Appointed representative or direct FCA authorisation: choosing your route

If your business will carry on a regulated activity in the United Kingdom, you cannot simply trade. The general prohibition in section 19 of the Financial Services and Markets Act 2000 (FSMA) means a firm must either be authorised by the Financial Conduct Authority (FCA), be exempt, or stay outside the regulated perimeter. Breaching section 19 is a criminal offence under section 23, carrying up to two years' imprisonment and an unlimited fine, and contracts entered into in breach are generally unenforceable against the customer.

Three routes bring a firm inside the perimeter lawfully:

Direct authorisation by the FCA in your own name.
Appointed representative (AR) status under section 39 FSMA, where an authorised principal takes regulatory responsibility for your conduct.
Joining a network, which is a commercial form of the AR route in which a specialist principal aggregates many ARs and provides compliance, technology and professional indemnity cover.

The decision is strategic, not administrative. It shapes who carries liability for your advice, how quickly you can launch, what activities you can offer, and how easily you can grow or sell the business later.

FSMA 2000 general prohibition on unauthorised regulated activity

Section 19 of the Financial Services and Markets Act 2000 prohibits any person from carrying on a regulated activity in the United Kingdom by way of business unless authorised or exempt.

Section 19 of the Financial Services and Markets Act 2000 (FSMA) imposes the general prohibition: no person may carry on a regulated activity in the United Kingdom, or purport to do so, unless that person is either an authorised person or an exempt person. This is the statutory cornerstone of the UK financial services perimeter.

Statutory source: Financial Services and Markets Act 2000, section 19
Scope: Any person carrying on a regulated activity in the UK by way of business
Required status: Authorised person (FCA/PRA Part 4A permission) or exempt person
Definition of regulated activity: FSMA s.22 read with Schedule 2 and the Regulated Activities Order 2001 (SI 2001/544)
Activity outside permission (authorised persons): FSMA s.20 — authorised persons must act within the scope of their permission
Consequence of breach: Criminal offence under FSMA s.23 (see fsma_general_prohibition_offence)
Civil consequence: Agreements made in contravention are unenforceable against the customer (FSMA s.26)

Authorised or exempt: Authorisation is normally obtained through Part 4A FSMA permission granted by the FCA (with the PRA for dual-regulated firms). Exemptions are set out in the FSMA (Exemption) Order 2001 and include appointed representatives, members of designated professional bodies acting within Part XX, and certain public bodies.

By way of business: The general prohibition only bites where the regulated activity is carried on by way of business. The FCA's Perimeter Guidance manual (PERG) explains how this test is applied in practice.

FSMA regulated activities perimeter (RAO 2001)

Reference summary of the activities and investments specified by the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (SI 2001/544), which sets the FSMA authorisation perimeter.

The FSMA perimeter is defined by section 22 of, and Schedule 2 to, the Financial Services and Markets Act 2000, given specific content by the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (SI 2001/544) (the "RAO"). An activity is a regulated activity for FSMA purposes only if it is a specified kind of activity carried on in relation to a specified kind of investment, or carried on in relation to property of any kind.

Primary statutory source: FSMA 2000, section 22 and Schedule 2
Implementing instrument: Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (SI 2001/544)
Specified activity — accepting deposits: RAO Article 5 (deposit-taking by banks, building societies and credit unions)
Specified activity — dealing in investments as principal/agent: RAO Articles 14 and 21
Specified activity — arranging deals in investments: RAO Article 25
Specified activity — managing investments: RAO Article 37
Specified activity — advising on investments: RAO Article 53
Specified activity — safeguarding and administering investments: RAO Article 40 (custody)
Specified activity — regulated mortgage contracts: RAO Articles 61–63 (entering into, administering, advising on and arranging regulated mortgages)
Specified activity — insurance distribution: RAO Articles 21, 25, 39A, 53 in relation to contracts of insurance (Article 75 / Schedule 1 categories)
Specified activity — consumer credit and consumer hire: RAO Articles 60B–60N (credit broking, consumer credit lending, hiring, debt collection, debt administration, debt counselling, debt adjusting, providing credit information services, providing credit references)
Specified activity — debt collection and debt administration: RAO Articles 39F and 39G
Payment services and e-money (parallel regimes): Regulated under Payment Services Regulations 2017 (SI 2017/752) and Electronic Money Regulations 2011 (SI 2011/99) where in scope, in addition to FSMA permissions where activities also fall within the RAO
Specified investments: Deposits, e-money, contracts of insurance, shares, debt instruments, government and public securities, units in collective investment schemes, options, futures, contracts for differences, regulated mortgage contracts, home reversion plans, home purchase plans, regulated credit and consumer hire agreements
Authoritative interpretation: FCA Perimeter Guidance manual (PERG)

