Financial Services and Markets Act 2000: Key Compliance Guide for UK Businesses

If you’re running, launching, or expanding a business in the UK’s financial sector, you’ll likely hear about the Financial Services and Markets Act 2000 (or “FSMA 2000”) very quickly. This piece of legislation is a cornerstone for anyone involved in financial services - from fintech start-ups and lenders to e-money distributors and even some online platforms.

But if the idea of wading through dense regulations, FCA rules, or licensing requirements makes you feel out of your depth, don’t stress - you’re in the right place. Understanding the FSMA 2000 isn’t just about staying on the right side of the law (although that’s crucial!) - it’s about building a business that’s trusted, protected, and ready to grow.

In this guide, we’ll break down the Financial Services and Markets Act 2000 in plain English. You’ll learn what it covers, who needs to comply, what your responsibilities look like in practice, and how to avoid common compliance pitfalls. We’ll also cover related steps for legal protection and answer your key FSMA questions, so you can focus on running your business confidently.

What Is the Financial Services and Markets Act 2000?

The Financial Services and Markets Act 2000 (FSMA 2000) is the main UK law regulating financial services, investment activities, and certain financial promotions. In simple terms, its job is to:

• Protect consumers and investors from risks and unfair practices
• Create a robust, transparent, and honest financial marketplace
• Regulate how financial activities are authorised, supervised, and policed

FSMA 2000 sets out the framework under which key authorities (including the Financial Conduct Authority, or “FCA”, and the Prudential Regulation Authority, or “PRA”) supervise and enforce conduct in the UK’s financial services industry.

It applies to a huge range of activities-think investment advice, lending, e-money, payment services, trading, insurance, crowdfunding, and more. If your business is involved in these areas, the FSMA 2000 could have a big impact on how you operate, promote your services, and protect yourself from legal risks.

Why Does the FSMA 2000 Matter for My Business?

You might be wondering-how much does this law affect a “normal” start-up or small business? Here’s the reality: The FSMA 2000 isn’t just for big banks or City firms. If you’re doing anything that looks like a “regulated activity,” you’re in its scope-and ignoring it can mean major fines or being shut down.

Some common scenarios where FSMA 2000 might kick in:

• Running a fintech app that holds or transfers money for users
• Offering peer-to-peer lending or investment services
• Providing insurance, advice on investments, or asset management
• Making financial promotions or advertising investments to the public

Failing to comply with FSMA 2000 can result in significant penalties, criminal prosecution, or bans on your directors. But getting your FSMA obligations right from day one can help build customer trust, unlock industry partnerships, and pave the way for future growth.

If you’re unsure whether you’re “caught” by FSMA or need a licence, it’s always smart to get tailored advice early. There are many business activities that fall into grey areas, and the FCA takes compliance seriously.

What Are 'Regulated Activities' Under the Financial Services and Markets Act 2000?

One of the most important jobs for any UK business working in finance is to check if you’re carrying out “regulated activities.” FSMA makes it an offence to carry out regulated activities in the UK unless you’re authorised by the FCA (or exempt).

Examples of regulated activities include:

• Accepting deposits (i.e., banking)
• Lending money (consumer credit or mortgages)
• Arranging or advising on investments (like stocks, bonds, funds)
• Dealing or managing investments
• Operating an electronic money institution (e.g., fintech wallets)
• Selling, arranging, or administering insurance
• Running a payment services provider
• Making “financial promotions” to the public inviting them to invest

If you’re doing any of these (or anything similar), you likely need FCA authorisation or to fall within an exemption. You can read more straight from the guide to regulated activities on our site.

It’s worth using a legal expert to assess your business model-many modern business models, especially online platforms and “embedded finance” businesses, don’t fit neatly into old categories, so the risks of making mistakes are real.

How Do I Get Authorised Under FSMA 2000?

If you’ve established that your business needs authorisation to carry out a regulated activity, your next step is applying to the FCA. This process is known for being thorough-and for good reason. The FCA wants to be sure you’re fit and proper to provide financial services in the UK.

The authorisation application will require your business to show:

• Detailed business plans and processes
• Key personnel are “fit and proper” (background checks apply)
• Systems for compliance, governance, record-keeping, and whistleblowing
• Strong customer data protection (see our guide to data protection compliance)
• Financial resources to cover your liabilities

For some activities (like consumer credit, e-money, or insurance), the FCA or PRA may set extra capital or reporting requirements too.

Don’t forget-if you’re not directly authorised but your firm deals with other financial services providers, you might need to be registered as an “appointed representative” under an authorised firm instead.

Finally, the application process can take several months and has strict documentary requirements. It’s strongly advised to work with a lawyer from the outset to give yourself the best chance of approval and to structure your internal policies the right way from day one.

What If I'm Not Authorised But Still Want To Offer Financial Products?

FSMA 2000 isn’t just about outright authorisation - it also creates a whole range of “exemptions” and alternative options for businesses. For example:

• Becoming an Appointed Representative (so you’re covered by an authorised “principal” firm)
• Staying within an available exemption (some professional services, merchant service providers, etc.)
• Limiting your activities so you don’t cross the line into being “regulated” (this route requires specialist legal advice!)

If you promote financial products (even if you don’t actually issue them yourself), you’re also caught by FSMA’s rules on financial promotions. These are very strict-especially around who can be targeted and the risk warnings you must include.

