FCA Check: Verify FCA Authorisation And Reduce Compliance Risk

If you’re running a small business, there’s a good chance you’ll deal with financial services in some form - taking card payments through a payment provider, using a business lender, working with an insurance broker, offering finance to customers, or partnering with a payments or payroll provider.

In these situations, doing an FCA check (a quick verification of whether a firm is authorised or registered with the Financial Conduct Authority) isn’t just “nice to have”. It’s a practical way to protect your cashflow, your customers, and your reputation.

Because if you work with the wrong provider - or rely on the wrong advice - you can end up with disrupted services, frozen funds, difficult disputes, and potential compliance issues that are painful (and expensive) to fix later.

This guide walks you through how an FCA check works, when you should do one, how to spot red flags, and how to reduce risk with the right legal foundations.

Note: This article is general information only and isn’t legal, financial or compliance advice. If you’re unsure about your obligations or a provider’s regulatory status, get tailored advice for your situation.

What Is An FCA Check (And Why Does It Matter For Small Businesses)?

An FCA check is the process of verifying whether a business is authorised, registered or otherwise permitted to carry out certain financial services activities in the UK.

The Financial Conduct Authority (FCA) is the UK regulator for many financial services. It oversees conduct standards and regulates firms carrying out specific activities (like consumer credit, insurance mediation, certain payment services, and investments).

Why would you need to do an FCA check?

From a small business perspective, you’ll usually be doing an FCA check because you’re about to:

• Buy a regulated financial product or service (eg business finance, insurance, payment services).
• Partner with a provider who will handle money or customer data on your behalf (eg a payments or finance platform).
• Rely on advice from someone claiming to be authorised (eg an insurance broker or investment adviser).
• Offer something to your customers that could be regulated (eg introducing customers to finance options, offering credit, or arranging insurance).

In simple terms: if someone is doing a regulated activity without the right permissions, they may be acting unlawfully - and you don’t want your business caught in the fallout.

What can go wrong if you skip an FCA check?

Not every problem turns into a legal disaster, but the risks are real:

• Operational disruption (for example, a payment provider suddenly loses access to banking services or is shut down).
• Fraud risk (scams often involve firms pretending to be authorised, or “cloning” real authorised firms).
• Contract disputes about refunds, service failures, or liability when things go wrong.
• Regulatory exposure if you accidentally carry on a regulated activity without authorisation (even if you didn’t mean to).
• Reputational damage if customers believe you’ve partnered with an illegitimate or non-compliant provider.

Doing an FCA check won’t remove risk completely, but it’s a strong (and usually quick) first step in sensible business due diligence.

When Do UK Businesses Need To Do An FCA Check?

You don’t need to do an FCA check for every supplier you ever use. But there are certain situations where it’s smart - and sometimes essential - to verify FCA permissions before you sign anything.

Common scenarios where an FCA check is a good idea

• Taking payments or holding client money via a third-party provider (especially if they hold funds before paying out to you).
• Business lending and finance (including loans, invoice finance, merchant cash advances, or finance brokers).
• Insurance (if you’re buying commercial cover through a broker, or selling/arranging insurance as part of your offering).
• Consumer finance (if you offer “buy now, pay later”, instalment plans, or introduce customers to credit).
• Investment and wealth-related services (for example, if someone is advising on investments or managing funds).
• Cryptoasset-related services (some firms must be registered with the FCA under the UK Money Laundering Regulations, and the regulatory landscape changes quickly).

A quick reality check: you might be “in scope” too

It’s not just about checking other people. Depending on your business model, you could be carrying on a regulated activity yourself - for example, if you’re introducing customers to finance providers, or if your product involves handling money in certain ways.

This is where early legal advice really matters. If you’re unsure whether your business activities are regulated, a commercial lawyer consult can help you map out the risks and decide what steps you should take before launching or scaling.

How To Do An FCA Check Step-By-Step

An FCA check is usually straightforward. The key is knowing what to look for - and not stopping at the first reassuring detail you see.

1. Identify The Legal Name (Not Just The Trading Name)

Start by confirming the provider’s full legal name (and ideally their company number and registered address).

Many firms operate under trading names that are different from their legal entity name. If you search the wrong name, you can get a false “no results” outcome - or worse, you can mistakenly find a different firm with a similar name.

2. Search The FCA Register

The FCA maintains a public register of firms. Your FCA check here should focus on:

• Firm reference number (FRN) and whether it matches what the firm has provided.
• Status (authorised, registered, appointed representative, etc.).
• Permissions - what activities they are actually allowed to do.
• Contact details listed on the register (website, phone, address).

Tip: Treat the FCA register as your “source of truth” for contact details. If someone contacts you using different details, be cautious.

3. Confirm They’re Authorised For The Specific Activity You Need

This is where many businesses get caught out. A firm may be FCA-authorised, but not authorised for the service they’re offering you.

For example, authorisation for one kind of financial activity does not automatically cover all financial services. Your FCA check should confirm the provider has the relevant permissions for the exact role they’ll play in your business.

4. Watch For “Appointed Representative” Arrangements

Some firms operate as an Appointed Representative (AR) of another authorised firm (often called the “principal”). This can be legitimate, but it needs closer attention.

If you see that a business is an AR, consider:

• Who their principal is (and whether the principal is authorised).
• What activities the AR is permitted to carry out under that arrangement.
• Whether the AR is acting within scope (ie not “going beyond” what they’re allowed to do).

Practically, if the relationship is unclear, ask questions before you sign - and make sure your agreement clearly allocates responsibilities and liabilities (more on that below).

