Market Abuse Regulation for Cryptoassets

February 2026

Over the course of 2025 and into 2026, the FCA published a series of Consultation Papers outlining its proposed rules for the cryptoassets regulatory regime, set for go-live in October 2027. These proposals are underpinned by the principle of “same risk, same regulation” whereby the regulator has taken the approach of applying existing regulation and adapting it in some places to address the specific nature of cryptoactivities.

In December 2025, the FCA published CP25/41 Market Abuse Regime for Cryptoasset Activities (MARC) which, in form and function, largely mirrors the traditional finance equivalent UK Market Abuse Regulation (UK MAR).

This article outlines the key proposals for MARC and highlights the systems and controls which cryptoassets firms will need so that they are adequately detecting and preventing market abuse.

Scope and application

MARC applies where a cryptoasset has been admitted to trading on a Crypto Asset Trading Platform (‘CATP’), irrespective of whether market abuse behaviours take place in the UK or overseas – consistent with UK MAR. It introduces requirements for Cryptoasset Issuers, Offerors and CATPs as well as for Intermediaries.

MARC relies on the same non-exhaustive list of abuse behaviours outlined in UK MAR These include:

Insider dealing; occurs when a person uses inside information to acquire or dispose of financial instruments to which that information relates, for their own account or a third party's.
Unlawful disclosure of inside information; occurs when a person possessing inside information discloses it to another, unless such disclosure is made in the normal exercise of their employment, profession, or duties.
Market manipulation; involves transactions, orders to trade, or other behaviour that gives false or misleading signals about the supply, demand, or price of a financial instrument, or secures the price at an abnormal or artificial level.

MARC also outlines “legitimate market practices”, sometimes referred to as “safe harbours”, which recognise that some activities can legitimately support effective price information and market efficiency when undertaken for legitimate reasons and in ways which reduce the risk of market abuse. In the traditional finance context, under UK MAR, this includes activities such as market sounding. Under MARC, these activities are:

Coin burning: the process of removing cryptoassets from circulation, thus reducing the number of cryptoassets available, and;
Crypto-stabilisation: the measures taken to support the price of a cryptoasset often during its initial or secondary coin-offering to reduce volatility.

Requirements for Issuers, Offerors and CATPs

The FCA proposes that Issuers, Offerors and CATPs will be responsible for disclosing inside information which directly concerns them.

Examples of such information include:

Information about admission or removal of cryptoassets
Information about the viability or instability of a given stablecoin
Non-public information about code vulnerabilities
Additional guidance in the form of a non-exhaustive list is found in CRYPTO 4.3

This information can be disseminated via a firm’s website, actively disseminated through other appropriate channels such as news outlets and social media and should be uploaded as soon as possible on an FCA-owned repository such as the National Storage Mechanism (‘NSM’).

The FCA expects for the information to be provided as soon as possible, unless this is likely to harm a firm’s legitimate interests. In such cases, disclosure may be delayed as long as this is not likely to mislead the public and the confidentiality of the information is adequate.

The details required for insider lists closely mirror those in traditional finance and proposed templates are available in CRYPTO4.12. At minimum, insider lists must include:

Identity of individuals with access to inside information (include full name, date of birth, telephone number, ID number and home address)
Reason for access to the inside information
Date and time the individual obtained and (if relevant) ceased to have access to the information

Systems and controls requirements for CATPs and Intermediaries

Until the introduction of the cryptoassets regime, firms undertaking activities have not been required to consider market abuse as part of their systems and controls, however CATPs and Intermediaries seeking FSMA-authorisation will need to begin to implement the requisite systems and controls to prevent, detect and monitor market abuse.

A summary of the requirements for CATPs and Intermediaries is outlined in the below table:

Category	CATP requirements (outlined in CRYPTO 4.7)	Intermediary requirements (outlined in CRYPTO 4.8)
Surveillance on application for admission to trading	Monitoring activities and communications relating to qualifying cryptoassets that are subject to an application for admission to trading to detect market abuse.	N/A
Surveillance of orders and transactions	Monitoring all orders received and transmitted as well as trading activities executed on the trading platform to detect market abuse.	Monitoring all orders received and transmitted as well as transactions executed.
Notification of suspicious orders	Receiving and assessing notifications of suspicious orders from intermediaries.	Assessing whether to notify a CATP of suspicious orders and transactions.
Prevention and disruption	Preventing and/or disrupting market abuse activity.	Preventing and/or disrupting market abuse activity.

The specific systems and controls that all CATPs and intermediaries will be required to have in place as a minimum to prevent, detect and disrupt market abuse include:

Personal account dealing arrangements and internal rules on personal account dealing for employees
Information barriers that limit access employees have to client orders
Employee training on market abuse
Record-keeping and audit arrangements
Contractual or other agreements with clients which would allow the firm to disrupt activities which they identify as abusive
For CATPs only, there are platform specific rules to disrupt abusive activity, including the ability to halt or suspend trading, warn users, restrict the activities of users and remove relevant qualifying cryptoassets
To aid in detecting and deterring cross platform market abuse, CATPs with £10 million annual average revenue (Large CATPs) there is a requirement to participate in cross-platform information sharing.

Applying lessons learned from UK MAR

While there are some differences between the MARC and UK MAR, most notably, the differences in legitimate market practices and inside information disclosure requirements. Firms which will be captured by MARC should draw on the lessons learned from the implementation of its more mature counterpart.

The findings from the FCA’s 2018 review of the implementation of MAR present a useful touch-point as firms ready themselves to comply with MARC:

Complying is more than adhering to a set of prescriptive requirements and has been described by the FCA as ‘a state of mind’; the spirit of the regulation should be considered in addition to the explicit rules
Effective compliance includes being able to demonstrate that risk assessments are calibrated to the markets and asset classes at play
The list of behaviours is neither exhaustive nor determinative; market participants must exercise their own judgment when assessing potentially manipulative behaviours by taking into account the characteristics of the financial instruments and markets they are operating in
Good record-keeping is key to gaining protection when partaking in one of the “legitimate market practices”. The use of recorded lines is implement effective compliance in this area
Everyone has an obligation to identify when they are in possession of inside information and to control it
Insider lists are important tools for regulators when investigating possible market abuse and the FCA attaches importance to receiving the mandated template in a complete and timely fashion

Implications and next steps

CATPs, Issuers, Offerors and Intermediaries preparing to seek FSMA authorisation should assess the requirements and begin to implement the necessary processes, systems and controls to comply with MARC.

Conversely, firms which are already FSMA-authorised and are seeking a variation of permission should consider how their existing processes, systems and controls may need to be uplifted, such as updates to insider list templates and adjustment to PAD policies.

The FCA has noted that it is not currently feasible to deliver the same regulatory outcomes through MARC for crypto market abuse as MAR does for financial instruments due to the unique features of the cryptoasset market. So, it is likely that further requirements may be added to MARC by the FCA as the market evolves.

How KPMG in the UK can help

KPMG professionals have extensive experience helping firms understand and apply Market Abuse regulation, please contact Dharam Shah and Kate Dawson for assistance with preparing for any aspects of MARC.

Glossary

Issuers: An entity that originates and makes available a qualifying crypto-asset.

Offerors: Any person or undertaking, including the issuer, who presents crypto-assets to the public.

CATPs (Crypto Asset Trading Platforms): A platform where users can buy, sell, or trade crypto-assets, serving a function similar to traditional trading venues.

Intermediaries: An entity that facilitates transactions and manages digital assets on behalf of others. This includes firms dealing or arranging deals in qualifying crypto-assets.