BizLegal-AIStart Free
regulatory

FCA & Bank of England Tokenisation Vision: UK Wholesale Markets

FCA and Bank of England's joint tokenisation roadmap for UK wholesale markets: what DLT rules mean for firms, compliance obligations, and how to operationalise now.

BizLegal-AI Intelligence DeskgbFCA

FCA & Bank of England Tokenisation Vision for UK Wholesale Markets

The Bank of England's November 2023 Discussion Paper DP23/4 and the FCA's parallel CP24/2 consultation on a Digital Securities Sandbox (DSS) set a concrete regulatory runway for tokenised wholesale assets in the UK. The DSS went live in January 2025, accepting applications from firms wanting to issue, trade, and settle tokenised securities under a modified legal framework. If your firm touches UK wholesale fixed income, equities, or fund units, the clock on "wait and see" has already run out.

TL;DR

  • The Digital Securities Sandbox lets firms operate DLT-based trading and settlement infrastructure under temporary FCA/Bank of England authorisation, with a five-year window to transition to permanent rules.
  • Tokenised securities issued inside the DSS carry the same legal standing as conventional securities under the Financial Services and Markets Act 2000 (FSMA).
  • The Bank of England's RTGS roadmap and the FCA's wholesale market review are converging: settlement finality and central bank money settlement for tokenised assets are live policy questions, not future speculation.
  • Firms that don't engage now risk being locked out of the first cohort of DSS participants, ceding infrastructure advantage to early movers.
  • Compliance obligations under the DSS are real and immediate: AML, market abuse, and conduct rules apply from day one of sandbox operation.

What This Regulation Actually Requires

The Digital Securities Sandbox Framework

The DSS was created by statutory instrument under the Financial Services and Markets Act 2023, which gave HM Treasury power to modify existing legislation to accommodate DLT-based market infrastructure. The sandbox allows a "Financial Market Infrastructure" (FMI) — a central securities depository, recognised investment exchange, or multilateral trading facility — to use DLT for the recording, issuance, and settlement of digital securities.

Critically, the DSS doesn't create a separate regulatory regime. It modifies existing FSMA permissions on a firm-by-firm basis. A DSS participant operates under a "sandbox authorisation" that temporarily disapplies or modifies specific provisions of the Companies Act 2006, the Uncertificated Securities Regulations 2001, and relevant FCA/PRA rules. The FCA and Bank of England jointly supervise DSS participants, with the Bank taking the lead on systemic risk and the FCA on conduct.

Eligible Instruments and Activities

The DSS covers "digital securities" — a defined term meaning securities that are recorded using DLT or similar technology. Eligible instruments include shares, bonds, units in collective investment schemes, and money market instruments. Crypto-assets that don't qualify as securities under FSMA remain outside the DSS scope entirely.

Activities covered: issuance, admission to trading, clearing, and settlement. A single firm can apply to perform multiple functions, which is a deliberate departure from the traditional separation between CSDs and exchanges.

Settlement Finality and Legal Certainty

One of the DSS's most consequential provisions is its treatment of settlement finality. The Financial Markets and Insolvency (Settlement Finality) Regulations 1999 have been extended to cover DSS-designated systems. This means transfer instructions entered into a DSS system are irrevocable and protected from insolvency challenge — the same protection that underpins conventional payment and settlement systems.

The Bank of England's DP23/4 flagged a remaining gap: settlement in central bank money. The Bank is actively exploring whether tokenised central bank money or a "synchronisation" mechanism between DLT systems and RTGS could provide delivery-versus-payment finality. No firm timeline has been published, but the Bank's RTGS Renewal Programme is the vehicle most likely to deliver this.

AML, Market Abuse, and Conduct Obligations

The sandbox doesn't relax financial crime rules. DSS participants must comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, the Proceeds of Crime Act 2002, and the Market Abuse Regulation (UK MAR) as onshored post-Brexit. The FCA has been explicit: tokenisation doesn't create a compliance holiday.

