HM Treasury Crypto Policy and Regulations: What You Need to Know in 2026

Feb, 11 2026

When the UK government finally laid out its official stance on cryptocurrency in 2025, it didn’t just add another rulebook to the shelf-it rewrote the rules of engagement for digital assets in Britain. The HM Treasury crypto policy that took effect in early 2026 isn’t about banning Bitcoin or cracking down on blockchain. It’s about bringing crypto into the same legal framework as banks, brokers, and payment processors. If you’re trading, issuing, or holding crypto in the UK, this affects you directly.

What’s Actually Regulated Now?

The core of the new rules isn’t about what crypto is, but what you do with it. HM Treasury identified five specific activities that now require authorization from the Financial Conduct Authority (FCA):

  • Operating a cryptoasset trading exchange
  • Issuing qualifying stablecoins
  • Dealing in qualifying cryptoassets
  • Providing custody services for cryptoassets
  • Arranging transactions in qualifying cryptoassets

These aren’t vague suggestions. They’re legal requirements. If your business does any of these five things and you serve UK customers, you must apply for FCA authorization by the deadline. No exceptions. No gray areas. This applies even if your company is based outside the UK-if you’re targeting British users, you’re in scope.

But here’s the twist: not all crypto is treated the same. The law draws a sharp line between “qualifying cryptoassets” and “qualifying stablecoins.” Stablecoins-digital coins pegged to fiat currencies like the pound or dollar-are under stricter scrutiny because they’re designed to act like money. If you’re issuing a stablecoin in the UK, you’re now subject to the same capital, liquidity, and audit rules as a bank. That’s a big shift. A single UK-based stablecoin issuer could be forced to hold hundreds of millions in reserves and undergo quarterly audits. For many startups, that’s a dealbreaker.

Who’s Excluded? The DeFi Loophole

One of the most surprising parts of the policy isn’t what’s included-it’s what’s left out. Truly decentralized finance (DeFi) protocols are exempt. If there’s no central team, no company behind the code, and no identifiable operator, then HM Treasury says: “We can’t regulate you, so we won’t try.”

This isn’t a loophole-it’s a deliberate design choice. Regulators know that trying to force compliance on a decentralized smart contract running on Ethereum or Solana is like trying to sue the wind. Instead, they’re focusing on the human actors: the companies that build wallets, run exchanges, or issue tokens. If you’re a developer working on an open-source DeFi protocol, you’re safe. If you’re running a platform that lets users trade those tokens, you’re not.

This approach has drawn praise from developers and criticism from some consumer advocates. Critics argue it leaves users exposed to risky DeFi apps with no oversight. Supporters say it preserves innovation while still protecting people through the firms they actually interact with.

Why This Matters for UK Businesses

Before 2025, crypto firms in the UK operated in a legal gray zone. Some registered with the FCA voluntarily. Others ignored the rules entirely. Now, the choice is binary: comply or shut down.

For traditional financial institutions-banks, asset managers, fintechs-this is mostly an extension of what they already do. They’ve got compliance teams, audit systems, and risk controls. Adding crypto to their existing framework is a matter of updating procedures, not building from scratch.

For crypto-native companies? It’s a different story. Many startups never had KYC (know your customer) systems, AML (anti-money laundering) protocols, or capital buffers. Now they’re being asked to meet the same standards as Barclays or Fidelity. The cost of compliance can run into millions. Some small firms have already shut down rather than pay for it.

And it’s not just about money. The FCA now requires firms to prove they have operational resilience-meaning if your exchange gets hacked, your systems don’t collapse. You need backup servers, disaster recovery plans, and cybersecurity audits. This isn’t optional. It’s part of the authorization checklist.

Developers working on decentralized code beside a regulated fintech office filing compliance paperwork.

Stablecoins: The Real Target

While Bitcoin and Ethereum are part of the conversation, the real focus of HM Treasury’s policy is stablecoins. Why? Because they’re the bridge between crypto and everyday finance.

Imagine a UK resident using a stablecoin to pay rent, buy groceries, or send money abroad. If that stablecoin is issued by a company based in the Cayman Islands, the UK government can’t regulate that issuer directly. But if that same stablecoin is used by UK customers, the FCA can still require the exchange or wallet provider handling the transaction to verify users, report suspicious activity, and freeze accounts if needed.

That’s why the regulation is territorial. UK issuers of stablecoins are fully regulated. Foreign issuers? Not directly. But if their stablecoin is being traded or held by UK residents, the firms facilitating those transactions must comply. This creates a kind of regulatory net: you can’t avoid the rules by operating offshore-you just shift the burden to the UK-based middlemen.

This approach gives UK-based stablecoin issuers a competitive edge. A company like “PoundCoin Ltd.”, based in London and fully licensed, can market itself as the safest, most transparent option for British users. Foreign stablecoins? They’re still usable, but users are warned they’re not protected by UK law.

