Do I need FCA authorisation?

Why this question matters before you trade

If you are building a business that touches money, credit, insurance, investments, mortgages or payments, the first regulatory question is not which rules apply. It is whether you sit inside the FCA's regulatory perimeter at all. Get this wrong and you commit a criminal offence the moment you accept your first customer.

The perimeter is set by the Financial Services and Markets Act 2000 (FSMA). Section 19 contains what the FCA calls the general prohibition: no person may carry on a regulated activity in the United Kingdom unless they are authorised or exempt. Section 22 then defines what counts as a regulated activity by reference to the Regulated Activities Order 2001 (the RAO).

This is a strategic question, not a compliance afterthought. It determines your business model, your capital requirements, your professional indemnity insurance, your appointed-representative arrangements, and whether you can contract with banks at all. Founders who treat it as a launch-week task often discover the application takes six to twelve months and reshapes the product.

FSMA 2000 general prohibition on unauthorised regulated activity

Section 19 of the Financial Services and Markets Act 2000 prohibits any person from carrying on a regulated activity in the United Kingdom by way of business unless authorised or exempt.

Section 19 of the Financial Services and Markets Act 2000 (FSMA) imposes the general prohibition: no person may carry on a regulated activity in the United Kingdom, or purport to do so, unless that person is either an authorised person or an exempt person. This is the statutory cornerstone of the UK financial services perimeter.

Statutory source: Financial Services and Markets Act 2000, section 19
Scope: Any person carrying on a regulated activity in the UK by way of business
Required status: Authorised person (FCA/PRA Part 4A permission) or exempt person
Definition of regulated activity: FSMA s.22 read with Schedule 2 and the Regulated Activities Order 2001 (SI 2001/544)
Activity outside permission (authorised persons): FSMA s.20 — authorised persons must act within the scope of their permission
Consequence of breach: Criminal offence under FSMA s.23 (see fsma_general_prohibition_offence)
Civil consequence: Agreements made in contravention are unenforceable against the customer (FSMA s.26)

Authorised or exempt: Authorisation is normally obtained through Part 4A FSMA permission granted by the FCA (with the PRA for dual-regulated firms). Exemptions are set out in the FSMA (Exemption) Order 2001 and include appointed representatives, members of designated professional bodies acting within Part XX, and certain public bodies.

By way of business: The general prohibition only bites where the regulated activity is carried on by way of business. The FCA's Perimeter Guidance manual (PERG) explains how this test is applied in practice.

The four-part perimeter test

Authorisation is required when all four limbs of the s.22 test are met. If any one limb is not satisfied, you sit outside the perimeter and do not need FCA permission, although other regulators (HMRC for money laundering, the ICO for data, Companies House for filings) may still apply.

You carry on a specified activity. The RAO lists around sixty specified activities. They include accepting deposits, dealing in investments as principal or agent, managing investments, advising on investments, arranging deals, safeguarding and administering investments, operating an electronic system in relation to lending, providing payment services, issuing electronic money, effecting or carrying out contracts of insurance, insurance distribution, regulated mortgage activities, consumer credit activities, and operating a multilateral or organised trading facility.
In relation to a specified investment. Each activity is keyed to a specified investment in Part III of the RAO: shares, debentures, government and public securities, units in a collective investment scheme, rights under a contract of insurance, deposits, electronic money, regulated mortgage contracts, regulated credit agreements, regulated consumer hire agreements, and so on. Cryptoassets are partly inside the perimeter (security tokens, e-money tokens, certain stablecoins) and partly outside (most exchange tokens), which is why this area generates so many borderline cases.
By way of business. A one-off favour to a friend is not a business. Doing the same thing repeatedly, holding yourself out, or charging a fee makes it a business. The FCA's PERG 2.3 explains how it reads this in practice.
In the United Kingdom. The territorial test catches activity carried on from a UK establishment, and in many cases activity directed at UK customers from overseas. The overseas-persons exclusion in RAO Article 72 is narrow and frequently misread.

