Division 64 19,685 enterprises
Banking & Financial Services
Requirements for all banking & financial services
These requirements apply to all business activities in this division.
FCA authorisation under FSMA 2000
General prohibition: criminal offence to carry on a regulated activity without authorisation (s.19). Up to 2 years imprisonment and/or unlimited fine (s.23). Application typically takes 6-12 months.
Anti-money laundering compliance
Must appoint MLRO, conduct business-wide risk assessment, implement CDD procedures, screen against sanctions lists, file SARs. Records retained for 5 years from end of business relationship.
Senior Managers and Certification Regime
Senior managers require FCA approval. Certification staff assessed annually for fitness and propriety. Conduct rules apply to almost all employees.
Financial promotions compliance
Restriction on financial promotions: must be approved by authorised person or fall within exemption. FSMA 2023 introduced FCA gateway for approving promotions by unauthorised persons.
Complaints handling (FCA DISP)
Must have written complaints procedure, acknowledge within 5 business days, resolve within 8 weeks. Unresolved complaints may be referred to Financial Ombudsman Service. Biannual complaints reporting to FCA.
Data protection (financial data)
Must register with ICO. Financial data is sensitive — enhanced security and breach notification requirements. Subject access requests must be handled within one month.
FCA Consumer Duty (Principle 12)
Effective 31 July 2023 (new/existing products), 31 July 2024 (closed products). Four outcomes: products and services, price and value, consumer understanding, consumer support. Annual board-level assessment required.
Operational resilience requirements
FCA PS21/3: firms must identify important business services, set impact tolerances, and remain within tolerances by 31 March 2025. Ongoing self-assessment required.