Professional & Financial Services Financial services authorisation

Get FCA authorisation to carry on a regulated activity

How a firm gets Financial Conduct Authority Part 4A permission under the Financial Services and Markets Act 2000. Covers the general prohibition, identifying your regulated activities, meeting the threshold conditions, the Connect application, Senior Managers and Certification, and anti-money laundering obligations.

UK-wide Updated 2 Jun 2026

On this page

UK-wide

When you need FCA authorisation

If your firm carries on a regulated activity in the United Kingdom by way of business, you must be authorised by the Financial Conduct Authority (FCA) before you start, unless an exemption applies. This is the general prohibition in section 19 of the Financial Services and Markets Act 2000 (FSMA). Authorisation means holding a Part 4A permission that lists each regulated activity you may carry on.

This guide explains how to get that permission and the obligations that come with it. For the full step-by-step submission process, follow Apply for FCA authorisation under Part 4A FSMA; this guide focuses on scoping your activities and the ongoing duties that authorisation creates.

FCA authorisation overview

Financial Conduct Authority authorisation requirements

The Financial Services and Markets Act 2000 (FSMA) makes it illegal to carry on regulated activities in the UK without FCA authorisation (or an exemption).

The general prohibition means that if your business activities are regulated, you must be authorised by the FCA before you can lawfully operate.

Key requirements for authorisation:

Threshold conditions - minimum standards for authorisation
Approved persons - senior managers must be FCA-approved
Capital requirements - minimum financial resources
Business plan - demonstrating viable, compliant business model
Systems and controls - governance, risk management, compliance

Penalty for operating without authorisation: Up to 2 years imprisonment and/or unlimited fine.

Penalty risk

Carrying on regulated business without permission is a criminal offence

Penalty:

<p>Under the general prohibition in section 19 FSMA, carrying on a regulated activity in the United Kingdom without authorisation or an exemption is a criminal offence. Agreements you make in breach of the general prohibition can be unenforceable against the customer, who may recover their money plus compensation. Do not begin regulated business until the FCA has granted your permission and confirmed the effective date.</p>

Step 1: Identify your regulated activities

Authorisation starts with the perimeter. You must work out exactly which regulated activities your business model involves, because your permission is granted activity by activity and you may only do what your permission lists. Regulated activities are defined in the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 and include accepting deposits, dealing in or arranging investments, advising on investments, managing investments, insurance distribution, mortgage lending and consumer credit.

Use the FCA Handbook Perimeter Guidance (PERG) to confirm whether each activity is regulated and whether any exclusion applies. Scope this carefully: listing activities you do not need raises the FCA fee band and the level of scrutiny, while missing an activity means you cannot lawfully carry it on and must later apply to vary your permission.

Professional & Financial Serv… Requirement

Fund and investment managers — managing investments

If your firm manages investments belonging to another person on a discretionary basis, including managing alternative investment funds (AIFs) or UCITS schemes, that is a regulated activity needing its own Part 4A permission. Larger managers are fully authorised alternative investment fund managers; smaller managers below the regime thresholds may use the small AIFM registration regime, and an authorised fund generally needs a depositary appointed. See the snippet below for the statutory basis and scope.

FCA Part 4A permission for managing investments under FSMA 2000

The regulated activity of managing investments (including AIFs and UCITS) under the Financial Services and Markets Act 2000 (c.8), the requirement for FCA Part 4A permission, threshold conditions, the UK AIFM regime and depositary appointment, and the general prohibition in section 19 — operating without permission is an offence under section 23 and agreements may be unenforceable under sections 26 to 28.

Managing investments is a regulated activity under the Financial Services and Markets Act 2000 (FSMA) and the Regulated Activities Order. A firm that manages investments belonging to another person, in circumstances involving the exercise of discretion, must hold a Part 4A permission granted by the Financial Conduct Authority (FCA), unless it is exempt. This includes managing portfolios and, under the related regimes, managing alternative investment funds (AIFs) and UCITS schemes.