FSMA regulated activities perimeter (RAO 2001)

Reference summary of the activities and investments specified by the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (SI 2001/544), which sets the FSMA authorisation perimeter.

The FSMA perimeter is defined by section 22 of, and Schedule 2 to, the Financial Services and Markets Act 2000, given specific content by the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (SI 2001/544) (the "RAO"). An activity is a regulated activity for FSMA purposes only if it is a specified kind of activity carried on in relation to a specified kind of investment, or carried on in relation to property of any kind.

Primary statutory source: FSMA 2000, section 22 and Schedule 2
Implementing instrument: Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (SI 2001/544)
Specified activity — accepting deposits: RAO Article 5 (deposit-taking by banks, building societies and credit unions)
Specified activity — dealing in investments as principal/agent: RAO Articles 14 and 21
Specified activity — arranging deals in investments: RAO Article 25
Specified activity — managing investments: RAO Article 37
Specified activity — advising on investments: RAO Article 53
Specified activity — safeguarding and administering investments: RAO Article 40 (custody)
Specified activity — regulated mortgage contracts: RAO Articles 61–63 (entering into, administering, advising on and arranging regulated mortgages)
Specified activity — insurance distribution: RAO Articles 21, 25, 39A, 53 in relation to contracts of insurance (Article 75 / Schedule 1 categories)
Specified activity — consumer credit and consumer hire: RAO Articles 60B–60N (credit broking, consumer credit lending, hiring, debt collection, debt administration, debt counselling, debt adjusting, providing credit information services, providing credit references)
Specified activity — debt collection and debt administration: RAO Articles 39F and 39G
Payment services and e-money (parallel regimes): Regulated under Payment Services Regulations 2017 (SI 2017/752) and Electronic Money Regulations 2011 (SI 2011/99) where in scope, in addition to FSMA permissions where activities also fall within the RAO
Specified investments: Deposits, e-money, contracts of insurance, shares, debt instruments, government and public securities, units in collective investment schemes, options, futures, contracts for differences, regulated mortgage contracts, home reversion plans, home purchase plans, regulated credit and consumer hire agreements
Authoritative interpretation: FCA Perimeter Guidance manual (PERG)

Two-step test: An activity falls within the FSMA perimeter only if (a) it is a specified kind of activity under Part II of the RAO, and (b) it is carried on in relation to a specified kind of investment under Part III of the RAO (or, for some activities, in relation to property of any kind). Both legs must be satisfied. If either is missing, the activity is outside the FSMA perimeter (although it may still be regulated under a parallel regime).

Parallel regimes: Several adjacent regimes sit outside FSMA Part 4A but are administered by the FCA, including the Payment Services Regulations 2017 (SI 2017/752) for payment institutions, the Electronic Money Regulations 2011 (SI 2011/99) for electronic money institutions, and the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692). Firms should check whether their activities require authorisation, registration, or both.

The activities that catch non-financial businesses

If you run a retailer, a property business, a recruitment agency, a software platform or a professional firm, you may be inside the perimeter without realising it. These are the four most common traps.

Consumer credit broking and lending

Offering customers a finance plan at the point of sale, introducing them to a lender, or letting them defer payment for goods can all be regulated credit activities under RAO Articles 36A, 60B and 60N. The exemption for businesses that introduce customers to a lender they already have a relationship with (the "limited permission" regime) is narrow and conditional. Offering interest-free credit over more than twelve months, or charging interest at all, almost always requires authorisation.

Debt counselling and debt adjusting

Helping customers negotiate with creditors, consolidating debts, or providing advice on how to manage arrears falls within RAO Articles 39D to 39G. Charities and not-for-profit advice services have their own exemptions, but commercial debt-management firms must be authorised.

