Skip to main content
Perspective:
Perspective
13 Jun 2025
10 minute read

FCA's CP25/15: How New Rules Impact Cryptoasset Firms

Bracing for the new prudential requirements for cryptoasset activities | CRYPTOPRU, COREPRU and the FCA Crypto Roadmap

Marilena Do Rosario
Declan Hoskins
Brian Thornhill

CP25/15 is the first of two consultation papers on the FCA’s prudential requirements following the FCA’s initial discussion paper (DP23/4). A second consultation (CP2) covering the remaining prudential requirements is expected to follow by Q1 2026 as per the FCA’s Crypto Roadmap. Theses proposed arrangements will apply to firms conducting specific regulated cryptoasset activities (CRYPTOPRU firm), and the FCA will introduce these Prudential requirements via two sourcebooks:

  • COREPRU which will be an integrated prudential sourcebook
  • CRYPTOPRU which will cover specific regulated crypto asset activities

Key Prudential Requirements:


The first consultation paper sets out the FCA’s initial rules-based minimum own funds (capital) and liquidity requirements along with definitions of the resources to be held to meet these requirements. Firms will also be expected to conduct an internal risk-based assessment of capital and liquidity to cover potential for harm under both ongoing activities (not only regulated activities) and wind-down and the FCA will consult on this in CP2.

Minimum own funds (capital) requirements and resources proposed in CP25/15

The following (rules-based) own funds requirements (OFR) and resources are proposed for firms conducting cryptoasset activities:

A PMR will apply to all firms engaging in regulated cryptoasset activities. The PMR will act as a capital floor and the FCA has indicated the proposed levels aim to take into account the need for financial resilience and market confidence whilst trying to ensure a level playing field. The consultation sets out PMRs for issuers of stablecoin (£350K) and firms safeguarding qualifying crypto assets (£150k). Further PMR levels for additional cryptoasset activities will be consulted on in CP2. Firms will need to hold the highest of the PMRs that apply (e.g. inclusive of any MIFIDPRU related PMRs where applicable).

Firms conducting regulated cryptoasset activities will be required to calculate a FOR which is calculated as a quarter of a firm's annual relevant expenditure. The FOR will serve as a proxy for the minimum level of capital required to mitigate the potential for harm and cover losses that may be incurred during a wind-down or market exit. Firms will be required to immediately revise their FOR following a material increase in projected relevant expenditure, and where there is a material decrease they can also reduce their FOR subject to approval from the FCA (based on materiality thresholds specified by the FCA).

Firms should note however, that CP2 is expected to introduce a requirement to develop and maintain an internal risk-based (self) assessment of the arrangements and resources that will be required to facilitate an orderly wind-down (stressed).

This activity-based capital requirement will address the potential harm arising from activities carried out by firms. The consultation paper sets out k-factors for firms issuing qualifying stablecoins and firms safeguarding qualifying cryptoassets. Further k-factors for additional cryptoasset activities will be consulted on in CP2. Firms will need to calculate the total k-factor requirement as the total of all applicable k-factors. The k-factors set out in this consultation are as follows:

  • The proposed k-factor for issuance of stablecoin will be calculated as 2% of the average qualifying stablecoin in issuance
  • The proposed k-factor for safeguarding qualifying cryptoasset will be calculated as 0.04% of the average qualifying cryptoassets safeguarded

Firms should note that whilst the rules-based KFR calculations may scale with growth in the underlying activities, it is not designed to capture all risks that a firm may incur as a result of its business model, activities and risk profile. Consequently, the FCA will also require firms to perform internal risk-based assessments to determine an appropriate level of resources that should be held by the firm at all times. (See the ICARA expectations below)

Own funds resources will need to be held to cover the above requirements. Own funds resources (instruments and items) are characterised by their ability to absorb losses and grouped into ‘Tiers’ based on quality, with Common Equity Tier 1 being the highest quality capital. Own funds held will need to meet to meet conditions set out by the FCA to ensure that they are of adequate quality, and firms will also be required to adjust the capital held for any required deductions and prudential filters, for example deducting intangible assets and holdings of crytoassets issued by the firm itself. It should be noted that there are limitations on the use of lower ‘tiers’ of own funds resources as the proportions of these items that can count towards own funds are limited and in addition, the classification of these items will generally be expected to follow the accounting treatment.

Minimum liquidity requirements and resources proposed in CP25/15


The FCA has proposed that all firms conducting cryptoasset activities will be subject to a minimum liquidity requirement, the Basic Liquidity Adequacy Requirement (BLAR), which will be calculated as a third of the FOR. The BLAR will need to be met by items that can be considered ‘core’ liquid assets under the FCA’s rules, including short term deposits at a UK bank and gilts or treasury bonds.

Additionally, the consultation sets out a proposal for all firms that issue qualifying stablecoin to hold a specific requirement for stablecoin issuers (ILAR) and the amount to be held will depend on the mix of non-cash assets in the backing pool to which the FCA has proposed applying specific charges for the value of each asset, depending on a number of factors including residual maturity. The ILAR will need to be met by on demand deposits (available without restrictions and in the reference currency) and the cost of absorbing any penalties on break clauses will need to be considered. Similar to the requirements for capital assessment, firms will need to undertake an internal assessment of liquidity requirements under the ICARA process.

Internal Capital Adequacy and Risk Assessment (ICARA) Process


The FCA will consult on the ICARA process for CRYPTOPRU firms in CP2. It should be noted that all firms subject to the FCA’s prudential requirements are required to conduct assessments of capital and liquidity under the FCA’s Finalised Guidance and Assessing Adequate Financial Resources (FG 20/1), however for firms that are not currently subject to detailed prudential requirements (e.g. standalone MLR registered firms) this will be a new requirement. The ICARA requirements will build on the expectations set out in FG 20/1, including stress testing and wind-down planning.

