BLINC magazine: the end of crypto experiments

As regulations mature, institutions are transferring ownership of digital assets from product teams to group risk, compliance and board-level governance.

Until recently, digital assets were constrained to the fringes of the financial services sector. They were neither dismissed nor embraced but rarely entered into conversations beyond product teams or innovation labs. For many large financial institutions, engagement was relatively cautious, siloed and intentionally restricted.

The situation is very different today. It isn’t just the sentiment around digital assets that has changed − it is also the ownership. In terms of institutional priorities, digital assets have moved on from simple product experiments to enterprise-level governance, dominating board-level discussions about operational resilience, compliance, safeguarding and counterparty risk.

Institutions no longer experimenting 

BCB Group and Aon work closely with financial institutions and regulators and have observed
this trend first-hand.

In the last few years, global banks, asset managers and insurers have begun to integrate digital assets into their core operations, not necessarily because of a surge in enthusiasm but out of necessity.

Rupert Poland, Head of Digital Assets EMEA at Aon, and James Sullivan, Chief Risk and Compliance Officer at BCB Group, have key insights on this trend.Sullivan notes that institutions are responding to the alignment of digital assets with familiar legal and regulatory structures, which help justify engagement at the board and Chief Risk Officer (CRO) level.

Ahead of the joint Aon–BCB Group BLINC Live! event in London in February 2026, both firms are keen to highlight a seismic shift in how large institutions now view digital assets. The event will bring together institutions, insurers and regulators to explore how optimising governance, safeguarding and risk transfer will shape the next phase of digital asset adoption.

US sparks an inflection point

Poland says the changing narrative in the US − where the GENIUS Act stablecoin regulation was signed into law in July 2025 − has sparked an inflection point.

That shift may have less to do with the legislative detail than with what clarity enables institutions to do. In the boardrooms of financial institutions, regulatory clarity helps to ease speculation about what any new regulation might look like. This
is why there are still some concerns about the UK’s regime, for instance, with a full regulatory framework not having been confirmed.

“The tone from policymakers has become more welcoming, and that has given institutions more confidence in the longevity of any investment they make in the space,” says Poland.

Developments in the US – along with the EU’s MiCA rules − have compelled large institutions to consider digital assets across the whole organisation, rather than just in single product verticals or innovation teams.

Sullivan reinforces this view, arguing that regulatory clarity has been the most important factor in changing institutional perception. He highlights how the UK’s prospective regime can also “bring UK crypto trading platforms, brokers and custodians into the regulatory perimeter and apply familiar rules for capital”. “MiCA has been difficult for businesses to digest and implement and has been subject to lots of challenges from the industry.

In addition, it has been applied inconsistently in different jurisdictions,” Poland adds.

However, MiCA has created a new framework that can help institutions launch new products more confidently.

“Whilst MiCA is far from the gold standard, it has at least drawn a clear regulatory perimeter, which means institutions can start to offer products knowing where the line is,” Poland adds.

This regulatory legibility hasn’t just changed policy debates but how institutions engage internally.

The transfer of ownership 

Aon has significant relationships with many of the world’s largest financial institutions and has been having conversations about digital asset risk for years – but often at the product team level.

Increasingly, its Group Risk functions and CRO teams are treating digital assets as top-tier risk priorities, often at the same level as artificial intelligence.

When Group Risk teams and CROs took ownership, digital assets were elevated from a pilot project to a governance process.

Cross boarder payments are a key interest 

The inability to provide cross-border payments quickly, affordably and at scale was a major operational burden.

After BCB’s instant settlement network was introduced in 2020, institutions that handled large numbers of high-volume transactions were no longer reliant on legacy infrastructure that was built purely for fiat and didn’t cater to the 24/7 demands of the modern economy.

Those efficiencies have changed not just how money moves, but how risk is assessed.

The due diligence shift 

The industry is having more “mature risk conversations”, Poland adds, as insurers focus on and quantify risk.For example, consider what happens when there are one or two rogue actors − what is the overall impact to a business and its clients?

There has been a notable shift in the granularity of conversations. What were once generic cyber discussions have now become much deeper conversations about precise loss scenarios, lateral movements and detection speed.

Poland says this isn’t about using an “off-the-shelf” policy; it’s about quantifying specific risks. For example, how quickly can a business detect and contain the breach of an endpoint or collusion between one or more insiders?

