By October 2027, every UK crypto firm issuing, trading, safeguarding or lending digital assets will need FCA authorisation to keep operating. The firms that move early will be raising capital, opening bank accounts (when banks finally get on board with this) and closing enterprise deals while their slower competitors are still scrambling to get reach compliance.
The problem is most firms are treating this as a single deadline in the future, when it's actually a sequence of decisions that need to start now. This is your roadmap - the key dates, what "ready" actually looks like, and the steps to take before the window closes
Nine activities fall under the new regime:
→ Issuing CryptoassetsIf any part of your business touches one of these, the standards you'll be held to look a lot like traditional financial services. This includes governance, risk management, and evidenced controls.
The FCA, and everyone who does business with you before the FCA even gets involved, will be checking whether your risk management matches the reality of what you do. Three things tend to decide whether firms pass that check comfortably:
1. Governance that matches your risk profile.
A five-person custody platform handling client assets needs the same rigor around controls and accountability as a much larger traditional firm handling similar risk. Documented decision-making, clear ownership of risk, and a paper trail matter just as much when being reviewed by the FCA.
2. Insurance that's actually built for what you do.
This is where most firms discover a gap they didn't know they had. Many general commercial policies define "money" as fiat currency only and can exclude Cryptoasset activity through restrictive definitions of "services" or obscure exclusions. Before authorisation season heats up, get your PI/Tech E&O and D&O cover reviewed by someone who understands digital asset risk specifically.
3. A programme that scales with you.
Fast-growing crypto firms change shape constantly with new products, new jurisdictions, and new activities. A static insurance programme bought at seed stage rarely still fits by Series A, you can quickly discover that your cover isn’t at the level that it needs to be.
This isn't just about avoiding penalties, the pressure to be "ready" is already showing up commercially:
→ Investors are routinely requesting evidence of PI and D&O cover as part of due diligence. A gap here can stall or kill a funding round completely as investors can see this as unmanaged risk.Getting ahead on these things puts you in a strong position for conversations with investors, banks, and future clients, and demonstrates your firms approach to risk.
Your action checklist
→ Map your activities against the nine regulated categories - know exactly which ones apply to you now, and which ones might apply as you grow.Firms that start this roadmap now won't just be compliant by October 2027 - they'll have spent the run-up closing deals, rounds, and partnerships that their less-prepared competitors couldn't.
Don't wait for a fundraise, a bank review, or a regulator to find your gap for you. Get in touch today to see where your programme actually stands.
Disclaimer: This content has been produced for general information purposes and should not be taken as formal advice. You should always seek specific professional advice before acting on any of the information given.