Two-step test: An activity falls within the FSMA perimeter only if (a) it is a specified kind of activity under Part II of the RAO, and (b) it is carried on in relation to a specified kind of investment under Part III of the RAO (or, for some activities, in relation to property of any kind). Both legs must be satisfied. If either is missing, the activity is outside the FSMA perimeter (although it may still be regulated under a parallel regime).

Parallel regimes: Several adjacent regimes sit outside FSMA Part 4A but are administered by the FCA, including the Payment Services Regulations 2017 (SI 2017/752) for payment institutions, the Electronic Money Regulations 2011 (SI 2011/99) for electronic money institutions, and the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692). Firms should check whether their activities require authorisation, registration, or both.

What the appointed representative route actually is

Section 39 FSMA exempts an AR from the general prohibition for activities carried on under a written contract with an authorised principal who has accepted responsibility for those activities. The Financial Services and Markets Act 2000 (Appointed Representatives) Regulations 2001 (SI 2001/1217) prescribe the activities the AR route can cover and the conditions the principal-AR contract must meet.

The AR's regulated activities are treated, in law, as if the principal were carrying them on. Customers contract with the AR but their regulatory protections sit with the principal. The principal must have permission for every regulated activity its AR performs, must oversee that AR's conduct on a continuous basis, and is liable to the FCA and to customers for breaches.

What the AR route can reach

Investment advice and arranging deals in investments.
Insurance distribution (selling and advising on general and protection insurance).
Mortgage broking and arranging.
Consumer credit broking, debt counselling and certain other limited-permission credit activities — most commonly accessed via a network principal.

What the AR route cannot reach

Accepting deposits (banking) — direct authorisation only, and PRA dual-regulation applies.
Effecting or carrying out contracts of insurance as an underwriter — direct authorisation only.
Managing investments on a discretionary basis for retail clients beyond narrowly defined limits.
Operating an electronic money or payment institution — separate authorisation regimes apply under the EMRs and PSRs.

If your proposition includes any of these, direct authorisation is your only lawful route. Misjudging this scope is not a paperwork error: a firm trading outside what its principal's permissions and SI 2001/1217 actually permit breaches s.19 FSMA, with the criminal consequences of s.23 attaching to the AR's directors and officers.

Three routes compared

Headline trade-offs across the routes most small firms consider.

Dimension	Direct authorisation	AR of a single principal	AR within a network
Time to market	9-12 months from a complete application	4-12 weeks once a principal accepts you and runs due diligence	4-8 weeks; networks have standing onboarding processes
Activities reachable	Anything the FCA grants permission for, including deposit-taking and underwriting	Only activities within SI 2001/1217 and matching the principal's permissions	Same as single-principal, narrowed to the network's permission scope
Regulatory liability	Sits with the firm; senior managers personally accountable under SM&CR	Principal is liable to FCA and customers for AR conduct; AR liable to principal under contract	Network principal carries FCA liability; AR contractually liable to the network
Annual cost (indicative)	FCA fees, capital adequacy, compliance staff, audit — typically £40k+ for a small firm	Principal charges a monitoring fee or revenue share, often 10-25% of regulated income	Network fees of 15-30% of regulated income, including PI cover, tech and supervision
Control over proposition	Full — set your own product range, panel and processes	Constrained by principal's approved product list and procedures	Most constrained — network defines panels, advice processes and tech stack
Financial promotion sign-off	Self-approved within firm's permissions; s.21 gateway since 2024 if approving for unauthorised parties	Principal must approve all AR financial promotions in advance	Network compliance team approves all promotions before issue
Exit and sale	Firm has its own permission — saleable as a regulated business	Permission is the principal's; departure means re-papering clients with a new principal or your own authorisation	Same constraint, plus network contracts often include restrictive covenants and client-ownership clauses

Liability: what the principal is signing up for

Under s.39(3) FSMA the principal is responsible, to the same extent as if it had expressly permitted the conduct, for anything done or omitted by the AR in carrying on the business for which the principal has accepted responsibility. That responsibility runs to:

FCA enforcement action, including fines, public censure and permission variation.
Financial Ombudsman Service awards on customer complaints about the AR.
Financial Services Compensation Scheme contributions where AR misconduct causes losses.
Civil claims under s.138D FSMA for breaches of FCA rules causing loss to private persons.

