The FCA recently published its Final Guidance on cryptoassets, reflecting the feedback it received on its Consultation Paper issued in January 2019.

The objective of the Guidance is to provide clarity to market participants on the types of cryptoassets and related activities that fall within the regulatory perimeter, the resulting obligations for firms, and the regulatory protections for consumers. It also provides more clarity around unregulated cryptoassets, and their implications for firms and consumers.

Below we highlight the key points and some of the considerations for firms already operating in, or considering entering, the cryptoassets market.

Key points

Revised taxonomy of cryptoassets

Based on the feedback it received on its original taxonomy, the FCA has now decided to divide cryptoassets into three categories:

  • Security tokens: these cryptoassets provide rights and obligations similar to specified investments as set out in the Regulated Activities Order (RAO), including those that are financial instruments under MiFID II, and excluding e-money. Firms carrying on regulated activities involving cryptoassets that satisfy the security token definition will need to ensure that they are appropriately authorised or exempted by the FCA, and comply with the relevant securities regulations in the UK.
  • E-money tokens: these are cryptoassets that satisfy the definition of e-money, that is: (i) they are an electronically stored monetary value representing a claim on the issuer; (ii) they are issued on receipt of funds to make payment transactions; (iii) they are accepted by a person other than the issuer; and (iv) they are not excluded by regulation 3 of the Electronic Money Regulations (EMRs). These tokens are subject to the EMRs, and firms carrying on business in such tokens should ensure that they have the right permissions and follow the relevant rules and regulations.
  • Unregulated tokens: usually referred to as utility or exchange tokens, these tokens do not either (i) satisfy the definition of e-money, or (ii) provide the same rights as specified investments under the RAO. These tokens fall outside the regulatory perimeter.


The FCA clarifies that the requirement to be authorised only applies to activities that are carried on “by way of business” in the UK (i.e. a person/entity receives remuneration and carries on that activity with a degree of regularity and for commercial purposes). However, the decentralised and largely cross-border nature of cryptoassets can make it challenging to determine where the activity is carried on. Therefore the FCA recommends market participants to consider the Perimeter Guidance Manual (section 2.4) to assess the link between the cryptoassets-related regulated activity and the UK and determine whether or not FCA authorisation is required to perform this activity.

Separating the token from the regulated activity

The FCA’s emphasis on distinguishing between the token and the regulated activity is clear in the treatment of remittance tokens and broader issuance of tokens.

Exchange tokens used to facilitate regulated payments

Exchange tokens can be used to facilitate regulated payments, such as international money remittance. While the exchange tokens themselves will not be within the regulatory perimeter, the Payment Services Regulations would apply to each side of the remittance. Firms should ensure that they have the correct permissions and follow the relevant rules and regulations, including but not limited to the Payment Services Regulations and, since 1 August 2019, the Principles for Businesses.

Issuance of tokens

The FCA clarifies that issuers of tokens may not need to be authorised. However certain requirements related to the issuance process itself may apply, including the prospectus and transparency requirements. Additionally, when a token constitutes e-money, issuance may be a regulated activity.

Rules applying to authorised firms using unregulated cryptoassets

While firms may not require permissions for conducting an activity involving an unregulated cryptoasset (e.g. utility or exchange token), some FCA rules may still apply. The FCA highlights that rules such as the Principles for Businesses and the Senior Managers and Certification Regime (SMCR) may still apply to the unregulated activity.

With specific regard to the SMCR, in the case of UK deposit takers and dual-regulated investment firms, the individual conduct rules of the regime apply to all regulated and unregulated activities. For insurers and other FCA regulated firms, the rules apply to activities within the definition of “SMCR financial activities”. As a result, the FCA highlights that “activities by relevant individuals within authorised firms may be covered by the conduct rules under SMCR, and the FCA would be able to take action against those individuals for breaches of those rules”.

The Principles for Businesses also apply to the regulated activities of all FCA-authorised firms but also, “in certain circumstances”, to unregulated activities of same firms, and the FCA can take action against breaches of these rules.

