FCA CP26/4: What it means for UK professional firms advising crypto clients

By Simon Bumford, Founder · · 9 min read

FCA CP26/4 proposes how the FCA Handbook would apply to regulated cryptoasset activities. Here's what it means for advisers, lawyers, and compliance teams.

Introduction

Back to Insights Crypto is no longer a 'special case' your firm can ignore until a client forces the conversation. The FCA's Consultation Paper CP26/4 sets out how the FCA Handbook would apply to regulated cryptoasset activities under the UK's developing regime. The practical implication for professional firms is straightforward: the expected standard of governance, disclosures, complaints handling, and supervision becomes much more familiar — and much harder to hand-wave away as 'unregulated'. This matters even if you never touch client assets. If you advise clients who hold crypto, and you introduce, refer, or coordinate with firms that provide crypto services, your clients will assume you understand how consumer protection and accountability are evolving. CP26/4 is one of the clearest signals yet that the direction of travel is towards standard FCA-style outcomes, with crypto brought closer to the mainstream rulebook.

What CP26/4 is, in plain terms

CP26/4 is the FCA's proposal for applying parts of the Handbook to firms conducting newly regulated cryptoasset activities (and how related areas like complaints, redress, and reporting could work). The consultation is open for responses until 12 March 2026. For professionals, CP26/4 gives you a useful 'map' of what will likely be expected around: • Consumer outcomes (including application of the Consumer Duty) • Complaints and redress (including how access to the Financial Ombudsman might be disclosed and handled) • Regulatory reporting (baseline returns at launch, then expansion) • How 'UK establishment' and cross-border provision affects protections

Why this matters to advisers, solicitors, and accountants

Even if your firm does not provide crypto services, your client relationships are exposed to three repeatable risks: 1. Product and platform risk (the 'who are we dealing with?' question) 2. Process risk (how are keys, devices, and access controlled?) 3. Continuity risk (what happens on incapacity or death?) Regulation doesn't solve those issues — but it raises expectations. Once the regime is clearer, clients will be less tolerant of professionals who have no repeatable approach to crypto basics, especially where HNW assets are involved. Bitzo's approach is to help you deliver a non-custodial coordination plan — security and continuity readiness without ever taking possession of client assets.

What to do now: a practical CP26/4 readiness checklist

1) Build a simple crypto 'service map' for your firm Document what you will and won't do: • Will you discuss exchanges, self-custody, or multisig at a high level? • Will you introduce specialist partners? • Will you document continuity plans (without holding keys)? Write it down, and align it with compliance language you already use: 'information only', 'not legal/financial advice', and 'client remains responsible for decisions'. 2) Add a crypto risk triage to onboarding and annual reviews Your first goal is not to 'get clever'. It's to identify whether crypto exists and whether it is a single point of failure. Minimum viable questions: • Do you hold crypto? Where? (Exchange / self-custody / mixed) • Who else knows it exists? • If you were unavailable tomorrow, who can act, and how? • Is there a documented process your executors can follow? 3) Make redress and jurisdiction part of client education CP26/4 highlights that complaints frameworks and Ombudsman access may depend on whether activities are carried on from a UK establishment, and that firms may need to clearly disclose whether Ombudsman access applies. Professionals should incorporate this concept in plain English: 'protections differ by provider structure; know what applies before a problem happens.' 4) Expect data and reporting requirements to grow CP26/4 describes baseline reporting at launch, followed by phased development of new returns over time. This signals a compliance maturity path: what is 'acceptable' at Day 1 will not remain acceptable. If your firm relies on external crypto providers for clients, you should expect more requests for evidence: provider due diligence, client disclosures, documented processes, and review cadences.

Where Bitzo fits for professionals

Bitzo is designed to be an extension of your professional relationship — not a replacement for it. • Non-custodial: we don't hold client crypto • Documented continuity: clear roles, steps, and escalation • Review-based: a repeatable cycle, not a one-off conversation • Professional-friendly: language and materials you can share with HNW clients Related reading: Security, Inheritance, How It Works, and For Advisers.

What CP26/4 proposes in detail

CP26/4 is the second part of the FCA's consultation on applying its Handbook to regulated cryptoasset activities. It builds on earlier consultations (CP25/14, CP25/15, CP25/25, CP25/40, CP25/41, CP25/42) and covers: • Consumer Duty (Principle 12 and PRIN 2A) — with supporting guidance in GC26/2 • Conduct of Business Standards (COBS) — fairness and transparency rules • Dispute Resolution (DISP) — complaints handling and access to the Financial Ombudsman • Credit for Crypto Purchases — restrictions on using credit to buy cryptoassets • Training and Competence standards • Senior Managers and Certification Regime (SM&CR) • Regulatory Reporting (SUP 16) • Cryptoasset Safeguarding requirements • Retail Collateral Treatment in Cryptoasset Borrowing • Location Policy Guidance The FCA plans to open its permissions gateway for firms to apply for cryptoasset authorisation in September 2026.

