of retail customers who executed at least one trade on a UK QCATP; (b) the total value of completed fiat to qualifying cryptoasset transactions executed by retail customers on a UK QCATP; (c) the total value of completed qualifying cryptoasset to qualifying cryptoasset transactions executed by retail customers on a UK QCATP; (d) the total value of completed qualifying cryptoasset to fiat transactions executed by retail customers on a UK QCATP; and (e) the highest transacting retail customers with the highest total transactions by value of qualifying cryptoassets on a UK CATP; (2) information concerning clients who are qualifying cryptoasset firms, which includes but is not limited to: (a) the total number of this category of clients who executed at least one trade on a UK QCATP; (b) the total value of completed fiat to qualifying cryptoasset transactions executed by this category of clients; (c) the total value of completed qualifying cryptoasset to qualifying cryptoasset transactions executed by this category of clients;

FCA 202X/XX FOS 202X/YY Page 43 of 52 (d) the total value of completed qualifying cryptoasset to fiat transactions executed by this category of clients; and (e) the clients under this category with the highest total transactions by value of qualifying cryptoassets; (3) information concerning clients that do not fall under the categories in (1) and (2), which includes but is not limited to: (a) the total number of this category of clients who executed at least one trade on a UK QCATP; (b) the total value of completed fiat to qualifying cryptoasset transactions executed by this category of clients; (c) the total value of completed qualifying cryptoasset to qualifying cryptoasset transactions executed by this category of clients; (d) the total value of completed qualifying cryptoasset to fiat transactions executed by this category of clients; (e) the clients under this category with the highest total transactions by value of qualifying cryptoassets; and (4) total firm revenue from operating a UK QCATP during the reporting period. Reporting: cryptoasset intermediary activities 16.34.10 R A firm carrying on any of the activities of dealing in qualifying cryptoassets as principal, dealing in qualifying cryptoassets as agent and/or arranging deals in qualifying cryptoassets must provide the FCA with the following information for each reporting period. Firms should provide information relating to qualifying cryptoasset lending and qualifying cryptoasset borrowing separately in accordance with SUP 16.34.11R: (1) information concerning retail customers, which includes but is not limited to: (a) the total number of retail customers for whom the firm executed or received and transmitted for execution at least one trade; (b) the total value of completed fiat to qualifying cryptoasset transactions executed or received and transmitted for execution by the firm;

FCA 202X/XX FOS 202X/YY Page 44 of 52 (c) the total value of completed qualifying cryptoasset transactions executed or received and transmitted for execution by the firm that do not fall under (b) or (d); (d) the total value of completed qualifying cryptoasset to fiat transactions executed or received and transmitted for execution by the firm; and (e) the retail customers with the highest total transactions by value of qualifying cryptoassets; (2) information concerning clients who are qualifying cryptoasset firms, which includes but is not limited to: (a) the total number of this category of clients for whom the firm executed or received and transmitted for execution at least one trade; (b) the total value of completed fiat to qualifying cryptoasset transactions orders executed or received and transmitted for execution by the firm; (c) the total value of completed qualifying cryptoasset transactions executed or received and transmitted for execution by the firm that do not fall under (b) or (d); (d) the total value of completed qualifying cryptoasset to fiat transactions executed or received and transmitted for execution by the firm; and (e) the clients under this category with the highest total transactions by value of qualifying cryptoassets; (3) information concerning the clients that do not fall under the categories in (1) and (2), which includes but is not limited to: (a) the total number of this category of clients for whom the firm executed or received and transmitted for execution at least one trade; (b) the total value of completed fiat to qualifying cryptoasset transactions the executed or received and transmitted for execution by the firm; (c) the total value of completed qualifying cryptoasset transactions executed or received and transmitted for execution by the firm that do not fall under (b) or (d); (d) the total value of completed qualifying cryptoasset to fiat transactions executed or received and transmitted for execution by the firm; and

FCA 202X/XX FOS 202X/YY Page 45 of 52 (e) the clients under this category with the highest total transactions by value of qualifying cryptoassets; (4) the qualifying cryptoasset execution venues where the firm executed or transmitted for execution of client orders; (5) when dealing in qualifying cryptoassets as principal and executing orders for clients, where the firm sourced liquidity; and (6) total revenue from dealing in qualifying cryptoassets as principal, dealing in qualifying cryptoassets as agent and arranging deals in qualifying cryptoassets during the reporting period. Reporting: qualifying cryptoasset lending and borrowing 16.34.11 R A firm carrying on the activity of dealing in qualifying cryptoassets as principal and/or arranging deals in qualifying cryptoassets must provide the FCA with the following information regarding their qualifying cryptoasset lending or borrowing services: (1) information concerning qualifying cryptoasset lending: (a) the total number of retail customers with whom the firm engages in qualifying cryptoasset lending; (b) the total number of clients who are qualifying cryptoasset firms with whom the firm engages in cryptoasset lending services; (c) the total number of clients that do not fall under the categories in (a) and (b) with whom the firm engages in qualifying cryptoasset lending; (d) the total number of qualifying cryptoasset lending arrangements; (e) the total value of qualifying cryptoasset lending arrangements; (f) the lending counterparties; (g) the location of the registered office (if no registered office, the head office) of the lending counterparties in the United Kingdom; (h) the total value of qualifying cryptoassets the firm has transacted with other parties to generate yield for retail clients; (i) the types of qualifying cryptoassets used in qualifying cryptoasset lending; and

FCA 202X/XX FOS 202X/YY Page 46 of 52 (j) total revenue during the reporting period from qualifying cryptoasset lending; (2) information concerning qualifying cryptoasset borrowing: (a) the total number of retail customers with whom the firm engages in qualifying cryptoasset borrowing; (b) the total number of clients who are qualifying cryptoasset firms with whom the firm engages in qualifying cryptoasset borrowing; (c) the total number of clients that do not fall under the categories in (a) and (b) with whom the firm engages in qualifying cryptoasset borrowing; (d) the total number of qualifying cryptoasset borrowing arrangements; (e) the total value of qualifying cryptoasset borrowing arrangements; (f) the total value of qualifying cryptoasset borrowing collateral; (g) the types of qualifying cryptoassets used in qualifying cryptoasset borrowing; and (h) total revenue during the reporting period from qualifying cryptoasset borrowing. Reporting: cryptoasset staking 16.34.12 R A firm carrying on the activity of arranging qualifying cryptoasset staking must provide the FCA with the following information regarding this activity: (1) the total number of retail customers with at least one active qualifying cryptoasset staking arrangement with the firm; (2) the total number of clients who are qualifying cryptoasset firms with at least one active qualifying cryptoasset staking arrangement with the firm; (3) the total number of clients that do not fall under the categories in (a) or (b) with at least one active qualifying cryptoasset staking arrangement with the firm; (4) the total number of new qualifying cryptoasset staking arrangements that started during the reporting period;

FCA 202X/XX FOS 202X/YY Page 47 of 52 (5) the total value of qualifying cryptoasset staking arrangements where the firm is also safeguarding the staked qualifying cryptoassets; (6) the total value of qualifying cryptoasset staking arrangements where the firm is not also safeguarding cryptoassets; (7) the types of qualifying cryptoassets used in qualifying cryptoasset staking; and (8) total revenue during the reporting period from arranging qualifying staking. Insert the following new Annex, SUP 16 Annex 60G, after SUP 16 Annex 59R (Material third party arrangements register template). All the text is new and is not underlined. 16 Annex 60G Guidance notes for the data items in SUP 16.34 This annex consists only of guidance notes for the data items in SUP 16.34. Guidance notes for the data items in SUP 16.34 [Editor’s note: for the purposes of this consultation, these guidance notes can be found in Annex 6 of the Consultation Paper].

