ARTICLE
15 July 2025

The FCA's Proposed Regime For Custody Of Cryptoassets

AG
Addleshaw Goddard

Contributor

Addleshaw Goddard logo

Addleshaw Goddard is an international law firm, almost 250 years in the making. We're trusted by over 5000 organisations, including 50 FTSE 100 companies, to solve problems, deliver deals, defend rights, comply with regulations and mitigate risk. Our work spans more than 50 areas of business law for clients across multiple industries in over 100 countries worldwide. And while the challenges our clients bring us may vary, we approach and solve them with the same, single-minded focus: finding the smartest way to achieve the biggest impact.

Explore Firm Details
CP25/14 forms part of a broader series of FCA consultations to establish a comprehensive UK regulatory framework for cryptoassets.
United Kingdom Technology
Grace Wyatt,Lisa Lee Lewis,Douglas Orr
+2 Authors

Context:

CP25/14 forms part of a broader series of FCA consultations to establish a comprehensive UK regulatory framework for cryptoassets.

What is CP25/14:

While CP25/14 also covers stablecoin issuance, this part of the consultation focuses on the safeguarding of qualifying cryptoassets and their means of access, such as private keys. It adapts the FCA's Client Assets Sourcebook (CASS) principles to the specific risks and structures of crypto custody.

Aims of the Proposed Regime:

  • Mitigate risks of consumer harm, asset loss, and market disruption.
  • Align custody practices with traditional finance via adapted CASS-style protections.
  • Supporting innovation while maintaining robust standards for consumer and market protection.
  • Ensure clear records and trust structures are in place to evidence and protect client ownership rights.

WHAT IS CRYPTOASSET CUSTODY?

Definition:

Cryptoasset custody refers to the holding or safeguarding of qualifying cryptoassets – or the means of access to them (such as private keys) – on behalf of clients.

Key Features of Cryptoasset Custody:

  • Involves taking control over a client's cryptoassets.
  • Ownership rights may exist on-chain or off-chain.
  • No central registry or formal system for verifying ownership (unlike in traditional securities markets).
  • Frequently offered through vertically integrated platforms, such as exchanges that also provide custody services.

Common Custody Models:

  • Self-Custody: The user controls their own cryptoassets using a hardware or software wallet. They retain sole control of the private key or seed phrase – without relying on a third party.
  • Third-Party Custodian: A dedicated firm authorised to hold and safeguard cryptoassets on a client's behalf. The custodian assumes responsibility for key security, access, and operational controls.
  • Custody via Trading Platforms: Many centralised exchanges also offer custody services. Assets are pooled and tracked off-chain via an internal ledger, with entitlements allocated per client. This model often lacks on-chain segregation and may carry additional risk in insolvency scenarios.

KEY PROPOSALS FOR CRYPTOASSET CUSTODY

Safeguarding Clients' Rights

  1. Authorisation under FSMA: Firms conducting custody of qualifying cryptoassets must be authorised by the FCA under FSMA.
  2. FCA Supervision and Enforcement: Custody will be subject to ongoing FCA supervision. Firms must maintain compliance with safeguarding obligations, or risk enforcement action for failures in segregation, record-keeping, or client asset protection.
  3. Segregation of Client Assets: Firms must segregate client cryptoassets from their own to ensure clear ownership and insolvency protection. Both individual and omnibus wallets are permitted for holding client assets, with internal records required to track client entitlements.
  4. Non-Statutory Trust Requirement: Firms must hold client assets as a bare trustee under a non-statutory trust. They must ensure the correct amount of qualifying cryptoassets is held for the right clients at all times.
  5. Record-Keeping Obligations: Firms must maintain accurate, up-to-date books and records that clearly evidence client ownership – independent of blockchain data.
  6. Flexible in Trust Structures: Firms can choose a trust model aligned with their business needs, including either separate trusts per client or a single omnibus trust.