Primary statutory source: Financial Services and Markets Act 2000 (c.8), with the Regulated Activities Order 2001
Regulator and permission: FCA Part 4A permission (PRA also involved for dual-regulated firms)
Regulated activity: Managing investments (discretionary management of another person's investments); related activities for managing AIFs and UCITS
General prohibition: FSMA s.19 — no person may carry on a regulated activity in the UK by way of business unless authorised or exempt
Threshold conditions: An applicant for Part 4A permission must satisfy, and continue to satisfy, the threshold conditions (for example adequate resources, suitability and effective supervision)
UK AIFM regime: Managers of alternative investment funds are subject to the UK AIFM regime; depending on assets under management a manager is either fully authorised or operates under the small AIFM registration regime
Depositary appointment: An authorised AIF generally requires a depositary to be appointed for safekeeping of assets and oversight duties
Offence: Carrying on the regulated activity without permission is a criminal offence under FSMA s.23
Civil consequence: Agreements made in breach of the general prohibition may be unenforceable against the customer (FSMA ss.26 to 28)

Permission and threshold conditions: To obtain a Part 4A permission to manage investments, a firm must apply to the FCA and demonstrate that it meets the threshold conditions and the FCA's rules. Permission is granted for specified regulated activities in relation to specified investments; a firm must operate within the scope of its permission (FSMA s.20).

AIFM regime and depositaries: A manager of one or more alternative investment funds is an alternative investment fund manager (AIFM) and is subject to the UK AIFM regime. Larger managers are fully authorised AIFMs; smaller managers below the regime's thresholds may use the small AIFM regime. A depositary must generally be appointed for an authorised fund to provide independent safekeeping of the fund's assets and oversight of the manager.

General prohibition and consequences: Under section 19 of FSMA, managing investments by way of business without authorisation or exemption breaches the general prohibition. This is a criminal offence under section 23. In addition, under sections 26 to 28 an agreement made by a person carrying on the regulated activity in contravention of the general prohibition is unenforceable against the other party, who may recover money or property and compensation, although the court has a discretion to allow enforcement where it is just and equitable.

Step 2: Meet the threshold conditions

The threshold conditions are the minimum standards the FCA applies to every applicant. The FCA must be satisfied that you meet them, and will continue to meet them, before it grants permission. They cover your legal status, the location of your offices, effective supervision, adequate financial and non-financial resources, suitability and a viable business model. You evidence these conditions through your regulatory business plan, financial projections and governance arrangements.

FSMA Threshold Conditions overview

The minimum statutory conditions a firm must satisfy at FCA/PRA authorisation and continuously thereafter, set out in Schedule 6 FSMA 2000 and supplemented by the Financial Services and Markets Act 2000 (Threshold Conditions) Order 2013.

The Threshold Conditions are the minimum standards a firm must meet to be authorised by the FCA or PRA, and must continue to satisfy for as long as it holds Part 4A permission under FSMA 2000. They are set out in Schedule 6 to FSMA (substituted by the Financial Services Act 2012) and supplemented in detail by the Financial Services and Markets Act 2000 (Threshold Conditions) Order 2013 (SI 2013/555).

Primary statutory source: Schedule 6 FSMA 2000 (substituted by Financial Services Act 2012)
Supplementing instrument: Threshold Conditions Order 2013 (SI 2013/555)
FCA-set conditions (Part 1B Sched 6): Location of offices; effective supervision; appropriate non-financial resources; suitability; business model
PRA-set conditions (Parts 1C/1D Sched 6): Legal status; appropriate financial resources (deposit-takers and insurers)
Continuous obligation: Conditions must be satisfied at authorisation and on an ongoing basis
Consequence of breach: FCA/PRA may vary or cancel Part 4A permission under s.55J FSMA

Dual responsibility: For dual-regulated firms (banks, insurers, designated investment firms), the FCA and PRA each apply their own threshold conditions. The PRA's conditions focus on safety and soundness; the FCA's on conduct and consumer outcomes. A firm must satisfy both regulators' conditions on a continuing basis to retain its permission.

