Financial Promotions for Cryptoassets: A Guide

From October 2023 the FCA brought cryptoasset financial promotions within the scope of the financial promotions regime — introducing mandatory risk warnings, cooling-off periods and an approval requirement that has materially changed how cryptoasset businesses communicate with UK consumers.

The extension of the financial promotions regime to qualifying cryptoassets marked the most significant expansion of the regime since its original introduction under FSMA. For the first time, communications promoting cryptoassets to UK consumers require either FCA registration, authorised firm approval, or a specific exemption — bringing the cryptoasset sector into a regulatory framework it had previously operated largely outside.

Which Cryptoassets Are Within Scope?

The regime applies to qualifying cryptoassets — a category defined by the Financial Promotions Order (FPO) as amended by the Financial Services and Markets Act 2000 (Financial Promotion) (Amendment) Order 2023. A qualifying cryptoasset is any cryptographically secured digital representation of value or contractual rights that uses distributed ledger technology and is not already a specified investment (such as a security token) or e-money.

Bitcoin and Ether are qualifying cryptoassets. Most established cryptocurrencies and utility tokens are qualifying cryptoassets. NFTs with investment characteristics are likely to be qualifying cryptoassets. Security tokens and regulated e-money tokens sit outside the qualifying cryptoasset category because they are already controlled investments under the FPO.

The practical scope of the regime is very broad. If a firm is communicating to UK consumers in a way that constitutes an invitation or inducement to acquire, hold or dispose of a qualifying cryptoasset, the cryptoasset financial promotions rules apply — regardless of where the firm is based or through what channel it communicates.

Who Can Communicate Cryptoasset Promotions?

An FCA-registered cryptoasset firm can communicate its own qualifying cryptoasset promotions. An FCA-authorised firm with gateway permission can approve qualifying cryptoasset promotions for unauthorised persons. An unauthorised, unregistered overseas cryptoasset business communicating promotions to UK consumers without approval or an applicable exemption is in breach of Section 21 FSMA.

The FCA has been explicit that the territorial scope of the regime extends to overseas firms with no UK presence. An exchange based outside the UK that actively markets to UK consumers — through social media, paid search, or direct outreach — is communicating financial promotions to UK consumers and must comply with the regime or ensure its communications are approved. Since October 2023 the FCA has issued hundreds of alerts regarding non-compliant cryptoasset promotions from overseas platforms.

Not all authorised firms can approve cryptoasset promotions. Gateway permission must specifically cover the qualifying cryptoasset category — a firm with gateway permission limited to retail investment products cannot use that permission to approve cryptoasset promotions. Firms that approved cryptoasset promotions without the appropriate scope of gateway permission have faced supervisory attention.

The Mandatory Risk Warning

All qualifying cryptoasset promotions communicated to retail consumers must include a prominent risk warning in the following prescribed form: “Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you are unlikely to be protected if something goes wrong. Take 2 minutes to learn more.”

The risk warning must appear prominently — not buried in footnotes, displayed in small print, or presented less prominently than the benefits of the investment. The FCA assesses prominence by reference to the overall impression a promotion creates: a warning that is technically present but visually subordinate to the promotional elements does not satisfy the prominence requirement.

The risk warning applies to every cryptoasset promotion, regardless of the investment amount, the sophistication of the intended audience, or the nature of the communication. There is no retail client categorisation exception — even a promotion targeted at high-net-worth individuals must include the prescribed warning if it relates to a qualifying cryptoasset and is communicated to UK consumers.

The 24-Hour Cooling-Off Period

One of the most significant elements of the cryptoasset promotions regime is the requirement for a 24-hour cooling-off period for new investors. Before a consumer who has not previously used a cryptoasset firm’s services can make their first investment, the firm must: present a personalised risk warning confirming that the consumer has read and understood the generic risk warning; allow 24 hours to pass before the consumer can complete their first transaction; and not send any further promotional communications to the consumer during that 24-hour period.