FCA 202X/XX FOS 202X/YY Page 48 of 52 Annex E Amendments to the Dispute Resolution: Complaints sourcebook (DISP) In this Annex, underlining indicates new text and striking through indicates deleted text. [Editor’s note: This Annex takes into account the changes introduced by the Complaints Reporting Instrument 2025 (FCA 2025/53), which comes into force on 31 December 2026.] 1 Treating complainants fairly … 1.10 Complaints reporting rules 1.10.1 R … (4) … (5) DISP 1.10 and DISP 1.10A do not apply to a firm carrying out any of the following activities, in relation to complaints relating to those activities: (a) issuing qualifying stablecoin; (b) safeguarding cryptoassets; (c) operating a qualifying CATP; (d) dealing in qualifying cryptoassets as principal; (e) dealing in qualifying cryptoassets as agent; (f) arranging deals in qualifying cryptoassets; or (g) arranging qualifying cryptoasset staking. 1.10.1-B G A firm to whom DISP 1.10.1R(5) applies must, in relation to the relevant complaints, submit information to the FCA about the number of complaints it has received in accordance with the requirements in SUP 16.34.6R(1) and (2). … 2 Jurisdiction of the Financial Ombudsman Service … 2.3 To which activities does the Compulsory Jurisdiction apply? …

FCA 202X/XX FOS 202X/YY Page 49 of 52 General 2.3.3 G Complaints about acts or omissions include those in respect of activities for which the firm, payment service provider, electronic money issuer, CBTL firm, designated credit reference agency or designated finance platform is responsible (including business of any appointed representative, or agent or other person acting on its behalf for which the firm, payment institution, electronic money institution, designated credit reference agency or designated finance platform has accepted responsibility). … [Editor’s note: The amendments to the text shown below in DISP 2.5.1R(2) seek to clarify this provision and proposed changes. The changes at DISP 2.5.1R(2)(a)(vii) to (xvi) reflect the changes set out in: (1) the proposed Advice Guidance Boundary Review (Targeted Support) Instrument 2026, which, if made, will come into force on 6 April 2026; (2) the consultation paper ‘Deferred Payment (unregulated Buy Now Pay Later): Proposed approach to regulation’ (CP25/23), as if it were made final; and (3) the consultation paper ‘ESG (Environmental, Social, Governance) ratings: Proposed approach to regulation’ (CP25/34), as if it were made final.] 2.5 To which activities does the Voluntary Jurisdiction apply? 2.5.1 R The Ombudsman can consider a complaint under the Voluntary Jurisdiction if: … (2) it relates to an act or omission by a VJ participant in carrying on one or more of the following activities: (a) an activity (other than auction regulation bidding, administering a benchmark, meeting of repayment claims, managing dormant asset funds (including the investment of such funds), regulated pensions dashboard activity and operating an electronic system for public offers of relevant securities) carried on after 28 April 1988 which: (i) auction regulation bidding (ii) administering a benchmark; (iii) meeting of repayment claims; (iv) managing dormant asset funds (including the investment of such funds); (v) regulated pensions dashboard activity;

FCA 202X/XX FOS 202X/YY Page 50 of 52 (vi) operating an electronic system for public offers of relevant securities; (vii) providing targeted support; (viii) deferred payment credit activity; (ix) providing an ESG rating; (x) issuing qualifying stablecoin; (xi) safeguarding cryptoassets; (xii) operating a qualifying CATP; (xiii) dealing in qualifying cryptoassets as principal; (xiv) dealing in qualifying cryptoassets as agent; (xv) arranging deals in qualifying cryptoassets; and (xvi) arranging qualifying cryptoasset staking) carried on after 28 April 1988 which: … (c) activities, other than regulated claims management activities, activities ancillary to regulated claims management activities, meeting of repayment claims, managing dormant asset funds (including the investment of such funds), regulated pensions dashboard activity and operating an electronic system for public offers of relevant securities (i) regulated claims management activities; (ii) activities ancillary to regulated claims management activities; (iii) meeting of repayment claims; (iv) managing dormant asset funds (including the investment of such funds); (v) regulated pensions dashboard activity; (vi) operating an electronic system for public offers of relevant securities; (vii) providing targeted support; (viii) deferred payment credit activity;

FCA 202X/XX FOS 202X/YY Page 51 of 52 (ix) providing an ESG rating; (x) issuing qualifying stablecoin; (xi) safeguarding cryptoassets; (xii) operating a qualifying CATP; (xiii) dealing in qualifying cryptoassets as principal; (xiv) dealing in qualifying cryptoassets as agent; (xv) arranging deals in qualifying cryptoassets; and (xvi) arranging qualifying cryptoasset staking which (at 6 April 2026 [Editor’s note: insert the commencement date of this instrument]) would be covered by the Compulsory Jurisdiction, if they were carried on from an establishment in the United Kingdom (these activities are listed in DISP 2 Annex 1G); … … 2.7 Is the complainant eligible? … Eligible complainants … 2.7.6 R To be an eligible complainant a person must also have a complaint which arises from matters relevant to one or more of the following relationships with the respondent: (1) the complainant is (or was) a: (a) customer, of; (b) payment service user, or of; (c) electronic money holder of; or (d) holder of a UK qualifying stablecoin issued by, the respondent; (2) the complainant is (or was) a potential: (a) customer, of;

FCA 202X/XX FOS 202X/YY Page 52 of 52 (b) payment service user, or of ; (c) electronic money holder of; or (d) holder of a UK qualifying stablecoin issued by, the respondent; … … 2 Annex 1 Regulated Activities for the Voluntary Jurisdiction at [6 April 2026] [Editor’s note: insert the commencement date of this instrument] This table belongs to DISP 2.5.1R G The activities which were covered by the Compulsory Jurisdiction (at [6 April 2026] [Editor’s note: insert commencement date of this instrument] were: … The activities which (at [6 April 2026] [Editor’s note: insert the commencement date of this instrument]) were regulated activities were, in accordance with section 22 of the Act (Regulated Activities), any of the following activities specified in Part II and Parts 3A and 3B of the Regulated Activities Order (with the addition of auction regulation bidding, administering a benchmark and dealing with unwanted asset money): … (2) … (2A) issuing qualifying stablecoin (article 9M); (2B) safeguarding cryptoassets (article 9N); (2C) operating a qualifying CATP (article 9S); (2D) dealing in qualifying cryptoassets as principal (article 9T); (2E) dealing in qualifying cryptoassets as agent (article 9W); (2F) arranging deals in qualifying cryptoassets (article 9Y); (2G) arranging qualifying cryptoasset staking (article 9Z6); …

FCA 202X/XX GLOSSARY (CRYPTOASSETS) (No 2) INSTRUMENT 202X Powers exercised A. The Financial Conduct Authority (“the FCA”) makes this instrument in the exercise of the powers and related provisions in or under: (1) the following powers and related provisions in the Financial Services and Markets Act 2000 (“the Act”), including as applied by articles 98 and 99 of the Financial Services and Markets Act (Regulated Activities) Order 2000 (as amended by the Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025) as applied by paragraph 3 of Schedule 6 to the Payment Services Regulations 2017 (SI 2017/752) and paragraph 2A of Schedule 3 to the Electronic Money Regulations 2011 (SI 2011/99): (a) section 59 (Approval for particular arrangements); (b) section 59AB(1) (Specifying functions as controlled functions: transitional provision); (c) section 60 (Applications for approval); (d) section 60A (Vetting candidates by authorised persons); (e) section 61 (Determination of applications); (f) section 62A (Changes in responsibilities of senior managers); (g) section 63ZA (Variation of senior manager’s approval at request of authorised person); (h) section 63ZD (Statement of policy relating to conditional approval and variation); (i) section 63C (Statement of policy); (j) section 63E (Certification of employees by authorised persons); (k) section 63F (Issuing of certificates); (l) section 64A (Rules of conduct); (m) section 64C (Requirement for authorised persons to notify regulator of disciplinary action); (n) section 69 (Statement of policy); (o) section 71N (Designated activities: rules); (p) section 137A (The FCA’s general rules); (q) section 137B (FCA general rules: clients’ money, right to rescind etc.); (r) section 137D (FCA general rules: product intervention); (s) section 137R (Financial promotion rules); (t) section 137T (General supplementary powers); (u) section 138D (Actions for damages); (v) section 213 (The compensation scheme); (w) section 214 (General); (x) section 226 (Compulsory Jurisdiction); and (y) section 138D (Actions for damages);

