06 October 2025
Towards late September and early October 2025, significant regulatory actions occurred concurrently in the UK and India. On 17 September 2025, the UK Financial Conduct Authority (“FCA”) released its comprehensive consultation paper CP25/25 on applying FCA Handbook provisions to regulated crypto-asset activities. Simultaneously, on October 1, 2025, India’s Financial Intelligence Unit (“FIU-IND”) initiated enforcement actions against offshore Virtual Digital Asset Service Providers (“VASPs”) under the Prevention of Money Laundering Act (“PMLA”) framework.
These developments mark a critical juncture, highlighting both convergent international principles and divergent domestic enforcement approaches. Both jurisdictions adhere to globally recognised regulatory principles established by the Financial Stability Board (“FSB”), specifically the core principle of comprehensive regulation proportionate to risk, consistent with the “same activity, same risk, same regulation” approach.
The UK is preparing for forthcoming legislative changes that will expand the regulatory scope. Its strategy is prospective and comprehensive, prioritising legal certainty, shifting from a focus primarily on anti-money laundering (“AML”) and financial promotions toward a more comprehensive framework encompassing governance, operational resilience, conduct standards, and consumer protection. The forthcoming Regulatory Activities Order (“RAO”) amendments and Payment Services Regulations (“PSR”) revisions will expand the regulatory scope to include crypto-asset activities “in or to” the UK. Functions such as issuance, distribution, and custody may fall within UK regulations without local incorporation.
The FCA’s CP25/25 consultation spans from September to October 2025. Final rules are anticipated in late 2025 or early 2026. Parallel Bank of England (BoE) consultations on systemic stablecoins are expected through late 2025, aiming for phased implementation completion by 2026. The Bank of England (“BoE”) and Prudential Regulation Authority (“PRA”) oversee systemic stablecoins due to potential impact on financial stability. Systemic stablecoins face prudential capital and liquidity requirements beyond the FCA’s scope. The BoE consultation on a systemic stablecoin regime is expected to include transitional holding limits for issuers. Settlement assets underpinning stablecoins must maintain high liquidity and operational readiness.
The FCA reopened retail access to crypto ETNs on 31 July 2025, with the launch date for retail investors set as 8 October 2025. ETNs are available only on Recognised Investment Exchanges (“RIEs”). Issuers must comply with FCA Handbook rules, including Regulatory Minimum Margining Requirements (“RMMI”), risk warnings, and investor appropriateness testing.
The FCA’s CP25/25 framework is founded on the principle of “same activity, same risk, same regulatory outcome,” ensuring that crypto-asset firms meet standards comparable to those of traditional authorised financial services firms.
Key components of the framework detailed in CP25/25 include:
Expanded Regulatory Perimeter: All firms conducting regulated crypto-asset activities must obtain FCA authorisation, irrespective of any existing Money Laundering Regulations registration. Regulated activities specifically include operating qualifying crypto-asset trading platforms, issuing qualifying stablecoins, intermediation, safeguarding, specified investment crypto-assets, and staking services.
Governance and Accountability (SM&CR): The Senior Managers & Certification Regime (SM&CR) will be fully applicable from day one. This requires designated senior managers to be FCA-approved and to hold clear personal responsibility for key areas, such as compliance and technology.
Operational Resilience (SYSC): The application of the Systems and Controls Sourcebook (SYSC) introduces comprehensive requirements for operational resilience. Firms must identify critical business services, set precise impact tolerances, and regularly test their ability to remain within these limits through scenario planning (e.g., cyber-attacks). Firms must also specifically address risks unique to crypto-assets, such as private key security, code vulnerabilities, validator risks, and decentralised network disruptions.
Consumer Protection and Market Conduct (COBS): The proposed extension of key provisions from the Conduct of Business Sourcebook (COBS) requires regulated firms to comply with standards equivalent to those in traditional finance. This includes acting honestly and fairly, providing clear communications, categorising clients, and assessing appropriateness for retail customers. The FCA is consulting on applying the Consumer Duty to regulated activities involving crypto-assets.
India escalated its enforcement approach, characterised as retrospective and enforcement-focused, prioritising immediate risk mitigation. On October 1, 2025, FIU-IND issued notices under Section 13 of the PMLA to 25 offshore VDASPs. Targeted platforms included Huione (Cambodia), Paxful (United States), CEX.IO (US/UK), LBank (BVI), and BitMex (Seychelles). This demonstrates India’s extraterritorial reach in applying its anti-money laundering framework to entities serving Indian users, regardless of physical presence.
VDASPs were brought under the AML/CFT framework in March 2023. This framework requires VDASPs operating in India (offshore and onshore) must register with FIU-IND as Reporting Entities if engaged in activities such as exchange, transfer, or safekeeping of virtual digital assets. Obligations are activity-based and not contingent on physical presence. To date, 50 VDA service providers have registered.
FIU-IND issued Section 13 notices under PMLA and separate notices under Section 79(3)(b) of the Information Technology Act, 2000, requiring the takedown of applications and URLs for entities operating without PMLA compliance. Entities violating rules face fines of up to ₹1 lakh for each breach, plus potential criminal prosecution. Precedents include the penalty of Rs. 9,27,00,000 imposed on Bybit Fintech Limited in January 2025, and Rs. 18,82,00,000 imposed on Binance in June 2024, both for contraventions including operating without mandatory registration.
While both the UK and India align their regulatory approaches with FSB principles, their implementation philosophies diverge significantly, as evidenced by the UK’s prospective and comprehensive regulatory architecture outlined in FCA’s Consultation Paper CP25/25, which emphasizes legal certainty and controlled market development, in contrast to India’s retrospective and enforcement-focused strategy led by the FIU-IND under the PMLA, prioritizing immediate risk mitigation and financial crime prevention.
The UK’s framework, moving toward regulatory parity with traditional finance through authorization requirements, governance standards, and consumer protections like the Senior Managers and Certification Regime (SM&CR), signals an intention to position London as a competitive international hub for regulated crypto-asset activities. Conversely, India’s fragmented regime relies on intense enforcement against non-compliant offshore Virtual Digital Asset Service Providers (VDASPs), reflecting the Reserve Bank of India’s ongoing skepticism toward cryptocurrencies and a preference for controlled market development.
The expanding extraterritorial application of both frameworks presents challenges for global firms. Firms serving the Indian market remain liable for violations committed during periods of non-compliance, even if they register after the March 2023 notification, as regulatory obligations take effect from the original notification date. Global firms must standardise internal controls to meet international standards, including SM&CR-equivalent accountability, operational resilience (SYSC), and robust AML/CFT controls. Firms must prepare for the high compliance hurdle offered by the UK’s clear regulatory pathway. Firms serving the Indian market must focus on PMLA compliance, mandatory registration, and continuous adherence to AML/CFT Guidelines to mitigate the risk of severe financial penalties and digital infrastructure controls (takedown notices).
Disclaimer: The information published in the above newsletter is collected from various sources in electronic medium and analyzed by the firm. The reader is advised to consult the attorney qualified in their jurisdiction, before acting on any information contained in this newsletter. India Juris excepts no liability what so ever in this regard.