Skip to content
In the news TRM Labs × Finray — audit-ready crypto transaction monitoring for banking
Finray
Book a briefing

Finray / Regulatory submission · 14 May 2026

FCA CP26/13 — Cryptoasset Perimeter Guidance

Version
May 14, 2026

Summary

On 14 May 2026 Finray Technologies Ltd submitted a response to FCA Consultation Paper CP26/13 (Cryptoasset Perimeter Guidance). The consultation invited comment on the proposed PERG 19 chapter of the FCA Perimeter Guidance manual, which clarifies the scope of the seven new regulated cryptoasset activities being introduced by the Cryptoassets Regulations 2026 ahead of the regime go-live on 25 October 2027.

Scope of our response

We responded substantively on four of the six numbered consultation questions: Q2 (new specified investments), Q3 (new regulated cryptoasset activities), Q4 (exclusions) and Q5 (interaction with the Money Laundering Regulations). We did not respond substantively on Q1 (introductory framing) or Q6 (consequential amendments to PERG 1, 2 and 8), where our perspective does not differentiate from that of industry counsel.

Key contributions

Three areas where our submission proposes specific clarifications to the proposed guidance:

  1. MPC and threshold-signature territoriality (Q3.2). The proposed §19.3.2 test ("place of supply = location of safeguarding operations") does not address how the territorial perimeter applies to multi-party computation arrangements where private-key shards are held in separate jurisdictions. We propose a worked example clarifying that the operational locus of control — the orchestrator — should determine territoriality.
  2. Self-custody and the negative-control distinction (Q4.1). Customer-key-management vendors commonly retain contractually constrained capabilities (emergency recovery, firmware update, compliance-driven key rotation). We propose three worked examples clarifying when such capabilities cross the threshold of "requisite degree of control" under §19.6.3.
  3. MLR-to-FSMA operational gap (Q5.1). The proposed §19.1.12 transition path for MLR-registered firms substantially understates the operational lift required to add FSMA Part 4A perimeter compliance (CASS, COBS, SMCR, SYSC 15A operational resilience) on top of an MLR-era AML/CTF stack. We propose the FCA publish a transition map covering the sequencing of these obligations.

Documents

About the respondent

Finray Technologies Ltd is a Cyprus-registered FinTech and RegTech vendor (HE 445903) that builds core banking, transaction monitoring and governance/risk/compliance infrastructure for regulated financial institutions, including MiCA-authorised crypto-asset service providers. ISO/IEC 27001:2022 certified at company level. Strategic partner of TRM Labs Inc. The author is Oleksandr Potapenko, Founder & CEO. ORCID: 0009-0005-8936-1711.

Certificate of Registration NQA · UKAS Management Systems
ISO/IEC 27001:2022 Certificate of Registration issued by NQA to Finray Technologies Ltd, certificate number 215646, valid 21 October 2025 to 21 October 2028
Search
Type to search across Finray, products, company, and journal.

    Press Esc to close · to open the highlighted result.

    Book a briefing 01 / 03

    Step 01

    Identify the institution

    Who is requesting the briefing.