5. Check For Warnings, Restrictions, Or Red Flags

An FCA check shouldn’t stop at “they’re on the register”. You should also consider whether there are any warning signs, such as restrictions, disciplinary history, or confusing/contradictory information.

If your provider will interact with your customers, handle payments, or influence financial decisions, it’s worth taking a few extra minutes to dig deeper.

6. Keep A Record Of Your FCA Check

Small businesses often overlook this, but it’s a simple win: take screenshots (or save PDFs) of the register results and note the date you checked.

If something goes wrong later, good recordkeeping can help show you acted responsibly and did reasonable due diligence before entering the arrangement.

Common FCA Check Red Flags (And How To Respond)

Sometimes the FCA check results won’t give you a clear “yes/no” answer - instead, they’ll raise questions. When that happens, don’t panic. You just need to slow down and verify what’s really going on.

Red Flag 1: The Firm’s Contact Details Don’t Match The Register

This is a big one, especially because “firm cloning” scams often use the name of a legitimate authorised firm but different phone numbers, emails, or websites.

What to do: Use the contact details on the FCA register to contact the firm directly and verify whether they’re the same business you’ve been speaking to.

Red Flag 2: They’re Authorised, But Not For The Right Permissions

It’s possible a provider is authorised but offering a service outside the scope of their permissions.

What to do: Ask them to explain which permission covers the service, and what their role is (eg adviser, broker, introducer, payment service provider). If they can’t explain it clearly, treat that as a warning sign.

Red Flag 3: The Structure Is Unclear (ARs, Group Companies, Offshore Entities)

Some business structures are legitimate but complex. For example, you might contract with Company A, but the FCA-authorised entity is Company B, and the service is delivered by Company C.

What to do: Make sure your contract matches the entity that is actually responsible for delivering the regulated service (and that the FCA status aligns with that entity).

Red Flag 4: High-Pressure Sales Or “Too Good To Be True” Claims

If the provider is rushing you to sign, discouraging you from taking advice, or offering unusually generous returns or “guaranteed” outcomes, you should slow down.

What to do: Don’t sign on the spot. Run the FCA check, ask for written details, and consider legal review before committing.

Red Flag 5: Vague Or One-Sided Contracts

Even if a firm is properly authorised, the contract might still expose your business to avoidable risk - for example, weak service levels, limited refund rights, or broad exclusions of liability.

What to do: Get the terms reviewed before you commit. A contract review is often far cheaper than trying to untangle a dispute later.

How To Reduce Compliance Risks When Working With Financial Service Providers

Once you’ve done your FCA check, the next step is making sure your commercial relationship is set up properly.

For small businesses, compliance problems often happen because the legal foundations were skipped: unclear responsibilities, poor documentation, and mismatched expectations about who is doing what (and who is liable if something goes wrong).

Use Clear Contracts That Match The Reality Of The Arrangement

If you’re working with a provider who delivers services to your business (or your customers), put the key terms in writing. Depending on the arrangement, that might include a tailored Service Agreement.

At a minimum, aim for clarity around:

• Scope of services (what they do - and what they do not do).
• Service levels (uptime, support response times, incident handling).
• Fees, including when and how they can change pricing.
• Liability and what happens if funds are delayed, lost, or misdirected.
• Termination rights, including exit support and data portability.

Don’t Forget Data Protection (Especially If Customer Data Is Involved)

If your provider will process personal data on your behalf (for example, customer payment details, ID checks, or billing info), you’ll likely need a compliant Data processing agreement.

And if you’re collecting personal data from customers through your website or app, make sure you have a clear Privacy Policy in place that reflects what you do in reality.

This isn’t just a box-ticking exercise. Under the UK GDPR and Data Protection Act 2018, you’re expected to take reasonable steps to manage your processors and keep personal data secure.

Make Sure Your Customer-Facing Terms Align With The Provider’s Role

If your provider is part of your customer journey (for example, you offer finance at checkout, or payments are handled via a third-party platform), your customer documents should reflect that relationship.

For online businesses, your Website Terms and Conditions can help set expectations about payment processing, third-party services, limitations, and dispute handling.

Build “FCA Check” Into Your Onboarding Process

To keep things manageable, treat the FCA check like a repeatable internal process, not a one-off task.

For example:

• Add an FCA check step to your supplier onboarding checklist (especially for payments, finance, insurance, and customer-facing financial products).
• Document who performed the check and when.
• Schedule periodic re-checks for critical providers (permissions and status can change).
• Escalate anything unclear before signing (don’t rely on verbal reassurances).

This is the kind of practical risk management that helps you scale with confidence - without needing to become a compliance expert overnight.

Key Takeaways

• An FCA check is a practical way to verify whether a provider is authorised/registered and permitted to carry out the financial services they’re offering.
• Small businesses should consider an FCA check when dealing with payments, finance, insurance, consumer credit, investments, or any provider handling money or customer financial journeys.
• A provider being “on the register” isn’t the end of the story - you should also confirm the specific permissions match the services they’ll provide.
• Be cautious of red flags like mismatched contact details, unclear AR arrangements, vague permissions, or high-pressure sales tactics.
• After your FCA check, reduce compliance risk with clear contracts, sensible liability terms, and strong data protection documents (especially where customer data is involved).
• If you’re unsure whether your own activities require FCA authorisation, it’s worth getting tailored legal advice before you launch or scale.

If you’d like help reviewing a provider contract, setting up the right customer terms, or sense-checking whether your business model touches on regulated activities, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.