“We’ve spoken to digital asset firm who were initially slightly dismissive of the risks they face, and then a year or two later they experience a major incident that hits the press,” he says.

This is one of the reasons why so many financial institutions were hesitant to engage with digital asset providers until recently.Now, however, the best-run digital asset firms take a structured approach to identifying and quantifying their risks – and proactively decide which risks to prioritise for mitigation and/or transfer.

BCB Group treats risk as a core operating discipline, not a reactive compliance exercise. This means resilience, safeguarding and governance are embedded into operations and regularly reviewed as transaction volumes change and the market evolves.

Sullivan points to three key factors that have had the biggest material impact on the institutional perception of digital assets:

1 Stablecoin regulation
New bespoke regulatory frameworks − including the EU’s MiCA rollout, the GENIUS Act in the US and the UK’s proposed sterling-denominated systemic stablecoins − have been major catalysts for improving both institutional perception of and participation in digital assets.

2 Custody and safeguarding clarity
Sullivan says the industry has witnessed a number of high-profile failures in the past. This is why an emphasis on robust client asset safeguarding is now paramount, and BCB Group welcomes moves by regulators such as the FCA to align new rules for payment institutions with its rigorous Client Assets Sourcebook framework to significantly raise the bar for client protection.
For Sullivan, this shift is about more than compliance: robust safeguarding is now the minimum expectation for building institutional trust and is no longer a competitive differentiator.

3 Softening supervisory stance
Sullivan also argues that the recent reassessment of the Basel Committee’s proposed prudential rules for banks’ crypto exposures indicates the regulatory attitude towards banks’ engagement with digital assets is softening, bolstering institutional interest in this sector.

Changing the narrative in the UK

Both Aon and BCB Group are optimistic about the regulatory environment in the UK, although they urge the country to accelerate its rollout to catch up with the EU and US.

“The narrative should shift from one of consumer protection versus growth to one of enabling innovation through stringent, clear regulation,” says Sullivan.

But the UK will “miss a trick” without clear rules – which the FCA have announced will be in place by the end of 2027, says Poland. He believes there is certainly a window to put the UK on the map, but it won’t stay open indefinitely.The FCA has just released a swathe of consultation papers on crypto − and Poland believes this is a big opportunity.

“The FCA has been engaging actively with industry, and if they get this right, it’s a real chance for the UK to build on
MiCA and to learn from the US Clarity Act, which is still being finalised, and similar proposals, rather than copying them wholesale.The Clarity Act will not take effect until January at the earliest, which means the UK won’t be that far behind, unless there are unforeseen delays.

What does a good regime look like?

Poland says if the UK can design a regime that provides clarity and high standards, avoids some of the unintended consequences seen elsewhere, and is genuinely competitive on a global level, it can position itself as a leader.

“We already have a lot going for us: talent, legal infrastructure, and a sophisticated insurance and capital markets ecosystem,” he notes.

He believes that with the right regulation, the UK could become a “real powerhouse”, bolstered by the wisdom of seeing what other regulators have tried, where they’ve stumbled and how to correct the mistakes while taking the successes.”The FCA should be able to fix a number of known holes in both MiCA and the GENIUS Act,” he adds.In regulation, being second can be an advantage, but only if you move fast enough.

These questions are set to dominate industry discussions in London in 2026, as institutions, regulators and insurers assess how quickly the UK can turn regulatory ambitions into a successful new regime. These are the kinds of questions BCB Group’s and Aon’s BLINC Live! event is designed to tackle in February.

These developments represent a rapid transition towards regulatory certainty, which institutions are demanding in order to fully engage with this sector.

Moving from silos to embedded risk management

Both firms expect large traditional financial institutions to move from a siloed, experimental approach to one that fully integrates
digital asset risk and compliance into core, group-level governance structures.

Sullivan says this transition is forcing institutions to apply long-established governance principles to digital assets, rather than creating new frameworks from scratch.
However, he says this adjustment can only be achieved with four key actions:

1. Demanding proof of foundational safeguarding and risk management
2. Enforcing strict segregation of client assets
3. Establishing tier-one counterparty relationships
4. Adopting ‘best-of-both’ regulatory compliance

For digital asset providers, insurance is also becoming a commercial passport rather than a one-off purchase, as financial institutions, particularly those with tier-one status, demand it to satisfy their due diligence requirements.

