Financial Services and Markets Act 2000

The primary statute governing financial services regulation in the UK is the Financial Services and Markets Act 2000 (FSMA). FSMA establishes the overall regulatory framework for the regulation of financial services in the UK.

Section 19 of FSMA prohibits a person from carrying on a regulated activity in the UK “by way of business” unless they are authorised or can rely on an exemption/exclusion. This is known as the “general prohibition”. Carrying on a regulated activity in breach of the general prohibition is a criminal offence and might result in certain agreements being unenforceable.

Regulated activities

Detailed definitions of what constitutes a regulated activity are set out in the Financial Services and Markets Act (Regulated Activities) Order 2001 (the “Regulated Activities Order” or RAO). The RAO also contains a number of exclusions. If a person falls within the scope of an exclusion, they will not need authorisation to carry on that regulated activity. Generally, there are two types of exclusion: (i) exclusions that apply to particular regulated activities (“specific exclusions”); and (ii) exclusions that apply to multiple regulated activities (“general exclusions”).

For an activity to be regulated under FSMA, it must be carried on by way of business. This is commonly referred to as “the business test”. The Financial Services and Markets Act 2000 (Carrying on Regulated Activities by Way of Business) Order 2001 (the “Business Order”) varies the business test as it applies to certain regulated activities.

Generally, only regulated activities carried on in the UK fall within the territorial scope of FSMA. However, there are circumstances where the territorial scope is wider and each case must be analysed carefully on its own merits.

Financial promotions

Section 21 of FSMA (the “financial promotion restriction”) prohibits an unauthorised person from carrying on certain advertising and marketing activities in relation to financial services products unless the promotion is approved by an appropriately authorised person or an exemption applies. The Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 (the “Financial Promotion Order” or FPO) sets out exemptions from this restriction.

Payment Services and Electronic Money

In addition to FSMA, the Payment Services Regulations 2017 (PSRs) and Electronic Money Regulations 2011 (EMRs) create authorisation regimes for payment institutions and e-money issuers, respectively.

Consumer Credit

The Consumer Credit Act 1974 regulates consumer credit agreements, hire agreements and credit advertising.

Money Laundering

The Money Laundering Regulations 2017 is the key piece of legislation for the UK’s anti-money laundering and counter-terrorist financing requirements.

EU Legislation After Brexit

Many of the UK requirements still reflect EU legislation that applied in the UK before it left the EU (through Brexit). At Brexit, EU financial services regulations were imported into UK law. The government is now in the process of reviewing this large body of legislation, aiming to tailor it to UK markets and move the rules out of legislation and into the financial services regulators’ rulebooks.

The RAO sets out the test for whether an activity is regulated in the UK. Generally, an activity is regulated if it is an activity of a specified kind that is carried on “by way of business” and relates to a specified investment. In addition to the RAO, certain other pieces of legislation such as the PSRs and EMRs set out regulated activities in relation to specific areas, such as payments.

A broad range of activities and products are regulated in the UK, including the following (this is not an exhaustive list; it aims to illustrate the core regulated sectors).

• Banking and deposit-taking, eg:
1. current and savings accounts;
2. loans, overdrafts and credit facilities; and
3. mortgages.
• Investment services, eg:
1. advising on investments (eg, financial advisers);
2. dealing in investments on your own account or as agent for another;
3. managing investments (eg, discretionary fund management);
4. operating collective investment schemes – establishing or managing a fund (eg, unit trusts, open-ended investment companies (OEICs) and alternative investment funds (AIFs));
5. arranging deals in investments (eg, intermediaries in transactions);
6. handling client money and providing custody in relation to investment assets; and
7. examples of regulated investment products include shares, bonds, derivatives, units in collective investment schemes and structured products.
• Insurance (life and general insurance), for example:
1. insurance brokers and agents;
2. underwriting insurance contracts; and
3. reinsurance.
• Pension and retirement products, eg:
1. personal pensions;
2. workplace personal pensions; and
3. pension advice and transfers.
• Consumer credit, including:
1. credit cards and personal loans;
2. hire purchase and leasing;
3. debt collection and debt counselling;
4. crowdfunding and peer-to-peer lending; and
5. buy-now-pay-later products (being brought into regulation, expected mid-2026).
• Payment services and e-money, eg:
1. payment processing and money remittance;
2. electronic money issuance; and
3. fintech payment providers and remittance firms.
• Asset management and funds.
• Financial advice, eg:
1. independent financial advisers;
2. mortgage advisers; and
3. insurance intermediaries.
• Market infrastructure and trading venues:
1. stock exchanges, multilateral trading facilities, organised trading facilities; and
2. clearing houses and settlement systems.
• Some crypto-assets (emerging regulation) – see 2.3 Crypto-Assets for more information.
• Certain activities relating to benchmarks and claims management companies are also regulated.

