HM Treasury Crypto Policy and Regulations: What UK Crypto Businesses Must Know in 2025

Before April 2025, UK crypto businesses operated in a legal gray zone. No clear rules said what they could or couldn’t do. That changed when HM Treasury dropped its final draft of the Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025. This isn’t just another guideline-it’s the first time the UK has legally defined which crypto activities require government approval. If you’re running a crypto exchange, issuing a stablecoin, or holding customer assets in the UK, this affects you directly.

What’s Actually Regulated Now?

HM Treasury didn’t try to control everything. Instead, it picked five core activities that now need FCA authorization to operate legally in the UK:

• Operating a cryptoasset trading exchange
• Issuing qualifying stablecoins
• Dealing in qualifying cryptoassets (buying, selling, or exchanging them)
• Providing custody services for cryptoassets
• Arranging transactions in qualifying cryptoassets

These aren’t vague terms. A “qualifying cryptoasset” means any digital asset that functions like money or investment-think Bitcoin, Ethereum, or tokenized stocks. A “qualifying stablecoin” is one pegged to a fiat currency like GBP or USD and issued by a UK-based entity. That last part matters: if you’re a US-based stablecoin issuer, your coin can still be used in the UK, but you don’t need FCA approval-only UK issuers do.

This territorial split is intentional. The UK wants to attract stablecoin issuers to London by giving them a clear, controlled environment. At the same time, it protects UK consumers who use foreign stablecoins through other rules-like anti-money laundering checks and transparency requirements.

Decentralized Finance Is (Mostly) Excluded

One of the most talked-about parts of the new rules? They don’t regulate truly decentralized protocols.

If you’re running a DeFi lending platform where no single company controls the code, and no one can shut it down-you’re not required to get FCA authorization. HM Treasury and the FCA recognize that trying to regulate code running on a blockchain with no central operator is impossible. Instead, they focus on the people or companies that still have control: the developers who launched it, the team managing the treasury, or the entity promoting it to UK users.

This isn’t a loophole-it’s a realistic boundary. The UK is saying: we’ll regulate the humans behind the tech, not the tech itself. That’s a big shift from places like the EU, where even some DeFi protocols are being forced into compliance. The UK’s approach could make London a magnet for DeFi innovation, as long as teams stay clear of centralized control points.

Same Rules as Banks-Just for Crypto

There’s no special “crypto license.” If you want to operate in one of the five regulated areas, you apply for authorization under the same rules as a bank, investment firm, or payment processor. That means:

• Proving you have enough capital to cover losses
• Implementing strong cybersecurity and fraud controls
• Keeping customer money separate from company funds
• Reporting suspicious activity to the FCA
• Following strict conduct rules to avoid misleading customers

Traditional financial firms already doing this will find the transition easier. Crypto-native startups? They’re facing a steep climb. Many don’t have compliance teams, audit trails, or risk management systems built into their operations. The FCA isn’t giving them a grace period-they’re expected to be ready when the rules go live.

There’s no official launch date yet, but the draft order was labeled “near-final” in May 2025. Parliament is expected to pass it by early 2026. Firms have less than a year to prepare.

Anti-Money Laundering Rules Are Getting Tighter

On September 2, 2025, HM Treasury released draft updates to the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. These changes specifically target crypto firms.

Now, crypto businesses must:

• Verify customer identities with real documents-not just email addresses or phone numbers
• Keep records of all transactions for at least five years
• Report any unusual activity, even if it’s below traditional reporting thresholds
• Use pooled client accounts only if they meet strict segregation and audit rules
• Register with the FCA’s trust registration service if they hold crypto on behalf of trusts

These aren’t suggestions. Failure to comply could mean fines, license revocation, or criminal charges. The FCA is already using AI tools to scan blockchain transactions for patterns linked to illicit activity. If your platform doesn’t have KYC and AML systems that match bank standards, you’re at risk.

What’s Coming Next?

The 2025 Order is just the first piece. HM Treasury confirmed that two other major components are still coming:

• Market abuse rules for crypto trading-think insider trading and price manipulation
• Admissions and disclosure rules-forcing crypto firms to publish clear, accurate information about their products

These will likely arrive in late 2025 or early 2026. The FCA has already started gathering feedback on how to enforce them. For example, if a crypto firm claims their token is “100% backed by reserves,” they’ll need to prove it-with audited reports, not marketing slogans.

Industry experts from Reed Smith, Hogan Lovells, and Skadden agree: this is the most coherent crypto framework any major economy has built so far. It’s not perfect, but it’s workable. The UK avoided the trap of trying to regulate everything. Instead, it focused on where harm is most likely-centralized issuers, exchanges, and custody providers.

Who Does This Affect?

If you’re a UK resident trading Bitcoin on Binance, you’re not directly regulated. But if you’re running a crypto ATM in Manchester, or you’re a startup issuing a GBP-backed stablecoin from Leeds-you’re in the crosshairs.

Non-UK firms that serve UK customers also need to pay attention. Even if your company is based in Singapore or Dubai, if you market your exchange or stablecoin to UK users, you must comply with the new rules. The FCA can block your website, freeze your UK bank accounts, or fine you if you ignore them.

Small businesses are the most vulnerable. A two-person crypto advisory firm might not have the budget for legal teams or compliance software. HM Treasury says the rules are “proportionate,” but in practice, the cost of compliance could force many small players out of the market.

What Should You Do Now?

Don’t wait for the law to pass. Start preparing now:

1. Map your business activities against the five regulated areas. Are you doing any of them?
2. Review your KYC/AML procedures. Do they meet bank-level standards?
3. Separate customer assets from company funds. Use cold storage, third-party custodians, or trust accounts.
4. Start building a compliance team-or hire a consultant with FCA experience.
5. Track the FCA’s upcoming guidance on market abuse and disclosures. These will define how you talk to customers.

There’s no shortcut. The UK isn’t banning crypto. It’s demanding professionalism. The firms that adapt will thrive. The ones that ignore this will get shut down.

Why This Matters Beyond the UK

The UK’s approach is being watched by Canada, Australia, Singapore, and even the US. If this model works-clear rules, no overreach, protection for consumers, space for innovation-it could become the blueprint for English-speaking economies.

London is already competing with Zurich, Dubai, and Singapore to become the crypto hub of choice. This regulation gives it a real shot. Firms that register in the UK won’t just be compliant-they’ll be seen as trustworthy. That’s worth more than tax breaks.

The message from HM Treasury is simple: if you want to play in the UK market, you play by our rules. No exceptions. No gray areas. Just clear expectations.