FCA 202X/XX Page 2 of 31 (2) the following provisions of the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 [Editor’s note: insert SI number]:  (a) regulation 6 (“Qualifying cryptoasset disclosure document” and “supplementary disclosure document”); (b) regulation 9 (Designated activity rules: qualifying cryptoasset public offers and admissions to trading);  (c) regulation 12 (Responsibility for disclosure documents); (d) regulation 13 (General requirements to be met by a qualifying cryptoasset disclosure document or supplementary disclosure document); (e) regulation 15 (Withdrawal rights);  (f) regulation 21 (Designated activity rules: market abuse in qualifying cryptoassets and related instruments); (g) regulation 23 (Exclusions: insider dealing); (h) regulation 26 (Public disclosure of inside information); (i) regulation 27 (Public disclosure of inside information: delayed disclosure); (j) regulation 30 (Systems and procedures for trading relevant qualifying cryptoassets and related instruments);  (k) regulation 31 (Insider lists for relevant qualifying cryptoassets and related instruments);  (l) regulation 32 (Cases in which sharing of information authorised or required);  (m) regulation 34 (Legitimate cryptoasset market practice);  (n) regulation 36 (Disapplication or modification of rules); and (o) paragraph 8 (“Protected forward-looking statement”) of Part 2 (Further exemption relating to forward-looking statement) of Schedule 2 (Compensation: exemptions); and (3) the other rule making powers listed in Schedule 4 (Powers exercised) to the General Provisions of the FCA’s Handbook. B. The rule-making powers listed above are specified for the purpose of section 138G(2) (Rule-making instruments) of the Act. Commencement C. This instrument comes into force on [date]. Amendments to the Handbook D. The Glossary of definitions is amended in accordance with the Annex to this instrument. Notes E. In the Annexes to this instrument, the notes (indicated by “Note:” or “Editor’s note:”) are included for the convenience of readers but do not form part of the legislative text.

FCA 202X/XX Page 3 of 31 Citation F. This instrument may be cited as the Glossary (Cryptoassets) (No 2) Instrument 202X. By order of the Board [date]

FCA 202X/XX Page 4 of 31 Annex Amendments to the Glossary of definitions [Editor’s note: This Annex takes into account the proposals and legislative changes suggested in: (1) the following consultation papers: (a) ‘Stablecoin issuance and cryptoasset custody’ (CP25/14); (b) ‘Modernising the Redress System’ (CP25/22); (c) ‘Application of FCA Handbook for Regulated Cryptoasset Activities’ (CP25/25); and (d) ‘Regulating Cryptoasset Activities’ (CP25/40); and (2) the draft Advice Guidance Boundary Review (Targeted Support) Instrument 2026 published in the ‘Supporting consumers’ pensions and investment decisions: rules for targeted support policy statement’ (PS25/22), as if they were made final.] In this Annex, underlining indicates new text and striking through indicates deleted text, unless stated otherwise. Insert the following new definitions in the appropriate alphabetical position. The text is not underlined. arranging cryptoasset safeguarding the regulated activity specified in article 9N(1)(b) of the Regulated Activities Order (Safeguarding of qualifying cryptoassets and relevant specified investment cryptoassets) . client cryptoasset a qualifying cryptoasset or a relevant specified investment cryptoasset which is either: (a) required to be held in trust under CASS 17.3.3R by a firm to which that rule applies; or (b) part of an operational surplus. client cryptoasset discrepancy record a firm’s record setting out details of each discrepancy relating to its safeguarding of client cryptoassets that it identifies under CASS 17.5.11R, as required under CASS 17.5.11R(2). client cryptoasset means of access record a firm’s record setting out details of each means of access it controls at any particular point in time, as required under CASS 17.4.9R. client cryptoasset reconciliation the process set out at CASS 17.5.10R

FCA 202X/XX Page 5 of 31 client cryptoasset reconciliation record a firm’s record setting out details of each client cryptoasset reconciliation which it performs under CASS 17.5.10R, as required under CASS 17.5.10R(4). client cryptoasset third party due diligence record a firm’s record of the grounds upon which an appointment of a third party under CASS 17.6.3R or CASS 17.6.8R met the requirements of CASS 17.6.3R(1) to (4) or CASS 17.6.8R(2), as required by CASS 17.6.11R(1). client cryptoasset third party governance record a firm’s record of its governing body’s, or its governing body’s delegate’s, approval under CASS 17.6.9R(1) or (3), as required under CASS 17.6.11R(5). client cryptoasset third party review record a firm’s record of the conclusions of any periodic review performed under CASS 17.6.5R or CASS 17.6.8R(4), as required under CASS 17.6.11R(3). client cryptoasset trust exemption consent record a record of a firm’s client’s written consent under CASS 17.3.5R(4) or CASS 17.3.6R(1)(c) for the firm to use the exemption at CASS 17.3.5R(1) or CASS 17.3.6R(1) respectively, as required under CASS 17.3.11R(4). client cryptoasset trust exemption record a record of a firm’s reasons for concluding that it is necessary for the exemption at CASS 17.3.6R(1) to be used, as required under CASS 17.3.6R(3). client cryptoasset trust record a firm’s record of a trust that it has created under CASS 17.3.3R, as required under CASS 17.3.17R. cryptoasset safeguarding arrangement record a firm’s record of arranging qualifying cryptoasset safeguarding, as required under CASS 17.7.3R(1). means of access a private cryptographic key, part of a private cryptographic key or some other means which a person would need possession or knowledge of to bring about a transfer of the benefit of a cryptoasset to another person. operational surplus one or more qualifying cryptoassets or relevant specified investment cryptoassets which a firm is using in accordance with CASS 17.3.18R. per-trust operational surplus record a firm’s record, in relation to a trust created by it under CASS 17.3.3R, of the reasons for it being necessary for the firm to use an operational surplus for that trust, as required under CASS 17.3.18R(4). per-trust/class cryptoasset resource the amount of a particular class of client cryptoasset that a firm is required to confirm under CASS 17.5.7R that it is safeguarding for a client under a particular trust in accordance with CASS 17.3.3R.

FCA 202X/XX Page 6 of 31 per-trust/ client/class cryptoasset requirement the amount of a particular class of client cryptoasset that a firm is required to hold for a client under a particular trust in accordance with CASS 17.3.3R, as calculated at CASS 17.5.6R. relevant specified investment cryptoasset a specified investment cryptoasset which meets the definition at article 9N(5)(b) of the Regulated Activities Order. safeguarding cryptoassets the regulated activity specified in article 9N(1)(a) of the Regulated Activities Order (Safeguarding of qualifying cryptoassets and relevant specified investment cryptoassets). Amend the following as shown. complaint … (2) (in DISP, except DISP 1.1 and (in relation to collective portfolio management) in the consumer awareness rules, the complaints handling rules, the complaints record rule, in CREDS 9, SUP 12 and, SUP 15 and SUP 16) any oral or written expression of dissatisfaction, whether justified or not, from, or on behalf of, a person about the provision of, or failure to provide, a financial service, claims management service or a redress determination, which: (a) alleges that the complainant has suffered (or may suffer) financial loss, material distress or material inconvenience; and (b) relates to an activity of that respondent or of any other respondent with whom that respondent has some connection in marketing or providing financial services or products or claims management services, which comes under the jurisdiction of the Financial Ombudsman Service. … controlled activity (in accordance with section 21(9) of the Act (The classes of activity and investment)) any of the following activities specified in Part 1 of Schedule 1 to the Financial Promotions Order (Controlled Activities): … (ia) … (ib) safeguarding cryptoassets (paragraph 7A); (ic) operating a qualifying CATP (paragraph 7B);

FCA 202X/XX Page 7 of 31 (id) arranging qualifying cryptoasset staking (paragraph 7C); designated investment … (4) … (5) (in COBS) in addition and to the extent it does not fall within (1): (a) a qualifying cryptoasset; and (b) a relevant specified investment cryptoasset. designated investment business (1) (other than in COMP) any of the following activities, specified in Part II of the Regulated Activities Order (Specified Activities), which is carried on by way of business: … (u) issuing qualifying stablecoin in the United Kingdom (article 9M); (v) safeguarding qualifying cryptoassets; (w) operating a qualifying CATP (article 9S); (x) dealing in qualifying cryptoassets as principal (article 9T), but disregarding the exclusion in article 9U (Absence of holding out etc); (y) dealing in qualifying cryptoassets as agent (article 9W); (z) arranging deals in qualifying cryptoassets (article 9Y); (za) arranging qualifying cryptoasset staking (article 9Z6). (2) (in COMP) any of the activities falling within (1) other than: (a) issuing qualifying stablecoin (article 9M); (b) safeguarding cryptoassets; (c) operating a qualifying CATP (article 9S); (d) dealing in qualifying cryptoassets as principal (article 9T), but disregarding the exclusion in article 9U (Absence of holding out etc);

FCA 202X/XX Page 8 of 31 (e) dealing in qualifying cryptoassets as agent (article 9W); (f) arranging deals in qualifying cryptoassets (article 9Y); (g) arranging qualifying cryptoasset staking (article 9Z6). eligible counterparty business the following services and activities carried on by a firm: … (b) any ancillary service directly related to a service or activity referred to in (a); or (c) … (d) dealing in qualifying cryptoassets as principal; (e) dealing in qualifying cryptoassets as agent; (f) arranging deals in qualifying cryptoassets; (g) arranging qualifying cryptoasset staking; (h) issuing qualifying stablecoin; or (i) safeguarding cryptoassets, … issuing qualifying stablecoin the activity defined in article 9M (Issuing qualifying stablecoin in the United Kingdom) of the Regulated Activities Order. periodic statement (1) (except in CRYPTO) a report which a firm is required to provide to a client pursuant to: … (2) (in CRYPTO) a report which a firm is required to provide to a client pursuant to CRYPTO 9. proprietary trading (in SYSC 27 (Senior managers and certification regime: (Certification regime) and COCON) dealing in investments as principal as part of a business of trading in specified investments. For these purposes dealing in investments as principal includes: (a) any activities that would be included but for the exclusion in Article 15 (Absence of holding out), Article 16 (Dealing in contractually based investments) or, for a UK AIFM or UK

FCA 202X/XX Page 9 of 31 UCITS management company, article 72AA (Managers of UCITS and AIFs) of the Regulated Activities Order; (b) dealing in qualifying cryptoassets as principal; (c) any activities that would be included in (b) but for the exclusion in article 9U (Absence of holding out) of the Regulated Activities Order; (d) issuing qualifying stablecoin in the United Kingdom; and (e) operating a qualifying CATP to the extent that that activity would have fallen into (b) but for the exclusion in article 9X(2)(b) of the Regulated Activities Order. qualifying cryptoasset activity any of the following activities, specified in Part II of the Regulated Activities Order (Specified Activities): (a) issuing qualifying stablecoin in the United Kingdom (article 9M); (b) safeguarding qualifying cryptoassets (article 9N); (c) operating a qualifying CATP (article 9S); (d) dealing in qualifying cryptoassets as principal ((article 9T) (but disregarding the exclusion in article 9U (Absence of holding out etc)); (e) dealing in qualifying cryptoassets as agent (article 9W); (f) arranging deals in qualifying cryptoassets (article 9Y); or (g) arranging qualifying cryptoasset staking (article 9Z6). qualifying cryptoasset custodian an authorised person with permission to carry on the regulated activity specified in article 9N(1)(a) (Safeguarding of qualifying cryptoassets and relevant specified investment cryptoassets) of the Regulated Activities Order, but only in relation to qualifying cryptoassets of safeguarding cryptoassets. qualifying cryptoasset safeguarding rules CASS 17. regulated activity … (B) in the FCA Handbook:

FCA 202X/XX Page 10 of 31 (1) (in accordance with section 22 of the Act (Regulated activities)) the activities specified in Part II (Specified activities), Part 3A (Specified activities in relation to information) and Part 3B (Claims management activities in Great Britain) of the Regulated Activities Order, which are, in summary: … … (ab) issuing qualifying stablecoin in the United Kingdom (article 9M); (ac) safeguarding qualifying cryptoassets and relevant specified investment cryptoassets (article 9N); … (2) in DISP, except DISP 1.1, DISP 1.2, DISP 1.3 and DISP 1.9: (in accordance with the FCA’s power under section 226 of the Act) all activities included as regulated activities in the Regulated Activities Order as at [6 April 2026] [Editor’s note: insert commencement date of this instrument] unless expressly excluded in DISP 2.3.1R. relevant person (1) … (2) (in CRYPTO 4) (in accordance with regulation 17(4) (Interpretation: market abuse in qualifying cryptoassets and related instruments)) of the Cryptoassets Regulations a person, in relation to a relevant qualifying cryptoasset or related instrument, that is: (1a) a relevant issuer of that relevant qualifying cryptoasset or related instrument; (2b) a person responsible for the offer of that relevant qualifying cryptoasset or related instrument; (3c) a UK QCATP operator in relation to a relevant qualifying cryptoasset; or (4d) a relevant dealer in principal. (3) (otherwise) any of the following: …

FCA 202X/XX Page 11 of 31 restricted mass market investment any of the following: … (e) a qualifying cryptoasset excluding a UK qualifying stablecoin in circumstances where that authorisation is necessary for the issuing of that qualifying stablecoin product; … safe custody asset (a) in relation to MiFID business, a financial instrument that is not a relevant specified investment cryptoasset; or … safeguarding qualifying cryptoassets and relevant specified investment cryptoassets the regulated activity specified in article 9N (Safeguarding of qualifying cryptoassets and relevant specified investment cryptoassets) of the Regulated Activities Order safeguarding cryptoassets. The following definitions were proposed to be introduced in the following consultation papers: (1) ‘Stablecoin issuance and cryptoasset custody’ (CP25/14); (2) ‘Application of FCA Handbook for Regulated Cryptoasset Activities’ (CP25/25); (3) ‘Regulating Cryptoasset Activities’ (CP25/40); and (4) ‘Regulating Cryptoassets: Admissions & Disclosures and Market Abuse Regime for Cryptoassets’ (CP25/41), and are reproduced here for convenience. admission criteria (in CRYPTO 3) the criteria a UK QCATP is required to establish by CRYPTO 3.2.1R. backing asset composition ratio a proportion of a firm’s backing asset pool, expressed as a percentage, calculated using the methodology in CASS 16.2.28R. backing asset pool a pool of money and/or assets held by a firm in connection with a qualifying stablecoin with a view to: (a) maintaining the stability or value of that qualifying stablecoin; or (b) meeting an undertaking to redeem that qualifying stablecoin. backing asset pool a letter in the form set out in CASS 16 Annex 1R.