Insurance distribution

Arranging insurance for customers, advising on it, or assisting with claims handling is a regulated activity under RAO Article 25 and the Insurance Distribution Directive regime. This catches travel agents selling travel insurance, vets selling pet insurance, electronics retailers selling extended warranties that are insurance contracts, and motor dealers arranging GAP insurance. The connected-contracts exclusion is narrower than most retailers assume.

Mortgage broking

Advising on or arranging a regulated mortgage contract under RAO Articles 53A and 25A is regulated even when carried on alongside an estate agency or a developer's sales arm. Buy-to-let lending to individuals can fall within the consumer buy-to-let regime even where it sits outside the regulated mortgage perimeter.

If any of these activities feature in your business model, treat FCA authorisation as a launch-blocking question. Trading without it is an offence and your contracts with consumers may be unenforceable against them under FSMA s.26.

Exclusions, exemptions and the FCA Perimeter Guidance manual

The RAO contains numerous exclusions that disapply specified activities in defined circumstances: activities carried on with or through authorised persons (Article 22), activities ancillary to a profession (Article 67), trustees and personal representatives (Article 66), employee share schemes (Article 71), and the overseas-persons exclusion (Article 72) among others. Separately, FSMA Schedule 3 covers passporting (now largely closed post-Brexit) and Schedule 4 covers Treaty firms.

The FCA's Perimeter Guidance manual (PERG) in the FCA Handbook is the authoritative source for marginal cases. PERG 2 walks through the general perimeter test. PERG 4 covers regulated mortgage activities. PERG 5 covers insurance distribution. PERG 8 covers financial promotions. PERG 17 covers consumer credit. If your activity is genuinely borderline, PERG plus a written FCA "Individual Guidance" request is the route to certainty.

Do not rely on a competitor's apparent lack of authorisation as evidence that you do not need it. The FCA actively pursues unauthorised business and publishes warnings against firms it identifies.

Criminal offence and unenforceable contracts

Penalty:

Carrying on a regulated activity without authorisation or exemption is a criminal offence under FSMA s.23, punishable on indictment by up to two years' imprisonment, an unlimited fine, or both. Under FSMA s.26, agreements made by an unauthorised person in the course of carrying on a regulated activity are unenforceable against the customer, and the customer can recover money paid plus compensation for loss. The FCA can also seek injunctions and restitution orders under FSMA s.380 and s.382.

FSMA 2000 offence and civil consequences of breaching the general prohibition

Criminal offence under FSMA section 23 for contravening the general prohibition, plus unenforceability of agreements under section 26 and FCA restitution and injunction powers under sections 380 and 381.

Breaching the FSMA general prohibition exposes a firm or individual to both criminal and civil consequences. Section 23 makes contravention a criminal offence; section 26 makes related agreements unenforceable against the customer; and the FCA has additional civil powers to seek injunctions and restitution under sections 380 to 382.

Criminal offence — statutory source: FSMA 2000, section 23
Mode of trial: Triable either way (summary or on indictment)
Maximum penalty on indictment: 2 years' imprisonment, an unlimited fine, or both
Maximum penalty on summary conviction: 6 months' imprisonment, a fine not exceeding the statutory maximum, or both
Reasonable precautions defence: FSMA s.23(3) — defendant took all reasonable precautions and exercised all due diligence
Civil consequence — agreements: Unenforceable against the customer (FSMA s.26); customer may recover money paid and compensation for loss
Civil consequence — agreements made through unauthorised persons: FSMA s.27 (similar unenforceability where authorised person acts in consequence of an unauthorised person)
Court relief: FSMA s.28 — court may allow agreement to be enforced or money/property retained if just and equitable
FCA injunction powers: FSMA s.380 (injunctions to restrain contraventions and require remedial steps)
FCA restitution powers: FSMA s.382 (restitution orders by the court); FSMA s.384 (restitution required by the regulator)
Related cross-references: See fsma_general_prohibition (s.19) and fsma_regulated_activities_perimeter (s.22 and the RAO)

Section 23 offence: A person who contravenes the section 19 general prohibition is guilty of an offence. The offence is triable either way. On conviction on indictment the maximum is two years' imprisonment, an unlimited fine, or both; on summary conviction the maximum is six months' imprisonment, a fine not exceeding the statutory maximum, or both. It is a defence under section 23(3) for the defendant to show that all reasonable precautions and all due diligence were exercised to avoid committing the offence.

