UK Cryptocurrency Custody Regulations

The UK's Financial Conduct Authority (FCA) has established new cryptocurrency custody regulations under the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, with an application period opening September 30, 2026 through February 28, 2027.[6]

Core Custody Requirements

24-Hour Custody Threshold

The most significant requirement is a strict 24-hour limit for holding client crypto assets during trade settlement.[1][2] Any firm holding client assets beyond this period must obtain a full safeguarding license and be authorized by the FCA.[1][2] This rule applies to all platforms and software providers, regardless of their previous classification, and catches firms that previously operated outside custodian definitions.[1]

"Shadow Custody" Definition

The FCA defines custody broadly to include firms with the theoretical ability to override a client's authority, even if they never intend to exercise this power.[1][4] The guidance explicitly states that "decentralized arrangements or the use of smart contracts do not exempt firms from regulation," meaning technical architecture does not provide regulatory exemptions.[1]

Client Asset Segregation

Custody requirements mandate adequate arrangements to safeguard investors' rights to their cryptoassets, including restrictions on commingling investors' assets with firm assets, minimization of loss or diminution risks, accurate record-keeping, and adequate controls and governance over safeguarding arrangements.[3]

Node Operators and Service Providers

Node operators or validators offering "added value" services like automatic profit compounding lose their exemption as simple technology providers.[1][2] Even possessing the technical capability to access a customer's wallet is sufficient to trigger regulatory scope.[2]

Stablecoin Issuance Requirements

For fiat-referenced stablecoins, issuance is only recognized as legal if:[1][4]

• The issuer is UK-domiciled
• The issuer manages the entire lifecycle, including initial offering, redemption, and ongoing reserve management
• Strong operations and governance exist within the UK

Stablecoins issued in the UK are regulated identically to other cryptoassets regarding custody and safeguarding services.[7]

Application Timeline and Enforcement

Companies have a five-month application window (September 2026 to February 2027) to apply for authorization.[2][6] Firms that fail to apply within this deadline will be completely banned from operating in the UK.[2] The FCA's consultation on these proposals closes June 3, 2026.[4]

Pending Legislation and Gaps

The search results do not specify insurance or bonding requirements, cold storage mandates, or detailed definitions of "qualified custodians" in the final regulations. The FCA stated it expects to run a separate consultation on custody requirements for security tokens already meeting specified investment definitions.[3] These technical details may be clarified in subsequent regulatory guidance expected before the September 2026 application period.

For overseas firms, those serving only UK institutional customers (not acting as intermediaries to consumers) are not required to be authorized, though this exemption does not apply to consumer-facing services.[7]