FCA 202X/XX Page 12 of 31 acknowledgement letter backing assets account an account which is provided by a third party custodian to hold and keep safe assets that a qualifying stablecoin issuer holds as part or all of the backing asset pool, which meets or should meet the conditions set out in CASS 16.2.5R. backing funds account an account which is provided by a third party to hold and keep safe money that a qualifying stablecoin issuer holds as part or all of the backing asset pool, to which the conditions set out in CASS 16.2.4R apply. burning the process by which a cryptoasset is permanently removed from circulation on a blockchain. calculation date the date on which a firm should carry out a calculation for the purposes of CASS 16.2, as described in CASS 16.2.27R. core backing assets (a) on demand deposits; and (b) short-term government debt instruments. cryptoasset as defined in section 417 (Definitions) of the Act, any cryptographically secured digital representation of value or contractual rights that: (a) can be transferred, stored or traded electronically; and (b) uses technology supporting the recording or storage of data (which may include distributed ledger technology). cryptoasset inside information means ‘inside information’ as defined in regulation 18 (Inside information) of the Cryptoassets Regulations. cryptoasset insider means a person who possesses inside information, as described in regulation 22(4) and (5) (Prohibited use of inside information (insider dealing)) of the Cryptoassets Regulations. cryptoasset insider dealing means using inside information as prohibited by regulation 22 (Prohibited use of inside information (insider dealing)) of the Cryptoassets Regulations. cryptoasset insider list a list, as required by regulation 31(1)(a) (Insider lists for relevant qualifying cryptoassets and related instruments) of the Cryptoassets Regulations, of all persons specified in CRYPTO 4.12.2R, who: (a) have access to cryptoasset inside information; and (b) are working for those persons under a contract of employment, or otherwise performing tasks through which they have access

FCA 202X/XX Page 13 of 31 to cryptoasset inside information, such as advisers, accountants or credit rating agencies. cryptoasset intermediary an authorised person, other than a UK QCATP operator, that carries out any of: (a) in relation to qualifying cryptoassets: (i) dealing in qualifying cryptoassets as principal; (ii) dealing in qualifying cryptoassets as agent; (iii) arranging deals in qualifying cryptoassets; and (b) in relation to related instruments: (i) dealing in investments as principal; (ii) dealing in investments as agent; (iii) arranging (bringing about) deals in investments; and (iv) making arrangements with a view to transactions in investments. cryptoasset market abuse means any activity prohibited by the following provisions in the Cryptoassets Regulations: (a) regulation 22 (Prohibited use of inside information (insider dealing)); (b) regulation 24 (Prohibition on the disclosure of inside information); and (c) regulation 28 (Prohibition of market manipulation). cryptoasset market manipulation means ‘market manipulation’ as defined in regulation 19 (Market manipulation) of the Cryptoassets Regulations. cryptoasset unlawful disclosure the behaviour described in regulation 24 of the Cryptoassets Regulations. Cryptoassets Regulations The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 [Editor’s note: insert SI number]. [Editor’s note: The definition of ‘expanded backing assets’ takes into account the proposals and legislative changes suggested in the consultation paper ‘Updating the regime for Money Market Funds’ (CP23/28) as if they were made final.]

FCA 202X/XX Page 14 of 31 expanded backing assets in relation to a backing asset pool, the following assets: (a) long-term government debt instruments; (b) units in a public debt CNAV MMF or an EU MMF which is a public debt constant NAV MMF within the meaning of Article 2(11) of the EU MMF Regulation and which meets the following conditions: (i) all assets held within the MMF are denominated in the reference currency of the qualifying stablecoin; and (ii) assets which are a debt security represent a claim on the UK government or the central government of a Zone A country; (c) assets, rights or money held as a counterparty to a repurchase transaction: (i) that has a maximum maturity up to and including 7 days; (ii) that concerns long-term government debt instruments or short-term government debt instruments; and (iii) in relation to which the other counterparty is limited to 1 of the following: (A) a UK credit institution; (B) a MIFIDPRU investment firm; (C) a designated investment firm; (D) a ‘UK Solvency II firm’ as defined in chapter II of the PRA Rulebook: Solvency II Firms Insurance General Application; or (E) a third country person with a main business comparable to any of the entities referred to in (A) to (D). holder the person who has the right to redeem a qualifying stablecoin. large CATP operator a firm which: (a) operates a UK QCATP;

FCA 202X/XX Page 15 of 31 (b) has average revenue, to be calculated at 12-month intervals, of more than or equal to £10,000,000 a year, for 3 previous years, having regard to: (i) all its activities, including but not limited to operating a UK QCATP; and (ii) where applicable, revenue arising from periods when the business was carried on by or in any predecessor entity. legal entity identifier (in CRYPTO) a 20-character alphanumeric code that uniquely identifies legally distinct entities which engage in financial transactions. legitimate cryptoasset market practice a market practice that is specified in CRYPTO 4.11. LEI legal entity identifier. long-term government debt instrument a debt security representing a claim on the UK government or the central government of a Zone A country with a residual maturity of more than 365 days. minting the process of putting a cryptoasset on a blockchain or network using distributed ledger technology or similar technology in a transferrable form. offer of a qualifying cryptoasset to the public has the same meaning as in regulation 5 (“Offer of a qualifying cryptoasset to the public”) of the Cryptoassets Regulations. on demand deposit a deposit the terms of which require that the sum of money paid will be repaid, with or without interest or a premium, on demand. person responsible for the offer (in accordance with regulation 3(3) (Interpretation: qualifying cryptoasset public offers and admissions to trading) and regulation 17(1) and (5) (Interpretation: market abuse in qualifying cryptoassets and related instruments) of the Cryptoassets Regulations) means: (a) in relation to the offer of a qualifying cryptoasset to the public: (i) the person making the offer; or (ii) where the offer is being made on behalf of another, the person on whose behalf the offer is being made; (b) in relation to the admission to trading:

FCA 202X/XX Page 16 of 31 (i) the person requesting or obtaining admission to trading; or (ii) where, of its own motion, a UK QCATP operator admits a qualifying cryptoasset to trading on a UK QCATP operated by it, that UK QCATP operator; (c) in relation to a related instrument, the person who is, for the purposes of the Market Abuse Regulation, the offeror of that instrument. pre-issued stablecoin a stablecoin which meets the definition of qualifying stablecoin and which forms part of a qualifying stablecoin product but which first entered circulation prior to [Editor’s note: insert date on which this instrument comes into force]. proprietary token a qualifying cryptoasset that is not a UK-issued qualifying stablecoin and that is either: (a) a qualifying cryptoasset issued by the qualifying cryptoasset firm or a member of its group; or (b) a qualifying cryptoasset over which the qualifying cryptoasset firm or member of its group has material control or holdings of its supply. QCATP operator a qualifying CATP operator. QCDD a document which is a qualifying cryptoasset disclosure document for the purposes of Chapter 1 of Part 2 to the Cryptoassets Regulations. qualifying CATP a qualifying cryptoasset trading platform. qualifying CATP operator a firm authorised to carry on the activity of operating a qualifying CATP. qualifying cryptoasset best execution obligation (in CRYPTO 5) the obligation of a firm under CRYPTO 5.4.1R, CRYPTO 5.4.9R, CRYPTO 5.4.12R and CRYPTO 5.4.15R. qualifying cryptoasset borrowing the disposal of a qualifying cryptoasset from or via a qualifying cryptoasset firm to a person subject to an obligation or right to reacquire the same or equivalent qualifying cryptoasset from the person, which may include the provision of qualifying cryptoasset borrowing collateral and/or payment of interest from the person to the qualifying cryptoasset firm. qualifying cryptoasset the transfer (other than by way of sale) by a retail client of assets (including qualifying cryptoassets) or currency, or rights in respect thereof, subject to a right of the retail client to have transferred back to