The most commonly used exemptions (and exclusions) in the UK include: 

• Appointed representatives – An appointed representative is an exempt person under FSMA who conducts regulated activities under the oversight of an authorised firm (the “principal”). In other words, rather than getting its own licence, the appointed representative is effectively sheltered by the principal’s authorisation. This arrangement is common in areas like insurance broking or investment advice – eg, a small insurance intermediary might act as an appointed representative of a larger network which is authorised. The principal firm takes responsibility for the appointed representative’s compliance.
• Professional firms – Certain professional services firms (eg, lawyers, accountants and actuaries) can carry out some regulated activities which are incidental to their main business without direct Financial Conduct Authority authorisation. For instance, a solicitor advising a client on an investment as part of legal services could be exempt, provided the investment advice is incidental and not separately remunerated. These exemptions (often called Part 20 exemptions) allow professionals who are members of a professional body to avoid dual regulation when financial activity is ancillary to their core work.
• Instalment Credit Firms – There are specific exemptions in consumer credit. One example is for businesses offering credit by way of instalment payments for their goods or services (for example, a retailer allowing customers to pay in 12 instalments). Certain conditions must be met – eg, the credit must be for a fixed amount, interest-free and repaid in 12 or fewer instalments within a year.
• Groups and overseas persons – There are exclusions for intragroup activities and overseas transactions. For example, if a company provides services solely to other companies in its corporate group, that may be outside regulation in some cases. Additionally, the “overseas persons exclusion” allows firms with no place of business in the UK to deal with UK clients in certain circumstances without UK authorisation. This is subject to conditions that vary depending on the specific activity – often overseas persons may only service more sophisticated UK persons (eg, authorised or exempt firms), deal through an authorised firm, or only deal with UK persons in a manner compliant with the financial promotion exemptions.
• Introducers – There are exclusions that allow unregulated persons to introduce customers to authorised firms under certain conditions.
• Incidental media and publishing – Communications made in the course of journalism or broadcasting to the public are exempt from the financial promotion restriction. For instance, a newspaper publishing stock recommendations is generally not treated as making a regulated financial promotion.

Crypto-asset regulation is a rapidly evolving area and the UK has been gradually adapting its regulatory perimeter to address emerging risks from crypto-assets while also fostering innovation. There is no single comprehensive regime governing crypto-asset regulation, but certain crypto-asset activities fall under the existing regulatory regime and new rules are on the horizon.

Categorisation of Crypto-Assets in the UK

Under the current framework, crypto-assets fall within one of the following three categories depending on their structure and use:

• Security tokens 2 Tokens that amount to a “specified investment” under the RAO, excluding e-money, generally fall within the scope of the Financial Conduct Authority’s (FCA’s) regulatory perimeter.
• E-money tokens Tokens that meet the definition of “e-money” under the Electronic Money Regulations 2011 (EMRs) are regulated under the EMRs.
• Unregulated tokens – Any tokens that are not security tokens or e-money tokens fall within this category and are outside the regulatory perimeter. These include utility tokens which can be redeemed for access to a specific product or service that is typically provided using a distributed ledger technologies (DLT) platform, and also exchange tokens or cryptocurrencies such as Bitcoin, Litecoin and equivalents.

Registration Under the Money-Laundering Regulations

The FCA is the main regulator for crypto-assets in the UK, but its remit is currently limited. It oversees certain activities involving crypto-assets, particularly those related to anti-money laundering (AML) and counter-terrorist financing (CTF). Businesses that deal with crypto-assets, such as crypto-asset exchange providers and custodial wallet providers, must register with the FCA and comply with AML and CTF rules. This includes having systems and controls to mitigate the risk of money laundering, proliferation financing and terrorist financing, carrying out customer due diligence and nominating an officer responsible for reporting suspicious activities.

It is worth noting that a person who decides to acquire or increase control over an FCA-registered crypto-asset firm must notify the FCA and obtain approval before the acquisition takes place. Not obtaining the FCA’s approval is a criminal offence.

Financial Promotions

The UK financial promotion regime prohibits the communication of financial promotions in the course of business unless the financial promotion is issued or approved by an authorised person or falls within a relevant exemption. The prohibition applies to communications which are capable of having an effect in the UK and many different types of communications are caught (eg, websites, social media channels, in-app communications, etc). The FCA can order the withdrawal of promotions, and the unlawful communication of a financial promotion is a criminal offence.

Currently, crypto-asset firms registered with the FCA under the Money-Laundering Regulations benefit from an exemption that permits them to communicate their own crypto-asset financial promotions.

Financial promotions need to be clear, fair and not misleading, contain risk warnings and comply with a ban on inducements to invest. Direct-offer financial promotions (a sub-category with the additional element of specifying a means of response, such as an application form) must comply with additional requirements, such as a 24-hour cooling-off period for first-time investors.

Future Regime

In line with the UK government’s plans to create a regulatory regime for crypto-assets, the FCA has been consulting on different aspects of the future regime and HM Treasury has published draft legislation to bring certain crypto-asset-related activities within the perimeter. The new regime is expected to go live in 2026 with a number of publications expected over the course of 2025–2026.

The draft legislation introduces new regulated crypto-asset activities, which include arranging deals in qualifying crypto-assets or dealing as principal or agent, fiat-referenced stablecoin issuance, staking, operating a trading platform, and safeguarding (custody).

The draft legislation establishes the territorial scope for the new regulated activities, which includes overseas firms that deal directly or indirectly with consumers in the UK.

