Who Needs To Be FCA Regulated In The UK?

If your business touches money, credit or investments in any meaningful way, you’ve probably asked: do I need to be FCA regulated?

It’s a crucial question. Getting this wrong can stall your launch, expose you to fines or even make your customer contracts unenforceable. The good news? With a clear view of what the Financial Conduct Authority (FCA) regulates-and the practical alternatives-you can plan confidently.

In this guide, we break down who needs to be authorised by the FCA, common examples for small businesses, helpful exemptions, what the application involves, and the key ongoing duties you’ll have if you’re regulated.

What Does “FCA Regulated” Mean For Small Businesses?

In short, you need FCA authorisation if you carry on a “regulated activity” in the UK by way of business under the Financial Services and Markets Act 2000 (FSMA), the Regulated Activities Order 2001 (RAO) and related regulations. FSMA’s “general prohibition” (section 19) makes it a criminal offence to do regulated activities without authorisation or a valid exemption.

For small businesses, the most common regulated activities include dealing with customer money, arranging or advising on financial products, providing consumer credit, issuing e‑money or providing payment services, and distributing insurance. The FCA Handbook and its PERG guidance define these in more detail, but you don’t need to become a technical expert to get the basics right.

Two quick points to keep in mind as a founder:

• Authorisation is specific to activities and products. You apply for the exact “permissions” you need. If your model changes (for example, you start offering credit), you may need to vary your permissions.
• Some sectors are regulated by other rules alongside FSMA-e.g. the Payment Services Regulations 2017 (PSRs) and the Electronic Money Regulations 2011 (EMRs). The FCA still supervises firms under these regimes, but the authorisation process and prudential/safeguarding rules differ.

Even if you don’t need to be FCA regulated, you’ll still need strong customer‑facing documents such as clear Website Terms and Conditions, a compliant Privacy Policy and a proper Cookie Policy-especially if you market or provide your services online.

Who Needs To Be FCA Authorised? Common Scenarios

Here are the most frequent small‑business models that trigger FCA regulation. If any of these sound like you, it’s time to look closely at permissions.

1) Consumer Credit (Lending, Broking, Debt Counselling)

If you lend to consumers (including sole traders in some cases), introduce consumers to lenders (credit broking), or provide debt advice/counselling, you’re squarely in FCA territory under the Consumer Credit Act 1974 and related RAO activities. “Buy now, pay later” and invoicing products can fall in scope depending on structure and exemptions.

2) Payment Services and E‑Money

Providing payment accounts, money remittance, acquiring services or issuing e‑money typically requires authorisation or registration under the PSRs or EMRs. Many fintech platforms that move or hold customer funds in the flow of payments will need permissions, or must partner with an authorised firm as an agent/distributor.

3) Investment Services and Advice

Arranging deals in investments, advising on investments, managing investments, operating a multilateral trading facility (MTF) or running a crowdfunding/peer‑to‑peer platform can all require FCA authorisation. If you provide “research” or “education” that strays into personal recommendations, you may also be caught as investment advice.

4) Insurance Distribution

Introducing customers to insurers or helping arrange insurance is often “insurance distribution” and requires authorisation unless you fall within a narrow exemption. Many retailers and trades businesses clip this if they sell extended warranties or optional cover at checkout.

5) Accepting Deposits

Taking repayable money from customers as a deposit‑taking business is banking and requires bank authorisation. Most small businesses won’t do this, but be careful with any “stored value” or “club” schemes that hold customer funds.

6) Financial Promotions

Even if you’re not authorised, section 21 FSMA restricts “financial promotions” (invitations or inducements to engage in investment activity). Unless an exemption applies, promotions must be approved by an authorised firm. This is a common tripwire for startups marketing investment‑style products.

7) Cryptoasset Exchange and Custody (Anti‑Money Laundering Registration)

Cryptoasset exchange and custody businesses require FCA registration for anti‑money laundering (MLR) purposes. Note: this is not the same as full FCA authorisation, but it is still a mandatory regime with serious obligations.

Are There Exemptions Or Alternatives To Full FCA Authorisation?

Yes-depending on your model, one of these routes may be faster or more practical while you validate your product.

• Appointed Representative (AR): You carry on regulated activities as an AR of a “principal” authorised firm. The principal takes responsibility for compliance. This can be a quicker route to market, but principals are selective, and your scope is constrained by their permissions and oversight.
• PSD Agent / E‑Money Distributor: For payment or e‑money models, you may operate as an agent/distributor of an authorised firm rather than seeking your own authorisation initially.
• Limited Network and Electronic Communications Exemptions: Certain closed‑loop payment instruments may fall under exemptions to the PSRs/EMRs-but the thresholds and notification requirements are strict. Be cautious relying on these without advice.
• Professional Firms Exemption: Some incidental financial services carried on by members of designated professional bodies can be exempt, subject to conditions.
• Financial Promotion Exemptions: Some promotions are exempt (e.g. to investment professionals, certified high‑net‑worth individuals, or within certain corporate contexts), but you must fit squarely within an exemption.

If you’re distributing your service digitally, you’ll still want robust SaaS Terms or App Terms and Conditions that align with your regulated permissions and complaint handling framework.

Do I Need To Be FCA Regulated? A Practical Checklist

Use this quick test to sense‑check whether authorisation is likely needed. If you score “yes” to any point, get tailored advice before you launch.