FCA 202X/XX Page 17 of 31 borrowing collateral it the same or equivalent assets or currency where the assets or currency are transferred to secure the performance of the obligations of the retail client arising in connection with qualifying cryptoasset borrowing. qualifying cryptoasset execution venue (in CRYPTO): (a) a qualifying cryptoasset trading platform; (b) a single dealer platform; (c) a liquidity provider; or (d) an entity that performs a similar function in a third country to the functions performed by any of the entities in (a) to (c) the foregoing. qualifying cryptoasset firm a firm with a Part 4A permission which includes a qualifying cryptoasset activity. qualifying cryptoasset lending the disposal of a qualifying cryptoasset from a person to or via a qualifying cryptoasset firm subject to an obligation or right to reacquire the same or equivalent qualifying cryptoasset from the qualifying cryptoasset firm, typically with compensation paid to that person by the qualifying cryptoasset firm in the form of yield. qualifying cryptoasset lending or borrowing means one or both of the services of qualifying cryptoasset lending and/or qualifying cryptoasset borrowing. qualifying cryptoasset reconciliation the process set out at CASS 17.5.11R. qualifying cryptoasset staking the use of a qualifying cryptoasset in blockchain validation. qualifying stablecoin funds (a) money received by a qualifying stablecoin issuer in payment for a qualifying stablecoin in the course of carrying out the activity of issuing qualifying stablecoin; and (b) money that is equivalent in value to the consideration accepted by a qualifying stablecoin issuer when it accepts something other than money in payment for a qualifying stablecoin in the course of carrying out the activity of issuing qualifying stablecoin.

FCA 202X/XX Page 18 of 31 qualifying stablecoin product a category of qualifying stablecoins identifiable on the basis that each qualifying stablecoin within that category is fungible with each other qualifying stablecoin within that category and together all the coins in that category represent a single product. redemption day (a) any day in the past which was: (i) a business day; or (ii) any other day of the year on which a qualifying stablecoin issuer proposed to complete redemptions as set out in its liquidity risk management policy under CASS 16.2.18R and completed redemptions. (b) any day in the future which is: (i) a business day; or (ii) any other day of the year on which a qualifying stablecoin issuer proposes to complete redemptions as set out in its liquidity risk management policy under CASS 16.2.18R and has made preparations to complete those redemptions. redemption fee the fee contractually agreed between a qualifying stablecoin issuer and the holder of a qualifying stablecoin which a qualifying stablecoin issuer is entitled to charge for carrying out redemption. redemption sum the reference value of the qualifying stablecoin in respect of which a redemption request is received, less: (a) any redemption fee; and (b) any currency exchange fees which may be incurred by the qualifying stablecoin issuer in meeting the redemption request in a currency chosen by the holder where that currency is different to the reference currency. reference currency the fiat currency to which a qualifying stablecoin is referenced. reference value the face value of a qualifying stablecoin, with reference to a unit of the fiat currency to which that qualifying stablecoin is referenced. relevant data in relation to the same calendar day which is in the past: (a) data showing the number of qualifying stablecoin a firm estimated prior to that day it would be asked to redeem in the course of that day (the ‘estimated daily redemption amount’); and

FCA 202X/XX Page 19 of 31 (b) data showing the number of qualifying stablecoin it was in fact asked to redeem in the course of that day (the ‘actual daily redemption amount’). reportable post￾trade transparency information information which a transparency reporting firm is required to report, as set out in CRYPTO 7.3. reportable pre￾trade transparency information information which a transparency reporting firm is required to report, as set out in CRYPTO 7.2. related instrument (in accordance with regulation 17(1) (Interpretation: market abuse in qualifying cryptoassets and related instruments)) of the Cryptoassets Regulations a financial instrument or specified investment whose price or value depends on, or has an effect on, the price or value of a relevant qualifying cryptoasset, but does not include a financial instrument or specified investment which: (a) is a relevant qualifying cryptoasset; or (b) falls within Article 2(1) (Scope) of the Market Abuse Regulation. relevant dealer in principal (in accordance with regulation 17(1) (Interpretation: market abuse in qualifying cryptoassets and related instruments)) of the Cryptoassets Regulations a person who carries on an activity of a kind described in article 9T (Dealing in qualifying cryptoassets as principal) of the Regulated Activities Order in relation to a relevant qualifying cryptoasset. relevant issuer (in accordance with regulation 17(1) (Interpretation: market abuse in qualifying cryptoassets and related instruments)) of the Cryptoassets Regulations means: (a) in relation to a relevant qualifying cryptoasset: (i) the issuer of a qualifying stablecoin; or (ii) in any other case, a person (‘A’) where: (A) A offers a qualifying cryptoasset, or arranges for another to offer that qualifying cryptoasset to the public; and (B) that qualifying cryptoasset is created by, or on behalf of, A for sale or subscription; or

FCA 202X/XX Page 20 of 31 (b) in relation to a related instrument, the issuer of that instrument. relevant qualifying cryptoasset (in accordance with regulation 17(1) (Interpretation: market abuse in qualifying cryptoassets and related instruments)) of the Cryptoassets Regulations a qualifying cryptoasset that has been admitted to trading, or is subject to an application seeking admission to trading, on a UK QCATP. short-term government debt instruments a debt security representing a claim on the UK government or the central government of a Zone A country with a residual maturity of 365 days or fewer. specified investment cryptoasset means a cryptoasset that: (a) is a specified investment as a result of Part 3 (Specified investments) of the Regulated Activities Order: (i) excluding article 88F (Qualifying cryptoassets); and (ii) including where the cryptoasset is a right to or an interest in such a specified investment by operation of article 89 (Rights to or interests in investments); and (b) would be a qualifying cryptoasset if of article 88F(4)(a) to (c) were disregarded. stablecoin backing assets assets received or held by firm in its capacity as trustee under CASS 16.5.2R for the benefit of the holders of a qualifying stablecoin in respect of which that firm is the qualifying stablecoin issuer. stablecoin backing funds money received or held by a firm in its capacity as trustee under CASS 16.5.2R for the benefit of the holders of a qualifying stablecoin in respect of which that firm is the qualifying stablecoin issuer. stablecoin pool a number (‘X’) of qualifying stablecoins calculated in accordance with CASS 16.2.9R. stablecoin QCDD A QCDD produced in relation to a UK qualifying stablecoin. supplementary disclosure document a document which is a ‘supplementary disclosure document’ for the purposes of Chapter 1 of Part 2 of the Cryptoassets Regulations. third party custodian (a) a person who is authorised and supervised in the UK or in a third country for the activity of safeguarding for the account of another person of assets including core backing assets (excluding on demand deposits) and expanded backing assets.

FCA 202X/XX Page 21 of 31 (b) any person appointed to safeguard core backing assets (excluding on demand deposits) or expanded backing assets in circumstances described in CASS 16.6.6R(2). transparency crypto intermediary a firm dealing in qualifying cryptoassets as principal when trading in qualifying cryptoassets otherwise than on a matched principal basis. transparency reporting firm a firm that is either: (a) a QCATP operator; or (b) a transparency crypto intermediary, to which CRYPTO 7 applies. UK QCATP a qualifying cryptoasset trading platform, the operation of which requires authorisation. UK QCATP operator the operator of a UK QCATP. UK qualifying cryptoasset execution venue a qualifying cryptoasset execution venue, the operation of which requires authorisation. UK qualifying stablecoin a qualifying stablecoin issued by a person authorised under Part 4A of the Act for the activity specified in article 9M of the Regulated Activities Order (Issuing qualifying stablecoin). unallocated backing funds money received or held in connection with the purchase of a qualifying stablecoin which is held by a firm in a segregated manner and is not co￾mingled with a firm’s own funds, pending the firm carrying out internal and external safeguarding reconciliations under CASS 16.4.9R and CASS 16.4.12R. unallocated backing funds account an account to which the conditions set out in CASS 16.3.6R and CASS 16.3.7R apply and through which money should pass for a maximum of 24 hours until it is either removed into a backing funds account or into an account holding the firm’s own money. unallocated backing funds acknowledgement letter a letter in the form of the template in CASS 16 Annex 2R. wrapped token a qualifying cryptoasset (‘A’) which: (a) relates to an underlying qualifying cryptoasset (‘B’), where B is minted on a blockchain other than one on which A is used (‘C’); and

