FSMA and cryptoassets in 2025: what is in scope, what is not, and what changes next

A plain-English guide to how FSMA and UK policy is pulling crypto towards financial services standards and what advisers should do about the operational risk.

Introduction

UK crypto regulation can feel like a moving puzzle with different regimes, different definitions, and a lot of confusion between registered, authorised, and allowed to promote. This guide explains how FSMA-era changes and UK policy are shaping the crypto framework and why the key adviser question is often operational: Will this be recoverable when it matters? Non-custodial coordination. Not financial advice. Back to Insights: /insights

The problem FSMA is trying to solve

Crypto activity expanded faster than consumer protections. UK policy has been moving towards bringing crypto-related activities closer to the expectations applied across financial services: clearer promotions, stronger governance, and fewer grey areas that allow harm. The direction is consistent with broader financial services regulation: protect consumers, improve transparency, and create accountability for firms operating in this space.

Three separate questions professionals must keep distinct

Question 1: Can a firm legally market crypto to UK consumers? The FCA has actively increased interventions on financial promotions and taken action against illegal crypto promotions. Firms are expected to learn from published good and poor practice and raise standards. Question 2: Is the activity inside the full regulatory perimeter? Some activity is already captured by specific rules, while the broader perimeter continues to develop through policy and secondary legislation. Question 3: Even if it is allowed, is it operationally safe? Clients can still lose everything through access failure, evidence gaps, and scams. These are problems regulation alone cannot solve.

Why this matters for advisers and professional firms

Key risks professionals should understand: 1. Client communications risk: clients often misunderstand what regulated means 2. Complaint risk: unclear promotions and unclear pathways after incidents become disputes 3. Estate risk: executors can be left with no way to act, even where assets exist 4. Tax risk: missing records create cost and delay later These risks are operational in nature and require proactive planning rather than reactive responses.

What Bitzo changes

Bitzo sits where the real-world failures happen: operational recoverability and professional coordination without custody. What we provide: 1. Documented recovery workflows and next steps 2. Verified contacts across the client professional network 3. Evidence packs that reduce delays and disputes Learn more at /how-it-works (How It Works), /security (Security), /inheritance (Inheritance), and /advisers (For Professionals).

Quick checklist

How to be crypto-ready without custody: 1. Define scope: are you giving operational guidance, tax or accounting support, legal structuring, or all three? 2. Map the custody model (exchange vs self-custody vs multisig) 3. Create an evidence baseline (platforms, devices, identifiers, trusted contacts) 4. Plan for death or incapacity day one: who does what, in what order 5. Pre-brief on scams, especially recovery scammers 6. Identify all wallet types and access methods 7. Document escalation procedures 8. Schedule periodic reviews

Next steps

Ready to help clients with crypto planning? Explore our adviser programme at /advisers or book a call at /book. Related reading: /insights/crypto-recovery-scams-uk and /insights/crypto-security-uk-checklist Back to Insights: /insights