The 2025 crypto shift: Changing the game for Asset Managers and Auditors in the UK

The evolving crypto landscape in 2025

The FCA’s decision to lift the ban on retail access to crypto exchange-traded notes from 8 October 2025 and its proposals on stablecoin, custody, and capital requirements mark a turning point in crypto asset regulation. The move comes at a time when political debate is intensifying, with reformist voices calling for a more innovation-friendly regime and even proposals for crypto tax payments, while consumer protection remains high on the regulatory agenda. At the same time, institutional players are reshaping the market: Blackrock has gained approval to operate as a crypto-asset firm in April 2025, and platforms like Archax and Kraken are offering institutional-grade infrastructure to support tokenisation and trading.

Game changes for asset managers

The FCA’s principle of ‘same risk, same regulatory outcome’ is designed to provide clarity and support compliance by aligning crypto products with the framework governing traditional instruments. While the principle offers consistency, the reality for asset managers is that delivering crypto products brings a different set of challenges. Unlike equity or bonds, digital assets operate on new rails – custody is technology-driven, trading venues are still maturing, and the risks of volatility, cyber threats and market fragmentation are acute.

Delivering on these expectations is not straightforward. We see the key challenges emerging across the following themes:

• Product design and innovation – building and offering crypto-linked vehicles that meet both, client demand and regulatory expectations.
• Technology and custody solutions – building or sourcing systems that can handle tokenisation, blockchain settlement and 24/7 trading environments and ensuring assets are securely held, with protections against cyberattacks, loss of private keys and operational failures. We observe that asset managers primarily opt for third-party custody providers, while banks tend to opt for self-custody. The challenge with custody outsourcing is the consideration of counterparty risk, the chain of custody and the number of sub-custodians involved.
• Compliance and governance – adapting oversight frameworks to address the specific risks of digital assets, from AML/CTF obligations to conduct and disclosure requirements.
• Risk management – new considerations over operational resilience and development of frameworks capable of monitoring and responding to crypto-specific volatility, liquidity shocks and regulatory changes across multiple jurisdictions.

Game changes for auditors

The FCA framework would mean that crypto products should be tested against the same standards of assurance as traditional financial instruments. At first glance, the framework is clear: familiar auditing principles such as fair value, going concern, and controls testing remain central. Yet the reality is that crypto assets bring complexities which cannot be addressed by existing audit methodologies alone. This also means that asset managers must think carefully about the audit evidence they will need to produce. The auditing complexities are also linked to how firms set up their infrastructure, i.e. whether they apply self-custody with the use of multi-signature solutions or use a third-party custodian (which is simpler to gain evidence on from the auditing perspective). Across each of the following areas, the responsibility is two-fold – auditors need to design procedures and asset managers need to ensure the right documentation, evidence, and controls exist:

Methodology

1. Expect auditor’s risk assessment procedures to capture unique crypto-related risks: fraud, market manipulation and financial crime;
2. Expect IT audit procedures to be integrated with greater emphasis on blockchain infrastructure, exchange platforms, access controls and cyber resilience. Auditors will increasingly pair standard audit procedures with blockchain-native procedures, such as on-chain tracing, wallet address reconciliation, smart contract code review, and on-chain analytics – particularly in cases of self-custody.

Evidence

1. Expect auditors to demand layered confirmations: custodian attestations, on-chain snapshots, segregation checks and contractual proof of ownership.
2. In the case of valuation, firms will be expected to provide reliable pricing data, demonstrating how fair value is determined in fragmented and volatile markets and liquidity assumptions.
3. With the evolution of firms’ systems and controls, we expect that auditors will require documentation and testing evidence around trading platforms, custodial wallets and operational resilience.
4. Disclosures documentation will need to expand to ensure transparency of valuation methodology, governance, risk and counterparty risk disclosures.

Specialisation

Auditing will require a high degree of specialist involvement. We expect financial services audit partners to be supported by in-house crypto specialists to provide technical evidence where complex custody solutions exist.

Conclusion

The UK’s evolving regulatory framework signals that crypto assets are no longer speculative outliers but part of the financial mainstream. The FCA’s principle of ‘same risk, same regulatory outcome’ set a clear benchmark, but translating the principle into practice presents a different set of challenges. For asset managers, success will depend on designing innovative products, building resilient infrastructure and embedding stronger oversight while managing risks that move at digital speed. For auditors, methodologies must adapt, evidence requirements will shift, and greater reliance on technology and specialist expertise will become unavoidable.

What unites both sides is the need to build confidence. Clients, regulators, and investors will only trust crypto as an asset class if innovation is matched by transparency, compliance and assurance.