Strategy

Crypto Marketing Compliance: A UK Founder's Practical Guide

What UK FCA rules actually require of crypto marketing campaigns in 2026, from the mandatory risk warning text to the four lawful routes to compliant promotion.

Cameron StubbsJul 11, 20268 min read

Crypto Marketing Compliance: A UK Founder's Practical Guide

In February 2026, the FCA commenced proceedings against HTX, an offshore crypto exchange with no UK office. The specific grounds: the platform's English-language website accepted GBP and served a large UK customer base directly. It was also running social media advertising to UK consumers without applying the required financial promotions rules. The FCA obtained High Court orders to block HTX's social media accounts to UK consumers and requested its removal from the Google Play and Apple stores in the UK (Lewis Silkin, February 2026).

It was the first enforcement action the FCA had taken since the cryptoasset promotions regime launched in October 2023. Across the preceding twelve months, the regulator had already issued more than 1,500 alerts on non-compliant or unauthorised crypto promotions. The HTX case was the first time it went further.

One thing that case settled: the FCA's rules follow your audience, not your registered address.

Crypto marketing compliance in the UK means every paid promotion, social media post, email, or influencer brief that invites UK consumers to engage with a cryptoasset must follow FCA rules under PS23/6. The promotion must carry a prescribed risk warning, be approved by an FCA-authorised person, and avoid incentives to invest. Breaching these rules is a criminal offence under Section 21 of the Financial Services and Markets Act 2000.

What that means for actual campaigns is less obvious than the legal summary suggests. This guide covers the four lawful routes, the specific requirements, what changed in July 2026, and the patterns that keep coming up in campaign audits.

What counts as a regulated crypto financial promotion in the UK?

The FCA defines a financial promotion as any communication that constitutes an invitation or inducement to engage in investment activity. For cryptoassets, that scope is deliberately broad.

Paid social ads on X, LinkedIn, Meta, and TikTok. Email campaigns with a call to buy or hold. Referral programmes, landing pages for token sales, and KOL content tied to payment in any form. Even app store listings that describe investment features fall within scope.

The word the FCA uses is "communication." The regime does not only apply to paid advertising. A Discord announcement inviting UK users to participate in a token sale is in scope. A blog post that constitutes a clear invitation to invest may be in scope. A company's social profile describing yield returns is in scope.

This is the most common source of unintentional non-compliance. Teams treat paid advertising as the compliance problem and leave their owned channels entirely unreviewed. The FCA's definition does not make that distinction.

The four lawful routes to promote cryptoassets in the UK

Only four categories of entity can lawfully communicate a cryptoasset financial promotion to UK consumers. The FCA's policy statement PS23/6 sets these out clearly.

FCA-authorised persons. Firms holding general FCA authorisation can issue their own compliant promotions for their own activities.

FCA-registered cryptoasset businesses. Entities registered under the Money Laundering Regulations 2017 can communicate promotions of their activities. This is the most common category for crypto-native projects with a UK operational footprint.

Exempt persons. Communications directed solely at high-net-worth investors or sophisticated investors can qualify under specific exemptions. These are narrow and regularly misapplied by teams who assume their investor base qualifies.

Section 21 approver firms. An FCA-authorised firm granted permission to approve third-party communications can sign off the promotions of an unregistered project. The approver assumes legal liability for compliance, so they run their own review process before signing.

Most projects without UK FCA registration use the fourth route: engage an authorised approver to review and sign off materials. If none of these four routes applies and your promotion has not been approved, you are in breach of Section 21 FSMA. The FCA treats this as a serious matter, not an administrative oversight.

What the FCA actually requires in a compliant crypto ad

Once you have the right approval route in place, the content itself must meet specific requirements.

The prescribed risk warning. Every cryptoasset financial promotion must carry this exact text:

"Don't invest unless you're prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong."

The warning must be prominent and visible without requiring the user to scroll or click. On a display ad it is part of the creative. On a landing page it sits above the fold. On social media content it appears in the caption or overlay, not buried in a link destination.

No incentives to invest. PS23/6 bans incentives to invest. Referral and welcome bonuses are out. If you have been running refer-a-friend schemes directed at UK users, those have been in breach since October 2023.

The clear, fair and not misleading standard. All promotions must meet this threshold under COBS 4.12A. Return projections and misleading product comparisons fail it. So does selective performance data. Compliant language describes what a product does; it does not predict what an investor will gain.

A 24-hour cooling-off period applies to direct-offer promotions for first-time retail investors. This one is less well known and frequently missing from campaigns that otherwise look compliant.

Consumer Duty interaction. A promotion that technically passes COBS 4 can still fail the Consumer Duty under PRIN 2A.5. The FCA requires that promotions genuinely equip retail customers to make informed decisions. Language written to technically satisfy the rule while obscuring risk will not hold up to scrutiny.

How a compliant campaign workflow looks in practice

Running a compliant UK-facing crypto campaign requires more than adding a risk warning to your ads. The compliance review has to happen before the brief reaches any channel.

The workflow we use for clients including Polkadot and zkVerify at Fracas runs in this sequence.

Brief review first. Before any creative is produced, the messaging claims and CTA language go through a compliance check. Yield claims and performance comparisons trigger an automatic review at this stage, before briefing any channel.

Approver engagement early. If the project is not FCA-registered, the authorised approver needs to be engaged before creative is briefed, not after. Approvers review completed materials; they need the campaign scope in advance to plan their review window. A realistic turnaround with a competent approver is five to ten working days. Teams that produce creative before engaging the approver routinely miss that window.

Channel-specific review. Platform policies layer on top of FCA requirements. Google requires pre-certification for crypto ads targeting the UK. Meta operates a separate financial products policy that does not align directly with FCA standards and needs its own review pass. X, TikTok, and YouTube each have their own financial products policies for crypto that do not map directly to PS23/6 and require a separate review pass. Each channel is its own compliance check, not a global review applied uniformly.

KOL brief review. Influencer and KOL content is in scope under PS23/6 when the creator is compensated and the content invites UK consumers to engage with a cryptoasset. You cannot transfer compliance liability to the creator. The brief you give the KOL is your responsibility. For details on what a creator contract should cover on disclosure, and GBP rate benchmarks by tier, see our guide to crypto KOL rates and disclosure requirements.

Documented approval chain. Every approved piece of content needs a record: who approved it, under what authority, on what date. If the FCA requests a review, the approval chain is the first thing they look for.

KOL and influencer content: where compliance gets complicated

KOL marketing is where most crypto projects carry their largest unreviewed compliance exposure.

The FCA's rules apply to any communication that constitutes an inducement to engage with a cryptoasset where a commercial arrangement exists. "Commercial arrangement" includes payment in tokens, not just cash. If you gave a creator a token allocation in exchange for content, that content is a regulated financial promotion.

The scale risk is specific. A project with ten KOLs active simultaneously has ten separate promotions in market, each of which must meet PS23/6 requirements. If any one of those creators is UK-based or UK-targeting, the promotion is in scope regardless of where your company is registered.

What that means for each KOL brief:

  • The prescribed FCA risk warning, with the exact wording and prominence required
  • No return claims or performance comparisons
  • Explicit disclosure of the commercial relationship
  • No "use this link for a bonus" language
  • Documented approval from an FCA-authorised person if the project is not itself FCA-registered

These requirements belong inside the briefing process. A creator who publishes non-compliant content because the brief did not include compliance requirements does not reduce your liability as the commissioning party.

What the FCA's July 2026 rules mean for your marketing now

In July 2026, the FCA published its final framework for the full UK cryptoasset regulatory regime. The timeline for marketing teams:

  • September 2026: Authorisation applications open for crypto firms
  • February 2027: Deadline for day-one authorisation applicants
  • October 2027: Full regime takes effect

The transition period is not a pause on promotions compliance. The FCA has been explicit: firms must keep financial promotions and customer disclosures under active review throughout. The EU's MiCA regime reached full effect across EEA markets in December 2024, and the US GENIUS Act (signed May 2025) introduced federal disclosure standards for stablecoin issuers, but neither covers the UK's retail promotions perimeter. UK rules remain standalone and are being enforced independently of both frameworks (Lewis Silkin, July 2026). Projects that treat October 2027 as their start date are misreading the guidance.

The practical position for any project planning UK-facing marketing in the second half of 2026: the financial promotions regime is fully in effect and being enforced. The new licensing regime adds authorisation obligations on top; it does not defer the promotions rules. Starting compliance planning now means resolving both in sequence, rather than managing authorisation paperwork while cleaning up a promotions breach at the same time.

The five most common compliance failures in crypto marketing

Based on campaigns we have reviewed and the FCA's enforcement record, these are the patterns we see most often.

Owned channels left unreviewed. Paid ads go through a compliance check; the project's own X account, Telegram channel, and Discord server do not. Community announcements inviting members to a token sale are financial promotions. The FCA does not treat the absence of paid spend as an exemption.

Offshore projects assuming UK rules do not apply. The HTX case settled this. If your campaign reaches UK users and constitutes an inducement to invest, you need to comply. An English-language website accepting GBP is in scope.

KOL content treated as outside the regulatory perimeter. Token compensation creates a commercial arrangement. The FCA looks at the substance of the relationship, not its structure. A creator who received a token allocation and published promotional content is in scope, regardless of how the arrangement was documented.

Risk warning buried or not prominent. Adding the risk warning below the fold, or linking to it from the creative rather than including it in the creative itself, does not satisfy PS23/6. Prominence is a hard requirement, not a design suggestion.

Referral and bonus mechanics still running. The incentive ban has been in place since October 2023. Refer-a-friend programmes and deposit bonuses directed at UK audiences have been non-compliant for over two and a half years. These continue to surface in audits of campaigns that have otherwise been reviewed.

What this means for your next campaign

The FCA issued more than 1,500 enforcement alerts in the first year of the regime, took its first enforcement action in February 2026, and published a full regulatory framework covering the next five years. Compliance is no longer optional for UK-facing campaigns; it is the operating environment.

A brief-stage review and a documented approval chain are what turn compliance from a late-stage scramble into a repeatable system. Teams that do this once know what their process looks like. Teams that do not review until late in production build friction into every campaign they run.

The projects with the strongest UK positioning right now ran compliant campaigns early enough that they already know what their approval process looks like. They are not pausing campaigns for last-minute legal review.

If you want a second opinion on whether your next campaign is set up correctly, we review campaign briefs for compliance readiness before they go to market. Book a call and we can walk through it.

For a wider view of what to look for in a crypto marketing agency, including how to assess whether a potential partner understands UK compliance obligations, see our guide to choosing an FCA-aware crypto marketing agency.