1. Overview
Prive enables UK residents to swap supported stablecoins through a third-party decentralised exchange (DEX) aggregator. Stablecoins fall within the FCA’s definition of a qualifying cryptoasset and their promotion to UK consumers is regulated under the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 as amended by SI 2023/612 (effective 8 October 2023).
This page documents the controls Prive has implemented to comply with PS23/6 (Financial promotion rules for cryptoassets), FG23/3 (Guidance on cryptoasset financial promotions), COBS 4.12A (Promotion of Restricted Mass Market Investments) and COBS 10 Annex 4G (Appropriateness assessment topics for RMMIs). The screenshots below are taken directly from the production iOS / Android build and reflect the actual user journey enforced for users identified as UK residents.
This page documents the controls Prive has implemented to comply with PS23/6 (Financial promotion rules for cryptoassets), FG23/3 (Guidance on cryptoasset financial promotions), COBS 4.12A (Promotion of Restricted Mass Market Investments) and COBS 10 Annex 4G (Appropriateness assessment topics for RMMIs). The screenshots below are taken directly from the production iOS / Android build and reflect the actual user journey enforced for users identified as UK residents.
2. Regulatory scope
The FCA compliance journey is enforced for any user where any one of the following is true:
- — Their KYC residency country is
GB(verified through Sumsub or Bridge). - — Their phone country is
GBand no overriding KYC residency is on file. - — A previous FCA compliance record exists for the account (the journey is sticky once started).
Scope is determined by the user’s geography — primarily verified KYC residency, with the user’s IP-derived country as a secondary signal — so the journey is enforced for any user identified as a UK resident. The same checks are duplicated server-side (see §12) so the rules cannot be bypassed by a tampered client.
3. RMMI classification
All cryptoassets we promote — including USDC, USDT, PYUSD and any future supported stablecoin — are classified as Restricted Mass Market Investments (RMMIs) under COBS 4.12A.7R. The full RMMI promotion regime therefore applies: prescribed risk warning, 24-hour cooling-off, positive frictions (categorisation and appropriateness), and a ban on monetary or non-monetary incentives.
4. Risk warning (COBS 4.12A.21R)
Every swap screen carries the FCA-prescribed risk warning, displayed persistently as a compact strip directly above the swap action. Tapping the strip opens the full prescribed summary in a bottom sheet, including the “Don’t invest unless you’re prepared to lose all the money you invest” statement and the four mandatory sub-statements about high risk, no consumer protection, value loss and complexity.
The wording is taken verbatim from COBS 4.12A.21R(1). We do not paraphrase or truncate it.
The wording is taken verbatim from COBS 4.12A.21R(1). We do not paraphrase or truncate it.
5. 24-hour cooling-off period
First-time UK users must wait 24 hours from the moment they start the journey before they can complete categorisation and the appropriateness assessment, in line with COBS 4.12A.27R. The cooling-off screen surfaces a live countdown, educational content reinforcing the high-risk nature of cryptoassets, and a clearly labelled “I need more time” option.
The 24-hour period is enforced from the timestamp at which the user first requested access to the swap journey and is independently re-checked server-side before any swap is permitted.
The 24-hour period is enforced from the timestamp at which the user first requested access to the swap journey and is independently re-checked server-side before any swap is permitted.
6. Personalised risk warning
Immediately after the cooling-off period, the user is shown a personalised risk warning addressed by their verified legal first name (taken from KYC, not from a self-asserted profile field). It restates that cryptoassets are high-risk, that the user could lose all of the money they put in, and that the money they invest is not protected by the Financial Services Compensation Scheme (FSCS). The user must explicitly confirm they have read it before proceeding.
7. Client categorisation (COBS 4.12A.22R)
Users self-categorise as one of the three permitted RMMI investor types: Restricted, High Net Worth, or Sophisticated. Each option presents the FCA-prescribed declaration text in full. A declaration warning explains the consequences of misrepresenting the chosen category. The choice and timestamp are persisted to the user’s FCA compliance record and re-confirmation is required after 12 months (COBS 4.12A.23R).
