The FCA's Crypto Rules: Do They Apply to Your Business?

At Englebert, we receive a lot of queries from companies asking if they are included in these new rules; who the rules apply to for FCA crypto and whether they should be making more compliance efforts or not. This confusion is understandable because there is no clear black-and-white answer. Instead, we need to intuitively assess what type of projects the rules point to, whilst also weighing up the risks of non-compliance. Of course, the more severe the punishment, the more caution is exerted.

Last year, the Financial Conduct Authority (FCA) introduced a new policy statement, PS23/6, which significantly expands the scope of cryptocurrency regulation in the United Kingdom. This policy brings a wide range of businesses under the FCA's oversight, including those marketing cryptoassets to UK consumers, regardless of their location or the technology used for promotion. The regulatory landscape has shifted for both businesses operating in the UK, or just targeting it, meaning a wide range of firms now must ensure compliance.

The policy statement focuses on two main groups: 'authorised persons' under the Financial Services and Markets Act 2000 (FSMA), with some exceptions, and 'MLR-registered firms' as defined by anti-money laundering regulations. Each group has specific obligations and regulatory requirements under the new framework, making it crucial for businesses to understand their classification.

At Englebert, we receive a lot of queries from companies asking if they are included in these new rules; who the rules apply to for FCA crypto and whether they should be making more compliance efforts or not. This confusion is understandable because there is no clear black-and-white answer. Instead, we need to intuitively assess what type of projects the rules point to, whilst also weighing up the risks of non-compliance. Of course, the more severe the punishment, the more caution is exerted.

Failing to comply with the FCA's directives can have severe consequences, which we will cover in more detail later in this article. As the crypto market matures, so does the regulation. Unfortunately for the current project, we are in a transitional phase where there’s a lot of uncertainty and lack of clarity from both the FCA and regulators around the world.

Understanding the Financial Promotion Regime

We should first look at the regime itself briefly, though we cover it in more detail in our full guide to the marketing rules. The Financial Promotion Regime, which is a key aspect of the FCA's regulation of cryptoasset marketing in the UK, requires all firms promoting cryptoassets to UK consumers to comply with strict rules, irrespective of their geographical location. 

The regime's primary focus is on safeguarding consumers from the risks associated with the highly volatile crypto market. As a result, crypto businesses cannot rely on traditional geographical boundaries or the digital nature of their products to avoid compliance with UK regulations. So, already we are getting a picture of who the rules apply to (cryptoasset projects and targeting the UK market).

Under the regime, the term 'financial promotion' encompasses a broad range of marketing communications, from social media posts to formal investment offers, that invite or encourage investment activity. If these communications target UK consumers, they fall within the regulatory scope. Businesses must carefully review their marketing materials to avoid inadvertently triggering regulatory obligations in the UK.

To navigate this regulatory landscape effectively, it is crucial to differentiate between regulated and unregulated cryptoassets, as defined by the FCA. While some cryptoassets, such as security tokens, are clearly subject to regulation, others, like utility tokens and non-fungible tokens (NFTs), occupy a more ambiguous position (see more about this here). However, the mere act of marketing any cryptoasset to a UK audience brings the activity under regulatory scrutiny, necessitating a thorough examination of the content and target audience of promotional efforts.

For firms operating in this domain, caution and due diligence is essential. Compliance with the Financial Promotion Regime requires a proactive approach to regulatory alignment, ensuring that all marketing activities are conducted within the boundaries of the law. By doing so, firms can protect themselves from potential legal and financial consequences.

Who Needs to Pay Attention?

To effectively navigate the regulatory landscape shaped by the FCA's Policy Statement 23/6, it is essential to understand the specific entities it directly impacts: 'authorised persons' and 'MLR-registered firms'. While these categories are distinct, they both fall under the strict supervision of the FCA, although their obligations stem from different originating statutes and compliance requirements.

Authorised Persons

'Authorised persons' are firms authorised under Part 4A of the Financial Services and Markets Act 2000 (FSMA). This broad classification includes a wide range of financial services providers, such as those offering investments, insurance, banking services, and so on. 

However, it is important to note that firms authorised solely under the Electronic Money Regulations 2011 or the Payment Services Regulations 2017 are excluded from this category. This distinction is crucial, particularly concerning cryptoasset activities. 

Authorised persons must adhere to the full range of regulatory standards set by the FSMA, including those related to consumer protection, financial promotion and market conduct. For firms dealing with cryptoassets, this means they must comply with both the overarching FSMA framework and the specific guidelines outlined in PS23/6 regarding crypto marketing and promotions.

MLR-registered Firms

'MLR-registered firms' are defined as cryptoasset businesses registered under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. This category focuses on entities engaged in specific cryptoasset activities, such as exchange and custodian wallet services, subjecting them to anti-money laundering (AML) and counter-terrorist financing (CTF) regulations. 

Unlike authorised persons, MLR-registered firms' primary regulatory focus is on AML/CTF compliance. However, they are not exempt from the broader requirements of the financial promotion regime when marketing to UK consumers. The registration requirement highlights the FCA's commitment to reducing the risks of illicit activities within the crypto market by imposing stringent standards for customer due diligence, transaction monitoring, and record-keeping.

Marketing Cryptoassets: Navigating the FCA's Terrain

Regardless of one’s classification as 'authorised persons' under the FSMA or 'MLR-registered firms', companies in the crypto space must carefully consider the regulations. The FCA's directive emphasises the importance of scrutinising marketing practices.