FCA 202X/XX Page 22 of 31 (b) is created specifically for the purpose of enabling B to be used on C. [Editor’s note: the consultation paper ‘Stablecoin issuance and cryptoasset custody’ (CP25/14) proposed a new Glossary definition‘client-specific qualifying cryptoasset record’. The proposed definition is now withdrawn.] The following definitions were proposed to be amended in the following consultation papers: (1) ‘Stablecoin issuance and cryptoasset custody’ (CP25/14) (2) ‘Application of FCA Handbook for Regulated Cryptoasset Activities’ (CP25/25) (3) ‘Regulating Cryptoasset Activities’ (CP25/40); and (4) Regulating Cryptoassets: Admissions & Disclosures and Market Abuse Regime for Cryptoassets (CP25/41), and are reproduced here for convenience. The text shown below takes account of the proposed amendments as if they were made final. acknowledgement letter … (3) (in CASS 16) a backing asset pool acknowledgement letter (a letter in the form of the template in CASS 16 Annex 1R) or an unallocated backing funds acknowledgement letter (a letter in the form of the template in CASS 16 Annex 2R). acknowledgement letter fixed text … (5) (in CASS 16) the text in the template acknowledgement letters in CASS 16 Annex 1R and CASS 16 Annex 2R that is not in square brackets. acknowledgement letter variable text … (5) (in CASS 16) the text in the template acknowledgement letters in CASS 16 Annex 1R and CASS 16 Annex 2R that is in square brackets. admission to trading … (2B) (in CRYPTO) admission of a qualifying cryptoasset to trading on a UK QCATP. …

FCA 202X/XX Page 23 of 31 algorithmic trading (1) (except in CRYPTO 4.7 and CRYPTO 4.8) trading in financial instruments which meets the following conditions: (a) where a computer algorithm automatically determines individual parameters of orders such as whether to initiate the order, the timing, price or quantity of the order for how to manage the order after its submission; and (b) there is limited or no human intervention; but does not include any system that is only used for the purpose of routing orders to one or more trading venues or the processing of orders involving no determination of any trading parameters or for the confirmation of orders or the post-trade processing of executed transactions. (2) (in CRYPTO 4.7 and CRYPTO 4.8), trading in qualifying cryptoassets or related instruments which meets the following conditions: (a) where a computer algorithm automatically determines individual parameters of orders such as whether to initiate the order, the timing, price or quantity of the order for how to manage the order after its submission; and (b) there is limited or no human intervention; but does not include any system that is only used for the purpose of routing orders to one or more qualifying cryptoasset trading platforms or trading venue (as applicable) or the processing of orders involving no determination of any trading parameters or for the confirmation of orders or the post-trade processing of executed transactions. approved bank (1) (except in COLL, CASS 15 and CASS 16) (in relation to a bank account opened by a firm): … … (4) (in CASS 16) (in relation to a bank account opened by a firm): (a) the central bank of a state that is a member of the OECD (‘an OECD state’); (b) a credit institution that is supervised by the central bank or other banking regulator of an OECD state; and

FCA 202X/XX Page 24 of 31 (c) any credit institution that: (i) is subject to regulation by the banking regulator of a state that is not an OECD state; (ii) is required by the law of the country or territory in which it is established to provide audited accounts; (iii) has minimum net assets of £5 million (or its equivalent in any other currency at the relevant time); (iv) has a surplus of revenue over expenditure for the past 2 financial years; and (v) has an annual report which is not materially qualified. arranging deals in qualifying cryptoassets the regulated activity specified in article 9Y of the Regulated Activities Order, which is, in summary, making arrangements: (a) for another person (whether as principal or agent) to buy, sell, or subscribe for or underwrite a qualifying cryptoasset; (b) with a view to a person who participates in the arrangements buying, selling, subscribing for or underwriting qualifying cryptoassets whether as principal or agent. arranging qualifying cryptoasset safeguarding the regulated activity specified in article 9N(1)(b) (Safeguarding of qualifying cryptoassets and relevant specified investment cryptoassets) of the Regulated Activities Order, but only in relation to qualifying cryptoassets. arranging qualifying cryptoasset staking the regulated activity, specified in article 9Z6 of the Regulated Activities Order, which is, in summary, making arrangements on behalf of another (whether as principal or agent) for qualifying cryptoasset staking. asset … (2) … (3) (in CRYPTO and CASS 16) any property, right, entitlement or interest, excluding money. blockchain validation (in accordance with article 9Z6 of the Regulated Activities Order): (a) the validation of transactions on:

FCA 202X/XX Page 25 of 31 (i) a blockchain; or (ii) a network that uses distributed ledger technology or other similar technology; and (b) includes proof of stake consensus mechanisms. client … (B) in the FCA Handbook: (1) (except in PROF, in MIFIDPRU 5, in relation to a credit-related regulated activity, in relation to regulated funeral plan activity, in relation to a home finance transaction in relation to insurance risk transformation and activities directly arising from insurance risk transformation, and in relation to issuing qualifying stablecoin in PRIN and SYSC 15A) has the meaning given in COBS 3.2, that is (in summary and without prejudice to the detailed effect of COBS 3.2) a person to whom a firm provides, intends to provide or has provided a service in the course of carrying on a regulated activity, or in the case of MiFID or equivalent third country business, an ancillary service: … (13) (in PRIN and SYSC 15A in relation to issuing qualifying stablecoin): (a) a person to whom a firm provides, intends to provide or has provided a service in the course of carrying on a regulated activity; and (b) where not otherwise included in (a), the holder of a qualifying stablecoin which is issued by a qualifying stablecoin issuer. CRD credit institution (1) (except in COLL, FUND and CASS 16) a credit institution that has its registered office (or, if it has no registered office, its head office) in the UK, excluding an institution to which the CRD does not apply under the UK provisions which implemented article 2 of the CRD (see also full CRD credit institution). (2) (in COLL, FUND and CASS 16) a credit institution that: … customer …

FCA 202X/XX Page 26 of 31 (B) in the FCA Handbook: (1) (except in relation to SYSC 19F.2, ICOBS, retail premium finance, a credit-related regulated activity, regulated claims management activity, regulated funeral plan activity, regulated pensions dashboard activity, MCOB 3A, an MCD credit agreement, CASS 5, for the purposes of PRIN in relation to MiFID or equivalent third country business and issuing qualifying stablecoin, DISP 1.1.10- BR, PROD 1.4 and PROD 4) and in relation to payment services and issuing electronic money (where not a regulated activity) a client who is not an eligible counterparty for the relevant purposes. … (11) (in PRIN in relation to issuing qualifying stablecoin) a client who is not an eligible counterparty for the relevant purpose. data protection legislation (1) (except in CRYPTO 4) the General Data Protection Regulation (EU) No 2016/679 and the Data Protection Act 2018. (2) (in CRYPTO 4) has the same meaning as in section 3 of the Data Protection Act 2018. dealing in qualifying cryptoassets as agent the regulated activity, specified in article 9W of the Regulated Activities Order, which is, in summary, buying, selling, subscribing for or underwriting qualifying cryptoassets as agent. dealing in qualifying cryptoassets as principal the regulated activity, specified in article 9T of the Regulated Activities Order, which is, in summary, buying, selling, subscribing for or underwriting qualifying cryptoassets as principal. execution of orders on behalf of clients (1) (except in CRYPTO and CRYPTOPRU) acting to conclude agreements to buy or sell one or more financial instruments on behalf of clients, including the conclusion of agreements to sell financial instruments issued by an investment firm or a credit institution at the moment of their issuance. [Note: article 4(1)(5) of MiFID] (2) (in CRYPTO and CRYPTOPRU) acting to conclude agreements to buy or sell one or more qualifying cryptoassets on behalf of clients, including the conclusion of agreements to sell qualifying cryptoassets issued by a firm at the moment of their issuance.