• Do you hold, move or safeguard customer funds in the flow of payments or as stored value?
• Do you lend to consumers, introduce consumers to lenders, service credit, or provide debt advice?
• Do you arrange, advise on or manage investments (including shares, debt instruments, units in funds, or contracts for difference)?
• Do you arrange or advise on insurance products (including warranties sold alongside goods)?
• Are you issuing e‑money or providing payment services (account issuance, acquiring, remittance)?
• Do your marketing materials invite or induce someone to engage in investment activity or credit?
• Are you operating a platform that matches lenders and borrowers or issuers and investors (P2P/crowdfunding)?
• Are you a cryptoasset exchange or custodian that requires AML registration?

Alongside FCA analysis, make sure your customer journey complies with general UK law, including clear pricing, fair contract terms and refunds. Strong consumer‑facing documents help here, and it’s wise to align them with consumer law and the FCA’s Consumer Duty where relevant.

How Do You Get Authorised By The FCA? Steps And Documents

The FCA process is rigorous but manageable with good preparation. A typical route looks like this:

1) Map Your Activities And Permissions

Identify each service and map it to the specific permissions in PERG/RAO (e.g. credit broking vs lending; payment initiation vs account information; advising vs arranging investments). Decide if you’re applying under FSMA, the PSRs, the EMRs-or a combination. Many firms start lean and vary permissions later as they grow.

2) Choose Your Structure And Build Your Governance

Most regulated firms operate as companies limited by shares. If you’re pre‑incorporation, decide whether to register a company now and appoint the right directors and senior managers to meet the FCA’s “fit and proper” standards. You’ll also map responsibilities under the Senior Managers & Certification Regime (SMCR) and draft responsibilities maps/statements.

3) Prepare Your Application Pack

Expect to produce detailed documentation covering your business model, risk management and customer protection. Common components include:

• Regulatory business plan describing products, target market, distribution and customer journey
• Financial forecasts and capital resources (including regulatory capital where applicable)
• Compliance monitoring programme, policies and procedures
• Outsourcing and IT controls, including a Data Processing Agreement with key vendors handling personal data
• Customer documentation-terms, disclosures, fees, complaints process, and fair value assessments (Consumer Duty)
• Safeguarding or client money arrangements (e.g. CASS) if applicable
• Financial crime controls (AML/CTF, sanctions, fraud, transaction monitoring)
• Senior managers’ applications and fitness/propriety evidence

If you operate online, make sure your Website Terms and Conditions, SaaS Terms and Privacy Policy are consistent with your permissions, complaint handling and disclosures.

4) Submit Via FCA Connect And Engage

Applications are submitted through the FCA’s Connect system. Timeframes vary with complexity and completeness. The FCA may ask clarification questions; responding promptly and clearly helps keep you on track.

5) Build For Launch-Not Just Approval

Authorisation is the starting line, not the finish. Before go‑live, train staff, test your controls, and ensure your customer communications, financial promotions approval and operational readiness all reflect your permissions and policies. If you rely on cookies for analytics/marketing, ensure your Cookie Policy and consent banner match UK rules.

Ongoing Compliance Once You’re Authorised

Regulation is continuous. A few core duties to have on your radar from day one:

• Principles and Consumer Duty: The FCA’s Principles for Businesses and the Consumer Duty require you to deliver good outcomes, fair value and clear communications for retail customers.
• Reporting and Notifications: Submit regulatory returns on time and notify the FCA of significant events (e.g. changes to control, senior management, or business model).
• Financial Promotions: Maintain processes to approve and monitor promotions. If you approve promotions for unauthorised persons, ensure you have appropriate competence and records.
• Operational Resilience and Outsourcing: Manage third‑party risk with solid contracts and oversight. Where personal data is involved, keep your Data Processing Agreement and security schedules up to date.
• Data Protection: Regulated or not, you must comply with UK GDPR and the Data Protection Act 2018-have a living Privacy Policy and processes for rights requests, breach response and records management.
• Documentation Hygiene: Keep customer‑facing terms, disclosures and internal policies aligned with your permissions and systems. If your service is software‑based, keep your SaaS Terms current with product changes and support levels.

It can feel like a lot, but building these foundations early makes scaling smoother and helps you avoid costly remediation later.

What Happens If You Get It Wrong?

Carrying on regulated activities without authorisation or a valid exemption is a criminal offence. The FCA can also seek injunctions, require customer redress, and agreements may be unenforceable. Even where only financial promotion rules are breached, the regulator can order promotions to be withdrawn and take enforcement action.

Beyond FCA rules, misaligned customer terms, privacy notices or disclosures can breach general law. Aligning your customer documentation-such as Website Terms and Conditions and your Privacy Policy-with your regulated status and UK consumer law is a simple way to reduce risk from day one.

Key Takeaways

• If you lend, broker credit, arrange/advise on investments or insurance, issue e‑money, provide payment services, or approve financial promotions, you likely need FCA authorisation or a valid exemption.
• Alternatives like appointed representative status, PSD agents or e‑money distribution can help you launch faster-but they come with oversight, scope limits and contractual responsibilities.
• Map your activities to precise permissions, pick the right structure, and prepare a strong application pack covering governance, capital, customer documentation, safeguarding/client money, AML and operational controls.
• Once authorised, keep on top of Consumer Duty, reporting, financial promotions approval, outsourcing oversight and UK GDPR-with living documents such as SaaS Terms, Website Terms and Conditions and a clear Privacy Policy.
• If your business model changes, revisit your permissions early. It’s far easier to vary authorisation proactively than to remediate after the fact.
• Not sure if you need to be FCA regulated? Get tailored advice before you market or onboard your first customers-your permissions should shape your product and documents, not the other way round.

If you’d like help working out whether you need FCA authorisation-or putting compliant documents in place-you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no‑obligations chat.