Do I need FCA authorisation?

Why this question matters before you trade

If you are building a business that touches money, credit, insurance, investments, mortgages or payments, the first regulatory question is not which rules apply. It is whether you sit inside the FCA's regulatory perimeter at all. Get this wrong and you commit a criminal offence the moment you accept your first customer.

The perimeter is set by the Financial Services and Markets Act 2000 (FSMA). Section 19 contains what the FCA calls the general prohibition: no person may carry on a regulated activity in the United Kingdom unless they are authorised or exempt. Section 22 then defines what counts as a regulated activity by reference to the Regulated Activities Order 2001 (the RAO).

This is a strategic question, not a compliance afterthought. It determines your business model, your capital requirements, your professional indemnity insurance, your appointed-representative arrangements, and whether you can contract with banks at all. Founders who treat it as a launch-week task often discover the application takes six to twelve months and reshapes the product.

The four-part perimeter test

Authorisation is required when all four limbs of the s.22 test are met. If any one limb is not satisfied, you sit outside the perimeter and do not need FCA permission, although other regulators (HMRC for money laundering, the ICO for data, Companies House for filings) may still apply.

1. You carry on a specified activity. The RAO lists around sixty specified activities. They include accepting deposits, dealing in investments as principal or agent, managing investments, advising on investments, arranging deals, safeguarding and administering investments, operating an electronic system in relation to lending, providing payment services, issuing electronic money, effecting or carrying out contracts of insurance, insurance distribution, regulated mortgage activities, consumer credit activities, and operating a multilateral or organised trading facility.
2. In relation to a specified investment. Each activity is keyed to a specified investment in Part III of the RAO: shares, debentures, government and public securities, units in a collective investment scheme, rights under a contract of insurance, deposits, electronic money, regulated mortgage contracts, regulated credit agreements, regulated consumer hire agreements, and so on. Cryptoassets are partly inside the perimeter (security tokens, e-money tokens, certain stablecoins) and partly outside (most exchange tokens), which is why this area generates so many borderline cases.
3. By way of business. A one-off favour to a friend is not a business. Doing the same thing repeatedly, holding yourself out, or charging a fee makes it a business. The FCA's PERG 2.3 explains how it reads this in practice.
4. In the United Kingdom. The territorial test catches activity carried on from a UK establishment, and in many cases activity directed at UK customers from overseas. The overseas-persons exclusion in RAO Article 72 is narrow and frequently misread.

The activities that catch non-financial businesses

If you run a retailer, a property business, a recruitment agency, a software platform or a professional firm, you may be inside the perimeter without realising it. These are the four most common traps.

Consumer credit broking and lending

Offering customers a finance plan at the point of sale, introducing them to a lender, or letting them defer payment for goods can all be regulated credit activities under RAO Articles 36A, 60B and 60N. The exemption for businesses that introduce customers to a lender they already have a relationship with (the "limited permission" regime) is narrow and conditional. Offering interest-free credit over more than twelve months, or charging interest at all, almost always requires authorisation.

Debt counselling and debt adjusting

Helping customers negotiate with creditors, consolidating debts, or providing advice on how to manage arrears falls within RAO Articles 39D to 39G. Charities and not-for-profit advice services have their own exemptions, but commercial debt-management firms must be authorised.

Insurance distribution

Arranging insurance for customers, advising on it, or assisting with claims handling is a regulated activity under RAO Article 25 and the Insurance Distribution Directive regime. This catches travel agents selling travel insurance, vets selling pet insurance, electronics retailers selling extended warranties that are insurance contracts, and motor dealers arranging GAP insurance. The connected-contracts exclusion is narrower than most retailers assume.

Mortgage broking

Advising on or arranging a regulated mortgage contract under RAO Articles 53A and 25A is regulated even when carried on alongside an estate agency or a developer's sales arm. Buy-to-let lending to individuals can fall within the consumer buy-to-let regime even where it sits outside the regulated mortgage perimeter.

Exclusions, exemptions and the FCA Perimeter Guidance manual

The RAO contains numerous exclusions that disapply specified activities in defined circumstances: activities carried on with or through authorised persons (Article 22), activities ancillary to a profession (Article 67), trustees and personal representatives (Article 66), employee share schemes (Article 71), and the overseas-persons exclusion (Article 72) among others. Separately, FSMA Schedule 3 covers passporting (now largely closed post-Brexit) and Schedule 4 covers Treaty firms.

The FCA's Perimeter Guidance manual (PERG) in the FCA Handbook is the authoritative source for marginal cases. PERG 2 walks through the general perimeter test. PERG 4 covers regulated mortgage activities. PERG 5 covers insurance distribution. PERG 8 covers financial promotions. PERG 17 covers consumer credit. If your activity is genuinely borderline, PERG plus a written FCA "Individual Guidance" request is the route to certainty.

Do not rely on a competitor's apparent lack of authorisation as evidence that you do not need it. The FCA actively pursues unauthorised business and publishes warnings against firms it identifies.

How this connects to the rest of your authorisation journey

Confirming you are inside the perimeter is step one. The next two questions are equally strategic. First, you must satisfy the threshold conditions in FSMA Schedule 6: location of offices, effective supervision, appropriate resources (including capital), suitability of management, and a viable business model. Second, you must work through the application process itself, which the FCA expects to take six months for a complete application and longer for novel models.

If you discover you are outside the perimeter, you should still consider the financial promotion regime under FSMA s.21, which is a separate and parallel restriction on communicating invitations or inducements to engage in investment activity. An unauthorised business may need an authorised firm to approve its marketing.

If you discover you are inside the perimeter but only narrowly, consider whether becoming an appointed representative of an authorised principal firm is a better route than direct authorisation, particularly for insurance distribution and consumer credit broking.