Regulations · FCA · Cooling-off period
// FCA · COBS 4.12A.27R · FIRST-TIME INVESTORS

The 24-hour cooling-off period.

A first-time investor cannot complete a cryptoasset purchase within 24 hours of receiving the direct-offer financial promotion. This is a funnel-design constraint, not a footer note.

Applies to: UK-facing exchanges Wallets Onboarding flows

The rule.

COBS 4.12A.27R imposes a mandatory 24-hour delay between a first-time investor receiving a direct-offer financial promotion for a cryptoasset and being able to complete the investment.

// FCA Handbook · COBS 4.12A.27R

“A firm must not communicate or approve a direct offer financial promotion for a qualifying cryptoasset to a retail client who is a restricted investor or who has not been categorised, unless: (1) at least 24 hours have elapsed since the personalised risk warning was given to the client; and (2) the client has not previously invested in qualifying cryptoassets with the firm.”

The clock starts at the moment the personalised risk warning is delivered. The clock ends 24 hours later. Between those two timestamps, the firm cannot allow the consumer to deposit, buy, or otherwise commit funds to a cryptoasset transaction.

What it requires.

Four operational obligations.

Identify first-time investors. Before a consumer can complete onboarding, the firm has to determine whether they are a first-time investor with that firm. Account-level history check, KYC-linked.

Deliver and timestamp the personalised risk warning. The cooling-off clock starts at delivery. The timestamp has to be auditable.

Block transaction completion for 24 hours. The funnel has to actually prevent purchase, deposit, or commit during the cooling-off window. A “please wait” message that the user can dismiss is non-compliant.

Re-trigger the warning on the second visit. If 24 hours have elapsed and the consumer returns, the firm should refresh the personalised risk warning before unlocking the transaction.

Common violations.

// Violation pattern · immediate-buy CTA

Onboarding step 8: “You’re ready to invest! Buy your first BTC now.”

Same session, no 24-hour gate. The funnel was designed before the cooling-off period was in force and hasn’t been retrofitted. One of the most common FCA findings on UK-facing exchanges.

// Violation pattern · deposit-first workaround

Funnel: KYC → deposit GBP → wait 24h → trade.

The firm believes only the trade itself is restricted. In fact, depositing funds for the purpose of buying a cryptoasset is part of the “commitment” the cooling-off rule is designed to prevent. Deposits are restricted too.

// Violation pattern · clock-start ambiguity

Personalised warning delivered at sign-up. Cooling-off clock starts at sign-up rather than at the moment the consumer engages with the warning content.

FCA examiners look for clear evidence the consumer read and acknowledged the personalised warning before the clock starts. A passive display in a flow they raced through is not enough.

How to comply.

// Fix 1 · first-investor flag

Add a persistent “first cryptoasset purchase” flag on the user record. Set at account creation; cleared after the first successful transaction. Drives every downstream gate.

// Fix 2 · explicit acknowledgement timestamp

The personalised warning screen requires an active click to acknowledge. The click event is the timestamp the cooling-off clock starts from. Stored in the audit trail.

// Fix 3 · lock the full purchase path

During the cooling-off window, lock not just the “Buy” CTA but every upstream step that exists to enable purchase: GBP deposit, card linking, recurring buy setup. Treat the whole purchase path as gated.

// Fix 4 · return-visit re-prompt

When the 24 hours elapse and the consumer returns, show them the personalised warning again and require an active acknowledgement before unlocking transactions. Treat the cooling-off period as a reflection moment, not a procedural delay.

Related rules.