Key Considerations for Cryptoasset Businesses

The FCA's primary focus in regulating cryptoasset marketing is to protect consumers by ensuring that promotional content is “transparent, fair, and not misleading”. For example, a social media post generating awareness for a cryptocurrency would be included here, and careful consideration would be needed on how to word such a post. 

Companies must carefully select the platforms through which they disseminate their promotions, taking into account the target audience's understanding and expectations. On their own website, for example, educational material and risk warnings are expected to ensure the audience isn’t taking a level of risk that they’re unaware of.

Examples of Marketing Activities Under FCA Scrutiny

Marketing activities in the cryptoasset space can take various forms, from straightforward announcements of new services or products to more complex engagements like sponsorship deals or influencer partnerships. While these activities can effectively reach potential consumers, they also carry the risk of violating FCA regulations if not executed with compliance in mind. For example, when using social media influencers to promote a new cryptoasset offering, businesses must ensure that the influencer discloses the nature of the partnership and that the promotional content accurately represents the risks and realities of the investment.

Strategies for Compliance and Risk Mitigation

To mitigate the risks associated with non-compliance, cryptoasset businesses must adopt a comprehensive strategy that addresses both internal policy development and external engagement practices. 

Internally, implementing robust review processes for all marketing materials before release can serve as a crucial control measure, ensuring that every piece of promotional content is evaluated for compliance with FCA regulations. 

Externally, regularly engaging with regulatory advisors, like Englebert, to review and update marketing strategies can provide an additional layer of assurance, keeping the firm informed of evolving regulatory expectations and best practices.

Successfully navigating the FCA's regulatory terrain requires a proactive and informed approach to marketing activities, where compliance is integrated into strategic planning. 

The Risks of Ignoring the FCA's Crypto Rules

It’s one thing to assess whether you’re a cryptoasset business and if your marketing promotions fall under the FCA scope, but it’s another to misjudge the repercussions of noncompliance. 

Failing to comply with the FCA's crypto regulations can have severe consequences, and this alone should make projects surrounding cryptoassets, even if only slightly, to be considered. 

Cryptoasset companies that overlook or underestimate the importance of aligning with these directives face significant legal and financial risks.

Legal Repercussions

The most immediate risks of non-compliance are legal sanctions, which can include fines and more severe penalties, such as the revocation of licences or the suspension of business operations. The FCA has extensive enforcement powers designed to protect consumer interests and maintain market integrity. 

Non-compliance can trigger investigations and enforcement actions, resulting in substantial financial penalties and consuming valuable resources and time in legal proceedings. Beyond immediate sanctions, non-compliance can have a lasting impact on a firm's ability to operate within the UK market, potentially barring them from future opportunities or expansions due to a damaged compliance record.

The FCA has emphasised its commitment to taking robust action against firms that breach the new requirements set out in PS23/6. In addition to financial penalties, the FCA may request that non-compliant websites be taken down, place restrictions on firms to prevent harmful promotions, and identify offending firms on the FCA warning list.

Financial Risks

The financial implications of non-compliance extend beyond the direct costs of fines and legal battles. Failing to adhere to regulations can erode investor confidence and consumer trust, leading to a decline in business value and market position. 

This loss of confidence can be particularly damaging for both startups and established businesses, as it affects their ability to attract investment and maintain customer loyalty. 

Strategic Implications

The strategic costs of non-compliance include the diversion of resources from core business activities to rectify regulatory breaches. This diversion not only detracts from innovation and expansion efforts but also imposes an operational strain, as firms rush to implement compliance measures retroactively. The resulting disruption can hinder a business's agility and responsiveness to market changes, placing it at a disadvantage compared to compliant competitors.

Preparing Your Business for Compliance

For cryptoasset businesses striving to navigate the intricacies of FCA compliance, a well-structured approach is crucial. The first step is to conduct a comprehensive assessment to determine whether the FCA's crypto rules apply to your operations. This involves carefully examining the types of cryptoassets offered, the target market, and the methods used for marketing and promotion. 

Consulting with crypto regulation experts such as Englebert can provide valuable clarity, ensuring that the nuances of the FCA's requirements are fully understood and incorporated into the business's operational practices. Ultimately, there isn’t a simple prescriptive answer that can be realised in an instant; bespoke assessment is needed.

The next critical step is to develop a compliance roadmap. Even if you think you’re likely not affected, it’s still worth voluntarily complying. This is for a few reasons. Firstly, it establishes trust to stakeholders and signals to potential customers that you take accountability. But, it’s also something that may help future-proof your operations, as regulation is continuously changing and broadening, it may impact you down the line. Every company needs a strong culture of compliance because every firm must adhere to some form of compliance (i.e. GDPR).

Businesses can leverage resources such as FCA guidance documents, industry seminars and compliance toolkits to gain valuable insights and best practices. These resources can help businesses stay up-to-date with regulatory changes and expectations.


Navigating the FCA's crypto regulations is an absolute necessity for businesses operating in the UK's crypto market. Unfortunately, what comes under this umbrella term of ‘cryptoasset’ can be vague. 

Understanding and complying with these rules goes beyond merely avoiding legal repercussions; it is a strategic investment in the firm's reputation and long-term success. By embracing compliance, businesses can build trust among consumers and investors.

The consequences of non-compliance are too high to take risks if you’re 50/50 on whether the rules apply to you. Consultation with Englebert can help establish whether the marketing rules apply to your project or specific materials that have been published.

Every month we bring regulatory updates and industry news to your inbox, packed with featured content, top tips from Englebert’s founders and success stories.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.