The cooling-off period is specifically directed at mitigating impulse investment decisions — a particular concern in a market characterised by rapid price movements and high-volume promotional activity. The FCA’s research indicated that a significant proportion of retail cryptoasset investors made their first investment following a single promotional touchpoint and without meaningful research or reflection. The 24-hour requirement is designed to interrupt that pattern.

The practical implementation of the cooling-off requirement demands changes to customer onboarding journeys, CRM systems, and communications workflows. A firm that allows new customers to complete a transaction within 24 hours of their first contact with a cryptoasset promotion — without the required personalised risk warning and waiting period — is in breach, even if the promotion itself was otherwise compliant.

Personalised Risk Warnings

In addition to the generic mandatory risk warning, the regime requires personalised risk warnings at specific points in the customer journey. Where a consumer indicates they wish to proceed with an investment notwithstanding the generic warning, the firm must present a personalised confirmation — effectively requiring the consumer to acknowledge their understanding of the specific risk that they may lose all their money before the transaction proceeds.

Personalised risk warnings must also be presented when consumers attempt transactions that represent a significant change in their investment activity — for example, a consumer investing an amount materially larger than their previous average, or a consumer switching from lower-risk to higher-risk cryptoassets. The FCA expects firms to have systems capable of identifying these trigger events and presenting the appropriate warning at the relevant point in the transaction journey.

Social Media and Cryptoasset Promotions

Social media is the primary marketing channel for many cryptoasset businesses, and the regime applies fully to all social media communications. Posts on X, Instagram, TikTok, YouTube and LinkedIn that constitute invitations or inducements to acquire qualifying cryptoassets are financial promotions and must comply with the rules — including the mandatory risk warning requirement.

The FCA has emphasised that the character or format limitations of specific platforms do not reduce a firm’s obligations. Where the mandatory risk warning cannot be accommodated in a character-limited format, the promotion cannot lawfully use that format. A post that links to a further page containing the risk warning does not satisfy the requirement to include it prominently in the promotion itself.

Influencer-driven cryptoasset promotions have been a particular FCA concern. Several high-profile actions against social media influencers communicating cryptoasset promotions without approval have followed the introduction of the regime. Cryptoasset firms that use influencer partnerships must ensure the influencer’s content is within the scope of the firm’s own promotion (requiring approval) or that the influencer is separately approved — not left to operate as an independent communicator outside the regulatory framework.

FCA Enforcement Since October 2023

The FCA’s enforcement activity in the first year of the cryptoasset promotions regime demonstrated a significantly more active approach than had been anticipated. Within the first three months the FCA had issued over 200 alerts regarding non-compliant cryptoasset promotions from unregistered and unauthorised communicators. Several authorised firms that approved cryptoasset promotions without adequate gateway permission or without adequate due diligence on the approvals faced supervisory enquiries.

The FCA also used its powers under Section 137P FSMA to require online platforms to withdraw non-compliant cryptoasset promotions from UK-facing users — a power it used against several major international exchanges. The willingness to act against overseas firms with no UK establishment was a deliberate signal that the territorial scope of the regime would be enforced.

The Compliance Function’s Role

For FCA-registered cryptoasset firms, the compliance function is responsible for: maintaining the financial promotions approval process for all consumer-facing communications; implementing the risk warning requirements across all channels; designing and monitoring the cooling-off and personalised risk warning journeys; and keeping records of all approved promotions. The SMCR applies to FCA-registered cryptoasset firms, meaning a senior manager carries personal accountability for the adequacy of the financial promotions compliance framework.

The compliance demands of the cryptoasset promotions regime — combining the standard financial promotions approval function with cryptoasset-specific requirements for risk warnings, cooling-off periods, personalised warnings and cross-channel monitoring — have driven significant hiring in cryptoasset compliance. Firms need professionals who understand both the financial promotions framework and the specific operational requirements of the cryptoasset rules.

Key FCA References

• FCA — Cryptoasset financial promotions
• FCA PS23/6 — Financial promotion rules for cryptoassets
• Financial Promotions Order 2005 (as amended)