Opinion: Katherine Kirkpatrick Bos, Legal Counsel of Starkware
As Washington takes a softer stance on cryptography, regulators are counting down to stricter UK regulations. The UK Financial Conduct Authority (FCA) is working on planning a new “gateway” licensing scheme by 2026, targeting a wider range of crypto activity.
It’s easy to ignore this if you’re not in the UK, but once the framework is formed, regulators may turn to other jurisdictions for lessons and inspiration. Cryptocurrency is global, and one of the challenges and opportunities is that many jurisdictions need to be careful at once.
Bigger internet than anti-money laundering
For a while, the FCA’s cryptographic focus was primarily on money laundering (AML) checks. Even then, I wasn’t taking a walk in the park. Only about 14% of companies seeking mandatory registration have been cut since 2020.
The AML register was essentially a narrow lens. It wasn’t a license or supervision system. Right now, I want to go further with the FCA. By 2026, regulators plan to regulate a wider range of crypto activities, possibly including Stablecoin issuance, payment services, lending and exchanges, according to Matthew Long, director of payments and digital assets at the FCA.
Does that sound like a big leap beyond AML? that’s right. If necessary, AML or broader anti-combustion measures are important to consider for centralized crypto companies, but more sophisticated regulatory regimes may offer opportunities and pitfalls depending on the company’s refinement. And here’s the real kicker. The shape of these rules remains in the flux. This means that the “scope” may still change.
What does this mean for builders? Those who build Layer 2 (L2) or other structures that can theoretically touch the financial flow can find themselves in crosshairs, such as bridges or cross-chain swaps.
Borderless meaning
“That’s the UK. I’m in the US (or Singapore, or Cayman, somewhere).” Just as the FCA looks at international models and moves its path, these frameworks have tricks to become global. Think about how quickly data protection ideas have spread after the European Union’s General Data Protection Regulation (GDPR) has grown. Cryptography is also borderless.
Recently: UK trade institutions ask governments to make cryptography a “strategic priority”
If the UK creates a sufficient and adequate regime, other jurisdictions can borrow from it. If a business serves users outside the grass at home, it is not justified to ignore UK rules because its user base is global.
Use STABLECOINS: If FCA requires strict preliminary disclosure or near-real-time audits, Stablecoin issuers may need to fully apply these standards. Uniformity is easier than fragmentation, and that’s how local UK rules become a virtual global baseline.
No more snooze buttons for builders
The developer team saw these headlines and said, “Custodian, Fiat on Ramp – it’s not me. Just roll out the contract.” Attractive, but myopia. Today, many apps host lending pools, Stablecoin liquidity, and staking services. These are exactly the types of activities that regulators may classify as “payment services” or “lending.”
If the protocol is an important part of the puzzle, it could be lined up with questions from regulators. The FCA cannot knock on the door tomorrow, but it needs to consider the builder.
Management and custody: If Infra manages users’ funds, if it could be considered “management”, that risk should be considered throughout the product design.
Payment-like features: Depending on the overall architecture and centralization, a license may be required if DAPP mimics or facilitates payments, stable transfers, or lending.
Geographical scope: There may not be any UK entities, but please consider your user base. Is your frontend targeting UK customers? If yes, it’s not just about opting out of the rules. We cannot forget the strict marketing rules of Crypto’s FCA, which was introduced in 2023.
Compliance Silver Lining
We always talk about regulations like a four-letter word, but with a regulation built-in———————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————– Teams developing appropriate and rigorous geofencing and other features, knowing customer (KYC) plugins, or risk analysis is gained when the key market claims a specific layer of user protection.
If you are creating apps, L2, bridging services, or other protocols, providing optional compliance guilt is a competitive advantage. Consider telling the institutional partners that have already built the guardrails you need. Yes, it’s an extra effort and you need to balance considerations with community optics, missions, UX and other key product considerations. Still, this means you don’t have to scramble to renovate everything when the final rulebook lands.
Desperate code rewriting is not interesting. If you know that rules are likely to change, we recommend building a flexible architecture now.
Convergence or patchwork?
Here is a big question. Do you see a global convergence of contradictory rules and messy patchwork?
The FCA suggests coordination with other institutions (such as the International Securities Commission or iOSCO) and monitors the law that has enacted the Uniform EU Rules for Cryptocurrencies, the market for the EU-wide Cryptocurrency (MICA). It suggests an appetite for alignment.
“Worst-case scenario” forces developers to run region-specific versions of apps or builders, and to take advantage of confusing and inefficient jurisdictional arbitrages. In particular, small teams that can’t afford to code half a dozen individual compliance modules will feel the impact across the cipher.
It’s not argued that which outcome is more likely. Still, we can be confident that the larger economy (including the EU) will gradually continue to shape the legal environment of cryptography that they consider to be suitable for their purposes. And yes, they definitely exchange notes for what appears to be functional (and not).
Don’t wait for 2026
Whether this new, pressing gateway regime directly affects developers, it is a wake-up call that purely unauthorized, unregulated innovation may replace a more structured future with surveillance rules. If the 14% AML approval rate is a hassle, imagine how difficult it would be when regulators expand to Stablecoins, Payment Services, Crypto Lending and more.
The advantage is that Crypto has grown enough to attract the attention of the highest level of Tradfi. That growth is being used to promote mainstream adoption. This is great for builders who take the space and their goals seriously. If you want to be a part of that future, don’t ignore the FCA’s plans and broader regulatory development worldwide.
Read the consultation, read the draft proposal and open communication with a qualified lawyer. By the time 2026 arrives, you’re one step ahead of the curve and not blind.
The message is clear: build preemptively, not retroactively. Not reactive, but aggressive.
Opinion: Katherine Kirkpatrick Bos, Legal Counsel of Starkware.
This article is for general informational purposes and is not intended to be considered legal or investment advice, and should not be done. The views, thoughts and opinions expressed here are the authors alone and do not necessarily reflect or express Cointregraph’s views and opinions.
