Regulatory framework

Regulatory authorities

What national authorities regulate the provision of financial products and services?

The main piece of legislation specifying regulated financial services in the United Kingdom is the Financial Services and Markets Act 2000 (as amended) (FSMA) and its subordinate legislation. There is a tripartite system of regulators for financial services firms authorised under the FSMA; the Financial Conduct Authority (FCA), the Prudential Regulation Authority (PRA) and the Bank of England Financial Policy Committee (FPC). The scope of each regulator’s authority is set out in the FSMA.

The FPC is the dedicated macro-prudential authority, and monitors the stability and resilience of the financial system as a whole, identifying and taking action to reduce systemic risk. The FPC can direct the FCA and the PRA to take certain action to combat systemic risk, but does not itself have direct regulatory responsibility for UK-authorised firms. The PRA is responsible for the authorisation and prudential regulation and supervision of firms that manage significant risk on their balance sheet (including banks, insurers and systemically important investment firms), while the FCA is responsible for the authorisation, prudential regulation and supervision of all other FSMA firms (including consumer credit firms and claims management companies), as well as the business conduct of all firms.

The FCA is also responsible for the regulation of conduct in retail and wholesale financial markets, supervision of the trading infrastructure that supports those markets, and the authorisation and supervision of e-money issuers and payment services firms that fall outside the FSMA regulatory regime. The FCA also oversees the Payment Systems Regulator, which is an operationally independent subsidiary of the FCA that is the economic regulator for payment systems.

The PRA and the FCA are obliged to ensure that their functions are exercised in a coordinated manner; for example, they must obtain advice or information from each other relating to the exercise of their functions under the FSMA on matters of common regulatory interest. A memorandum of understanding supports the relationship between the two regulators.

Finally, the Bank of England is responsible for the supervision of certain financial market infrastructures, including central counterparties, central securities depositories and payment systems recognised by Her Majesty's Treasury.

What activities does each national financial services authority regulate?

The FSMA provides that no person can perform a regulated activity without being authorised or exempt. A regulated activity is a specific activity that relates to a specified type of investment. The FSMA (Regulated Activities) Order 2001 (as amended), a piece of subordinate legislation under the FSMA, specifies the following activities that, when performed in relation to specified products or investments, are regulated activities in the United Kingdom:

  • deposit-taking;
  • issuing electronic money by credit institutions, credit unions and municipal banks;
  • insurance-related activities (including effecting a contract of insurance and assisting in the administrator or performance of contracts of insurance);
  • investment activities, including arranging deals in investments, advising on investments, dealing in investments, safeguarding and administering investments, managing investments, operating a trading facility, and establishing or winding up a collective investment scheme;
  • mortgage and home-finance-related activities, including mortgage lending and administration, and entering into and administering home reversion and home purchase plans as well as sale- and rent-back agreements;
  • consumer credit regulated activities;
  • claims management activities; and
  • other miscellaneous activities such as establishing a stakeholder pension scheme, specified financial benchmark administration activities, bidding in emissions auctions and certain activities in relation to the Lloyd’s insurance market.


Agreeing to carry on a regulated activity is also generally a regulated activity.

The PRA is responsible for the authorisation of deposit-takers, insurers and managing agents in the Lloyd’s insurance market, the Lloyd’s insurance market itself, and certain high-risk investment firms that have been so designated by the PRA. Firms authorised by the PRA are subject to dual-regulation by the PRA and the FCA – the PRA is responsible for their authorisation, prudential regulation and supervision, while the FCA is responsible for regulating their conduct. All other FSMA firms are authorised, regulated and supervised by the FCA in respect of both prudential and conduct matters.

Separate regulatory regimes exist in the United Kingdom for the regulation of payment services and the issuance of electronic money by institutions other than credit institutions, credit unions and municipal banks (under the Payment Services Regulations 2017 (PSRs) and the E-Money Regulations 2011 (EMRs)). The FCA is responsible for the authorisation and supervision of e-money issuers and payment services firms.

What products does each national financial services authority regulate?

The following are specified products or investments for the purposes of the FSMA regime:

  • deposits;
  • e-money;
  • contracts of insurance;
  • shares;
  • instruments creating or acknowledging indebtedness;
  • alternative finance investment bonds;
  • government and public securities;
  • instruments giving entitlements to investments;
  • certificates representing certain securities;
  • units in a collective investment scheme;
  • rights under a pension scheme;
  • options;
  • futures;
  • contracts for differences;
  • Lloyd’s investments;
  • funeral plan contracts;
  • regulated mortgage contracts;
  • regulated home reversion plans;
  • regulated home purchase plans;
  • regulated sale- and rent-back agreements;
  • rights to or interests in investments;
  • greenhouse gas emissions allowances;
  • rights under consumer credit and consumer hire agreements; and
  • structured deposits.


Authorisation regime

What is the registration or authorisation regime applicable to financial services firms and authorised individuals associated with those firms? When is registration or authorisation necessary, and how is it effected?