“Insurance is increasingly being used as a governance tool that exposes weak controls long before a crisis does,” Poland says − although “it is a tool in a set of many”, he adds.

Debunking myths around insurance capital 

There is a longstanding misconception that the digital asset sector doesn’t have enough insurance capital.

Poland disagrees, arguing that it’s insurers’ understanding of the broader digital asset market, and their risk appetite, rather than raw capital, that’s currently constraining supply.

“Some jurisdictions have already allowed insurers to use digital assets as capital”, he added. This is often because the regulators of those jurisdictions have more time and capacity to engage directly with individual firms and move more nimbly to address risks.
Using digital assets as insurance reserves can reduce asset liability mismatches when a liability and exposure is linked to crypto.
However, this becomes more complex when the value of reserves is not correlated to the exposure.

“If you’re underwriting traditional USD-denominated risks – a hurricane loss in Jamaica, for example – holding Bitcoin as capital introduces a separate market risk that has nothing to do with the underlying catastrophe exposure, which needs to be considered fully” Poland says.

Strong, systemic gender equality policies signal maturity, integrity and resilience.

Lower prices- easier sign off 

Premiums are falling, and the digital asset sector is becoming more legitimised.

This has made it easier for insurers to get sign-off and assess more options. Poland says this has reduced prices to what seems “fairer and more appropriate to the risk” − underpinned by regulation, the involvement of the big institutions, and the ongoing maturation of the digital asset ecosystem.”Another driver is the pure sales pitch. If you can earn a million with Bank A, then the insurance spend becomes less important,” he adds.

For institutions, capital strength is only one part of governance Increasingly, regulators and counterparties are scrutinising culture and diversity. Aon and BCB Group are unanimous about the importance of making more progress on gender equality, especially as the digital asset market matures. This is now becoming a critical differentiator for crypto-asset service providers (CASPs) as financial institutions and regulators increasingly scrutinise governance and risk culture.

“Strong, systemic gender equality policies signal maturity, integrity and resilience,” Sullivan says.
“They also help prevent groupthink, strengthen decision-making and help CASPs align with the regulatory expectations of regimes such as MiCA,” he adds.

Both firms agree on the commercial imperative to build sustainable businesses and long- term trust with clients, and gender quality is a key element in making that happen.

But there are caveats

Sullivan says the UK’s PRA is unlikely to permit the use of non-stable digital assets as primary insurance capital in the near term.
The priority, at least for now, is policyholder protection and establishing resilience under the current solvency regimes.
If the UK does not permit the use of non-stable digital assets as primary insurance capital, this could be detrimental to its ambitions to become a global digital assets hub.

“The goal of becoming a hub is not just to house crypto exchanges, but to modernise financial market infrastructure using the underlying technology,” says Sullivan.“The inability to tokenise insurance- linked securities or other forms of capital to improve efficiency and access to third-party funding would represent a ‘missing trick’ in the broader financial services overhaul.”

As payments, custody and capital markets adopt digital assets, institutional engagement with this sector is now becoming the default option. However, the big question is whether governance, safeguarding and regulations will advance quickly enough to support this rapid adoption as the market matures.

The winners in 2026 will be those that embed digital assets into their financial infrastructure and fully integrate risk into their group-level governance structures.

Key milestones and unresolved questions for 2026

The Crypto-Asset Reporting Framework (CARF) deadline.
This will lift compliance standards across the OECD and set the global floor for institutional trust and transparency.”CARF is a G20-mandated, OECD-developed international standard for the automatic exchange of information in tax matters. This is a massive, multi- jurisdictional undertaking that demands a wholesale overhaul of compliance and reporting technology and processes.”

Structural operationalisation  
The industry will also need to prepare for the full operationalisation of MiCA and the UK’s new systemic stablecoin regime. This will need to cover everything from capital structures and reserve management to segregation mechanisms.”They will need to be fully compliant with the explicit, often prescriptive, requirements of these new laws,” Sullivan said.
“The industry will need to focus on integrating the data requirements of CARF into systems that are already being fundamentally shaped to meet capital and custody compliance requirements for MiCA and the Bank of England.”

Read the full issue here