Financial regulation in the UK is carried out by several authorities with distinct responsibilities. The two primary regulators are the FCA and the Prudential Regulation Authority (PRA). The PRA’s and FCA’s primary focus relates to relevant activities carried on in the UK. This covers services provided within the UK or to UK clients. UK-authorised firms may therefore be subject to some PRA/FCA regulation when they are operating abroad.

The FCA

The FCA is the conduct regulator for all financial services firms and the prudential regulator for firms that are not PRA-supervised. This means the FCA oversees how firms treat customers and behave in markets and it also sets capital and solvency requirements for some financial services firms, which are referred to as “solo-regulated firms”.

The PRA

The PRA, which is part of the Bank of England (BoE), is the prudential regulator for systemically important firms – these are banks, large investment firms (ie, investment banks) and insurers. These firms are supervised by the PRA for safety and soundness and by the FCA for conduct of business, and are referred to as “dual-regulated firms”.

The BoE

The BoE itself has broader systemic responsibilities. The BoE oversees macro-prudential stability via its Financial Policy Committee and directly supervises certain financial market infrastructures – eg, payment systems, central counterparties and securities settlement systems.

The Payments Systems Regulator

The Payments Systems Regulator is the regulator for UK payment systems, but its role and functions are in the process of being moved into the FCA.

Financial services firms in the UK must comply with relevant legislation, but also with the extensive rules and guidance issued by the regulators. The FCA and the PRA have both developed comprehensive rulebooks which function as a detailed framework of rules and guidance for regulated firms.

The FCA’s rules are contained in the online FCA Handbook and the PRA’s rules are in its online PRA Rulebook. Both contain binding rules as well as guidance clarifying how firms can meet those rules. There is a combination of high-level requirements and detailed provisions.

Guidance in the Handbook/Rulebook is not binding and need not be followed to achieve compliance with the relevant rule or requirement. However, if a person acts in accordance with general guidance, the regulators will treat that person as having complied with the rule or requirement to which the guidance relates.

In addition to the Handbook/Rulebook, the regulators issue various forms of guidance and other communications. These include “Dear CEO” letters, guidance publications, thematic review findings and other supervisory communications which highlight concerns and signal regulatory expectations.

There are also industry codes and standards that are not legally binding but are supported by the regulators.

The UK is in the process of implementing the final Basel III/Basel 3.1 standards. It is aiming for close alignment with the global Basel standards with some adjustments for UK-specific circumstances. Implementation of the standards requires significant changes to the UK’s existing prudential requirements, especially around the calculation of risk-weighted assets.

The UK authorities’ aim is for the bulk of the measures implementing the standards to come into force on 1 January 2027, with transitional arrangements in place up to 2030 for some elements. The PRA currently intends to delay the implementation of market-risk reforms relating to the internal model approach until 1 January 2028.

The 1 January 2027 implementation date may, however, be delayed. The PRA has said it will continue to monitor developments, particularly around implementation in the United States. If the 1 January 2027 implementation date is delayed, the PRA expects that the final deadline of 1 January 2030 will remain unchanged, and that the transitional period will be shortened accordingly.

The UK will implement the Basel 3.1 standards through a combination of legislation produced by HM Treasury, and rules and other supervisory material produced by the PRA. The PRA has published near-final rules. The detailed requirements will be set out in the PRA Rulebook and in other PRA supervisory materials. New Parts will be added to the PRA Rulebook and provisions in the UK version of the Capital Requirements Regulation relating to the Basel 3.1 standards will be transferred into the PRA rules.

Certain small UK banks and building societies that choose to opt into the PRA’s regime for small domestic deposit-takers will have the flexibility to continue to apply current prudential requirements under an interim capital regime, rather than the Basel 3.1 requirements, until the entry into force of a bespoke capital prudential framework for these firms.

The UK has committed to implementing a T+1 securities settlement cycle but has not yet done so. The current standard in UK securities markets is still T+2.

In December 2022, the UK government set up an Accelerated Settlement Taskforce to examine the case for accelerating settlement in UK markets. In March 2024, the Taskforce published a report recommending that the UK adopt T+1 no later than the end of 2027 and that a dedicated Technical Group be established to define implementation details.

The Technical Group’s final implementation plan, published in February 2025, recommends a go-live date of Monday 11 October 2027 as the first trading day for UK cash securities trading under T+1. The UK government has accepted these recommendations and confirmed that it will legislate to mandate T+1 settlement from that date. The FCA will update its settlement-related rules to align with the new cycle.

In scope for T+1 will be the instruments currently in scope of the UK’s Central Securities Depositories Regulation (CSDR) (ie, transferable securities traded on UK trading venues and settled via a UK Central Securities Depository). Some instruments (eg, certain OTC, repo or primary issuance trades) may be excluded or phased, and under certain scenarios (such as a UK move, ahead of the EU), exemptions may be considered (eg, exchange-traded products (ETPs), exchange-traded funds (ETFs) or Eurobonds).

In May 2025, key UK asset management trade associations recommended that relevant firms should alter their fund settlement timing to T+2 from 11 October 2027. Deals in units of UK funds investing in stocks or bonds currently typically settle on T+3 or, in some cases, T+4. The FCA generally expects that FCA-authorised funds and recognised schemes will adopt a T+2 settlement cycle from 11 October 2027 in order to align more closely with the underlying market settlement.

