FCA crypto financial promotions: a practical checklist for UK professionals

A practical guide for UK professionals on FCA crypto financial promotions, compliant wording, risk boundaries and process controls — without custody.

Introduction

Crypto conversations in professional services usually start the same way: a client mentions they hold 'a bit', asks whether it should be documented, or wants to know how to protect it. The problem is that many firms either refuse the topic entirely or drift into informal guidance that creates risk. A safer approach is to treat crypto as you would any other specialist exposure: define boundaries, standardise process, and keep communications clear. This article is not legal advice. It is a practical framework that helps professional firms reduce risk while still supporting clients.

Why crypto conversations create disproportionate risk

Crypto risk for professional firms is rarely about intent. It's about ambiguity: • A client interprets general information as a recommendation • A well-meaning team member shares 'what they would do' • A firm ends up too close to execution (introducing vendors, facilitating transfers, receiving secrets) • Marketing language drifts into outcomes, performance, or certainty This is where regulatory and reputational risk accelerates.

The FCA concept that matters most in day-to-day practice

You do not need to become a crypto firm to support clients. You do need to understand that crypto marketing and promotions are sensitive, and UK expectations focus heavily on fair, clear and not misleading communication. Even if you are not directly publishing crypto promotions, your firm's website copy, brochures, referral emails, and internal scripts can create unintended exposure if they imply: • guaranteed outcomes • 'safe returns' • certainty about recoverability • custody-like responsibility • performance language

A 'safe lane' for professionals: what you can do confidently

Here is the cleanest positioning for most professional firms: • You support process and documentation • You support security and continuity readiness • You help clients avoid single points of failure • You do not recommend specific assets • You do not take custody • You do not handle private keys or seed phrases That combination is powerful and defensible.

The compliant language pattern that keeps you out of trouble

When discussing crypto exposure, use these principles: • Speak about risk and process, not returns • Use conditional phrasing ('may', 'can', 'often') • Avoid certainty ('will', 'guaranteed', 'safe') • Anchor to client goals (continuity, documentation, clarity) • Repeat the custody boundary (you never hold crypto) Example wording you can use: • 'We can help you put a documented plan in place for security and inheritance readiness, without us taking custody.' • 'Crypto access can be lost if the access method isn't documented. Our role is to reduce that risk through a structured process.' • 'This is information about planning and documentation, not investment advice.'

Your internal controls checklist (what to implement)

1) A one-page 'crypto boundary' policy Your team should have a clear internal rule-set: • Never accept or store seed phrases, private keys, or recovery codes • Never ask clients to send screenshots of secrets • Never perform or instruct transfers in real time • Never hold devices 'temporarily' • Never act as an intermediary for 'recovery services' If your firm ever needs to view a client wallet for identification purposes, keep it strictly observational and ensure it does not involve any secret data. 2) A standard intake form Treat crypto like any other asset class where access matters. Capture: • Where assets sit (exchange, self-custody wallet, multisig) • Which devices are involved • Whether anyone else can act (trusted contact, spouse, executor) • Whether a continuity plan exists • Whether there is a review cadence You are building a risk map, not a trading thesis. 3) A 'handover' and incapacity workflow Most client harm happens during life events. Your workflow should cover: • What happens if the client loses access • What happens if the client is incapacitated • What happens on death (who does what first, and what evidence is required) • How disputes are handled (especially in blended families or business partnerships) 4) Approved phrases for staff Create a short list of approved statements and disallowed statements. Approved: process, documentation, security hygiene, continuity Disallowed: 'safe', 'guaranteed', 'we'll recover it', 'we'll manage it', 'we'll hold it' 5) Evidence trail Document what was offered, what was accepted, and what was declined. If a client refuses to implement continuity steps, record that too.

The Bitzo-friendly approach: coordination without custody

Bitzo fits the safer lane: it is a coordination layer that helps clients and professionals build a documented, repeatable plan without custody. That matters because custody is where liability and operational risk spike. Learn more about our approach at How It Works or explore our adviser programme.