ImplementationStablecoin and Custody

Stablecoin and Custody Readiness: The Operational Build Behind the Rules

A practical guide to stablecoin and custody readiness under the incoming UK crypto regime, covering safeguarding architecture, reserves, reconciliations, returnability, third-party oversight, and the operating evidence firms are likely to need.

By MEMA Regulatory Team·6 min read·

What It Is

Stablecoin and custody readiness is the practical work required to show that customer assets, reserve assets, wallet infrastructure, and related operational dependencies are governed in a controlled and returnable way. Under the incoming UK crypto regime, this is likely to be one of the most technically demanding implementation areas because it reaches deep into daily operations, not just legal structure or policy language.

For stablecoin issuers, the challenge includes reserves, redemption mechanics, governance, safeguarding, and disclosures. For custody and safeguarding models, the burden typically centres on wallet architecture, reconciliations, exceptions, incident response, key management oversight, and the ability to return customer assets promptly and accurately. In both cases, firms need to prove not just that the framework exists, but that it can operate under stress.

This is where many authorisation programmes move from advisory design into operating-model build.

Why the FCA Cares

Customer assets and payment-adjacent features create immediate harm potential if they are poorly governed. The FCA is therefore unlikely to treat custody and stablecoin work as a peripheral specialist topic. If a firm holds, controls, administers, or governs access to assets that customers expect to receive back on demand, the regulator will want to understand the full chain of records, decisions, reconciliations, counterparties, and escalation routes behind that promise.

The regulator is also likely to focus on operational concentration risk. Many firms rely on third-party custodians, wallet infrastructure providers, blockchain analytics vendors, cloud services, or group technology teams. Those dependencies may be commercially efficient, but they do not remove accountability from the UK-regulated entity. The FCA is likely to ask who oversees those providers, what information the firm can obtain from them, how incidents are escalated, and what happens if a provider fails or group support changes.

This is why custody and stablecoin readiness often becomes a joint exercise across operations, legal, technology, risk, and governance.

Which Firms Are Most Exposed

The clearest exposure sits with stablecoin issuers and firms whose core proposition includes custody or safeguarding. But the perimeter of operational risk is wider than that. Firms offering wallet functionality, omnibus holding structures, payment-adjacent crypto flows, or staking features can all create asset-governance questions that need explicit treatment.

Retail-facing businesses are especially exposed because the customer outcome risk is easier to visualise. If reconciliations fail, if incident records are incomplete, or if returnability is poorly designed, the consequences are not abstract. Customers may be unable to access, understand, or recover assets at the moment the control framework is under pressure.

Overseas groups with shared custody or shared infrastructure models also need particular care. The more the operating model relies on non-UK services, the more important it becomes to show how the UK entity governs those dependencies in practice.

What Firms Get Wrong

The most common mistake is describing custody as a feature rather than a control environment. Firms explain that assets are segregated, safeguarded, or held with a reputable provider, but do not show how records are maintained, who reconciles them, how breaks are investigated, or what happens if ledger positions and customer records diverge.

The second common error is treating returnability as a legal concept rather than an operational process. A credible returnability position needs to answer practical questions: where is the definitive customer record, what approvals are needed to release assets, what happens if there is a freeze or exception, how are errors corrected, and who communicates with customers during an incident? Those questions cannot be answered through a single policy statement.

The third error is underestimating third-party oversight. Firms often know which provider performs a function, but not what information rights, audit access, or recovery options they actually have if something goes wrong. That weakness matters more, not less, in a crypto model that depends on specialist infrastructure.

What Evidence the FCA Is Likely to Expect

Firms should expect the FCA to look for evidence that the asset-control model is documented and genuinely operable. That typically means architecture papers, reconciliations, record designs, exception handling procedures, third-party due diligence, incident playbooks, governance records, and customer-facing disclosures that align with the real process.