The UK has several regimes aimed at addressing greenwashing and improving transparency around ESG investments/funds.

Sustainability Disclosure Requirements (SDR)

In order to build trust and integrity in the ESG investment products market and improve information for investors, the FCA introduced the SDR regime.

These rules include:

• an anti-greenwashing rule – a general anti-greenwashing rule, applying to all regulated firms, requiring all references to the sustainability characteristics of financial products and services to be clear, fair and not misleading;
• a labelling regime – four optional product labels for certain UK sustainable investment products available to retail consumers;
• naming and marketing restrictions – restrictions for products that do not opt to use product labels but use restricted sustainability-related terms in their naming and marketing; and
• sustainability-related disclosures, divided into four types –
1. entity-level disclosures for asset managers with more than GBP5 billion in assets under management;
2. annual consumer-facing disclosures for asset managers using product labels or restricted terms;
3. pre-contractual disclosures for asset managers using product labels or restricted terms; and
4. annual ongoing disclosures for asset managers using product labels or restricted terms.

Climate Disclosures

In addition, in order to promote transparency in relation to climate-related factors associated with financial products, the FCA has introduced mandatory climate disclosure requirements aligned with the Task Force on Climate-Related Financial Disclosure’s (TCFD’s) recommendations. These rules were initially only applicable to premium listed commercial companies, but have been extended to issuers of standard listed equity shares, asset managers and certain asset owners.

Under these rules, in-scope firms are required to make:

• entity-level disclosures by publishing annual TCFD-aligned reports setting out how they account for climate-related matters in managing/administering investments on behalf of clients and consumers; and
• product-level disclosures on their products and portfolios, including climate-related metrics.

In due course, this regime will be moved from being aligned with TCFD recommendations, to being aligned with the standards of the International Sustainability Standards Board (ISSB) standards, which have effectively superseded the TCFD recommendations.

Enforcement Action

The FCA has not yet imposed public penalties on any firms in relation to these regimes. However, the FCA has confirmed that it is actively monitoring firms’ compliance with the anti-greenwashing rule, and has previously opened investigations into climate-related disclosures.

Potential Future Requirements

The UK government and the FCA are also in the process of introducing the following which, if brought into force, will be of further relevance to the ESG investment products market:

• extending the SDR and investment label regime – the FCA is considering the next steps for extending the regime to portfolio management and, potentially, funds in the overseas funds regime;
• transition plans – the UK government is consulting on requiring certain UK-regulated financial institutions to develop and implement credible transition plans; and
• ESG ratings regulations – the UK government is currently in the process of bringing providers of ESG ratings to users in the UK within the UK regulatory perimeter.

The UK government is committed to fostering close international co-operation on the regulation of AI and has a pro-innovation approach. The FCA and PRA are increasingly focused on how AI is transforming financial services. While they have not yet introduced AI-specific rules, they have issued a series of publications that clarify how existing regulatory frameworks apply to AI and to signal their expectations of firms. The FCA is fostering technological exploration through TechSprints, Regulatory and Digital Sandboxes, its AI Lab and other innovation advisory services. See 4.5 Fintech for more information.

A central feature of the UK’s regulatory approach is its principles-based, outcomes-focused, technology-neutral stance. Outcomes-based regulation can be applied more easily to technological change and market development than detailed prescriptive rules. The regulators believe that many risks related to AI are not necessarily unique to AI itself and can be mitigated within existing legislative and/or regulatory frameworks.

Existing rules on conduct, prudential risk, governance, and operational resilience already apply to AI systems and new, highly prescriptive rules are not currently planned. Instead, firms are expected to interpret and apply these existing obligations in the context of AI. Firms deploying AI must be able to demonstrate appropriate governance over, and executive accountability for, all stages of the AI life cycle – from design to deployment and into business as usual.

The regulators are closely monitoring the adoption of AI across UK financial markets. This includes keeping under review whether amendments to the existing regulatory regime are needed. In addition, they are continuing to monitor the potential macro effects that AI can have on financial markets – eg, cybersecurity, interconnectedness and financial stability.

The UK has taken a pro-innovation approach to fintech regulation recognising that fintech plays a crucial role in the UK’s growth strategy and its status as a leading fintech hub. The UK regulators take a technology-neutral approach to regulation, with rules designed to apply regardless of the underlying technology. They aim to balance fostering innovation with regulatory objectives such as financial stability, consumer protection, competition and market integrity.

The UK regulators are supporting the fintech sector’s expansion into Open Finance after the successful Open Banking initiative. Open Banking required major banks to share customer account data securely with authorised third parties, with the customer’s consent. It enabled new products like budgeting tools and savings tools to be brought to market. Open Finance aims to extend the same principles of secure, consent-backed data-sharing to a wider range of financial products and services, including savings, investments, insurance, etc.

Tokenisation initiatives in the UK are exploring how traditional financial assets – such as bonds or funds – can be digitised and represented as tokens on DLT to improve efficiency, transparency and innovation in financial markets. The FCA has published a consultation paper setting out how it aims to support innovation in UK asset management via new rules for fund tokenisation and direct-to-fund dealing. It aims to give firms greater clarity and thus confidence to adopt tokenisation in fund management.