What Comes Next? The Roadmap Beyond 2026

The 2025 draft order wasn’t the end-it was the start. HM Treasury has already published follow-up proposals for two more layers of regulation:

  • Updates to the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017, now explicitly covering crypto firms
  • Future rules on market abuse and disclosure requirements for crypto trading

The first set of amendments, released in September 2025, now requires crypto firms to conduct customer due diligence on all users, monitor pooled client accounts, and report suspicious activity just like banks do. It also introduces new rules around trust registration-meaning crypto assets held in trusts must now be disclosed to HMRC.

The second wave-market abuse rules-is expected in mid-2026. This will close the gap on insider trading and market manipulation in crypto markets. Right now, you can’t be prosecuted for pumping a token on a UK exchange the same way you could for manipulating a stock. That’s changing. The FCA is building the tools to detect and punish crypto market manipulation, including surveillance of trading patterns and reporting of unusual volume spikes.

By the end of 2026, firms will also need to comply with detailed FCA rulebooks, which will define exactly how to submit applications, what documentation to provide, and how often to report. Think of it like the rulebook for stockbrokers-but adapted for crypto.

A person making a safe stablecoin payment with FCA-approved wallet, while unregulated tokens fade in background.

How This Compares to the Rest of the World

The UK didn’t invent this model. It borrowed heavily from the EU’s MiCA regulation, which took effect in 2024. But there are key differences.

MiCA tries to regulate everything-DeFi, tokens, wallets, even decentralized exchanges. The UK says: “We’ll regulate the gatekeepers, not the infrastructure.” That’s a smarter, more practical approach. It’s also more aligned with how the US treats financial intermediaries: focus on the firms, not the tech.

Compared to countries like Singapore or Switzerland, the UK’s rules are stricter on capital requirements but more flexible on DeFi. Compared to the US, where regulation is a patchwork of state and federal rules, the UK has one clear, centralized system. That clarity is attracting firms that want to operate without legal guesswork.

London is now positioning itself as the European hub for compliant crypto businesses. Firms that used to set up in Malta or Liechtenstein are now looking at London. Why? Because if you’re going to be regulated, you might as well be regulated by one of the world’s most respected financial regulators.

What Should You Do Now?

If you’re a UK-based crypto business: check if your activity falls under the five regulated categories. If yes, start your FCA application immediately. The authorization process can take 6-12 months. Don’t wait.

If you’re a user: know your risks. Only use FCA-authorized exchanges and wallet providers. Look for the FCA registration number on their website. If it’s not there, walk away.

If you’re a developer or investor in DeFi: you’re not affected-not directly. But if you’re building a platform that connects users to DeFi protocols, you might need authorization. Ask yourself: are you acting as a gatekeeper? If yes, you’re in scope.

The message from HM Treasury is clear: innovation isn’t being crushed. It’s being channeled. The goal isn’t to stop crypto-it’s to make sure when people use it, they’re protected. And if you’re building something real, the rules now give you a clear path to do it legally.

Are all cryptocurrencies regulated under HM Treasury’s new rules?

No. Only five specific activities involving "qualifying cryptoassets" and "qualifying stablecoins" are regulated. Bitcoin, Ethereum, and other non-stablecoin assets are only subject to rules if they’re traded on a licensed exchange, held in custody by a regulated firm, or used in a transaction arranged by an authorized entity. Truly decentralized protocols with no central operator are exempt.

Do I need FCA authorization if I’m a UK resident trading crypto personally?

No. Individual users who buy, hold, or trade crypto for personal use don’t need authorization. The rules apply only to businesses providing services like exchanges, custody, or stablecoin issuance. As long as you’re not running a platform or offering services to others, you’re not regulated.

What happens if a crypto firm doesn’t get FCA authorization?

Firms operating without authorization after the deadline face legal action. The FCA can issue fines, freeze assets, and order the business to shut down. They can also block websites and apps from operating in the UK. Users who deal with unauthorized firms lose legal protections and may not be able to recover losses.

Are stablecoins from outside the UK affected?

Stablecoin issuers outside the UK aren’t directly regulated. But if their stablecoin is traded, held, or used by UK customers, the UK-based platforms facilitating those transactions-like exchanges or wallets-must be FCA-authorized. This means foreign stablecoins can still be used in the UK, but only through regulated intermediaries.

How does this policy affect DeFi projects like Uniswap or Aave?

DeFi protocols themselves are not regulated if they’re truly decentralized-with no central team, company, or identifiable operator. However, if a UK-based company builds an interface that lets users interact with these protocols (like a DeFi wallet or aggregator), that company must be FCA-authorized. The regulation targets the human-facing services, not the blockchain code.

When will the full rules be finalized?

The core framework took effect in early 2026. The FCA published its detailed rulebook in January 2026, and authorization applications are now open. Market abuse and disclosure rules are expected by mid-2026. Anti-money laundering updates are already in force as of October 2025. There’s no further delay-the system is live.

Final Thoughts

The HM Treasury crypto policy isn’t about fear. It’s about clarity. After years of uncertainty, the UK has finally drawn a line: if you’re making money from crypto in Britain, you play by the same rules as everyone else. No more loopholes. No more waiting. The system is open. The rules are written. And the door is now open for responsible innovation to thrive-on terms that protect users without killing progress.

Tags: