BizLegal-AIStart Free
compliance

FCA Cryptoasset Financial Promotions: 2026 UK Marketing Compliance

FCA cryptoasset financial promotions rules are now fully enforced. This guide covers PS23/6 obligations, Section 21 approvals, and how to stay compliant in 2026.

BizLegal-AI Intelligence DeskukFCA

FCA Cryptoasset Financial Promotions: 2026 UK Marketing Compliance

The FCA's cryptoasset financial promotions regime, introduced under PS23/6 and activated on 8 October 2023, has now been live for over two years. Enforcement is no longer theoretical: the FCA issued 450 alerts about illegal crypto promotions in 2023 alone, and its supervisory posture has hardened considerably since. If your firm is still treating the regime as a soft-launch grace period, that window closed a long time ago.

TL;DR

  • All cryptoasset financial promotions targeting UK consumers must be approved by an FCA-authorised person or communicated by an FCA-registered cryptoasset firm.
  • The four permitted gateways under the amended Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 are narrow — most overseas firms cannot self-certify.
  • PS23/6 mandates specific risk warnings, a 24-hour cooling-off period for first-time investors, and a ban on refer-a-friend incentives.
  • Consumer Duty (effective July 2023) layers on top: promotions must demonstrably support good consumer outcomes, not just tick disclosure boxes.
  • Non-compliance triggers criminal liability under s.25 FSMA 2000, FCA intervention powers, and reputational damage that can sink a registration application.

What This Regulation Actually Requires

The Legal Gateway: Section 21 FSMA 2000

Section 21 of the Financial Services and Markets Act 2000 prohibits any person from communicating a financial promotion in the course of business unless that person is FCA-authorised, or the content has been approved by an FCA-authorised person. Cryptoassets became "qualifying cryptoassets" for these purposes on 8 October 2023, bringing them squarely within this framework.

Four gateways permit a promotion to be communicated lawfully:

  1. Self-communication by an FCA-authorised firm — the firm itself holds FCA authorisation covering the relevant activity.
  2. Approval by an FCA-authorised firm — a third-party authorised firm reviews and approves the promotion before it goes live. Since 7 February 2024, approving firms must notify the FCA before approving promotions for unauthorised persons (s.21A FSMA, inserted by the Financial Services and Markets Act 2023).
  3. FCA-registered cryptoasset business — firms on the FCA's cryptoasset register under the Money Laundering Regulations 2017 can communicate their own promotions without separate authorisation, but only for their own products.
  4. Exemptions under the Financial Promotion Order — a narrow set of circumstances (e.g., one-to-one solicited communications, certified sophisticated investors) where the restriction does not apply.

Overseas firms with no UK presence and no FCA registration cannot use any of these gateways to reach UK retail consumers. Full stop.

PS23/6 Content Requirements

The FCA's Policy Statement PS23/6 sets out mandatory content rules that apply to every qualifying cryptoasset promotion:

Risk warnings. Every promotion must carry a prominent, prescribed risk warning. The FCA specifies exact wording: "Don't invest unless you're prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong." The warning must appear at the start of the promotion, in a font size at least equal to the main body text, and cannot be buried in footnotes.

Clear, fair, and not misleading standard. This is the baseline under COBS 4.2 (for authorised firms) and mirrors the standard the FCA applies to approving firms. Promotions cannot overstate potential returns, use selective back-testing, or imply regulatory protection that does not exist.

No refer-a-friend bonuses. The FCA explicitly banned incentives that reward consumers for referring others to cryptoasset products. This includes token bonuses, fee waivers, and any other benefit contingent on referral activity. The ban applies regardless of how the incentive is structured or labelled.

Personalisation and targeting. Promotions must be targeted appropriately. Mass-market promotions to unclassified audiences are permissible only with the full risk warning and no incentive to act quickly. Firms cannot use urgency tactics ("limited time offer," countdown timers) in a way that pressures consumers to bypass due diligence.

The 24-Hour Cooling-Off Period

This is the rule that catches most firms off-guard. Before a retail consumer can complete their first cryptoasset transaction following a financial promotion, the firm must:

  1. Present the risk warning in a standalone, uncluttered format.
  2. Require the consumer to actively confirm they have read and understood it.
  3. Impose a minimum 24-hour waiting period before the transaction can proceed.

The cooling-off applies per firm, not per product. A consumer who has previously transacted with your firm does not need to go through it again for a new product — but a first-time user always does. Systems that allow consumers to click through the warning and transact immediately are non-compliant.

Consumer Duty Overlay

The FCA's Consumer Duty (PS22/9, effective 31 July 2023) applies to all firms in the distribution chain of a retail financial product, including cryptoassets. The Duty's four outcomes — products and services, price and value, consumer understanding, consumer support — each have implications for promotions:

  • Consumer understanding outcome: promotions must be tested or evidenced to show they genuinely help consumers make informed decisions, not just satisfy a checklist.
  • Price and value outcome: fee structures disclosed in promotions must be complete and not misleading about total cost of ownership.

The FCA has made clear it will assess Consumer Duty compliance holistically. A promotion that technically includes the right risk warning but is designed to minimise its impact (small font, low-contrast colour, rapid scroll) will fail the consumer understanding outcome.

What This Means for Your Company

The practical implications differ by firm type.

FCA-registered cryptoasset businesses (MLR registration only, not full authorisation) can communicate their own promotions but cannot approve promotions for third parties. They must still comply with all PS23/6 content rules and the cooling-off requirement. Many registered firms underestimate this: MLR registration is not a licence to market freely.

FCA-authorised firms (e.g., those with an e-money or investment firm authorisation) can communicate and approve promotions, but since February 2024 must notify the FCA before approving for unauthorised persons. The notification requirement under s.21A is not a rubber stamp — the FCA can object within a specified period.

Overseas firms targeting UK consumers face the starkest position. Without UK registration or authorisation, there is no lawful gateway. The FCA has been willing to add firms to its Warning List and, in some cases, refer matters to the National Crime Agency. Operating through a UK-based approver is the only compliant route, and finding an authorised firm willing to approve crypto promotions has become harder as approvers face their own liability exposure.

Exchanges and platforms with large social media presences need to audit every piece of content — posts, stories, influencer partnerships, email campaigns, push notifications. Each is a separate promotion and each must satisfy the regime independently.

How to Operationalize

Step 1: Map your promotion inventory. List every channel and content type your firm uses to communicate with UK consumers. Include organic social posts, paid ads, email, SMS, in-app messages, and any influencer or affiliate arrangements.

Step 2: Confirm your gateway. Identify which of the four permitted gateways applies to each channel. Document this in writing. If you cannot identify a lawful gateway for a channel, suspend it immediately.

Step 3: Audit content against PS23/6. Check every live promotion for:

  • Prescribed risk warning (exact wording, correct placement, correct font size)
  • Absence of refer-a-friend incentives
  • Absence of urgency tactics
  • Accurate and complete fee disclosure
  • No implied regulatory protection

Step 4: Implement the cooling-off flow. Work with your product and engineering teams to build a compliant first-transaction journey. The 24-hour timer must be server-side, not client-side. Log timestamps and confirmations for audit purposes.

Step 5: Establish a promotions approval workflow. Every new promotion should pass through a documented review process before publication. For authorised firms approving third-party promotions, ensure the s.21A notification to the FCA is filed before approval is granted.

Step 6: Train your marketing team. Compliance sign-off is not a one-time exercise. Marketing staff need to understand the rules well enough to flag issues before content reaches legal review. Run quarterly refreshers.

Step 7: Monitor and withdraw. The FCA expects firms to monitor live promotions and withdraw any that become non-compliant (e.g., if market conditions change and a return claim is no longer accurate). Build a monitoring cadence into your compliance calendar.

Common Mistakes and How to Avoid Them

Mistake 1: Treating the risk warning as a footnote. Firms routinely bury the prescribed warning in small print at the bottom of a landing page or after a lengthy promotional message. The FCA's guidance is explicit that the warning must be prominent and appear at the start. Put it first. Make it visible.

Mistake 2: Assuming MLR registration covers everything. MLR registration under the Money Laundering Regulations gives you the right to communicate your own promotions. It does not authorise you to approve promotions for others, and it does not exempt you from PS23/6 content rules. These are separate obligations.

Mistake 3: Influencer arrangements without proper oversight. If your firm pays or provides benefits to an influencer who promotes your cryptoasset product to UK consumers, that influencer's content is your financial promotion. You are responsible for its compliance. Contracts with influencers must include content approval rights, and you must review every post before it goes live.

Mistake 4: Ignoring the cooling-off for returning users. Some firms implement the cooling-off for new account registrations but not for existing users accessing a new product for the first time. The trigger is the first transaction following a promotion, not the first account creation. Review your user journey logic carefully.

Mistake 5: Failing to document the approval chain. When the FCA investigates, it will ask for evidence that each promotion was reviewed, approved, and by whom. Verbal approvals and informal Slack sign-offs are not sufficient. Use a documented workflow with named approvers and timestamps.

FAQ

Q: Can a non-UK firm use a UK-authorised approver to reach UK retail consumers? Yes, but the approver must be willing to take on the liability and must file a s.21A notification with the FCA before granting approval. Approvers are increasingly selective about which firms and products they will approve. Expect due diligence requirements comparable to an onboarding process.

Q: Do the rules apply to organic social media posts? Yes. An organic post that promotes a qualifying cryptoasset product to UK consumers is a financial promotion regardless of whether it is paid. The FCA has been clear that the medium does not determine whether the regime applies — the content and audience do.

Q: What counts as a "refer-a-friend" incentive under the ban? The FCA's ban covers any benefit — monetary or non-monetary — given to an existing customer contingent on that customer introducing a new customer. Token rewards, fee credits, and priority access to new products all qualify. Loyalty programmes that reward tenure rather than referral activity are generally outside the ban, but review the specific mechanics with counsel.

Q: How does the Consumer Duty interact with the promotions regime for firms that only distribute, not manufacture, cryptoasset products? Distributors are subject to Consumer Duty obligations in respect of the promotions they communicate. They cannot simply rely on manufacturer-produced materials without satisfying themselves that those materials meet the consumer understanding outcome. Distributors should obtain written confirmation from manufacturers that promotional materials are PS23/6 compliant and conduct their own spot-checks.

Q: What are the criminal penalties for non-compliance? Section 25 FSMA 2000 makes it a criminal offence to communicate a financial promotion in breach of s.21. The maximum penalty is two years' imprisonment and/or an unlimited fine. Civil consequences include unenforceability of any resulting agreement and FCA enforcement action including public censure, financial penalties, and cancellation of registration or authorisation.

Sources

  • Financial Conduct Authority, PS23/6 Cryptoasset financial promotions (June 2023), FCA.org.uk
  • Financial Services and Markets Act 2000, s.21 and s.25, as amended by the Financial Services and Markets Act 2023
  • Financial Conduct Authority, Financial Promotion Order 2005 (as amended), FCA.org.uk
  • Financial Conduct Authority, PS22/9 A new Consumer Duty (July 2022), FCA.org.uk

Disclaimer

This article is produced by BizLegal-AI Intelligence Desk for informational purposes only. It does not constitute legal advice and does not create a solicitor-client or attorney-client relationship. Regulatory requirements change frequently; readers should verify current rules with the FCA directly and seek qualified legal counsel before making compliance decisions. BizLegal-AI makes no representations as to the completeness or accuracy of this content as applied to any specific fact pattern.

FCAukpromotionsmarketingPS23/6Section 21cryptoasset registrationfinancial promotions regimeconsumer duty
Turn this guide into a plan

Get your jurisdiction-specific compliance risk score

BizLegal-AI maps your structure against this exact regulation and tells you what's missing — before a regulator does. Free preview, no card required.

Run my free risk check →

Used by founders & counsel across 50+ jurisdictions · Not legal advice

Related

Regulatory changes, before they cost you

One email when a rule that affects crypto, fintech, or cross-border deals actually changes. No noise. Unsubscribe anytime.

Disclaimer: BizLegal-AI produces regulatory intelligence and working drafts. It is not legal, financial, or tax advice. Consult qualified counsel for specific situations.