Step 3: Apply for Part 4A permission through Connect

You apply for permission under Part 4A FSMA through the FCA Connect portal. You will register your firm, complete the question set for your permission profile, and upload your regulatory business plan, financial projections, governance map, compliance arrangements and the Senior Manager applications. The FCA determines a complete application within the statutory period set out in the gateway snippet below; an incomplete application has a longer statutory clock, so submit a full, well-evidenced application the first time.

FSMA Part 4A authorisation application gateway

Statutory route for applying to the FCA (and PRA where dual-regulated) for permission to carry on regulated activities under Part 4A of the Financial Services and Markets Act 2000, including required materials and the s.55V determination clock.

An application for permission to carry on one or more regulated activities is made under Part 4A of the Financial Services and Markets Act 2000 (FSMA), specifically sections 55A to 55F. Applications are submitted to the FCA through the Connect portal. Where the activity is PRA-regulated (for example deposit-taking or insurance), a parallel application is made to the PRA and the two regulators determine the application jointly.

Statutory route: Part 4A FSMA 2000 (ss.55A–55F)
Submission portal: FCA Connect
Required scope detail: Each regulated activity sought, plus any limitations or requirements
Required accompanying materials: Regulatory business plan, governance map, three-year financial projections, SMF approval applications (Form A) under Part 5 FSMA and SM&CR
Senior management approvals: Form A applications for each Senior Management Function under Part 5 FSMA (ss.59–71)
Determination period — complete application: 6 months from receipt (FSMA s.55V(1))
Determination period — incomplete application: 12 months from receipt (FSMA s.55V(2))
When the clock starts: On receipt of the application, not on completeness
Dual-regulation trigger: PRA-regulated activities require a parallel PRA application

Watch the s.55V clock. The 6-month determination period applies only where the application is complete on receipt. An incomplete application starts a 12-month clock from the day the FCA receives it — not from the day the gaps are filled. Applicants who submit through Connect before the regulatory business plan, governance map, financial projections and SMF (Form A) applications are fully prepared therefore lose the benefit of the shorter statutory window.

Scope of permission. The application must identify each regulated activity sought and any limitations or requirements the applicant accepts on the face of the permission. The FCA may grant the permission with limitations, requirements, or on a narrower scope than requested under ss.55E–55F FSMA.

FCA authorisation procedure

Steps to become FCA authorised

Determine if authorisation required
Check if your activities are regulated under FSMA. Use FCA Perimeter Guidance (PERG) and consider getting legal advice for complex cases.
Prepare business plan
Develop 3-year financial projections, regulatory business plan showing how you'll meet FCA requirements, and governance structure.
Identify key individuals
Determine who will hold Senior Management Functions. They will need individual FCA approval and must meet fit and proper requirements.
Secure capital resources
Ensure you have or can demonstrate access to required minimum capital for your activities.
Develop compliance infrastructure
Establish policies, procedures, systems and controls for compliance, AML, complaints handling, and data protection.
Submit application via FCA Connect
Complete all application forms, upload supporting documents, and pay application fee.
Respond to FCA questions
FCA case officer will review application and likely request additional information. Respond promptly and thoroughly.
Receive decision
FCA will authorise (possibly with conditions), authorise with requirements, or refuse. Process typically takes 6-12 months.

Book a free pre-application meeting with the FCA before you submit if your business model is novel, you are seeking a complex permission, or you are dual-regulated by the Prudential Regulation Authority. This surfaces issues early and reduces the risk of a returned submission.

Step 4: Put your people and controls in place

The FCA will not authorise a firm that has no approved Senior Managers. Under the Senior Managers and Certification Regime, named individuals must hold the prescribed Senior Management Functions, each with a Statement of Responsibilities, and must be approved by the FCA as fit and proper. You must also operate anti-money laundering systems from day one, including a risk assessment, customer due diligence, a Money Laundering Reporting Officer and suspicious activity reporting. The two snippets below set out what each regime requires.

