The UK's regulatory landscape for crypto is shifting fast. On June 30, the FCA published its final crypto rules, with the authorisation gateway set to open in September and the wider FSMA perimeter extending to digital asset activities from October 2027. For law firms advising clients who hold or transact in crypto, that shift is already changing how transactions get scrutinised - nowhere more so than in UK property purchases funded by crypto proceeds.

We spoke with Marcia Howards, Senior Associate Solicitor at Saracens Solicitors, whose practice spans crypto compliance, AML and source of funds checks, and commercial and IP agreements in the space. She walks us through what heightened FCA oversight means in practice: the evidential burden now facing clients who want to buy property with crypto-derived funds, how source of funds and AML checks are becoming more forensic as regulatory supervision consolidates, and why commercial and IP agreements for crypto businesses can no longer be treated as boilerplate paperwork.

Q: What are the biggest compliance challenges you’re seeing for clients buying UK property with digital asset proceeds right now?

For clients buying UK property with cryptoasset proceeds, the changes would likely make the transaction more heavily scrutinised, not because crypto proceeds are automatically unacceptable, but because they usually create a higher evidential and risk-assessment burden for the solicitor.

Key effects would include:

  1. Higher source of funds and source of wealth burden
    The client would need to evidence not only that the cryptoassets exist, but how they were acquired, held, transferred, and converted into fiat currency. A simple bank statement showing sale proceeds would usually be insufficient.
  2. Greater expectation of blockchain tracing
    Under FCA-style supervision, firms may be expected to show that they considered wallet history, exchange records, transaction hashes, counterparties, and whether the crypto passed through mixers, privacy coins, high-risk exchanges, DeFi protocols, or sanctioned wallets.
  3. Enhanced due diligence likely
    Crypto-funded property purchases would often trigger enhanced due diligence because of the combination of:
    • high-value UK real estate;
    • cross-border value transfer;
    • anonymity or pseudonymity risks;
    • potential sanctions exposure;
    • difficulty verifying historic wealth generation.
  4. More cautious approach to accepting funds
    Solicitors may be more reluctant to receive funds directly linked to crypto conversion unless they come through a reputable, regulated exchange, with clear audit trails and satisfactory evidence of the original acquisition of the assets.
  5. More detailed file notes and audit trail
    The firm would need to record why it was comfortable proceeding, what evidence it reviewed, what red flags were considered, and why any risks were mitigated.
  6. Increased risk of delay or refusal to act
    If the client cannot provide a coherent crypto transaction history, or if tracing indicates exposure to high-risk wallets, darknet markets, ransomware typologies, sanctioned entities, or unexplained layering, the solicitor may need to pause, make further enquiries, consider a SAR, or cease acting.
  7. Dual regulatory consequences
    Even if the FCA becomes the AML/CTF supervisor, the SRA would still regulate professional conduct. So a poor decision on a crypto-funded purchase could create both AML supervisory risk and professional conduct risk.

The transition to FCA supervision is likely to have particular significance for clients purchasing UK property with cryptoasset-derived funds. Such transactions already present elevated AML/CTF risks because cryptoassets may obscure the origin, ownership and movement of value. Under a more data-led and interventionist FCA model, solicitors would be expected to evidence a more rigorous assessment of source of funds and source of wealth, including exchange records, wallet ownership, transaction histories, conversion routes and any exposure to high-risk typologies such as mixers, privacy coins, unregulated exchanges or sanctioned wallets. In practice, firms may be more cautious in accepting crypto-derived funds unless the client can provide a clear, independently verifiable audit trail showing lawful acquisition, holding and disposal of the assets. Where that evidence is incomplete or inconsistent, the solicitor may need to undertake enhanced due diligence, delay completion, consider whether a suspicious activity report is required, or decline to act.

Q: How are AML and source of funds checks evolving as the FCA tightens its crypto framework?

AML and source of funds checks are moving from a largely profession-led, risk-based compliance exercise into a more formalised and regulator-driven framework, particularly where digital assets are involved. The FCA already acts as the AML/CTF supervisor for UK digital asset businesses under the Money Laundering Regulations, requiring in-scope digital asset exchange providers and custodian wallet providers to register with the FCA and comply with AML obligations. That position is now being strengthened by the wider digital asset regulatory regime, under which digital asset activities will be brought within the FCA’s FSMA perimeter from 25 October 2027.

For solicitors and law firms, this does not remove the need to conduct robust matter-level AML, client due diligence, source of funds and, where required, source of wealth enquiries. Rather, it changes the context in which those enquiries will be assessed. Crytpo-derived funds will increasingly be expected to be evidenced with the same discipline as funds passing through the conventional banking system, but with additional verification of the digital asset journey: how the client acquired the digital asset, whether the original funds used to purchase it were legitimate, whether the assets were held or traded through reputable and FCA-supervised platforms, whether there are unexplained transfers, use of mixers or tumblers, privacy coins, offshore exchanges, or other indicators of layering, and whether the final fiat proceeds can be traced into the account used for the transaction.

The move towards the FCA becoming the single professional services supervisor for AML/CTF, with the SRA’s AML supervisory role expected to reduce significantly, is also important. The government’s proposed reforms envisage the FCA taking over AML/CTF supervision of professional services, including legal services, while existing professional bodies and regulators continue to have a role in cooperation, information-sharing and sector-specific input. The practical effect is likely to be more consistent supervisory expectations across sectors, closer alignment between legal-sector AML compliance and financial-services standards, and greater emphasis on demonstrable systems, controls, governance and evidence rather than reliance on professional judgement alone.