FCA 202X/XX Page 27 of 31 forward-looking statement (1) (in PRM) has the same meaning as in paragraph 10(2) of Schedule 2 to the Public Offers and Admissions to Trading Regulations. (2) (in CRYPTO 3) has the same meaning as in paragraph 8(2) of Part 2 of Schedule 2 to the Cryptoassets Regulations. market maker … (4) … (5) (in CRYPTO) a person who holds themselves out on a qualifying CATP on a continuous basis as being willing to deal in qualifying cryptoassets as principal by buying and selling qualifying cryptoassets against that person’s proprietary capital at prices defined by that person. material change (in COBS 11 and in CRYPTO 5.4) a significant event that could impact parameters of best execution, such as cost, price, speed, likelihood of execution and settlement, size, nature or any other consideration relevant to the execution of the order. operating a qualifying CATP the regulated activity in article 9S of the Regulated Activities Order which is, in summary, the operation of a qualifying cryptoasset trading platform. over the counter (1) (except in CRYPTO) (in relation to a transaction in an investment) not on-exchange. (2) (in CRYPTO) in relation to a transaction in qualifying cryptoassets, not on a UK QCATP. personal transaction a trade in a designated investment or qualifying cryptoasset, or in COBS 11.7A only, a trade in a financial instrument, effected by or on behalf of a relevant person, where at least one of the following criteria are met: … protected forward-looking statement (1) (in PRM) a forward-looking statement that satisfies the conditions set out in PRM 8.1.3R. (2) (in CRYPTO 3) a forward-looking statement that satisfies the conditions set out in CRYPTO 3.7.4R. qualifying cryptoasset (1) as defined in article 88F (Qualifying cryptoasset) of the Regulated Activities Order: (a) a cryptoasset which is: (i) fungible; and

FCA 202X/XX Page 28 of 31 (ii) transferable. (iii) not solely a record of value or contractual rights, including rights in another cryptoasset; and (iv) not excluded by (iii). (b) For the purposes of (1)(a)(ii), the circumstances in which a cryptoasset is to be treated as ‘transferable’ include where it confers transferable rights. (c) A cryptoasset does not fall within (1)(a) if it is: (i) a specified investment cryptoasset, other than one specified by: (A) article 74A (Electronic money) of the Regulated Activities Order; or (B) article 88F (Qualifying cryptoassets) of the Regulated Activities Order; (ii) electronic money (iii) currency of the United Kingdom or any other country, or territory including a central bank digital currency; or (iv) a cryptoasset that: (A) cannot be transferred or sold in exchange for money or other cryptoassets, except by way of redemption with the issuer; and (B) can only be used by the holder to: (1) acquire goods or services from the issuer; or (2) acquire goods or services within a limited network of service providers which have direct commercial agreements with the issuer. (2) insofar as referring to the controlled investment, in accordance with article 2 (Interpretation: general) of the Financial Promotion Order has the meaning given by article 88F (Qualifying cryptoassets) of the Regulated Activities Order, except that the condition as to the cryptoasset being transferable is to be taken as met if a communication made in relation to the cryptoasset describes it as being:

FCA 202X/XX Page 29 of 31 (a) transferable; or (b) conferring transferable rights. qualifying cryptoasset custodian an authorised person with permission to carry on the regulated activity specified in article 9N(1)(a) (Safeguarding of qualifying cryptoassets and relevant specified investment cryptoassets) of the Regulated Activities Order, but only in relation to qualifying cryptoassets. qualifying cryptoasset trading platform (in accordance with article 3(1) (Interpretation) of the Regulated Activities Order) a system which brings together or facilitates the bringing together of multiple third-party buying and selling interests in qualifying cryptoassets in a way that results in a contract for the exchange of qualifying cryptoassets for: (1) money (including electronic money); or (2) other qualifying cryptoassets. qualified investor (1) (in CRYPTO 3) has the meaning given by paragraph 9 of Part 2 of Schedule 1 to the Cryptoassets Regulations. (2) (elsewhere in the Handbook) has the meaning given by paragraph 15 of Schedule 1 to the Public Offers and Admissions to Trading Regulations. qualifying stablecoin the specified investment defined in article 88G (Qualifying stablecoin) of the Regulated Activities Order. qualifying stablecoin issuer an authorised person with permission to carry on the regulated activity defined in article 9M (Issuing qualifying stablecoin) of the Regulated Activities Order. redemption (1) (in relation to units in an authorised fund) the purchase of them from their holder by the authorised fund manager acting as a principal. (2) (in relation to qualifying stablecoin) the process by which a qualifying stablecoin issuer fulfils its obligation to the holder of a qualifying stablecoin, whether carried out directly or indirectly (for example, through a third party), to provide value in exchange for the holder returning a qualifying stablecoin. retail customer … (2) (in PRIN and COCON): … (g) where a firm carries out activities in relation to an occupational pension scheme, any person who is not a client of the firm but who is or would be a beneficiary

FCA 202X/XX Page 30 of 31 in relation to investments held in that occupational pension scheme; (h) where a firm is a qualifying stablecoin issuer, a customer who is not a professional client. retail investor (1) (in GEN, COBS, COLL, DISC and the Investment Funds sourcebook) a person meeting the criteria in DISC 1A.1.5R. (2) (in CRYPTO 3) a person who is not a qualified investor as defined by paragraph 9 of Part 2 of Schedule 1 to the Cryptoassets Regulations. retail market business the regulated activities and ancillary activities to those activities, payment services, issuing electronic money, and activities connected to the provision of payment services or issuing of electronic money, of a firm in a distribution chain (including a manufacturer and a distributor) which involves a retail customer, but not including the following activities: … (6) … (7) the activities specified as designated activities under section 71K (Designated activities) of the Act by regulations 7 (Designated activities: public offers of qualifying cryptoassets) and 8 (Designated activities: admissions to trading on a qualifying cryptoasset trading platform) of the Cryptoassets Regulations, where: (a) the carrying on of these activities would involve the carrying on of regulated activities or ancillary activities to those activities; and (b) those activities are carried on in relation to a qualifying cryptoasset that is not a UK qualifying stablecoin. safeguarding qualifying cryptoassets the regulated activity specified in article 9N(1)(a) (Safeguarding of qualifying cryptoassets and relevant specified investment cryptoassets) of the Regulated Activities Order, but only in relation to qualifying cryptoassets. specified investment (1) any of the following investments specified in Part III of the Regulated Activities Order (Specified Investments): … (p) rights to or interests in investments (article 89); (r) qualifying cryptoasset (article 88F);

FCA 202X/XX Page 31 of 31 (s) qualifying stablecoin (article 88G). working day (1) (in PRM, MAR 5-A, MAR 9, MAR 10 and CRYPTO 3) (as defined in section 103 of the Act) any day other than a Saturday, a Sunday, Christmas Day, Good Friday or a day which is a bank holiday under the Banking and Financial Dealings Act 1971 in any part of the United Kingdom. … [Editor’s note: the consultation paper ‘Stablecoin issuance and cryptoasset custody’ (CP25/14) proposed an amendment to the Glossary term ‘shortfall’. The proposed amendment is now withdrawn.]

© Financial Conduct Authority 2026 12 Endeavour Square London E20 1JN Telephone: +44 (0)20 7066 1000 Website: www.fca.org.uk All rights reserved Pub ref: 2-009006 All our publications are available to download from www.fca.org.uk. Request an alternative format Please complete this form if you require this content in an alternative format. Or call 0207 066 1000 Sign up for our news and publications alerts