Over the past few years, I’ve helped two Web3 Financial Market Infrastructure (FMI) operators progress from regulatory engagement, through approval, and into live operations. That journey is not theoretical. It is operational, political, expensive, and unforgiving of loose thinking.
As the current cohort of firms enters the UK Digital Securities Sandbox (DSS), I keep seeing the same challenges emerge—often too late, and often at unnecessary cost.
If you are building a DLT-based FMI under UK regulatory scrutiny, here are six lessons I’d strongly encourage you to internalise early.
1. Versioning Matters More Than You Think
A credible “regulator-first” strategy lives or dies on the quality of your submissions. That means:
- Internal consistency across documents
- Coherence between architecture, governance, and operating model
- A clear understanding of what has changed since the last submission—and why
Regulators remember what you told them six months ago. If your follow-up contradicts it, even subtly, confidence erodes.
You don’t just need documents. You need a model of your ecosystem—something stable enough that you can commit to operating it as described.
2. It’s the Ecosystem, Not the Organisation
DLT initiatives are inherently multi-organisational. There are at least three reasons you should not ignore this:
- DLT is about cross-organisation processes and shared protocols
- A large proportion of your risk sits in the supply chain of your supply chain
- FMI operators often use multiple legal entities across jurisdictions—just search for Fnality on Companies House
Once you accept this, several things change:
- Ecosystem risk management becomes central, not optional
- Operational Resilience thinking improves dramatically
- Defining Important Business Services (IBS) starts to make sense beyond the legal entity boundary
Regulators already think this way—even if your internal model doesn’t yet.
3. Regulatory Perimeter Creep Is Real
There is a natural desire to keep regulatory focus on a single entity within a group. In practice, this rarely holds.
Two common causes of perimeter creep:
- An entity becomes a critical intra-group supplier, triggering scrutiny of “arm’s-length” arrangements
- Supervisory learning: as regulators get more comfortable with DLT-based FMIs, each new Supervisory Statement pulls more of the group into scope
If your group structure, service models, and contracts aren’t regulator-ready, the spotlight will find the weakest point.
4. Static Operating Models Are Expensive, Dynamic Digital Twins Are Invaluable.
Regulatory approval requires vast amounts of documentation. Too often this work is:
- Produced by external experts
- Delivered as static artefacts
- Filed away and never used again
That is an extraordinarily fast-depreciating asset.
A better approach is to have permanent employees build the operating model themselves, then use it:
- As the foundation for regulatory submissions
- As a living reference for how the platform actually operates
- As the basis for change, resilience, and incident management
Static documents cost money. Dynamic digital twins create leverage.
5. Identify Everything. Model Only What Matters.
Ecosystems are messy. You could model forever.
Don’t.
Instead:
- Identify everything: systems, processes, controls, parties
- Model a critical subset in depth
For example:
- “Expense Approval” belongs in the process catalogue—no more
- Token-to-backing-asset reconciliation deserves a fully worked model, with happy paths and exceptions
The discipline here is brutal prioritisation. Waste is the enemy.
6. The People Model Unlocks Everything
Nothing clarifies an ecosystem faster than mapping the teams of people within it.
A proper people model:
- Prevents the Senior Leadership Team (or worse, the CEO) from “owning everything”
- Enables federated accountability at all levels
- Starts to define roles, responsibilities, and decision rights organically
Web3 initiatives are not just technology programmes. They are ecosystem change programmes.
Once you understand who is involved, you can:
- Apply power/interest mapping
- Design communication plans
- Actually deliver the business case
Ignoring this is how otherwise sound initiatives stall.
Final Thought—and a Call to Action
None of the above is abstract. These are lessons paid for in regulatory challenge, rework, and delay.
If you are:
- In the Digital Securities Sandbox
- Building or operating a DLT-based FMI
- Struggling to reconcile innovation with regulatory reality
…then this is exactly the moment to get ahead of these issues.
If this resonates and you’d like to explore how these lessons apply to your ecosystem, get in contact. A short conversation now can save months of remediation later.
Regulation doesn’t kill innovation. Poor models do.