In practice, firms should expect source of funds checks involving digital assets to become more forensic. It will not usually be sufficient to establish that funds have arrived from a bank account, or even that they have been converted from a digital asset into sterling. The firm should be able to evidence the source of the original fiat investment, the acquisition and holding of the digital asset, the trading history or wallet activity where relevant, the conversion back into fiat currency, and the movement of funds into the client’s account. Where there are gaps in the audit trail, use of high-risk platforms, inconsistent explanations, or refusal to provide supporting evidence, firms should consider enhanced due diligence, escalation to the MLRO, whether a suspicious activity report is required, and whether they can continue to act.

The direction of travel is therefore towards convergence: digital asset firms will be subject to more comprehensive FCA authorisation, prudential, conduct, operational resilience and financial crime standards, while law firms will be supervised against a framework that is likely to be more centralised, data-led and FCA-influenced. This should not be viewed as a lowering of solicitors’ obligations; if anything, it is likely to raise expectations around documented risk assessments, quality of evidence, ongoing monitoring, and the ability to explain why the firm was satisfied that the funds were consistent with the client’s profile and not the proceeds of crime.

A sensible response for firms is to update their AML policies and matter risk assessments now, particularly for conveyancing, private wealth, corporate and investment matters where crypto-derived funds may arise. Firms should train fee earners to identify digital asset red flags, require early disclosure of any digital asset exposure, use blockchain analytics or specialist support where proportionate, and record clearly why the evidence obtained is sufficient. The key question will increasingly be not simply whether the client can produce funds, but whether the firm can independently understand, evidence and justify the path by which those funds were generated, held, converted and transferred.

Q: What should digital asset businesses know about commercial and IP agreements in this space?

Digital asset businesses operating in, from or into the UK are entering a period of sharper regulatory definition. For founders, exchanges, custodians, token issuers, staking providers, wallet providers, software vendors, market infrastructure providers and brand owners, the message is clear: commercial and IP agreements can no longer be treated as operational paperwork only. They should be part of the control environment that demonstrates how the business understands its regulatory perimeter, manages financial crime risk, protects valuable technology and data, and evidences source-of-funds and source-of-wealth checks where required.

Fuller FSMA framework

The UK has strengthened legal certainty around digital assets as property. The Property (Digital Assets etc) Act 2025 confirms that certain digital or electronic assets are not prevented from being objects of personal property rights merely because they do not fit within the traditional categories of things in possession or things in action. That development matters for contracting: it supports clearer drafting around ownership, custody, security, insolvency treatment, recovery and dispute resolution.

Allocate regulatory responsibility expressly

A recurring weakness in digital asset contracting is that agreements describe the product or technology well but say too little about who is responsible for regulatory compliance. In this sector, that is risky. A services, platform, listing, custody, liquidity, staking, software-as-a-service or token issuance agreement should identify the parties’ roles, the regulated or potentially regulated activities being performed, the territories in scope, and the party responsible for FCA registration, authorisation, financial promotions compliance, sanctions screening, transaction monitoring and customer due diligence.

Where a counterparty provides technology only, the contract should avoid accidentally suggesting that it is arranging, dealing, custody, operating a trading platform or providing another regulated service unless that is intended and supported by the relevant permissions. Conversely, where a counterparty is carrying out an activity that may be regulated, the agreement should require evidence of registration, authorisation, exemptions or legal analysis, together with ongoing notification obligations if that position changes.

IP ownership should be separated from asset ownership and data rights

Digital asset projects often combine several layers of rights: the token or digital asset itself, the underlying software, smart contracts, APIs, data, branding, user interface, content, artwork, metadata, analytics models and documentation. Agreements should avoid conflating ownership of a token with ownership of the intellectual property connected to it. A buyer, user or holder may receive a digital asset without receiving copyright, trademark rights, database rights, source code rights or the right to commercialise associated content.

For technology collaborations, the contract should distinguish between background IP, newly developed IP, improvements, forks, open-source components, audit reports, smart contract code and vulnerability disclosures. It should also address whether the client receives an assignment, an exclusive licence, a non-exclusive licence or only access rights. In regulated or AML-sensitive contexts, IP clauses should also preserve the ability to use monitoring tools, retain compliance records and share information with regulators, auditors and law enforcement where legally required.

Smart contracts, custody and outsourcing need careful risk allocation

Where services rely on smart contracts or third-party infrastructure, agreements should explain whether code is provided “as is”, whether audits have been undertaken, who is responsible for remediation, and what happens in the event of a hack, exploit, oracle failure, bridge failure, governance attack, chain reorganisation, hard fork or protocol change. Liability caps and exclusions should be reviewed carefully, particularly where regulatory duties, custody obligations, data protection, confidentiality, fraud, wilful default or AML failures are involved.

Outsourcing and vendor contracts should support the firm’s governance evidence. The FCA’s direction of travel places emphasis on systems, controls, operational resilience, senior management oversight and readiness for authorisation. A business that depends on external wallet infrastructure, blockchain analytics, custody technology, cloud hosting, identity verification, transaction monitoring or Travel Rule messaging should ensure that service levels, audit rights, incident reporting, business continuity, data access and exit assistance are robust enough to satisfy regulatory scrutiny.

Conclusion

The latest UK developments point to a more mature digital asset market: one in which property rights are clearer, the regulatory perimeter is expanding. For digital asset businesses, well-drafted commercial and IP agreements are a first line of defence. They help allocate regulatory responsibility, evidence governance, preserve IP value, manage source-of-funds risk and create contractual tools to respond quickly where a transaction, wallet, counterparty or jurisdiction presents heightened financial crime concerns.

In short, digital asset contracts should be drafted for the regulatory environment that is arriving, not the lighter-touch environment that many businesses grew up in. Businesses that align their agreements with AML, source-of-funds, IP and operational resilience requirements now will be better placed to onboard partners, satisfy investors, respond to regulators and scale responsibly in the UK market.