If in doubt, always check your position. Many first-time founders accidentally make unauthorised “financial promotions” without meaning to, putting themselves at risk of serious penalties. Our crowdfunding legal guide covers some common issues if you’re raising money online.

Key FSMA 2000 Compliance Obligations You Need To Know

Getting authorised is just the start. If you’re within the FSMA 2000 regime, your business will face ongoing legal requirements. These include:

• Systems and controls: You must keep adequate records and have controls in place to prevent fraud, money laundering, or market abuse.
• Customer information: You need to provide transparent, clear and accurate information to customers-and treat them fairly at all times.
• Reporting and filing: Regular reports and notifications to the FCA (or PRA), including annual returns and immediate notification of major events or breaches.
• Risk & compliance plans: Maintaining compliance manuals, anti-money laundering (AML) policies, and effective complaints management procedures.
• Privacy and data compliance: Ensuring all personal data handled complies with the UK GDPR and Data Protection Act 2018 (see our GDPR guide).
• Adhering to ‘Treating Customers Fairly’ (TCF) principles: The FCA has strict requirements around transparency, product suitability, and resolving disputes (see also consumer law).

It’s important to update your systems regularly and keep your staff trained. Remember - “I didn’t know” isn’t a defence if the FCA comes knocking.

Other Key UK Compliance Areas for Financial Services Businesses

The FSMA 2000 is just one part of the legal foundation you’ll need to cover. Other laws often apply to financial services businesses in the UK, including:

• Data protection: Compliance with the UK GDPR, which governs how you collect, store and use personal information (see our GDPR guide).
• Consumer protection: The Consumer Rights Act 2015 and related rules about treating customers fairly, providing appropriate warnings, and complaint handling (read more on consumer protection).
• Anti-money laundering (AML) and Know Your Customer (KYC): Obligations under UK law to help detect and prevent financial crime (sometimes referred to as the “Proceeds of Crime Act 2002”).
• Advertising and promotions: Adherence to the rules for fair and honest communications - especially strict for financial products.
• Employment: If hiring staff, be sure to comply with core employment law requirements.

It can be overwhelming to know exactly which ones are relevant-so chatting to a legal expert about the risks your business might face is always a smart move.

Essential Legal Documents for a Financial Services Business

Having the right legal documents is as important as getting your licence. You’ll want to make sure you’re protected from day one, both for compliance and for everyday business operations.

Common documents and policies FSMA businesses should consider include:

• Terms of business/client agreements
• Internal policies - AML, complaints, data protection, whistleblowing
• Data processing agreements for third-party suppliers (read more here)
• Financial promotions and advertising policies
• Employment contracts and staff handbooks (see our guide)
• Service provider and supplier contracts

Avoid using generic templates or drafting them yourself - legal documents need to be tailored to your specific needs to ensure you’re fully protected and compliant with FSMA 2000’s strict regulatory regime.

What Happens If I Breach FSMA 2000?

If your business falls short of its FSMA compliance obligations, the consequences can be severe. Depending on the breach, you might face:

• Regulatory fines: These can be substantial, with the FCA regularly imposing multi-million-pound penalties for serious failings.
• Criminal sanctions: In serious cases, individuals can face criminal prosecution (including directors of the company).
• Licence removal or suspension: The FCA can withdraw your authorisation, effectively shutting down your ability to trade.
• Director disqualification: Directors involved in breaches can sometimes be banned from future roles in the sector.
• Claims and disputes: Customers or investors can bring claims for losses resulting from a breach of FSMA rules.

It’s far better to invest in good compliance frameworks and legal advice early on than risk learning about the rules the hard way.

How Can Sprintlaw Help With FSMA Compliance?

If you’re unsure where to start with FSMA 2000 compliance, you’re not alone. Even established businesses can struggle to keep up with evolving regulations, disclosures, and compliance plans. That’s exactly why we’re here.

Our team can:

• Review your business model to identify regulated activities
• Help you apply for FCA authorisation (or check if you’re exempt)
• Draft and review your client agreements, policies and internal controls
• Advise on ongoing compliance, reporting and risk management
• Guide you through changes if you’re updating or expanding your business model

We specialise in making UK compliance simple and cost-effective - so you can focus on serving your clients and growing your venture.

Key Takeaways - Financial Services and Markets Act 2000 Compliance

• The Financial Services and Markets Act 2000 (FSMA) is central to UK financial services regulation, covering authorisation, conduct, and consumer protection.
• If your business does a regulated activity (such as loans, investments, insurance or financial promotions), you’ll likely need FCA authorisation or to fall within an exemption.
• Ongoing compliance obligations include robust systems, client transparency, reporting duties, AML/KYC policies, and privacy/data protection compliance.
• Key legal documents include tailored client terms, internal compliance policies, employee handbooks, and supplier contracts.
• Non-compliance can result in severe penalties, regulatory action, or even being shut down - so early legal advice and bespoke compliance systems are critical.
• If you’re not sure whether FSMA 2000 applies to you, or how to get licensed and stay compliant, professional support is strongly recommended.

If you’d like help navigating FSMA 2000 compliance-or want tailored legal advice on any part of your business setup-get in touch with us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat. We’re always here to help you protect and grow your business, every step of the way.