Sandboxes

The FCA is committed to embracing the opportunities presented by new technology and innovation. It has pioneered several initiatives to help fintech firms develop and deploy innovative solutions. These include:

• The Regulatory Sandbox, which supports both authorised and unauthorised firms by providing a controlled environment in which to safely test innovative new products and services with customers. It helps businesses bring new ideas to market more quickly and safely, while giving the FCA valuable insights into emerging technologies.
• The Digital Sandbox, which is an online testing environment designed to help early-stage innovators develop, test and refine new financial products and services in a safe non-live setting. It is intended for firms that are not yet ready to test products with real customers in the Regulatory Sandbox.
• The Supercharged Sandbox, which is a new experimentation platform launched in 2025 to help firms experiment with AI and other technologies. It goes further than the Regulatory Sandbox and Digital Sandbox by providing powerful technical infrastructure and synthetic data sets to accelerate the safe development and deployment of AI solutions.
• The AI Lab, which is a dedicated programme to support the safe adoption of AI. It acts as a hub for collaboration, experimentation and regulatory oversight, helping firms to understand how the existing rules apply to AI while also allowing the FCA to deepen its own understanding of emerging technologies.
• The AI Testing Framework, which is a forthcoming regulatory initiative designed to allow firms to test AI systems with real users and data in a controlled supervised environment. It aims to bridge the gap between AI experimentation and real-world deployment.
• TechSprints, which are hackathon-style collaboration events to tackle regulatory and industry challenges through innovation.
• Innovation Pathways, which offer tailored support to firms developing novel financial products, helping them navigate the regulatory landscape.
• AI Live Testing, which is an upcoming initiative enabling live testing of AI systems with real data and users, under regulatory oversight.

Central Bank Digital Currency

The BoE and HM Treasury are actively exploring the possibility of a central bank digital currency, known as the “digital pound”. This would be a new digital form of money issued by the BoE to be used alongside physical cash. The BoE has published design papers and working papers which outline its initial thinking. It will continue to publish papers and launch technical experiments as the design phase progresses throughout 2025/6.

Although significant work is underway, no decision has yet been made on whether to introduce a digital pound in the UK. If introduced, it would not be launched until the second half of this decade. Once the design phase has concluded, the BoE will have sufficient information to decide whether to proceed. The government will also make its own decision on this and the digital pound would only be launched after Parliament passes the relevant legislation.

The FCA places a strong emphasis on protecting vulnerable customers. A vulnerable customer is generally defined as someone who, due to their personal circumstances, is especially susceptible to harm, particularly if a firm does not act with the appropriate level of care. This includes customers with low financial resilience, health conditions, lower digital or literacy skills, less confidence in financial matters, or who are experiencing significant life events (like bereavement, divorce or job loss). The FCA’s aim is that vulnerable customers should receive the same fair treatment and outcomes as other customers.

The FCA issued detailed guidance on the fair treatment of vulnerable customers (FG21/1) in February 2021. This guidance is extensive, but key points include:

• Firms should understand the nature and scale of characteristics of vulnerability that exist in their target market or customer base.
• Staff need the skills and capability to recognise and respond to a range of characteristics of vulnerability. Frontline employees should be trained to spot signs of potential vulnerability and know how to adjust their service – eg, being patient, offering to pause or repeat information, or referring the customer to specialist support teams if needed.
• Firms should adapt their product design, customer service and communications to meet vulnerable customers’ needs. This might mean offering alternative communication channels (like telephone or face-to-face help for those who find online communication difficult), providing information in clear and simple language, or having flexible policies (for instance, offering forbearance in hardship, or giving longer to make decisions).
• Firms need to monitor outcomes for vulnerable customers and ensure they are as good as outcomes for other clients. If gaps or issues are found, firms should make improvements.

The FCA expects firms to embed the fair treatment of vulnerable customers in their culture and to integrate it into governance, policies and every stage of the customer journey.

The FCA’s guidance is linked to firms’ obligations under the FCA’s Principles for Businesses, particularly the requirement to treat customers fairly. The guidance in FG21/1 is not itself binding, but it illustrates ways in which firms can comply with the FCA’s principles and rules when interacting with vulnerable customers.

The FCA’s Consumer Duty, which came into force in 2023, builds on and strengthens the earlier guidance on the fair treatment of vulnerable customers in FG21/1. The Consumer Duty requires firms to ensure good outcomes for all retail customers, and the FCA expects firms to consider and respond to the needs of vulnerable customers at every stage of the customer journey. For example, designing products with vulnerability in mind, ensuring communications are clear and accessible, offering flexible and responsive customer support, and ensuring that vulnerability does not lead to poor value. Firms are expected to evidence how they identify, monitor and support vulnerable customers as part of their Consumer Duty governance.

The FCA is tracking firms’ progress and has carried out regular reviews to see how firms have applied its guidance. The FCA has tools ranging from supervisory conversations to enforcement action if firms fail to treat vulnerable customers fairly.

The UK’s regulators are increasingly focused on the potential systemic risks from shadow banking (also known as non-bank financial intermediation, or NBFI), and have been active in both domestic and international efforts to strengthen the oversight of NBFI.

