Reaching through the screen: FCA v HTX breaks new ground with “persons unknown” enforcement

On 10 February 2026, the FCA published details of the first enforcement action under the cryptoasset financial promotions regime.

The target is HTX (formerly Huobi), a global exchange that the FCA alleges has been unlawfully promoting cryptoasset services to UK consumers since the regime took effect in October 2023. The case is significant less for the underlying breach, which is straightforward, than for the enforcement techniques the FCA has deployed to reach an anonymous offshore platform that has spent two years ignoring the regulator.

This case comes at a point when the UK’s regulatory framework for cryptoassets is on the verge of substantial expansion, with a comprehensive authorisation regime due to commence in October 2027. Under that regime, the territorial test for most cryptoasset activities shifts from establishment-based to consumer-facing. Overseas firms that serve UK retail consumers will need FCA authorisation regardless of where they are based, in addition to complying with the existing financial promotions restriction that is the subject of these proceedings. 

Background

HTX provides cryptoasset services through its website and mobile applications. In 2023, it was the sixth most-accessed virtual asset service provider in the UK, with 4.6 million visits. It operates through an opaque corporate structure. Despite requests, it has not disclosed its corporate identity to the FCA, and its platform user agreement does not name the operators. The named defendant in the proceedings brought by the FCA, Huobi Global S.A., is a Panamanian company that the FCA infers is the operator. HTX is not authorised by the FCA and withdrew a previous application for AML registration. 

The FCA engaged with HTX from July 2023, warning of the forthcoming financial promotions regime and requesting information on its compliance plans. It placed HTX on the warning list when the regime took effect on 8 October 2023. Over the following two years, correspondence went largely unanswered and a letter before action in August 2025 received no response. Proceedings were then issued by the FCA in October 2025 against Huobi Global S.A. and several categories of “persons unknown,” including owners, controllers, social media managers, and any newcomers who take on those roles before 31 October 2008. 

The FCA alleges that HTX promoted cryptoasset services to UK consumers through its website and across social media platforms including TikTok, X, Facebook, Instagram and YouTube, in breach of section 21 of the Financial Services and Markets Act 2000 (“FSMA”). The central question is how those promotions, made by an offshore platform, fall within the scope of a UK regulatory restriction. 

What “having effect in the UK” means

The financial promotions restriction has extraterritorial reach. Section 21(3) of FSMA applies to any communication that is “capable of having an effect in the UK.” The test does not require that the communicator intended to target UK consumers. It is enough that a UK person could receive and act on the communication.

An exemption is available under Article 12 of the Financial Promotion Order for communications directed only at persons outside the UK, subject to conditions including that proper systems and procedures are in place to prevent UK recipients from engaging in the relevant activity.

The FCA relies on a broad set of factors to establish that HTX’s promotions were capable of having effect in the UK.

• The website is in English.
• GBP is an available currency on the platform.
• UK photo identification is accepted for account verification.
• The terms only restrict UK retail users from trading derivatives, not other cryptoassets. UK users are not prevented from trading futures.
• An FCA employee was able to complete a test purchase of cryptoassets using a UK driving licence.
• In 2023 there were 4.6 million visits from the UK, with 13,000 in 2024.

HTX’s response was that it had “stopped targeting any UK customers.” That did not address the statutory test, which turns on capability of effect rather than targeting.

Overseas firms should note the FCA’s position. Accessible websites, the absence of effective geo-blocking, and the acceptance of UK identification documentation will be treated as evidence that promotions are capable of having an effect in the UK. A statement that UK consumers are not targeted, without systems to prevent them from engaging, will not suffice.

Enforcement innovations

The FCA has not previously needed to use persons unknown proceedings. Traditional financial services enforcement operates against firms and individuals that the regulator can identify. Authorised firms are on the register. Their controllers have been through the approvals process. Even unauthorised firms running illegal operations typically have identifiable directors and registered offices. Offshore crypto sits largely outside that architecture. HTX’s corporate structure is deliberately opaque, and two years of correspondence produced almost nothing. The FCA cannot identify who runs the platform through normal regulatory channels.

