FCA CP26/4: What it means for UK professional firms advising crypto clients

FCA CP26/4 proposes how the FCA Handbook would apply to regulated cryptoasset activities. Here's what it means for advisers, lawyers, and compliance teams.

Introduction

Crypto is no longer a 'special case' your firm can ignore until a client forces the conversation. The FCA's Consultation Paper CP26/4 sets out how the FCA Handbook would apply to regulated cryptoasset activities under the UK's developing regime. The practical implication for professional firms is straightforward: the expected standard of governance, disclosures, complaints handling, and supervision becomes much more familiar — and much harder to hand-wave away as 'unregulated'. This matters even if you never touch client assets. If you advise clients who hold crypto, and you introduce, refer, or coordinate with firms that provide crypto services, your clients will assume you understand how consumer protection and accountability are evolving. CP26/4 is one of the clearest signals yet that the direction of travel is towards standard FCA-style outcomes, with crypto brought closer to the mainstream rulebook.

What CP26/4 is, in plain terms

CP26/4 is the FCA's proposal for applying parts of the Handbook to firms conducting newly regulated cryptoasset activities (and how related areas like complaints, redress, and reporting could work). The consultation is open for responses until 12 March 2026. For professionals, CP26/4 gives you a useful 'map' of what will likely be expected around: • Consumer outcomes (including application of the Consumer Duty) • Complaints and redress (including how access to the Financial Ombudsman might be disclosed and handled) • Regulatory reporting (baseline returns at launch, then expansion) • How 'UK establishment' and cross-border provision affects protections

Why this matters to advisers, solicitors, and accountants

Even if your firm does not provide crypto services, your client relationships are exposed to three repeatable risks: 1. Product and platform risk (the 'who are we dealing with?' question) 2. Process risk (how are keys, devices, and access controlled?) 3. Continuity risk (what happens on incapacity or death?) Regulation doesn't solve those issues — but it raises expectations. Once the regime is clearer, clients will be less tolerant of professionals who have no repeatable approach to crypto basics, especially where HNW assets are involved. Bitzo's approach is to help you deliver a non-custodial coordination plan — security and continuity readiness without ever taking possession of client assets.

What to do now: a practical CP26/4 readiness checklist

1) Build a simple crypto 'service map' for your firm Document what you will and won't do: • Will you discuss exchanges, self-custody, or multisig at a high level? • Will you introduce specialist partners? • Will you document continuity plans (without holding keys)? Write it down, and align it with compliance language you already use: 'information only', 'not legal/financial advice', and 'client remains responsible for decisions'. 2) Add a crypto risk triage to onboarding and annual reviews Your first goal is not to 'get clever'. It's to identify whether crypto exists and whether it is a single point of failure. Minimum viable questions: • Do you hold crypto? Where? (Exchange / self-custody / mixed) • Who else knows it exists? • If you were unavailable tomorrow, who can act, and how? • Is there a documented process your executors can follow? 3) Make redress and jurisdiction part of client education CP26/4 highlights that complaints frameworks and Ombudsman access may depend on whether activities are carried on from a UK establishment, and that firms may need to clearly disclose whether Ombudsman access applies. Professionals should incorporate this concept in plain English: 'protections differ by provider structure; know what applies before a problem happens.' 4) Expect data and reporting requirements to grow CP26/4 describes baseline reporting at launch, followed by phased development of new returns over time. This signals a compliance maturity path: what is 'acceptable' at Day 1 will not remain acceptable. If your firm relies on external crypto providers for clients, you should expect more requests for evidence: provider due diligence, client disclosures, documented processes, and review cadences.

Where Bitzo fits for professionals

Bitzo is designed to be an extension of your professional relationship — not a replacement for it. • Non-custodial: we don't hold client crypto • Documented continuity: clear roles, steps, and escalation • Review-based: a repeatable cycle, not a one-off conversation • Professional-friendly: language and materials you can share with HNW clients Related reading: Security, Inheritance, How It Works, and For Advisers.