KEY PROPOSALS FOR CRYPTOASSET CUSTODY

Recording of Clients' Holdings

  1. Accurate Books and Records: Firms must maintain client-specific records, independently of blockchain data, to evidence ownership. At all times, firms must be able to identify:
    • Type of Qualifying Cryptoasset – what type of cryptoasset is held.
    • Quantity Held – the exact number of units of the cryptoasset held per client.
    • Blockchain Address – where the qualifying cryptoasset is located.
    • Client's Legal Interest – e.g., beneficial ownership under a trust.
    • Third-Party Access – details of any third parties able to control or move the cryptoasset.
  2. Reconciliations: Firms must carry out daily reconciliations between their internal records, on-chain wallet data, and any third-party custodian records to ensure client holdings are accurately maintained. Where reconciliation requirements are not met, or discrepancies canoe be resolved promptly, firms must notify the FCA without undue delay.
  3. Auditability and Oversight: Firms must ensure that records and reconciliation processes are auditable and transparent, enabling effective oversight by internal compliance and external regulators. The FCA expects firms to maintain systems capable of evidencing how client holdings are tracked and safeguarded over time.
  4. Technology and Systems Readiness: Firms must implement robust, resilient systems that support secure custody, real-time record accuracy, and timely reconciliation. Technology must be fit for purpose, scalable, and capable of demonstrating compliance with regulatory obligations.

KEY PROPOSALS FOR CRYPTOASSET CUSTODY

Other Key Safeguarding Requirements

Organisational Controls and Governance

  • Policies and Procedures: Firms must establish and maintain robust organisational arrangements, including policies and procedures designed to minimise the risk of loss, theft, or mismanagement of client cryptoassets. These arrangements must be reviewed regularly to ensure they remain effective.
  • Private Key Management: Firms are expected to implement controls for the secure generation, storage, and handling of private keys. This includes maintaining key-mapping records, using secure back-up protocols, and adopting up-to-date wallet management strategies to reduce risk of compromise.
  • Third-Party Safeguarding: Where custody arrangements involve third parties, firms must:
    • Conduct due diligence on counterparties
    • Ensure arrangements are in the client's best interest
    • Maintain written agreements covering liability, segregation, and notification obligations.
  • Responsibility and Oversight: Firms remain fully responsible for compliance with custody requirements, even where functions are outsourced. They must establish oversight mechanisms to monitor third-party performance and ensure adherence to safeguarding standards.

WHAT'S NEXT: FUTURE FCA CONSULTATIONS

The FCA will continue shaping the UK's cryptoasset custody regime through further consultations between late 2025 and Q1 2026. These proposals will expand on CP25/14 and form part of upcoming papers on Trading Platforms, Intermediation, Lending and Staking, and Conduct of Business and Firm Standards.

Key Areas Under Consideration
  • Reuse of Cryptoassets: Potential restrictions on custodians using client assets for activities such as staking, collateralisation, or lending, building on feedback to DP 25/1.
  • Custody at Exchanges: Reviewing whether centralised exchanges should separate custody functions into distinct legal entities to mitigate conflicts of interest and improve asset segregation.
  • Audit and Reporting Requirements: Proposal to require annual audits of cryptoasset custody arrangements, mirroring CASS obligations.
  • Regulatory Reporting: The FCA is exploring whether qualifying cryptoasset custodians should be required to submit monthly Client Money and Asset Returns (CMAR).
  • Client Disclosure and Statements: Evaluating mandatory disclosures of wallet structures and notification of charges. The FCA has provisionally rules out requiring Proof of Reserves at this stage.
  • CASS Oversight Officer: Proposal to mandate appointment of an oversight officer responsible for cryptoasset safeguarding compliance.
  • Application of Client Money Rules: Consultation on applying CASS 7 rules to qualifying cryptoassets to enhance protection for client money linked to custody services.
  • Liability for Loss of Cryptoassets: Rules will clarify when custodians (or third parties) are liable for loss or diminution of client cryptoassets, aligning with HM Treasury's draft legislation.

1650582a.jpg

WHAT'S THE TIMELINE – AND WHAT TO WATCH FOR

The FCA's consultation on CP25/14 closes on 31 July 2025. Final rules are expected in 2026, to allow alignment with feedback from upcoming consultations on trading platforms, intermediation, staking, and conduct rules.

Once finalised, the custody regime will be implemented through changes to the Client Asset Sourcebook (CASS) and a new Cryptoasset Sourcebook (CRYPTO) – a dedicated FCA rulebook for digital assets.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Grace Wyatt
Grace Wyatt
Photo of Lisa Lee Lewis
Lisa Lee Lewis
Photo of Paul Anderson
Paul Anderson
Photo of Douglas Orr
Douglas Orr
Person photo placeholder
Isabel Lu
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More