For custody models, a strong evidence set usually includes:

  1. Clear wallet and account architecture.
  2. Customer asset record and reconciliation logic.
  3. Exception and break management procedures.
  4. Third-party oversight and information rights.
  5. Incident management and customer communication procedures.
  6. Wind-down or returnability sequencing under stressed conditions.

For stablecoin-adjacent models, firms may also need reserve-governance, redemption, safeguarding, and disclosure materials that explain how the proposition works in normal and stressed conditions. The stronger the redemption promise, the more closely the underlying process will be tested.

Good Implementation Looks Like

Good implementation starts by identifying the real source of truth for customer positions and reserve data. The firm then works outward from that point: how are positions updated, how are reconciliations performed, who reviews exceptions, which logs are retained, how are assets released, and how are third parties overseen? This produces a control map that operations, risk, compliance, and senior management can all understand.

The best files also distinguish framework from procedure. A safeguarding or custody framework explains the principles, accountabilities, and control standards. The operating manuals explain how the processes actually run each day. The evidence layer then shows that reconciliations happened, breaks were investigated, incidents were escalated, and oversight took place.

This is also an area where tabletop exercises are especially valuable. A firm that has run through returnability, disruption, or third-party failure scenarios is usually far better prepared for FCA challenge than one that has only drafted documents.

Current FCA Materials to Track

The main official source here is CP25/14: Stablecoin issuance and cryptoasset custody, alongside the FCA's broader new regime overview. Stablecoin-adjacent firms should also watch how the final policy statements treat reserve governance, redemption mechanics, and safeguarding expectations, because these points are likely to drive the hardest operating-model changes.

How MEMA Supports This Work

Our crypto readiness work helps firms move from broad custody or stablecoin descriptions into a usable control architecture. That includes asset-governance mapping, returnability analysis, third-party oversight design, and the operational evidence pack needed to make the framework credible under authorisation scrutiny.

Frequently Asked Questions

Why are stablecoin and custody models so operationally heavy?

Because the regulatory burden goes beyond policy design into reconciliation, asset records, returnability, incident handling, reserve governance, outsourcing oversight, and customer communications. These are day-to-day control questions, not just legal drafting points.

What does returnability mean in practice?

It means the firm can identify customer assets accurately, reconcile them, manage exceptions, and return them in an orderly way under both normal and stressed conditions. The stronger the custody or safeguarding proposition, the more important this becomes.

Does this only matter for firms issuing a stablecoin?

No. It matters directly for issuers, but also for firms with custody, safeguarding, wallet, or payment-adjacent roles that create operational control obligations around customer assets, reserves, or redemption processes.

What usually weakens these files?

Weak files often describe safeguarding in broad terms but do not show how records are maintained, how reconciliations work, how third parties are overseen, or how customers would actually receive assets back in a disruption or wind-down scenario.

stablecoincrypto custodysafeguardingreturnabilityreconciliationswallet governance

Need help implementing this?

Our regulatory consultants can help your firm meet FCA requirements with practical, evidence-based implementation support.

Book a Free Consultation
Related Explainers

Continue Reading

Decision

Crypto Permissions and Perimeter: How to Scope the UK Authorisation Route

A practical guide to permissions mapping for the incoming UK cryptoasset regime, covering perimeter questions, UK nexus, business-model scoping, group structures, and why the permissions memo is the first serious authorisation work product.

7 min readRead →
Implementation

Crypto Prudential Readiness: What the FCA Is Likely to Test

A practical guide to prudential readiness for cryptoasset firms, covering capital, liquidity, wind-down planning, group dependencies, financial resilience, and the evidence the FCA is likely to expect under the developing UK regime.

6 min readRead →
Governance

Admissions, Disclosures and Market Abuse: Readiness for Trading Platform Models

A practical guide to admissions, disclosures and market abuse readiness under the incoming UK crypto regime, covering listing controls, disclosures, surveillance, conflicts, retail-facing conduct, and the evidence trading platform models are likely to need.

6 min readRead →