When the FCA published its proposed regulatory framework for crypto assets firms in three consultation papers (CPs)*, they mark the transition to a comprehensive regulatory framework, fully integrating crypto asset business models into the FCA’s regulatory perimeter.
Although the FCA has not yet published its policy statements (PS) on the final state for the new crypto regulatory regime, the scale of the forthcoming changes is already clear. Even if there are material modifications between the CPs and the PSs, the impact on crypto asset firms will be far‑reaching.
The FCA crypto application window for authorizations under the new regime is approaching rapidly. Firms will be able to submit applications between September 30, 2026 and February 28, 2027, with the regime coming into force on October 25, 2027. While the FCA has provided helpful indications to guide firms’ preparations, each crypto business will still need to work through how to meet the standards and regulatory expectations of the new regime.
As part of the authorization process, crypto asset firms seeking to undertake regulated crypto asset activities must demonstrate, among other areas, that they meet the prudential requirements set out in the COREPRU and CRYPTOPRU sourcebooks. Prudential preparedness will, therefore, be a gateway condition for authorization, making early planning essential.
This article examines the likely impact of the forthcoming crypto prudential regime on crypto asset firms and highlights the importance of preparing early for the key authorization milestones.
The Key Areas of Impact
In a nutshell, the new crypto prudential framework is not an entirely new concept in prudential regulations. It largely draws from the existing investment firm prudential regime (IFPR) style framework, set out in the MIFIDPRU Sourcebook.
Therefore, firms already subject to, or familiar with, IFPR will recognize the core areas of impact on the crypto regime. Specifically: own funds (capital) requirements, including the new crypto-based activities K-factors and liquidity adequacy, established governance frameworks, robust risk management, wind-down planning and public disclosures.
However, this mutual foundation should not be mistaken for equal application. Established governance arrangements and risk management will need to be reviewed in the MIFIDPRU Internal Capital Adequacy and Risk Assessment (ICARA) style assessments, tailored to specific risks of crypto asset business models.
Given that their own-funds calculations are driven by firm activities, crypto asset firms must consider the specific crypto activities they intend to undertake, such as crypto asset custody, dealing as principal or operating a crypto asset trading platform and the risk exposures these activities create.
Robust analysis, supported by credible data and financial forecasts, will be essential to identify the relevant crypto K‑factors. These K‑factors will then feed directly into own funds calculations to ensure crypto asset firms meet their prudential requirements at authorization. They are aimed at ensuring that regulated businesses are able to remain operationally sound, absorb unexpected losses and wind down in an orderly manner.
Introduction of capital requirements may challenge firms with thinner balance sheets. Calculating crypto K-factors will also require establishing new data gathering processes including systems upgrades, adding further cost and operational complexity.
Similarly, the mandatory liquidity requirements and related risk assessment will ensure that crypto asset firms are able to meet their liabilities as they become due, using ‘real’ liquid assets rather than crypto assets as a source of liquidity. This shift may increase ongoing business costs. Firms will need a risk‑based approach to maintaining adequate liquidity in both business‑as‑usual and stressed conditions.
Liquidity stress testing will become compulsory. More complex firms, such as those operating crypto trading platforms, are likely to be required to hold larger liquid resources than those firms with traditional models, this is due to the more volatile nature of the crypto market moves and dependence on third-party liquidity providers.
Risk management frameworks will need to be fully documented to demonstrate that crypto asset firms can identify, monitor and manage all enterprise risks. Senior management and boards must evidence effective prudential oversight and challenge as part of the ICARA-style approval process. This obligatory uplift may require developing or strengthening existing systems and controls to ensure ongoing compliance.
Firms should also consider heightened impact of third-party or outsourcing risk management, operational and technology risk requirements. Crypto business models often involve risks that can trigger rapid contagion, irreversible asset loss or systemic disruption. Enhancing arrangements in these areas, and budgeting for the associated costs, will be essential and should form part of key considerations for preparedness. Another new area will be the obligation to maintain a credible, orderly wind-down for exiting the market. The wind-down plan must be practical, analyzed in credible scenarios and demonstrate that the firm has considered all aspects of its business, including the return of client assets and custody arrangements ahead of its closure. Prudential frameworks must, therefore, incorporate governance and operational steps that support orderly wind down, ensuring sufficient liquidity is available to close the business safely.