The permissions gateway

The FCA has confirmed it plans to open a gateway for firms to apply for cryptoasset permissions in September 2026. This means firms intending to conduct regulated cryptoasset activities in the UK will need to apply through this gateway. For professional firms (advisers, solicitors, accountants) who do not directly conduct cryptoasset activities but advise clients who hold crypto, the gateway matters because: • Providers you recommend or introduce clients to will need to be authorised • Due diligence on crypto service providers becomes a compliance requirement, not just best practice • Client conversations about protections, redress, and Ombudsman access become more concrete Firms already registered under the Money Laundering Regulations for crypto activities will need to transition to full FCA authorisation.

Consumer Duty and cryptoasset firms

CP26/4 proposes applying the Consumer Duty to cryptoasset firms. The accompanying guidance consultation GC26/2 explains how the Duty applies in practice. The Consumer Duty requires firms to deliver good outcomes for retail customers across four areas: products and services, price and value, consumer understanding, and consumer support. For crypto, 'good outcomes' must account for the specific risk profile: irreversible transactions, self-custody complexity, scam exposure, and the operational risks of incapacity or death. The FCA's guidance is issued under section 139A of FSMA and supplements (rather than replaces) existing rules. Professional firms should consider: are the crypto providers your clients use likely to meet Consumer Duty standards? If not, that is a risk your client relationship absorbs.

Conduct of business, complaints, and redress

CP26/4 proposes extending existing Conduct of Business Standards (COBS) to cryptoasset activities, covering: • Clear, fair, and not misleading communications • Appropriate disclosure of risks • Suitability and appropriateness assessments • Best execution requirements On complaints and redress, CP26/4 discusses how DISP (the Dispute Resolution sourcebook) would apply, including access to the Financial Ombudsman Service. The extent of Ombudsman access may depend on whether activities are conducted from a UK establishment. For professional firms, this changes the conversation with clients. You can start explaining that regulated crypto providers will have formal complaints processes and, in some cases, Ombudsman access — but the details depend on the specific firm and activity.

10-point checklist for professional firms

Use this checklist to prepare your firm for the evolving crypto regulatory landscape: 1. Map your firm's crypto exposure: which clients hold crypto, and what services do you provide around it? 2. Review provider due diligence: are the platforms and custodians your clients use planning to apply for FCA authorisation? 3. Update your compliance manual: add a section on cryptoasset activities and your firm's boundaries 4. Train relevant staff: ensure advisers, paralegals, and relationship managers understand the basics of crypto custody models and risks 5. Add crypto triage to onboarding: ask new clients whether they hold cryptoassets and how access is managed 6. Document your firm's position: clarify in writing what you will and will not do regarding crypto (information only, no custody, no financial advice) 7. Review professional indemnity coverage: check whether your PI policy covers crypto-related advisory activities 8. Prepare client communications: draft a clear, plain-English note explaining how regulation is developing and what it means for their holdings 9. Establish a continuity planning workflow: partner with a non-custodial specialist like Bitzo for documentation, verification, and recovery coordination 10. Monitor the consultation timeline: respond to CP26/4 by 12 March 2026 if relevant, and track the September 2026 gateway opening

For families and executors: why this matters

You do not need to read consultation papers. But you should know: • The UK is building a formal regulatory framework for crypto — protections will improve over time • Your executor may eventually be able to access formal complaints processes if a crypto provider fails during estate administration • None of this replaces the need for your own continuity planning — regulation protects against provider failure, not against lost keys or undocumented wallets • Document what exists, who can act, and how to verify identity before it matters Bitzo helps families and executors prepare for crypto probate UK scenarios now, while the regulatory framework develops. See our executors checklist (/insights/crypto-probate-uk-executors-checklist) for practical steps. Back to Insights

Frequently Asked Questions

Does CP26/4 mean all crypto is 'regulated' now?

No. It's a consultation on how the Handbook would apply to certain regulated cryptoasset activities as the regime develops.

Why should a solicitor or accountant care?

Because clients already assume you can coordinate sensible processes around documentation, continuity, and risk — especially at HNW level.

Will clients have Ombudsman access for every crypto-related complaint?

CP26/4 discusses circumstances and disclosure expectations; protections can depend on how and where activities are conducted.

Is this financial or legal advice?

No. This is general information; take regulated advice where appropriate.

What's the simplest action a firm can take this month?

Add a crypto triage question set to onboarding and annual reviews, and standardise what you say and what you do.

What is CP26/4?

It is the FCA's consultation paper proposing how the FCA Handbook would apply to firms conducting regulated cryptoasset activities in the UK.

When does the permissions gateway open?

The FCA plans to open the gateway for firms to apply for cryptoasset permissions in September 2026.

Do advisers need to apply for crypto permissions?

Only if your firm intends to conduct regulated cryptoasset activities directly. Non-custodial coordination and documentation services are not regulated activities under these proposals.

How does Bitzo help with CP26/4 readiness?

Bitzo provides non-custodial continuity planning — documentation, verification, and recovery coordination — that complements regulatory readiness without requiring custody or financial advice permissions.

Sources

Ready to plan your crypto inheritance?

Speak to our UK-based team about your situation. No obligation, no pressure.

Speak to us