What This Means for Your Company

For banks and broker-dealers: If you're a primary dealer in gilts or a major corporate bond underwriter, the DSS creates a direct path to issuing tokenised debt securities with legal certainty. The question isn't whether to engage — it's whether to apply as an FMI yourself or to participate as an issuer or investor through a third-party DSS operator.

For asset managers and fund administrators: Tokenised fund units are in scope. The FCA's broader fund tokenisation work, including the Investment Association's 2023 blueprint, feeds directly into DSS eligibility. Firms running money market funds or short-duration bond funds should be modelling what tokenised unit issuance means for their transfer agency and custody arrangements.

For fintechs and infrastructure providers: The DSS is explicitly designed to let non-bank entities apply for FMI status. A DLT-native firm can, in principle, become a recognised investment exchange or CSD equivalent under sandbox authorisation. That's a structural opportunity that didn't exist before January 2025.

For legal and compliance teams: The temporary modification of the Uncertificated Securities Regulations means your standard legal opinions on title transfer and perfection need updating. Existing ISDA/ICMA documentation may not map cleanly onto DLT-based settlement. Get ahead of this before your first tokenised trade settles.

The competitive dynamic is real. The EU's DLT Pilot Regime, which has been running since March 2023, already has live participants. UK firms that delay DSS engagement risk falling behind European peers who are accumulating operational experience with tokenised infrastructure.

How to Operationalise

Step 1: Determine your DSS entry point. Are you applying as an FMI (operator), an issuer, or a participant? Each has different authorisation requirements. FMI applicants need a full sandbox application to the FCA and Bank of England. Issuers and participants engage through an authorised DSS operator.

Step 2: Conduct a legal mapping exercise. Identify every contract, rule, and internal policy that references "certificated securities," "CREST," or the Uncertificated Securities Regulations. Flag provisions that assume conventional settlement. This is not a one-week job — budget six to eight weeks for a mid-sized firm.

Step 3: Update your AML/KYC framework for DLT counterparties. On-chain wallet addresses don't replace customer due diligence. Your CDD procedures need to address pseudonymous addresses, smart contract counterparties, and the Travel Rule obligations under the UK's updated wire transfer regulations.

Step 4: Engage your custody and collateral management teams. Tokenised securities held in a DLT system may not fit neatly into your existing custody model. Tri-party collateral arrangements, repo, and securities lending all need to be re-examined for DLT compatibility.

Step 5: Build a regulatory engagement plan. The FCA and Bank of England have both signalled they want active dialogue with DSS participants. Submit your questions through the FCA's Innovation Hub or the Bank's FinTech Hub before you apply — not after. Regulators are more receptive to firms that engage early.

Step 6: Monitor the RTGS Renewal Programme milestones. Central bank money settlement is the missing piece. Track Bank of England publications on RTGS and synchronisation mechanisms. Your settlement model may need to be revised once this is resolved.

Step 7: Document everything. The DSS has a five-year lifespan, after which participants must transition to permanent rules. The FCA will use DSS experience to shape those permanent rules. Firms that maintain detailed records of what worked, what didn't, and what rule modifications were necessary will have outsized influence over the final framework.

Common Mistakes and How to Avoid Them

Treating the DSS as a crypto sandbox. It isn't. The DSS is for securities — regulated financial instruments under FSMA. Firms that conflate it with the FCA's broader cryptoasset registration regime will misdirect resources and potentially trigger regulatory scrutiny.

Assuming existing legal opinions cover tokenised issuance. They don't. A legal opinion on title transfer for CREST-settled securities doesn't automatically extend to DLT-recorded securities, even inside the DSS. Commission fresh opinions. This is non-negotiable.

Underestimating the Bank of England's role. The FCA leads on conduct, but the Bank of England has co-supervisory authority over DSS participants that perform settlement functions. Firms that only engage with the FCA will miss critical supervisory expectations on systemic risk, liquidity, and operational resilience.