Financial risk management frameworks must embed governance and operational arrangements that apply in business as usual, during periods of stress and throughout a potential wind-down. This ensures crypto asset firms can maintain sufficient liquidity to close the business in an orderly manner. Firms should also assess the resilience and sustainability of both financial and non-financial resources needed to support the business throughout its lifecycle, including during stress and wind-down. In this context, non-financial resources mean systems, services and people.
Why Is the Building of Your Prudential Readiness Critical Now?
Developing or enhancing prudential frameworks, covering capital, liquidity, risk management, stress testing, monitoring and governance, requires a structured and time-intensive approach. Firms will need to complete a gap analysis and develop a target operating model, followed by an implementation period.
Investment firms already undertaking regular ICARA processes will need to refine and adapt their ICARAs to include their crypto activities and reassess the appropriateness of their current risk governance arrangements to ensure compliance with the new prudential crypto regime.
For firms encountering prudential regulation for the first time, building a solid understanding of how the rules apply to their intended crypto asset business model is essential, well before submitting their authorization crypto applications.
Practically, these activities take significant time: interpreting the rules, understanding their purpose, applying them to the business model and operating model in a proportionate manner and documenting the arrangements for inclusion in the authorization application.
Firms seeking authorization under the 2027 crypto regime should begin building or revising their prudential frameworks now. Falling behind the new requirements risks delays or outright rejection of applications by the FCA, with potentially severe strategic consequences, including the need to cease crypto operations entirely.
How Can Kroll Help?
The new UK crypto prudential regime raises the bar for every firm seeking FCA authorization to carry on crypto asset business. Those that prepare early will be best placed to navigate the transition; those that delay risk falling behind a regulatory framework that is rapidly becoming more demanding, more data‑driven and more supervisory in nature.
Kroll’s London‑based prudential specialists bring years of firsthand FCA experience, including deep involvement in the development and supervision of ICARA, IFPR and prudential oversight frameworks.
We support firms across the full spectrum of UK crypto regulatory needs, from crypto compliance consultant support in the UK, to crypto asset financial promotions advice and broader crypto regulatory guidance. Our experienced team of ex-regulators, lawyers, accountants and industry professionals, assists firms prepare their applications for authorization or those already authorized, help them vary their permissions and maintain ongoing compliance under the evolving UK crypto regulatory framework.
We have conducted numerous ICARA process reviews, K‑factor assessments and FCA authorisation engagements, and we understand exactly what the regulator expects to see. Our prudential reviews are tailored to your business model and may include identifying prudential gaps, strengthening financial resources assessments, enhancing stress‑testing frameworks, refining wind‑down plans and ensuring your governance and risk management arrangements are proportionate for your firm, while also meeting regulatory expectations.
As firms prepare for the upcoming crypto asset prudential regime, we also bring deep expertise across UK and EU regulatory regimes in risk management and prudential reviews, with a particular focus on outsourcing and third‑party risk management. Our independent reviews and assurance work give boards confidence that outsourced and other critical or important functions meet evolving expectations, supported by practical, actionable recommendations that strengthen operational resilience and regulatory readiness.
If you need specialist FCA crypto support to prepare for the 2027 crypto regulatory regime, whether for prudential readiness, authorization, due diligence or ongoing compliance, our team is ready to help.
In a landscape where regulatory expectations are rising fast, the firms that invest now in building strong, defensible prudential frameworks will be the ones most likely to secure authorization, protect their strategic ambitions and thrive in the new era of UK crypto regulation.
Sources
CP25/40 Regulating Cryptoasset Activities
CP25/41 Regulating Cryptoassets: Admissions & Disclosures and Market Abuse Regime for Cryptoassets
CP 25/42 Prudential Regime For Cryptoasset Firms