To solve that problem, the FCA has drawn on a body of practice developed since 2019 in private crypto fraud claims. In AA v Persons Unknown (2019), the High Court granted a proprietary injunction over Bitcoin and recognised cryptoassets as property. D’Aloia v Persons Unknown (2022) permitted service by NFT airdrop. Fetch.ai v Persons Unknown (2021) produced worldwide freezing orders against unidentifiable fraudsters. Osbourne v Persons Unknown (2023) allowed service solely by NFT. Those cases established that English courts will grant effective relief against anonymous defendants operating through pseudonymous infrastructure. The FCA has now adopted the same approach for regulatory enforcement.

Under section 380 of FSMA, the FCA may apply to the court where it appears that “any person” has contravened a relevant requirement. We are not aware that “any person” has previously been interpreted in the FSMA context to include unidentified classes or future persons. The FCA appears to rely on section 37 of the Senior Courts Act 1981 and the Court’s inherent jurisdiction to extend its reach to persons unknown and newcomers¹.

The fifth category of defendants encompasses any unknown persons who become a controller of HTX before October 2028, and against whom the FCA are seeking forward-looking injunctive relief . The FCA’s rationale is that HTX’s own user agreement contemplates changes in its operators at any time, and there is no reason to suppose a successor would behave differently. If such injunction relief is granted, it would run with the platform rather than any identified individual. We are not aware of precedent for this in financial services enforcement.

In practical terms, anyone who owns, controls or operates the HTX exchange, or who controls its social media accounts, is a defendant whether they know it or not. Once aware of the order (and the alternative means of service via the FCA’s public webpage is the mechanism for deemed notice), any continued breach of section 21 would also amount to contempt of court, carrying the possibility of imprisonment, unlimited fines and seizure of assets. The evidential burden for contempt is considerably lighter than for prosecuting the underlying regulatory offence.

The growing role of platform intermediaries

An injunction directed at an entity that has spent two years ignoring regulatory correspondence has obvious practical limitations. By contrast, an alternative and more effective mechanism  to prevent HTX’s non-compliance has already been adopted by the FCA. The FCA has asked Apple and Google to remove HTX applications from UK app stores, and asked social media platforms to block HTX’s accounts for UK-based consumers. Several have complied. TikTok blocked access by around February 2024. Meta blocked Facebook and Instagram by around May 2024. Telegram followed by October 2024. All of this happened before proceedings were issued in October 2025. The FCA thus achieved practical enforcement against an offshore platform without a court order, simply by asking intermediaries to act.

That model works here because HTX has no UK presence from which to challenge the FCA’s requests and the platforms have cooperated with the FCA voluntarily. Whether this approach would work against a larger exchange with more resources and a willingness to push back is untested. It also leaves the FCA dependent on the continued cooperation of a small number of technology companies for its primary means of preventing non-compliant offshore firms from reaching UK consumers.

Key takeaways

These proceedings establish a new enforcement toolkit for the FCA with application beyond this case. Persons unknown proceedings and newcomer injunctions are being tested in proceedings that HTX appears unlikely to defend, but once approved by the court they set a precedent for future enforcement against any offshore firm promoting cryptoasset services to UK consumers. Separately the FCA has shown that it can achieve practical enforcement through platform intermediaries without a court order, which is a model that does not depend on judicial approval but on the continued willingness of technology companies to cooperate. That same techniques may also prove useful against decentralised protocols that depend on centralised infrastructure such as app store listings, front-end websites and social media accounts to reach consumers.

The proceedings coincide with the opening of the application gateway for the new comprehensive cryptoasset authorisation regime on 30 September 2026, with the regime commencing on 25 October 2027. Firms considering an application should be aware that the FCA assesses applicants on their regulatory track record, including their history of engagement with the regulator and compliance with existing requirements such as the financial promotions restriction.

For firms currently operating outside the UK regime, the practical message is this: the section 21 restriction applies now, it applies extraterritorially, and the FCA has demonstrated that it can achieve practical enforcement through platform intermediaries before proceedings are even issued. Firms that intend to seek authorisation under the new regime should be engaging with the FCA’s ongoing consultation (closing on 12 March) and ensuring their promotional activity is compliant. Firms that do not intend to seek authorisation should ensure their communications are not capable of having an effect in the UK. An offshore corporate structure will not place them beyond the FCA’s reach.

For further information, please contact Jamie Gray and Nick Warrillow. 

[¹] As endorsed by the Supreme Court in Wolverhampton City Council v London Gypsies and Travellers [2023] UKSC 47 with strict conditions under which “newcomer injunctions” may be granted.

Related News, Insights & Events