Clarifications in relation to Stablecoins

These are tokens where there is a mechanism to stabilise their volatility, for example by pegging their value to another fiat currency or other stable assets.

The FCA highlights that, depending on their structure and arrangement, certain stablecoins may fall within the regulatory perimeter. Given the diverse nature of stablecoins in the market, the FCA recognises that decisions about their regulatory status will need to be taken on a case-by-case basis. If unsure, firms should seek legal advice or speak to the FCA.

Considerations for firms

The FCA acknowledges that, given the diverse nature of cryptoassets in the market, “it can be difficult for market participants to be completely sure whether or not their business models require authorisation”.

The Guidance should therefore act as a basis for market participants to determine whether their cryptoassets activity is regulated, and what regulatory requirements apply as a result.

Firms can access the FCA’s innovation support functions including the Sandbox and the Direct Support Unit to clarify how existing regulation may apply to their cryptoassets activity.

The other, more complex challenge for firms, will be to apply existing regulation to novel cryptoassets structures and activities to ensure that they meet regulatory requirements and effectively discharge their governance, risk management and conduct responsibilities.

In particular, firms, depending on the nature of their authorisation from the FCA, will need to assess very carefully the extent to which provisions such as the Principles for Businesses, SMCR and conduct rules apply to them, including in relation to unregulated cryptoassets-related activities. The application and scope of these rules mean that regulated firms will be held to higher standards than unregulated/unauthorised firms conducting unregulated cryptoassets-related activities. However, the FCA has made clear that, if it becomes aware of “potentially fraudulent or harmful activity in the cryptoassets market being conducted in the unregulated space”, it can, and will work with other agencies (including the Advertising Standards Agency and local police forces) to mitigate that harm.

Next steps

This Guidance provides a basis on which the FCA will engage with firms dealing with cryptoassets to determine whether they fall within the regulatory perimeter, and what their regulatory obligations should be as a result.

This Guidance will inform further work conducted by the UK authorities (including the FCA, the Bank of England and HM Treasury) as part of the Cryptoassets Task Force, including:

  • the FCA’s Consultation on potentially banning the sale of derivatives linked to certain types of unregulated cryptoassets to retail clients;
  • HMT’s Consultation on whether further regulation is required in the cryptoassets market (in particular in relation to unregulated cryptoassets); and
  • HMT’s and the FCA’s work on transposing the fifth Anti-Money Laundering Directive.

The FCA will also consider more closely the use of distributed ledger technology for certain activities such as custody and settlement, and “stands ready to engage with market participants as the market matures”.


This publication has been written in general terms and we recommend that you obtain professional advice before acting or refraining from action on any of the contents of this publication. Deloitte LLP accepts no liability for any loss occasioned to any person acting or refraining from action as a result of any material in this publication.


David Strachan – Partner, Head of EMEA Centre for Regulatory Strategy

David focuses on the impact of regulatory changes - both individual and in aggregate - on the strategies and business/operating models of financial services firms. David joined Deloitte after 12 years at the FSA, where in his last role, Director of Financial Stability, he worked on the division of the FSA into the PRA and the FCA.

Email | LinkedIn 

Suchitra nair

Suchitra Nair - Director, EMEA Centre for Regulatory Strategy

Suchitra is a Director in the EMEA Centre for Regulatory Strategy, specialising in the strategic implications of banking regulation. Prior to joining the Centre she was involved in delivering large scale regulatory change projects for UK and international banks. She is a qualified Chartered Accountant and has also worked in Deloitte’s Audit and Corporate Finance teams.

Email | LinkedIn 

Morgan Fouche

Morgane Fouché - Assistant Manager, EMEA Centre for Regulatory Strategy

Morgane is an Assistant Manager in Deloitte’s Centre for Regulatory strategy, where she focuses on FinTech regulation and Brexit. She joined Deloitte in 2017, after working as a consultant on competition policy at an international financial organisation. She also has previous experience working in academia and the French public sector.

Email | LinkedIn 


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.