The FCA

The FCA is considering targeted policy measures to strengthen market resilience and is focusing on risk management practices to mitigate systemic risks posed by NBFI. It is prioritising improved data collection and greater transparency to assess risks associated with NBFI entities. The FCA may take steps to enhance both public and private disclosure to improve transparency and mitigate the build-up of systemic risk from NBFI leverage. This may include anonymous, aggregated information on concentrated positions and liquidity conditions and also enhanced private disclosure between counterparties. The FCA has consulted on proposals to make UK money market funds more resilient under stress and reduce systemic spill-overs from rapid redemptions.

The BoE

The BoE’s recent focus has been on market-based finance and the resilience of core markets. In September 2025, it published a discussion paper on gilt repo market resilience, exploring options such as expanding central clearing and introducing minimum haircuts or margins for non-centrally cleared transactions. These measures are intended to limit procyclical leverage build-ups among non-banks and reduce the risk of forced asset sales in stress periods.

In January 2025, the BoE opened applications to its Contingent NBFI Repo Facility (CNRF). In severe gilt market stress, the facility enables the BoE to provide emergency liquidity against gilts to NBFIs, including insurers, pension funds and liability-driven investment funds in exceptional circumstances, mitigating market dysfunction.

The PRA

The PRA has focused on linkages between banks and shadow banking entities. In December 2023, it published a consultation paper proposing new requirements for Capital Requirement Regulation (CRR) firms (excluding small domestic deposit-takers) and CRR consolidation entities to identify, assess and manage “step-in risk” — ie, the potential obligation to support unconsolidated entities such as funds or vehicles during stress.

The consultation also proposed incorporating European Banking Authority guidelines on limiting exposures to shadow banking entities and groups of connected clients into the PRA rules, alongside refining the definition of shadow banking entities for UK regulatory purposes.

The PRA finalised only the “step-in” proposals in April 2025 with the rules taking effect from 1 January 2026. It is taking a phased approach, leaving the rules on exposures to shadow banking entities and groups of connected clients to be addressed at a later stage, and these elements remain in progress.

Any firm wishing to carry on regulated activities in the UK must go through a formal authorisation or registration process with the appropriate regulator. Firms must apply to either the FCA or the PRA, as relevant – that is, to the PRA if the application includes certain PRA-regulated activities (eg, banks and insurers) and to the FCA in any other case.

Some payment services, e-money institutions and crypto-asset firms only need to be registered with the FCA, rather than authorised. It is also possible to become an appointed representative of a principal firm (see 2.2 Exemptions for more information).

Dual-Regulated Firms

Dual-regulated firms will have their application considered by both the FCA and the PRA. The PRA will assess the applicant from a prudential perspective and the FCA will assess the applicant from a conduct perspective. The PRA will lead on the authorisation process and make the final decision on the application, although it must obtain the consent of the FCA before granting authorisation. It will administer the application, send all formal notices and decisions to the applicant and be responsible for granting authorisation. The PRA is the main point of contact for the applicant throughout the authorisation process, but applicants will have discussions with both the FCA and the PRA.

The PRA and FCA have set up dedicated start-up units for new insurers and new banks to help applicants through the process.

Solo-Regulated Firms

Solo-regulated firms only need to apply to the FCA and will only have their application considered by the FCA. The FCA will assess the application both from a prudential and conduct perspective.

Application Process

Applicants are expected to carry out detailed preparatory work before they start to fill in and submit the relevant application forms.

There are normally pre-application meetings with the FCA and PRA to support an applicant’s progress through the pre-application process and help it to submit as complete an application as possible. For firms applying to the PRA and who are new to regulation, the PRA normally aims to hold three meetings: an initial meeting, a feedback meeting and a challenge session. The FCA normally also attends these meetings. 

Firms with an existing relationship with the PRA may not require as many meetings, and smaller, less complex and established businesses often need only one meeting.

Once the appropriate regulator has received a completed application pack and the relevant fee, it will allocate a case officer to the applicant. The case officer may ask for additional information or clarification at any stage in their review process.

Forms

The particular forms an applicant must complete will depend on the activities it wishes to carry on. Firms seeking FCA authorisation are able to find more information and the required forms on the FCA’s “Authorisation” webpage. Dual-regulated firms can find information and application forms on the PRA’s “New Firm Authorisation” webpage.

The FCA’s forms are usually submitted online through its Connect system and PRA forms are submitted by email to the PRA.

The forms an applicant will need to complete include:

• A regulatory business plan – This contains an overview of the firm’s business model, proposed governance arrangements, compliance structure, the firm’s capital model and the policies and procedures the firm will have in place.
• Controller forms – These must be completed by the controllers of the applicant. A controller is a person with significant influence over a firm, usually through ownership or voting power, who could therefore influence the direction and governance of the authorised firm.
• Applications to perform senior management functions – The type of firm will determine the applications individuals will need to make, see 5.3 Direct/Personal Regulation for more information on the senior managers regime.
• Financial information – This includes details of accounts, historical financial statements and forward-looking financial projections.
• Wind-down plan – Some firms are required to submit a wind-down plan. This is to ensure that when a firm goes out of business it stops its regulated activities with minimal adverse effect on its clients, counterparties and the wider market.