The PRA and the FCA have the power to authorise a firm to carry on regulated activities under the FSMA (only firms authorised or exempt under the FSMA may carry on FSMA-regulated activities in the United Kingdom).

A firm must apply to the PRA if its application includes certain PRA-regulated activities, such as deposit-taking or the writing of insurance contracts. These firms will have their application considered by both the FCA and the PRA. In any other case, the application will be made to the FCA only.

In the case of dual-regulated firms, the PRA leads the authorisation process. This includes:

  • pre-application meetings with the FCA and PRA;
  • submission by the applicant of a detailed application pack including a core details form, a regulatory business plan, a controllers form, applications for certain key individuals (such as directors, senior managers and individuals responsible for compliance functions) to perform ‘senior management functions’ and an IT self-assessment questionnaire; and
  • the payment of a fee ranging from £1,500 to £25,000 depending on the complexity of the application.


The PRA and FCA must be satisfied that certain threshold conditions are met and that the firm will continue to meet certain minimum standards before granting any authorisation. The regulators must come to a decision within six months of the date it receives the completed application.

Applications to the FCA only follow a similar structure; however, the FCA has sole responsibility for the authorisation process.

Certain individuals that perform key functions for authorised firms must also be pre-approved by the FCA or PRA (as appropriate). The senior managers regime applies to banks, building societies, credit unions, PRA-designated investment firms, insurers and all other FSMA-authorised firms including benchmark administrators, to whom it has applied since 7 December 2020. The senior managers regime extends to directors, partners, officers, senior managers and certain key employees (eg, the money laundering reporting officer and compliance officer). Applications for approval to perform ‘senior management functions’ must be made prior to the relevant individual’s appointment, and the PRA and the FCA have up to three months to determine an application.

A separate regime applies for payment services firms and e-money institutions. E-money or payment institution authorisation applications must be determined by the FCA within three months. In addition, firms that operate in lower-risk environments – such as small e-money institutions and payments firms, and consumer buy-to-let firms – may only need to be registered with the FCA.


What statute or other legal basis is the source of each regulatory authority’s jurisdiction?

The FSMA is the basis of the FCA’s and the PRA’s jurisdictions in respect of FSMA-regulated activities and firms. The PSRs and the EMRs are the basis of the FCA’s jurisdiction in relation to the payment services and e-money regimes. Following the withdrawal of the United Kingdom from the European Union and the end of the implementation period on 31 December 2020, UK legislation that is derived from EU law (including FCA rules and secondary legislation that implements EU Directives) remains in force. Additionally, directly effective EU legislation that was in force and applicable as at 31 December 2020 was largely incorporated into UK law, or 'onshored', with effect from that date, subject to certain technical amendments to reflect that it only applies in the United Kingdom, including, for example, the transfer of functions from EU agencies to UK authorities.

What principal laws and financial service authority rules apply to the activities of financial services firms and their associated persons?

The current regulatory framework in the United Kingdom derives largely from the FSMA and its secondary legislation. The main rules applicable to financial services firms are set out in a combination of retained EU law (such as the Capital Requirements Regulation, as it forms part of UK law), and the handbooks and rulebooks of the FCA and the PRA, respectively. The regulators also set out regulatory expectations in non-rule-based materials such as policy statements, approach documents, thematic review reports and speeches.

Scope of regulation

What are the main areas of regulation for each type of regulated financial services provider and product?

Firms performing regulated activities in the United Kingdom must generally be authorised by (or, for certain firms, registered with) one of the UK financial services regulators unless they benefit from an exemption or exclusion. Once authorised, the requirements that apply vary depending on the types of regulated activities performed.

Most UK-authorised firms are subject to regulatory capital requirements, with banks, insurers and investment firms subject to the most stringent capital requirements.

Extensive regulatory rules and guidance also apply to regulated firms under the relevant UK legislation, including 'onshored' EU legislation, and the PRA and FCA rules and guidance.

The PRA and FCA rulebooks encompass both high-level standards for conduct, and systems and controls of regulated firms, as well as a number of requirements relating to a firm’s day-to-day business, such as the management of client assets or the disclosures required to be made to clients and counterparties.

UK-regulated firms are under a general duty to inform the UK regulators of a material change in their business or management, or of any significant regulatory rule breaches or complaints. In addition, firms are typically required to comply with periodic reporting obligations in respect of their ongoing operations.

Non-FSMA derived rules also apply to UK-regulated firms, such as the UK Money Laundering Regulations 2017 (as amended) (MLRs). The FCA is responsible for supervising ongoing compliance with the MLRs, and both prosecuting offences under that legislation and taking enforcement action for a lack of adequacy of systems of controls to prevent money laundering.

Additional requirements

What additional requirements apply to financial services firms and authorised persons, such as those imposed by self-regulatory bodies, designated professional bodies or other financial services organisations?

Financial services firms and senior managers may be subject to the rules and regulations of other professional or self-regulatory bodies. Whether firms are subject to any such rules or regulations, and the nature of those rules or regulations, will depend on the specific firms and bodies in question.