How to use this tool: Rate each requirement R Red (not in place), A Amber (partially in place), or G Green (fully in place). Tags show which firm types each section applies to. Skip sections marked Trading Platforms or Activity-Specific if not relevant to your business model.
UK Crypto Regulation Gap Report
0Red — Not in place
0Amber — Partially in place
0Green — Ready
Start your authorisation journey with ERM Plus
ERM Plus has pre-built the UK crypto regulatory framework into a fully configured compliance platform — covering governance, prudential management, conduct obligations and third-party risk. Get from gap to gateway-ready faster.
A — Authorisation & Scope All firms
0 / 9 rated
A1 — Regulated activities & in-scope determination
Identify which regulated cryptoasset activities your firm conducts (issuing stablecoins, safeguarding assets, operating a trading platform, dealing, arranging deals, staking, lending/borrowing)
Regulatory perimeter analysis / legal opinion
Assess whether existing MLR registration provides any transitional relief and understand the migration path to full FSMA authorisation
MLR registration status / transition plan
Determine whether firm serves UK consumers from overseas and assess whether UK authorisation or branch authorisation is required
Jurisdictional scoping note
A2 — Authorisation readiness
Develop a formal authorisation plan with milestones, owners, and a target submission date within the gateway window (30 Sep 2026 – 28 Feb 2027)
Authorisation project plan
Engage with FCA Pre-Application Support Service (PASS) opening July 2026 to validate approach before formal submission
PASS engagement plan / correspondence
Prepare the regulatory business plan including description of activities, target market, revenue model, and risk framework
Draft regulatory business plan
Identify and assess all individuals requiring SMF approval and begin fitness and propriety assessments
SMF mapping / F&P assessment records
Understand transitional provisions — firms applying within the gateway window may continue activities pending FCA determination; firms not applying by 25 Oct 2027 must cease UK operations
Transitional provisions analysis
Assess wind-down planning requirements — document how the firm could cease regulated activities in an orderly manner
Wind-down plan
B — Governance & SM&CR All firms
0 / 9 rated
B1 — Senior Managers & Certification Regime
Map all Senior Management Functions (SMFs) required under SMCR for cryptoasset firms and assign named individuals
SMF mapping document / org chart
Prepare Statements of Responsibilities (SoRs) for each SMF holder covering cryptoasset regulatory obligations
Completed SoRs
Identify Certified Functions and implement certification process including annual fitness and propriety assessments
Certified persons register / F&P policy
Implement Conduct Rules training for all staff and maintain records of completion
Training records
B2 — Governance framework
Establish Board-level oversight of cryptoasset regulatory obligations including crypto-specific risk appetite
Board terms of reference / risk appetite statement
Maintain a firm-wide compliance monitoring programme covering all FCA cryptoasset obligations
Compliance monitoring plan
Implement an operational resilience framework covering important business services, impact tolerances, and scenario testing
Operational resilience framework / IBS mapping
Establish policies and procedures for conflicts of interest management specific to cryptoasset activities
Conflicts of interest policy
Implement AML/CFT controls meeting updated MLR requirements including customer due diligence, transaction monitoring, and suspicious activity reporting
AML policy / CDD procedures / SAR records
C — Conduct & Consumer Protection All retail-facing firms
0 / 9 rated
C1 — Consumer Duty
Apply Consumer Duty framework to all cryptoasset products and services offered to retail customers
Consumer Duty implementation plan / board sign-off
Conduct product and service assessments to demonstrate good consumer outcomes across the four Consumer Duty outcomes
Product assessment records
Implement appropriate consumer support and complaints handling processes meeting FCA expectations
Complaints policy / DISP-aligned procedure
C2 — Financial promotions & disclosures
Ensure all financial promotions for cryptoassets are fair, clear, and not misleading, and are approved by an authorised person or the firm itself once authorised
Financial promotions approval process / sign-off records
Include mandatory risk warnings in all cryptoasset promotions (cryptoassets are high risk, capital at risk)
Promotions with compliant risk warnings
Implement pre-sale consumer journey requirements — appropriateness assessments, cooling-off periods, and personalised risk warnings for first-time investors
Consumer journey documentation / UX evidence
C3 — Use of credit & client money
Implement controls on the use of credit to purchase cryptoassets in line with FCA CP26/4 proposals
Credit use policy / controls documentation
Implement client asset safeguarding arrangements — segregate client crypto assets and fiat money from firm assets