8. Appropriateness assessment
Before their first swap, every UK user must pass an appropriateness assessment covering all twelve topics prescribed by COBS 10 Annex 4G:
- 1. Nature of cryptoassets
- 2. Risks of cryptoassets
- 3. FSCS protection (or lack of it)
- 4. Financial Ombudsman Service
- 5. Price volatility
- 6. Liquidity risk
- 7. Security and custody
- 8. Regulatory status of cryptoasset firms
- 9. UK tax treatment
- 10. Stablecoins (specific risks)
- 11. Suitability and concentration
- 12. Fraud and scams
The user must answer all twelve correctly. After three failed attempts the account is locked out for 24 hours, in line with COBS 10.4.1G. The result screen surfaces the topics the user got wrong (without revealing the correct answers) so they can revisit the educational disclosures before retrying. Question content and correct-answer positions are intentionally redistributed (a / b / c / d each appear three times, with no two consecutive questions sharing the same letter) so the quiz cannot be passed by spamming a single option.
On a successful pass the user sees a confirmation screen and the swap action is unlocked server-side:
9. Per-token stablecoin due diligence
For every stablecoin we promote, the user is shown a token-specific disclosure sheet covering issuer, jurisdiction, reserve composition, redemption mechanics, peg history and known risks. The user must explicitly acknowledge the disclosure for each token before that token becomes selectable in the swap. This satisfies the FCA’s expectation under FG23/3 §3.16–3.21 that “due diligence” on the specific investment is communicated to the consumer.
10. Ban on incentives (COBS 4.12A.20R)
The FCA prohibits monetary and non-monetary incentives in cryptoasset financial promotions to retail consumers. For UK users, Prive hides:
- — The “Refer & Earn” entry point in Settings.
- — Invite-code entry on the welcome / onboarding screens.
- — Referral discounts on card top-ups and swap fees.
- — Any banner or notification promoting a referral bonus.
Gating is centralised so that incentives are switched off automatically whenever a user is in scope of the FCA journey. The screenshot below shows the Settings screen for a UK user — the “Refer & Earn” row is not rendered.
11. English-only compliance journey
The Prive app supports several languages. The FCA compliance journey, however, is forced to English regardless of the user’s app locale. We do this because:
- — COBS 4.12A.21R prescribes the exact English wording of the risk warning.
- — COBS 4.12A.22R prescribes the exact English wording of the categorisation declarations.
- — References to UK statutory bodies (FSCS, FOS, HMRC) and UK-specific concepts (CGT, ISA) have no meaningful translation.
- — Translating prescribed wording would create legal and translation risk that outweighs the UX cost.
This matches the convention used by Revolut, Monzo, Coinbase UK and other FCA-authorised firms operating multi-language apps. The override is applied to the entire FCA journey as well as the risk-summary bottom sheet, so users always see the prescribed wording even if their app is set to another language.
12. Server-side enforcement
Every client-side check is duplicated server-side. Before any swap is forwarded to the DEX aggregator, the server independently re-verifies two things:
- — that the user is resident in the United Kingdom (based on KYC information, registered phone country and any prior FCA records on file); and
- — that the user has completed the full FCA journey — namely, the 24-hour cooling-off period, a current investor categorisation (renewed within the last 12 months), a passed appropriateness assessment, and the per-token stablecoin disclosure for the specific stablecoin being swapped.
If either check fails, the swap is rejected. A tampered or out-of-date client cannot bypass the journey.
13. Record-keeping and audit trail
Every step of the FCA journey is recorded as an immutable audit entry against the user’s account. Each entry captures the step, the timestamp, the app version, the locale shown to the user, the country derived from the user’s IP address (where available) and any relevant payload — for example the selected investor category, the assessment score, or the stablecoin symbol that was acknowledged. Records are retained for a minimum of five years to satisfy SYSC 9.1.1R.
The Prive Admin console exposes a dedicated “FCA Compliance” section per user, including the full audit trail, current state, and operational actions (“Reset Journey”, “Extend Categorisation”, “View Raw State”) for handling Requests for Information and remediation.
The Prive Admin console exposes a dedicated “FCA Compliance” section per user, including the full audit trail, current state, and operational actions (“Reset Journey”, “Extend Categorisation”, “View Raw State”) for handling Requests for Information and remediation.
14. Contact
For regulatory or compliance enquiries, including FCA Requests for Information:
Prive Technologies Limited
Email: compliance@prive.money
Website: www.prive.money
Prive Technologies Limited
Email: compliance@prive.money
Website: www.prive.money