Principals routinely pass these costs back to ARs through indemnity clauses, retained reserves and clawback. Read the principal agreement before signing: an AR can find itself contractually liable for a complaint years after leaving the network.

Trading outside the activities your principal has accepted responsibility for, or outside the scope of SI 2001/1217, breaches s.19 FSMA. Section 23 makes that a criminal offence with up to two years' imprisonment and an unlimited fine. "We thought the principal had it covered" is not a defence: every AR director should be able to point to the specific permission and contractual scope covering each line of business.

How FCA oversight of ARs changed after 2022

Following the FCA's December 2022 policy statement (PS22/11) on improving the AR regime, principals must now:

Carry out enhanced due diligence before appointing an AR, including fitness, financial soundness and business model review.
Review each AR at least annually, with a self-assessment, board-approved report and evidence of effective oversight.
Notify the FCA within 30 days of appointing or terminating an AR, with detailed information through the Connect system.
Submit an annual data return on each AR's regulated revenue, complaints and customer numbers.
Approve all financial promotions issued by the AR before they are communicated.

The practical effect is that principals have become much more selective. They now reject business models they would once have accepted, charge higher monitoring fees, and terminate ARs whose data return performance looks risky. A firm choosing the AR route in 2026 should expect a meaningful onboarding process and ongoing scrutiny that resembles a junior version of the FCA's own supervision.

How to choose

Direct authorisation usually fits where the firm: needs activities outside SI 2001/1217; wants full control of its proposition; has the capital, governance and senior staff to absorb FCA scrutiny; or plans an exit that depends on holding its own permission.

An AR arrangement with a single principal often fits an established adviser or broker with an existing book and a long-term relationship with one provider, where speed to market and reduced compliance overhead outweigh the loss of independence.

A network typically fits new entrants, sole traders and very small firms in mortgage, protection or general insurance broking who need ready-made compliance, technology and professional indemnity cover and accept a tighter operating model in exchange.

Plan the route in tandem with your business model: switching later is expensive, slow, and usually requires re-papering every client.

Related obligations

Whichever route you take, the same conduct rules attach to your customer-facing activity: the FCA Handbook (PRIN, COBS or ICOBS, CASS where applicable), Consumer Duty, SM&CR or the Conduct Rules for ARs, and the financial promotions regime under s.21 FSMA. Choosing AR status reduces the regulatory perimeter work but does not lighten the conduct standards your customers experience.

Authoritative sources

FCA: Appointed representatives (opens in a new tab)
Official FCA hub for principals and ARs, including PS22/11.
FCA: Authorisation (opens in a new tab)
Direct authorisation application gateway and guidance.
FSMA 2000 section 39 (opens in a new tab)
Statutory basis for the appointed representative exemption.
Appointed Representatives Regulations 2001 (SI 2001/1217) (opens in a new tab)
Activities and contractual conditions for the AR route.

Appointed representative or direct FCA authorisation: choosing your route

Do I need FCA authorisation?

Consequences of carrying on regulated financial business without FCA authorisation

Cryptoasset Business Regulation

Get FCA authorisation for financial services

Understanding UK consumer credit regulation

What the appointed representative route actually is

What the AR route can reach

What the AR route cannot reach

Three routes compared

Liability: what the principal is signing up for

How FCA oversight of ARs changed after 2022

How to choose

Related obligations

Authoritative sources

Related guides in Financial Regulation Overview

What the appointed representative route actually is

What the AR route can reach

What the AR route cannot reach

Three routes compared

Liability: what the principal is signing up for

How FCA oversight of ARs changed after 2022

How to choose

Related obligations

Authoritative sources