These requirements apply to all business activities in this division.
licensing
Uk
Ongoing
FCA Part 4A authorisation under FSMA 2000 (intermediation)
Enforced by:
FCA
Financial Services and Markets Act 2000; Financial Services and Markets Act 2000 (Regulated Activities) Order 2001
General prohibition (s.19): criminal offence to carry on a regulated activity without authorisation. Up to 2 years imprisonment and/or unlimited fine (s.23). Most activities in this division — intermediation, advising, arranging deals — are regulated under article 25 / 53 / 37 of the RAO 2001. Application typically takes 6-12 months.
reporting
Uk
Ongoing
Anti-money laundering compliance (regulated firms)
Enforced by:
FCA
Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017; Proceeds of Crime Act 2002; Sanctions and Anti-Money Laundering Act 2018
Must appoint MLRO, conduct business-wide risk assessment, implement CDD on clients (enhanced due diligence for PEPs and high-risk third countries), screen against UK sanctions list, file SARs with NCA. Records retained for 5 years from end of business relationship. Beneficial ownership verification required.
certification
Uk
Annual
Senior Managers and Certification Regime
Enforced by:
FCA
Financial Services and Markets Act 2000; Financial Services Act 2012
Senior managers (SMF roles) require FCA approval. Certification staff (those whose role could cause significant harm to firm or customers — including investment advisers, portfolio managers, client dealing, insurance broking) must be assessed annually for fitness and propriety. Conduct rules (COCON) apply to almost all employees. Solo-regulated firms operate under the Core, Limited Scope, or Enhanced regime depending on size.
reporting
Uk
Ongoing
Financial promotions compliance (s.21 FSMA)
Enforced by:
FCA
Financial Services and Markets Act 2000; Financial Services and Markets Act 2000 (Financial Promotion) Order 2005; Financial Services and Markets Act 2023
Restriction on financial promotions: must be approved by an FCA-authorised person or fall within an exemption. FSMA 2023 introduced the FCA s.21 gateway for unauthorised approvers — only firms with specific FCA permission can approve promotions issued by unauthorised persons. Particularly important for intermediaries arranging or advising on investment products.
reporting
Uk
Ongoing
Complaints handling (FCA DISP) and FOS jurisdiction
Enforced by:
FCA
Financial Services and Markets Act 2000
Must have written complaints procedure, acknowledge within 5 business days, resolve within 8 weeks. Unresolved complaints from eligible complainants may be referred to the Financial Ombudsman Service. Biannual complaints reporting to FCA via RegData. FOS award limit £430,000 for complaints referred from 1 April 2025.
registration
Uk
Annual
Data protection (financial data)
Enforced by:
ICO
Data Protection Act 2018; UK GDPR (retained EU law)
Must register with ICO. Financial data (advice records, suitability assessments, investment holdings, claims data, pensions data) is sensitive — enhanced security and breach-notification requirements. Subject access requests must be handled within one month. Joint controller arrangements common where intermediaries share data with product providers.
inspection
Uk
Ongoing
FCA Consumer Duty (Principle 12)
Enforced by:
FCA
Financial Services and Markets Act 2000
Effective 31 July 2023 (new/existing products), 31 July 2024 (closed products). Four outcomes: products and services, price and value, consumer understanding, consumer support. Annual board-level Consumer Duty assessment required. Distributors (most of this division) must understand the target market and price-and-value position of products they intermediate.
reporting
Uk
Ongoing
Operational resilience requirements
Enforced by:
FCA
Financial Services and Markets Act 2000
FCA PS21/3: firms must identify important business services, set impact tolerances, and remain within tolerances by 31 March 2025. Ongoing self-assessment required. Heightened expectations on third-party / outsourcing risk where firms rely on technology providers, custodians, or back-office administrators.