Custody / safeguarding policy and arrangements
Establish clear redemption policies and procedures for clients wishing to withdraw cryptoassets or convert to fiat
Redemption policy / client terms
D — Prudential & Capital All authorised firms
0 / 9 rated
D1 — Capital requirements (CRYPTOPRU)
Calculate minimum capital requirement under CRYPTOPRU — highest of: fixed permanent minimum, fixed overhead requirement, or K-factor (activity-based) requirement
Capital calculation model / CRYPTOPRU workings
Maintain capital resources in eligible form at all times above the regulatory minimum
Capital adequacy monitoring / MIS reporting
Conduct an Internal Capital and Risk Assessment (ICARA-equivalent) covering business model sustainability, capital planning, and stress testing
ICARA / overall financial adequacy assessment
D2 — Liquidity
Maintain minimum liquid assets meeting CRYPTOPRU liquid asset requirements — assess eligible asset types and concentration limits
Liquid asset buffer calculation
Implement daily liquidity monitoring and produce management information on liquidity position relative to requirements
Liquidity MI / monitoring reports
D3 — Prudential disclosures & reporting
Prepare public prudential disclosures — publish accessible information at least annually on risk profile, capital position, key prudential metrics and group relationships
Draft prudential disclosure document
Assess group-level risks and financial dependencies — ensure group risks are captured within the firm's overall financial adequacy assessment
Group risk assessment
Establish regulatory reporting capability to submit financial and prudential data to the FCA via RegData on required frequency
RegData access / reporting framework
E — Market Integrity Trading Platforms
0 / 9 rated
E1 — Market Abuse Regime for Cryptoassets (MARC)
Implement surveillance and detection systems to identify insider dealing, unlawful disclosure of inside information, and market manipulation in cryptoasset markets
Market surveillance system / detection procedures
Establish a suspicious transaction and order reporting (STOR) process for cryptoasset market abuse referrals to the FCA
STOR procedure / reporting evidence
Maintain an inside information and market soundings policy for cryptoasset issuances and listings
Inside information policy
E2 — Admissions & Disclosures regime
Establish objective, risk-based admission criteria for qualifying cryptoassets admitted to trading and publish these criteria
Published admission criteria
Conduct due diligence on cryptoassets before admitting to trading — assess whether Qualifying Cryptoasset Disclosure Documents (QCDDs) meet material information requirements
Due diligence framework / QCDD review records
Implement ongoing disclosure obligations for admitted cryptoassets — monitor for material changes requiring updated or supplementary disclosures
Ongoing disclosure policy
E3 — Settlement & trading integrity
Ensure settlement arrangements provide timely and effective settlement of cryptoasset transactions — document internalised or external settlement processes
Settlement arrangements documentation
Establish rules for fair and orderly trading on the platform, including trading halts, circuit breakers, and order handling policies
Trading rules / platform rulebook
Implement best execution obligations — demonstrate how client orders are executed on best available terms
Best execution policy / execution quality reports
F — Activity-Specific Rules Select applicable activities
0 / 9 rated
F1 — Stablecoin issuers
Back qualifying stablecoins with secure, liquid reserve assets held in statutory trust with a third-party custodian — maintain reserve at 1:1 or above at all times
Reserve management policy / trust deed / custodian agreement
Publish clear redemption policy for stablecoin holders and offer redemption in fiat to all holders on demand
Published redemption policy / terms and conditions
Disclose the composition of reserve assets to holders on at least a monthly basis and have assets audited at least annually
Reserve disclosure reports / audit evidence
F2 — Staking service providers
Provide retail clients with enhanced information about the staking service including risks, rewards, lock-up periods, and slashing risks before onboarding
Staking disclosure documents / client terms
Obtain express, informed consent from retail clients before committing their assets to staking protocols
Consent records / client onboarding evidence
F3 — Crypto lending & borrowing / DeFi
Implement appropriate risk disclosures, credit assessments, and collateral management policies for cryptoasset lending and borrowing services
Lending policy / credit risk framework
DeFi platforms: assess whether a controlling person or entity can be identified — if yes, prepare for full regulatory compliance obligations equivalent to centralised firms
DeFi decentralisation assessment / legal opinion
Align with MiCA / DORA requirements where firm also operates in EU — map overlaps and divergences between UK and EU crypto regulatory frameworks to avoid duplication
UK/EU regulatory mapping document