Civil consequences: Under section 26, an agreement entered into by a person in the course of carrying on a regulated activity in contravention of the general prohibition is unenforceable against the other party. The customer is entitled to recover any money or other property paid or transferred under the agreement, together with compensation for any loss sustained as a result of having parted with it. Section 27 extends similar treatment to agreements made by authorised persons in consequence of something said or done by an unauthorised person. Under section 28, the court has a discretion to allow the agreement to be enforced, or money or property to be retained, where it considers it just and equitable to do so.

FCA enforcement powers: The FCA may apply to the court for an injunction under section 380 to restrain a contravention of the general prohibition or to require steps to remedy a contravention. Where profit has accrued to a person as a result of the contravention, or another person has suffered loss, the FCA may seek a restitution order from the court under section 382, or require restitution administratively under section 384. These powers operate in addition to, not instead of, criminal prosecution under section 23.

How this connects to the rest of your authorisation journey

Confirming you are inside the perimeter is step one. The next two questions are equally strategic. First, you must satisfy the threshold conditions in FSMA Schedule 6: location of offices, effective supervision, appropriate resources (including capital), suitability of management, and a viable business model. Second, you must work through the application process itself, which the FCA expects to take six months for a complete application and longer for novel models.

If you discover you are outside the perimeter, you should still consider the financial promotion regime under FSMA s.21, which is a separate and parallel restriction on communicating invitations or inducements to engage in investment activity. An unauthorised business may need an authorised firm to approve its marketing.

If you discover you are inside the perimeter but only narrowly, consider whether becoming an appointed representative of an authorised principal firm is a better route than direct authorisation, particularly for insurance distribution and consumer credit broking.

Authoritative sources on the perimeter

Use these sources for marginal cases. The FCA Perimeter Guidance manual is the FCA's own statement of how it reads FSMA and the RAO.

FCA Handbook: Perimeter Guidance manual (PERG)
Authoritative FCA guidance on the regulatory perimeter, including PERG 2 (general perimeter), PERG 4 (mortgages), PERG 5 (insurance distribution) and PERG 17 (consumer credit).
FCA
Financial Services and Markets Act 2000
The primary Act, including s.19 (general prohibition), s.22 (regulated activities), s.23 (criminal offence) and s.26 (unenforceable agreements).
legislation.gov.uk
The Financial Services and Markets Act 2000 (Regulated Activities) Order 2001
The Regulated Activities Order (RAO), which lists specified activities and specified investments and contains the exclusions.
legislation.gov.uk
Apply for authorisation under the Financial Services and Markets Act 2000
Practical FCA guidance on the application process, fees and timelines.
FCA
Request individual guidance from the FCA
How to ask the FCA for written guidance on a specific perimeter question.
FCA

UNDER CONSTRUCTION

Guvnor

Do I need FCA authorisation?

Why this question matters before you trade

The four-part perimeter test

The activities that catch non-financial businesses

Consumer credit broking and lending

Debt counselling and debt adjusting

Insurance distribution

Mortgage broking

Exclusions, exemptions and the FCA Perimeter Guidance manual

Criminal offence and unenforceable contracts

How this connects to the rest of your authorisation journey

Compliance Assistant

🚧 UNDER CONSTRUCTION

Why this question matters before you trade

The four-part perimeter test

The activities that catch non-financial businesses

Consumer credit broking and lending

Debt counselling and debt adjusting

Insurance distribution

Mortgage broking

Exclusions, exemptions and the FCA Perimeter Guidance manual

Criminal offence and unenforceable contracts

How this connects to the rest of your authorisation journey

Related guides in Financial Regulation Overview

UNDER CONSTRUCTION