Firms within the scope of the FCA’s Consumer Duty (ie, firms with retail customers) must prove that they can comply with it. Applications must expressly set out how the firm will act to deliver good outcomes to retail customers. Applicants will need to supply all the policies and management information to support the firm’s compliance with the Consumer Duty.

Threshold Conditions

Threshold conditions are the minimum requirements that both dual-regulated and solo-regulated firms must meet and continue to meet at all times. They include:

• having a head/registered office in the UK;
• being structured so that the firm can be adequately supervised;
• having adequate financial and non-financial resources;
• being suitable to carry on regulated activities; and
• having a suitable business model.

The PRA and FCA will assess applicants against these threshold conditions looking at business plans, capital and liquidity, governance arrangements, risk management and controls and, for some firms, their resolvability (ie, how easily the firm could be resolved if it were to fail).

Timelines

The PRA and/or FCA must determine an application within six months from the date the application is deemed to be complete. For insurance distribution, payments and e-money firms, the period is only three months.

If the PRA and/or FCA receives an application that is incomplete, it must determine it within the earlier of 12 months of initially receiving the application or six months of the application becoming complete. The PRA has recently agreed to faster targets for processing certain insurance applications. It has said that it will target approval times of:

• three months for complete applications from insurance firms that qualify for the wholesale insurance accelerated authorisation pathway;
• six weeks for complete applications from insurance special purpose vehicles (ISPVs); and
• ten working days for complete applications from ISPVs that qualify for an accelerated pathway.

HM Treasury is consulting on proposals for new statutory deadlines for determining applications for new firm authorisations. It is proposing that the FCA and PRA determine these applications within four months if the application is complete and ten months if it is incomplete. These proposals are still under consideration and have not yet been finalised.

Application Fees

Applicants must submit the relevant documents, together with the applicable fee. Firms are unable to submit an application without the fee (which is non-refundable). The amount of the fee varies depending on the type of activity a firm will be carrying on. The more complex the activity, the higher the fee.

The PRA’s application fees are set out in the Fees Part of the PRA Rulebook. They range from GBP1,500 to GBP367,500 for the most complex applications. Banks and insurers would typically pay around GBP25,000.

The FCA’s application fees are set out in Annex 1 and Annex 1A to Chapter 3 of the Fees Manual. There are ten pricing categories which range from GBP280 for the most straightforward application (eg, consumer buy-to-let lenders) to GBP222,940 for the most complex application (eg, a UK Recognised Investment Exchange). The fee payable is for the highest applicable tariff across the categories relevant to the applicant’s permissions.

Separate fees for payment institutions’and e-money institutions’ applications for registration are set out in FEES 3 Annex 8R and Annex 10R.

The FCA and PRA also levy annual fees based on the type and scale of the activities being carried on by the firm and its size. In addition to authorisation fees, a firm may also be liable to pay fees relating to the Financial Ombudsman Service (FOS) and the Financial Services Compensation Scheme (FSCS).

Senior Managers and Certification Regime

Within authorised firms, senior individuals are subject to direct regulation and personal accountability under the UK’s Senior Managers and Certification Regime (SMCR). This regime, introduced for the banking sector in 2016 and extended to nearly all financial services firms by 2019, was a post-crisis reform to ensure that firms and regulators could hold people to account.

Senior Management Functions

Under the SMCR, the most senior people in a firm who perform key roles – known as senior management functions (SMFs) – must be approved by the PRA or FCA before starting their roles. These typically include roles like chief executive, chief finance officer, chief risk officer, heads of key business divisions, and chairs of the board or important committees (for larger firms).

Senior managers must be fit and proper to do their jobs and firms need to assess their fitness and propriety on an ongoing basis.

Each senior manager must have a “statement of responsibilities” filed with the regulator, clearly outlining what they are responsible and accountable for. If a firm breaches one of the FCA’s or PRA’s requirements, the senior manager responsible for that area could be held accountable if they did not take reasonable steps to prevent or stop the breach. Senior individuals can be personally investigated, fined or even banned by regulators for failings in their area of responsibility.

Certification Regime

The Certification Regime applies to other key staff (eg, those who manage important functions or who deal with clients and could therefore have a significant impact on customers and/or the firm). These individuals do not need regulator pre-approval, but firms must assess and certify annually that they are fit and proper for their role. Firms must also issue a certificate confirming this assessment and renew it each year.

Conduct Rules

Additionally, the SMCR introduced Conduct Rules which apply to almost all staff at a firm. These are high-level rules like “act with integrity”, “act with due skill, care and diligence” and “treat customers fairly”. Senior managers have some additional Conduct Rules (eg, to ensure that the area of the business they oversee is effectively controlled and complies with the regulatory requirements).

Reporting Obligations

Breaches of Conduct Rules can lead to disciplinary action by the regulators and certain breaches must be reported by firms. The obligation to report a breach differs depending on who breached the rule (senior manager, certification staff or other staff member) and whether the breach is serious.

If a firm believes an individual is no longer fit and proper, it should consider whether the circumstances warrant it making a notification to the PRA/FCA.

