Submit RFP

      November 2025

      To date, unbacked cryptoassets and fiat-backed stablecoins remain largely unregulated in the UK. However, by mid-2026 the UK plans to go-live on a full cryptoassets regulatory regime covering firms carrying out cryptoasset activities in the UK or providing cryptoasset activities to UK clients. 

      In the context of the UK government’s growth and competitiveness agenda and with the aim of developing a sustainable and competitive crypto sector, UK regulators are extending and adapting the existing regulatory regime of financial and operational resilience, and conduct requirements, rather than developing a separate, standalone regime.

      As it develops and defines the regime, the FCA has published several consultation and discussion papers, including CP25/25 "Application of FCA Handbook for Regulated Cryptoasset Activities" in September 2025. CP25/25 outlines the regulator’s proposals for the minimum standards with which firms carrying out cryptoasset activities will be required to comply. The paper includes the FCA’s proposals for financial crime, operational resilience and ESG, and details how the Senior Managers and Certification Regime (‘SM&CR’) would apply to firms carrying out cryptoasset activities.

      The SM&CR was introduced in the UK after the Global Financial Crisis and aims to create clear accountability, promote personal responsibility and improve firms’ conduct. The FCA considers that current market practices and recent cryptoasset industry incidents demonstrate the need for clear and appropriate apportionment of responsibilities and robust governance standards for cryptoasset firms.

      Senior Management functions for cryptoasset firms

      Within the SM&CR, Senior Management Functions (“SMFs”) are defined senior roles with key responsibilities which require regulatory approval.

      As the SM&CR is designed to be sector agnostic, the FCA is opting not to add any sector-specific SMFs for cryptoasset firms. Instead, they will be expected to designate the relevant existing SMFs. 

      The SMFs which are relevant to a cryptoasset firm will depend on whether it is dual- or solo-regulated and whether it is classified as a Core or Enhanced firm.

      Solo-regulated firms

      Solo-regulated firms are those regulated by only the FCA in the UK.

      Most cryptoasset firms are likely to be solo-regulated and will fall within the Core tier. These firms will be required to allocate up to 6 SMFs:

      SMF

      Title

      SMF1

      Chief Executive

      SMF3

      Executive Director

      SMF27

      Partner

      SMF9

      Chair

      SMF16

      Compliance Oversight

      SMF17

      		Money Laundering Reporting Officer (“MLRO”)

      Currently, only 1% of all authorised firms are Enhanced and most cryptoasset firms are likely to fall within the ’Core’ tier.

      If one or more of the following criteria applies, a firm will fall within the ‘Enhanced’ tier:

      • The firm is a CASS Large firm
      • The firm has Assets Under Management (AUM) of £50bn or more calculated as a three-year rolling average 
      • The firm chooses to “opt-up” from Core to Enhanced.

      In addition to the 6 SMFs that apply to Core firms, Enhanced cryptoassets firms will be required to allocate up to 11 additional Senior Management Functions SMFs where relevant.

      SMF

      Title

      SMF 2

      Chief Finance Function

      SMF4

      Chief Risk Function

      SMF5

      Head of Internal Audit

      SMF7

      Group Entity Senior Manager

      SMF10

      Chair of the Risk Committee

      SMF11

      Chair of the Audit Committee

      SMF12

      Chair of the Remuneration Committee

      SMF13

      Chair of the Nominations Committee

      SMF14

      Senior Independent Director

      SMF18

      Other overall responsibility

      SMF24

      Chief Operations Function

      Dual-regulated firms

      Dual-regulated firms are those regulated by both the FCA and PRA. 

      While most cryptoasset firms are likely to be solo-regulated by the FCA, those carrying out lending/borrowing and deposit taking might also come under PRA oversight.

      Firms which are already dual-regulated for the purpose of carrying out other activities and are seeking authorisation to carry out cryptoasset activities will continue to be required to comply with the applicable requirements for dual-regulated firms.

      Certification requirements for cryptoasset firms

      A certified function is one performed by employees who could pose a risk of significant harm to a firm or its customers. The Certification Functions are defined in the FCA Handbook, but the FCA does not approve people for these functions.

      It should be noted that HM Treasury consulted early in 2025 on removing the Certification Regime from legislation in an effort to reduce regulatory burden throughout financial services . However, prior to these changes being confirmed, firms dealing in cryptoassets as agent and firms arranging deals in cryptoassets will be required to certify the relevant employees carrying out these activities under the ‘client dealing’ certification function.

      The existing ‘proprietary trading’ certification function will be updated to cover dealing in cryptoassets as principal and issuing qualifying stablecoins in the UK.

      The regulator will consult further on whether cryptoasset firms will be subject to the existing ‘algorithmic trading’ certification function .

      Implications

      Once the regime is in force, firms carrying out cryptoasset activities in the UK or providing cryptoasset activities to UK clients will be required to have full authorisation from the FCA and have in place systems and controls to meet their various obligations, including the compliance with SM&CR as appropriate. 

      Traditional FCA-regulated financial services firms will already have implemented the SM&CR and there will likely be no material changes required. However, where these firms are extending their offering to include crypto activities, a review to ensure relevant staff are duly certified will be required. 

      Crypto-native firms will need to assess whether they are Core or Enhanced based on the criteria, determine which SMFs are relevant and submit their candidates for authorisation. These firms will also need to define and implement a robust certification process so that staff who perform client dealing and proprietary trading are duly certified. 

      How KPMG in the UK can help

      KPMG professionals have extensive experience helping firms understand and apply the SM&CR and can help with:

      • Clarifying roles and responsibilities by mapping the SM&CR functions to crypto business models and defining clear accountability statements.
      • Helping executives to understand their responsibilities under SM&CR and prepare for regulatory interviews
      • Building a proportionate governance framework by designing/refining committees, reporting lines and escalation paths to align with the new SM&CR expectations.
      • Developing practical and workable SM&CR processes such as certification, conduct-rules training, regulatory referencing and reasonable-steps documentation.
      • Embedding the regime operationally by helping crypto firms integrate SM&CR into policies, workflows, HR tech systems and day-to-day oversight routines.

      Related content

      Providing pragmatic and insightful intelligence on regulatory developments.
      Read more

      The digitalisation of the financial sector continues.
      Read more

      Exploring opportunities and challenges in a rapidly changing sector.
      Read more

      Our people

      Maxim Lewis
      Maxim Lewis

      Director, Risk and Regulatory Transformation

      KPMG in the UK

      James Lewis
      James Lewis

      Partner, Banking Risk

      KPMG in the UK

      Kate Dawson
      Kate Dawson

      Wholesale Conduct & Capital Markets, EMA FS Regulatory Insight Centre

      KPMG in the UK