UK crypto regulation

Use Sumsub to make crypto compliance a breeze.

In June 2023, the UK government published an amended Financial Services and Markets Act 2000 (Financial Promotion) Order (FPO), which brings qualifying crypto assets within the scope of the financial promotion regime.


The following is a list of definitions used in this article:

  • Registered person. A person who is a crypto asset exchange provider or a custodian wallet provider, included on the register maintained by the FCA and is not an authorized person.
  • Authorized person. A person who is authorized and has permission to carry on one or more regulated activities.
  • Financial promotion. An invitation or inducement to engage in investment activity. It can take many forms, including adverts placed in print, broadcast, or online media, marketing brochures, emails, websites, apps, or social media posts. Invitations or inducements to engage in the following activities in relation to crypto assets are within the scope of the financial promotions regime:
    • dealing in securities and contractually based investments;
    • arranging deals in investments;
    • managing investments;
    • advising on investments;
    • agreeing to carry on specified kinds of activity.
  • Crypto asset. Any cryptographically secured digital representation of value or contractual rights that can be transferred, stored, or traded electronically and uses the technology supporting the recording or storage of data (which may include distributed ledger technology). A crypto asset does not fall within the "qualifying crypto asset" if it is a controlled investment such as:
    • electronic money;
    • fiat currency;
    • digitally issued fiat currency or a crypto asset that cannot be transferred or sold in exchange for money or other crypto assets except by way of redemption with the issuer and can only be used in a limited way and meets one of the following conditions—it allows the holder to acquire goods or services only from the issuer;
    • a professional issuer issues it and allows the holder to acquire goods or services only within a limited network of service providers which have direct commercial agreements with the issuer or it may be used only to acquire a very limited range of goods or service.

Regulatory requirements

The central requirement of the financial promotion rules is that financial promotions must be fair, transparent, and not misleading.

To comply with the existing requirements of the financial promotion regime, firms will need to conduct due diligence on both the crypto asset or crypto asset service they are promoting (or about which they are approving promotions), and any claims made in the promotion.

In conducting due diligence for a particular crypto asset, a firm needs to consider (amongst other things):

  • The authenticity and accuracy of the proposition in the relevant promotion.
  • The steps necessary to ensure the cryptoasset is not linked to fraudulent activity, scams, money laundering, or other financial crimes.
  • The operational or technological risks.
  • Understanding the environmental, social, and governance risks associated with the cryptoasset.
  • Conducting relevant legal and compliance checks.

When working with financial promotions, a firm may need the tools that offer the following:

  • Clear risk warnings. Standard risk warnings should be included on all financial promotions for Restricted Mass Market Investments and Non-Mass Market Investments.
  • Banning incentives to invest. FCA proposed banning financial promotions for high-risk investments from offering monetary or non-monetary benefits that incentivize investment activity, such as ‘refer a friend’ or new joiner bonuses.
  • Cooling-off period. FCA proposed a minimum 24-hour cooling-off period for first-time investors with a firm. Personalised risk warning pop-up. FCA proposed introducing a personalized risk warning pop-up (or equivalent) for first-time investors with a firm.
  • Client categorisation. Before a DOFP can be made concerning an RMMI, the consumer must be categorized as a Restricted, High Net Worth, or Certified Sophisticated investor.
  • Appropriateness assessments. Before an application or order for an RMMI can be processed in response to a DOFP, the firm must assess the specific RMMI that is appropriate for the consumer.
  • Records keeping. FCA proposed that firms should record various metrics throughout the consumer journey.

When will be enforced and where?

From 8 October 2023, all firms marketing crypto assets to UK consumers, including overseas firms, must comply with the financial promotion regime.



The financial promotions do not need to be specifically directed at UK consumers to be capable of having an effect in the UK.

Suppose a UK consumer can access and respond to cryptoasset promotions to engage in cryptoasset activities through websites, apps, and/or social media. In that case, those promotions will likely have an effect in the UK. So, the regulation applies regardless of the firm's location, making the promotion, or who it was primarily aimed at.

Who is affected?

The regime applies to all firms (registered and authorized persons) marketing cryptoassets to UK consumers, including firms based overseas.

Why it matters?

As many crypto asset firms operate internationally, the regime can challenge UK firms to ensure that associated entities in a global group structure do not inadvertently breach UK regulations by promoting to UK consumers.

How to address with Sumsub

Sumsub provides technical solutions that help its clients' compliance teams comply with the regime, including:

  • A fully customizable questionnaire can be used to collect the data or documents on the customers' employment or source of wealth, or to determine the customers' professional experience or knowledge.
  • KYC, AML, and sanctions screening tools, etc.
  • A personalized pop-up as required by regulation.
  • A customizable list of countries a client does not accept for verification by the Sumsub solution (for the companies that are not ready to work with UK residents yet).

How it works

The following is a sequence of verification steps:

  1. The applicant registers for your service. The 24-hour countdown timer should be activated on your website to provide for the Cooling-off period.
  2. Registration triggers the standard KYC flow involving the questionnaire required by your regulator. Usually, such a questionnaire collects data related to the applicant’s income and investment abilities, including their annual income and the amount to be spent on what is defined as high-risk investments during the year.
  3. The applicant fills in the first questionnaire.
  4. Sumsub automatically approves the applicant and sends a webhook notification to you.
  5. Sumsub calculates their spending limit based on the data from the questionnaire. If the applicant fails to answer the questions or provides the answers that make their spending limit zero, they are prohibited from initiating crypto investments (this information needs to be updated at least once a year).
  6. The remaining KYC and AML checks are performed.
  7. The applicant initiates a crypto transaction.
  8. The transaction amount is compared against their limit. If the limit is exceeded, they are prohibited from making crypto investments. If the limit is not exceeded, the applicant is offered to fill in the second questionnaire.
  9. The applicant fills in the second questionnaire. Usually, such a questionnaire checks the applicant’s knowledge about the coin they want to buy. So, the questions you enter would depend on the asset in question.
  10. Sumsub calculates their risk score based on the number of mistakes in the questionnaire. Any score different from 0 means the applicant made at least one mistake.
  11. If the applicant succeeds, they are allowed to buy crypto assets. So, the standard transaction monitoring flow is triggered. If the applicant fails, the 24-hour countdown timer should be activated on your website to provide for the Cooling-off period.
  12. Sumsub checks the transaction and the applicant’s spending limit is updated, depending on whether the transaction was approved and fulfilled or not.