Senior Managers and Certification Regime

The SMCR changes are expected to occur in two phases. Phase 1 will involve changes the regulators can make to their rules without legislative change. Phase 2 will include future FCA and PRA consultations on proposals which will take advantage of any additional flexibility arising from HM Treasury’s legislative changes. This may include a redesigned certification regime which minimises burden and complexity for firms. The FCA and PRA are expected to publish their final rules and policy relating to the Phase 1 changes mid-2026.

Reform of the Financial Ombudsman Service

Concerns around the operation of the FOS have been mounting over recent years, particularly in connection with its perceived role as a quasi-regulator and its lack of interaction with the FCA on important matters. In July, the government set out proposals to reform the legislative framework within which the FOS operates to ensure that it no longer acts as a quasi-regulator. The FCA and the FOS also published a joint consultation paper setting out proposals which aim to provide greater certainty for markets and to ensure consumers get appropriate redress when things go wrong. The FCA and FOS are expected to publish their policy statement in Q1 2026.

Bespoke Regime for the UK Funds Market

The UK regulatory regime for alternative investment funds (AIFs) and their managers is largely derived from the EU Alternative Investment Fund Managers Directive (AIFMD). Now that the UK is no longer part of the EU, HM Treasury and the FCA are reviewing this regime with the aim of replacing it with a bespoke regime for the UK funds market. HM Treasury and the FCA have launched workstreams for the revocation and replacement of UK AIFMD regime provisions. The workstreams are part of a broader focus on how to improve the UK regime for funds and asset managers. They are expected to consult on detailed rules and draft legislation for the future regulation of AIFs in spring 2026.

Retail Disclosure Regime

The FCA is reviewing and simplifying its retail disclosure regime to ensure a consistent approach is adopted across its Handbook. Final rules for the new Consumer Composite Investments Regime (which replaces the EU-derived Packaged Retail and Insurance-based Investment Products or “PRIIPs” regime) are expected by the end of 2025 and firms are expected to have an 18-month transition period to move to the new regime. A consultation on retail banking disclosure rules is due in 2026. The FCA will also explore other opportunities to simplify its disclosure regime.

Consumer Credit Act Reform

The government is consulting on reform of the UK consumer credit regime. This will involve a move away from prescriptive legislation in the Consumer Credit Act to an outcomes-focused framework to be delivered through the FCA. The work is being split into two phases. The Phase 1 consultation has already been published. It seeks views on proposals on information requirements, sanctions and criminal offences. The Phase 2 consultation on more complex issues such as scope of regulation, consumer rights and key definitions is expected in Q1 2026.

At present, no definite date has been set for when the new regime will take effect, but there will be appropriate transitional provisions to enable industry to prepare for the new regime.

Buy-Now-Pay-Later Agreements

Final legislation and rules on bringing buy-now-pay-later (BNPL) agreements into the regulatory perimeter are expected early 2026. The new regime is currently scheduled to take effect on 15 July 2026. From this date, any lender who enters into a BNPL agreement will need to be authorised (or have a temporary permission) and comply with the FCA’s rules.

Targeted Support

HM Treasury and the FCA are consulting on proposals for a new targeted support regime. This regime will enable firms to provide suggestions designed for groups of consumers with common characteristics to help them make financial decisions. The aim is to help consumers access the support they need to help them with investment decisions without them having to pay for comprehensive personalised financial advice. The FCA plans to publish its final rules by the end of 2025, with the new regime potentially coming into force in spring 2026.

Post-Brexit EU-Derived Legislation

HM Treasury and the regulators will continue to move provisions in EU-derived legislation into the regulators’ rulebooks. This change means that the FCA and PRA will have greater ability to reshape the rules in these areas and they are expected to consult on and issue new rules to replace the EU rules over the coming years, with change on the agenda for 2026.

Crypto-Assets

See 2.3 Crypto-Assets for more information on the government’s plans to create a regulatory regime for these.

ESG Reforms

See 4.3 ESG for more information on plans to extend and update the regulatory regime in relation to ESG.        

Captive Insurance

HM Treasury is working with the PRA and FCA on developing a bespoke UK regulatory regime for captive insurance with a consultation expected in Summer 2026. The new regime is expected to come into effect mid-2027.

Consumer Duty

The FCA is looking at ways to refine its Consumer Duty with a view to reducing the burden on firms. It is reviewing the application of the Duty to wholesale firms, improving consistency in rules and definitions, clarifying the Duty’s application to distribution chains, and looking at removing business with non-UK customers from its scope.

Tokenisation

See 4.5 Fintech for information on tokenisation initiatives in the UK.

PISCES

The UK is introducing a Private Intermittent Securities and Capital Exchange System (PISCES) which is a new form of share trading platform designed to enable secondary trading in private company shares through intermittent (ie, occasional, time-limited) trading events. The FCA is testing the regulatory framework using a sandbox and expects trading in shares to start late in 2025. The sandbox is expected to run until 2030.

Safeguarding for Payments and E-Money Institutions

The FCA has proposed new rules to strengthen requirements for safeguarding of client assets by payments and e-money firms. The end state regime is contingent on legislative change and would replace the existing safeguarding requirements with a new Client Assets Sourcebook (CASS)-style regime. Interim final FCA rules come into force on 7 May 2026.