Senior Managers and Certification Regime (SMCR)

Individual accountability requirements

The Senior Managers and Certification Regime (SM&CR) promotes individual accountability in financial services.

Three elements:

Senior Managers Regime - senior managers need FCA approval
Certification Regime - firms certify staff in key roles annually
Conduct Rules - rules of conduct for all relevant staff

Key Senior Management Functions:

SMF1 - Chief Executive
SMF3 - Executive Director
SMF16 - Compliance Oversight
SMF17 - Money Laundering Reporting
SMF29 - Limited Scope (smaller firms)

Certification renewal: Annual
Conduct rules training: At induction and regularly

Anti-money laundering requirements

MLR 2017 obligations for financial services

The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLR 2017) require:

Risk assessment - assess your business's ML/TF risks
MLRO appointment - designate a Money Laundering Reporting Officer
Customer due diligence (CDD) - verify customer identity
Enhanced due diligence - for higher-risk customers
Ongoing monitoring - monitor transactions and relationships
Suspicious activity reports (SARs) - report suspicious activity to NCA
Record keeping - retain CDD records for 5 years after relationship ends
Staff training - initial and ongoing AML training

Record retention: 5 years from end of business relationship
SAR deadline: As soon as practicable after suspicion formed

What happens after you are authorised

Authorisation is the start of an ongoing relationship, not the end. From the effective date of your permission you must comply with the FCA Handbook in full, including the Principles for Businesses and the sourcebook for your activity. You must deliver good outcomes for retail customers under the Consumer Duty, pay your annual periodic fee, submit regulatory returns, notify the FCA of material changes, and apply to vary your permission whenever your activities change. The Financial Services and Markets Act 2023 underpins the FCA's post-Brexit rule-making powers that shape these obligations.

FCA Consumer Duty requirements

Consumer Duty obligations from July 2023

The Consumer Duty (from 31 July 2023) requires firms to deliver good outcomes for retail customers.

The Consumer Principle: A firm must act to deliver good outcomes for retail customers.

Four outcomes:

Products and services - designed to meet needs of target market
Price and value - fair price that provides fair value
Consumer understanding - communications help customers understand
Consumer support - support enables customers to realise benefits

Cross-cutting rules: Act in good faith, avoid foreseeable harm, enable and support customers.

New and existing products: From 31 July 2023
Closed products: From 31 July 2024

Apply and read the rules on the FCA website

FCA Connect — apply for authorisation (opens in a new tab)
The portal for new firm authorisation and Senior Manager approvals.
FCA Handbook — PERG (Perimeter Guidance) (opens in a new tab)
Guidance on whether your activity is regulated and whether exclusions apply.
FCA Handbook — COND (threshold conditions) (opens in a new tab)
Full guidance on each threshold condition the FCA applies.
Financial Services and Markets Act 2000 (opens in a new tab)
The primary legislation, including the general prohibition and Part 4A permission regime.

Register a money service business or crypto-asset business for AML supervision
How a money service business registers with HMRC, and how a cryptoasset business registers with …
Tech Sector Licensing and Authorisations
Comprehensive guide to licences and regulatory authorisations required for technology businesses - telecommunications, financial services, …
Cryptoasset Business Regulation
Regulatory requirements for cryptoasset businesses in the UK - how token classification determines whether you …
Cyber security for financial services firms
FCA operational resilience requirements for cyber security, including the 31 March 2025 compliance deadline, SM&CR …
Access the Lloyd's of London insurance market
How to participate in the Lloyd's insurance market. Covers routes to market (managing agents, coverholders, …

Register a money service business or crypto-asset business for AML supervision

How a money service business registers with HMRC, and how a cryptoasset business registers with the FCA, for anti-money laundering supervision under the Money Laundering Regulations 2017. Covers which regime applies to you, the fit-and-proper test, registering before you trade, the offence of operating unregistered, and the financial promotions rules for qualifying cryptoassets.