Capsule Cover | Blog

Capsule Cover | The FSMA 2027 Crypto Roadmap: How to be ready before your competitors

Written by Admin | Jul 15, 2026 1:42:03 PM

By October 2027, every UK crypto firm issuing, trading, safeguarding or lending digital assets will need FCA authorisation to keep operating. The firms that move early will be raising capital, opening bank accounts (when banks finally get on board with this) and closing enterprise deals while their slower competitors are still scrambling to get reach compliance.

The problem is most firms are treating this as a single deadline in the future, when it's actually a sequence of decisions that need to start now. This is your roadmap - the key dates, what "ready" actually looks like, and the steps to take before the window closes

The timeline you're working against

→    30 September 2026 - The FCA authorisation gateway opens.

→    28 February 2027 - The deadline to submit your application if you want to keep operating               past the cut off.

→     25 October 2027 - From this date, no firm may carry out regulated Cryptoasset activity in               the UK without authorisation from the FCA.

Nine activities fall under the new regime:

→    Issuing Cryptoassets
→    Operating a Crypto trading platform
→    Dealing in Cryptoassets (as principal or agent)
→    Arranging deals in Cryptoassets
→    Cryptoasset custody/safeguarding
→    Operating a Cryptoasset lending platform
→    Staking services
→    Safeguarding and administration
→    Operating a crypto settlement system

If any part of your business touches one of these, the standards you'll be held to look a lot like traditional financial services. This includes governance, risk management, and evidenced controls.

What "ready" actually means

The FCA, and everyone who does business with you before the FCA even gets involved, will be checking whether your risk management matches the reality of what you do. Three things tend to decide whether firms pass that check comfortably:

1. Governance that matches your risk profile.
A five-person custody platform handling client assets needs the same rigor around controls and accountability as a much larger traditional firm handling similar risk. Documented decision-making, clear ownership of risk, and a paper trail matter just as much when being reviewed by the FCA.

2. Insurance that's actually built for what you do.
This is where most firms discover a gap they didn't know they had. Many general commercial policies define "money" as fiat currency only and can exclude Cryptoasset activity through restrictive definitions of "services" or obscure exclusions. Before authorisation season heats up, get your PI/Tech E&O and D&O cover reviewed by someone who understands digital asset risk specifically.

3. A programme that scales with you.
Fast-growing crypto firms change shape constantly with new products, new jurisdictions, and new activities. A static insurance programme bought at seed stage rarely still fits by Series A, you can quickly discover that your cover isn’t at the level that it needs to be.

Why it’s best to get ahead

This isn't just about avoiding penalties, the pressure to be "ready" is already showing up commercially:

→    Investors are routinely requesting evidence of PI and D&O cover as part of due diligence. A            gap here can stall or kill a funding round completely as investors can see this as unmanaged              risk.

→    Banks are applying the same logic when onboarding crypto counterparties, often asking for            PI from an A rated insurer. Weak governance and insurance evidence slows account opening            or blocks it entirely.

→    Enterprise clients are asking the same questions through vendor risk processes before they'll          sign.

Getting ahead on these things puts you in a strong position for conversations with investors, banks, and future clients, and demonstrates your firms approach to risk.

Your action checklist

→    Map your activities against the nine regulated categories - know exactly which ones                  apply to you now, and which ones might apply as you grow.

→    Get your current insurance policies read properly - specifically the definitions sections,                 not just the coverage summary. Look for how "money," "services," and "digital assets" are                   defined.

→    Pressure-test your governance documentation - could you produce a clear risk                              management and decision-making trail if asked tomorrow.

→    Talk to a broker who specialises in digital assets -
one that isn’t just adapting a generic                  FinTech policy. The underwriting landscape is moving fast and working with a specialist can                help make sure your ever evolving risks are managed.


→    Build your authorisation timeline backwards from 28 February 2027
- work out what                  needs to happen, and when, to have your application submitted comfortably before the                    deadline.

The bottom line

"The UK is seeking to become a jurisdiction where reasonably sized and well-run crypto businesses thrive. However, the FCA expects firms to have proper resources in place to comply with their regulatory obligations, rather than be focused solely on product development."

- James Burnie, Partner - Gunnercooke LLP 

Firms that start this roadmap now won't just be compliant by October 2027 - they'll have spent the run-up closing deals, rounds, and partnerships that their less-prepared competitors couldn't.

Don't wait for a fundraise, a bank review, or a regulator to find your gap for you. Get in touch today to see where your programme actually stands.



Disclaimer: This content has been produced for general information purposes and should not be taken as formal advice. You should always seek specific professional advice before acting on any of the information given.