Ignoring the EU DLT Pilot Regime. If your firm has EU operations or EU counterparties, you may need to comply with both regimes simultaneously. The UK DSS and EU DLT Pilot have different scope, eligibility, and reporting requirements. A cross-border tokenised bond issuance could trigger obligations under both.

Waiting for "final rules" before building. The DSS is the mechanism for generating the evidence base for final rules. Firms that wait will have no input into the permanent framework and will face a compressed transition timeline when the sandbox closes.

Neglecting operational resilience requirements. The FCA's PS21/3 operational resilience rules apply to DSS participants. Smart contract failures, node outages, and key management incidents are "important business services" disruptions. Your impact tolerances and self-assessment need to address DLT-specific failure modes.

FAQ

Q: Does the DSS replace the need for FCA authorisation? No. DSS participants must hold existing FCA authorisation or obtain sandbox authorisation, which is a modified form of standard FSMA permission. The DSS modifies specific rules; it doesn't create a standalone regulatory regime outside FSMA.

Q: Can a foreign firm apply for DSS participation? The DSS is open to firms that are, or are willing to become, authorised by the FCA or recognised by the Bank of England. Overseas firms without UK authorisation would need to establish a UK entity or branch. The FCA has not published a specific overseas firm fast-track for the DSS.

Q: How does UK MAR apply to tokenised securities traded on a DSS platform? UK MAR applies in full. Insider dealing, market manipulation, and disclosure obligations attach to tokenised securities that are admitted to trading on a DSS-authorised trading venue. The on-chain nature of transactions doesn't create a MAR exemption — if anything, the pseudonymity of DLT addresses increases surveillance obligations for platform operators.

Q: What happens to DSS participants when the sandbox closes after five years? The Financial Services and Markets Act 2023 requires HM Treasury to make permanent rules before the DSS closes. Participants will transition to those permanent rules. The FCA has committed to consulting on permanent rules with sufficient lead time for firms to adapt. Participants that have been operating in the DSS will have a head start on compliance.

Q: Is tokenised central bank money available for DSS settlement now? Not yet. Settlement currently occurs in commercial bank money or through existing payment systems. The Bank of England is exploring synchronisation mechanisms between DLT systems and RTGS, but no live solution exists as of mid-2026. This is the most significant operational gap in the current DSS framework.

Sources

  • Bank of England, Discussion Paper DP23/4: The Bank of England's approach to innovation in money and payments (November 2023)
  • Financial Conduct Authority, Consultation Paper CP24/2: Digital Securities Sandbox (2024)
  • HM Treasury, Financial Services and Markets Act 2023, Part 11 (Digital Securities Sandbox provisions)
  • Bank of England, RTGS Renewal Programme: Consultation on a New Payments Architecture (ongoing publication series)

Disclaimer: This article is produced by BizLegal-AI's Intelligence Desk for informational purposes only. It does not constitute legal advice and does not create a solicitor-client or adviser-client relationship. Regulatory frameworks change frequently; verify all information against current primary sources before taking action. Consult qualified legal counsel for advice specific to your circumstances and jurisdiction.

FCABank of EnglandtokenisationDLTukwholesale marketsdigital securitiesfinancial market infrastructureDLTSStokenised assets UK
Turn this guide into a plan

Get your jurisdiction-specific compliance risk score

BizLegal-AI maps your structure against this exact regulation and tells you what's missing — before a regulator does. Free preview, no card required.

Run my free risk check →

Used by founders & counsel across 50+ jurisdictions · Not legal advice

Related

Regulatory changes, before they cost you

One email when a rule that affects crypto, fintech, or cross-border deals actually changes. No noise. Unsubscribe anytime.

Disclaimer: BizLegal-AI produces regulatory intelligence and working drafts. It is not legal, financial, or tax advice. Consult qualified counsel for specific situations.