In line with their past experience, the FCA has indicated that firm are likely to find that their risk-based internal assessments may be greater than the rules-based OFR calculations noted above.

Concentration risk

Firms will be required to monitor their sources of concentration risk. This includes concentrations within assets, off balance sheet items, client money, cash deposits, backing deposits and also concentration in sources of earnings. The consultation sets out proposals to require firms to ensure that they have robust frameworks in place to monitor and manage concentration risk, including clarity on what constitutes concentration risk, an updated concentration risk policy, management information. In addition, firms will be expected not just to identify individual clients but groups of connected clients.

Additional key considerations

Based on our experience of the actions and challenges that may arise to achieve effective implementation and embedding of a new prudential regime, we have highlighted some additional key factors firms may wish to consider and proactively incorporate as part of their preparatory arrangements

Data accuracy and management

Firms should ensure they have adequate processes, systems and oversight arrangements, to capture and utilise the data needed for all calculations and assessments that may be required under the proposed rules in an accurate and reliable manner. The k-factor calculation (for example), uses historic monthly data and excludes the most recent months in order to allow for smoothing and lagging. Firms will therefore need to ensure that the relevant historic monthly data is available and that data going forward is captured consistently, for example use of market values and appropriate currency conversion calculations where required and also any adjustments required e.g. exclusions.

The FCA has also highlighted on numerous occasions the need for firms to ensure that their data submissions are accurate, and firms should therefore ensure that they have adequate processes, systems and policies to support production of accurate data required for both their calculations and reporting of capital and liquidity requirements and resources. For example, for the currently proposed k-factors, firms will need to ensure they are able to source accurate monthly data on the basis set out in the FCA’s rules, taking into account factors above.

Risk management framework

For firms not subject to detailed prudential requirements currently, the proposals in this consultation may represent a material change to their existing risk process. In preparation for the FCA’s ICARA requirements, firms will need to consider whether their risk management framework supports the complete identification and assessment of key risks to be considered under the ICARA process. Firms will also need to consider the design of their ICARA processes, including the use of the outputs to effectively manage and mitigate risks. Firms that are already subject to prudential requirements will have some of the required processes in place already but will need to consider whether specific risks from cryptoassets activities are identified and captured adequately within their ICARA process and that they are able to assess these relative to the relevant k-factor requirements.

A strong governance framework is essential in ensuring that the conclusions of the ICARA process can be relied on. Therefore, in preparation for implementation of the new requirements, firms may wish to consider their governance process to support the proposed changes, including the roles and responsibilities of committees and individuals in the key processes such as the ICARA process.

Risk monitoring and management

Within CP25/15, the FCA has identified specific requirements for the monitoring of concentration risk. However, given the objectives of the FCA’s proposed prudential regime CRYPTOPRU firms (and comparable MIFIDPRU regime), firms will also need to consider arrangements to identify, assess, report, manage and mitigate all key risks. In practice, effect risk monitoring and management typically also likely to require adequate supporting risk appetite framework arrangements including key risk metrics and early warning indicators.

Conclusion and next steps


The FCA’s proposed prudential regime for CRYPTOPRU firms will introduce a number of new requirements and expectations for firms undertaking regulated cryptoasset activities.

  • In addition to the existing consultation (CP25/15) which will close on 31 July 2025, CRPYTOPRU firms can expect further expected measures to be communicated via a subsequent prudential consultation (CP2) in Q4 2025 / Q12026.
  • Based on the FCA’s stated and observed expectations, the latter will include a number of risk-based assessments (e.g. ICARA, WDP) that are likely to require a greater level of resources (i.e. relative to the initial rules-based calculations set out in CP25/15), as well as clarification on expected group and reporting requirements.
  • CRYPTOPRU firms may also need to consider other planned policy publications that the FCA will issue in advance of the regime’s go-live target in 2026. These include consultations on standards for all Regulated Activities Order (RAO) activities (e.g. Conduct, Consumer Duty, Operational Resilience, Governance, SMCR, etc); Admissions & Disclosures; Market Abuse; Trading platforms, intermediation, lending and staking.

Please feel free to contact the authors below should you require further support or would like to participate in our supporting industry working groups or roundtables.

Get in touch

Brian Thornhill

Brian Thornhill

Director
+44 (0)20 7303 6948
Nikki Lovejoy

Nikki Lovejoy

Partner
+44 (0)20 7303 2921
Ed Moorby

Ed Moorby

Digital Assets Leader
+44 (0)20 7007 6555

Our thinking

The FCA’s concluding IFPR implementation observations: key takeaway for firms | Deloitte UK

This blog gives an overview of the FCA’s recent key observations, conclusions and examples of best practice on IFPR implementation.
Perspective
5 minute read

The FCA’s spotlight turns to Premium Finance | Deloitte UK

In this blog, we step through the key areas of focus that the FCA has been highlighting to firms over the last 18 months, what this means to Premium Finance lenders (including Insurers that provide Premium Finance products), and the key questions that firms should be asking themselves now in the context of their end-to-end framework in order to meet FCA expectations in this area and to support the delivery of good customer outcomes.
Perspective
7 minute read

Solvency UK Matching Adjustment reforms | Deloitte UK

In this blog, we discuss these implications and set out the key areas for firms to consider as they change their Internal Models to allow for the proposals in CP19/23.
Perspective
7 minute read

Consumer Duty – Next steps for Life and Pensions | Deloitte UK

This blog is relevant to Insurance firms, particularly those considering the impact of the Consumer Duty on closed books.
Perspective
7 minute read