First-step analysis: fintech regulation in United Kingdom

Financial regulation

Regulatory bodies

Which bodies regulate the provision of fintech products and services?

The Financial Conduct Authority (FCA) is the financial services regulator for most regulated activities and services that a fintech would provide. The Prudential Regulation Authority covers the prudential regulation of banks and insurers in the United Kingdom with the FCA regulating conduct matters (making banks and insurers dual-regulated entities). The FCA and the Payment Services Regulator (PSR) – which has a focus on competition and innovation – are the main regulators of payment systems and the financial institutions that participate in them.

Other relevant regulators that fintechs will need to be aware of are HM Revenue and Customs (HMRC) (the relevant regulator for money service businesses) and the Information Commissioner’s Office.

Regulated activities

Which activities trigger a licensing requirement in your jurisdiction?

There are a large number of activities (specified activities) that, when carried on in the United Kingdom by way of business in respect of specified kinds of investments, trigger licensing requirements in the United Kingdom. These are set out in the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO). While it is not practical to list them all, the most common include:

  • accepting deposits: this is mainly carried out by banks and building societies. An institution will accept a deposit where it lends the money it receives to others or uses it to finance its business;
  • dealing in investments (as principal or agent): buying, selling, subscribing for or underwriting particular types of investments. In respect of dealing as principal, the specified investments are ‘securities’ and ‘contractually based investments’. In respect of dealing as agent, the specified kinds of investments are ‘securities’ and ‘relevant investments’:
    • securities include shares, bonds, debentures, government securities, warrants, units in a collective investment scheme (CIS) and rights under stakeholder and personal pension schemes;
    • contractually based investments include rights under certain insurance contracts (excluding contracts of general insurance), options, futures, contracts for differences and funeral plan contracts; and
    • relevant investments include the same investments as contractually based investments but also include contracts of general insurance;
  • arranging deals in investments (this is split into two activities and specified investments in respect of arranging include securities and relevant investments):
    • arranging (bringing about) deals in investments, which applies to arrangements that have the direct effect of bringing about a deal; and
    • making arrangements with a view to transactions in investments, which is much wider and includes arrangements that facilitate others entering into transactions;
  • advising on investments: advising a person in their capacity as an investor on the merits of buying, selling, subscribing for or underwriting a security or relevant investment or exercising any right conferred by that investment to buy, sell, subscribe for or underwrite such an investment;
  • managing investments: managing assets belonging to another person, in circumstances involving the exercise of discretion, where the assets include any investment that is a security or contractually based investment;
  • establishing, operating or winding up a CIS;
  • certain lending activities: entering into a regulated mortgage contract or a regulated (consumer) credit agreement (or consumer hire agreement) as lender, together with various ancillary activities such as credit broking and debt collection;
  • certain insurance activities: effecting a contract of insurance as principal and carrying out a contract of insurance as principal; and
  • electronic money: issuing electronic money (as a bank).


Payment services and e-money activity have separate regulatory regimes under the Payment Services Regulations 2017 and Electronic Money Regulations 2011 respectively, both of which are derived from EU legislation.

The government has proposed introducing a new regulated activity relating to the custody, or arranging the custody, of a stablecoin as part of its approach to establishing a bespoke regulatory framework for this type of digital asset. If the firm provides or arranges custody for stablecoins and is recognised as ‘systemic’ then under the current proposals, the firm will be dual regulated by the FCA and the Bank of England (BoE).


Consumer Duty

Consumer Duty is a new regulatory requirement, driven and regulated by the FCA, due to be implemented, which will ‘set higher expectations of firms driving a cultural reset that leads to enhanced confidence in financial markets and future gains from innovation’. The Duty deals with information asymmetries and consumer cognitive and behavioural biases. It is applicable across multiple regulated activities and should be considered in a wide range of circumstances where firms have exposure to retail clients.

The Consumer Duty will require firms to review all UK products, services and communications aimed at retail customers. Firms will also need to design appropriate data-gathering and Management Information as the FCA expects a firm’s board (or similar body) to consider whether it is acting to deliver good customer outcomes. The FCA has been clear that it is now a data-led regulator, and it is likely to look at this management information carefully as part of its assessment of whether firms have implemented the Consumer Duty in the way the FCA intended.

The proposed implementation period gives firms until 30 April 2023 to implement this Duty.

Consumer lending

Is consumer lending regulated in your jurisdiction?

The general position is that lending by way of business to consumers is regulated in the United Kingdom. The FCA is responsible for authorising and regulating consumer credit firms.

There are two categories of regulated lending: regulated credit agreements and mortgages.

Any person (A) who enters into an agreement with an individual (or a ‘relevant recipient of credit’, which includes a partnership consisting of two or three persons not all of whom are bodies corporate and an unincorporated body of persons that does not consist entirely of bodies corporate and is not a partnership) (B) under which A provides B with credit of any amount must be authorised by the FCA – unless an appropriate exemption applies.

Two of the most common exemptions are:

  • where the amount of credit exceeds £25,000 and the credit agreement is entered into wholly or predominantly for business purposes; and
  • where the borrower certifies that they are high net worth and the credit is more than £60,260.


Other complex exemptions are available that relate to, among other things, the total charge for the credit, the number of repayments to be made under the agreement and the nature of the lender.

If an exemption applies, the lender does not need to comply with the detailed legislative requirements that apply to regulated credit agreements contained in the Consumer Credit Act 1974 (CCA) (and secondary legislation made under it) and the FCA’s Consumer Credit Sourcebook (CONC).

Broadly, the CCA sets out the requirements lenders need to comply with in relation to the provision of information, documents and statements and the detailed requirements as to the form and content of the credit agreement itself.

HM Treasury (HMT) has proposed to regulate buy-now-pay-later (BNPL) credit and, potentially, certain forms of short-term interest-free credit under the RAO. HMT has also proposed amending the running-account exemption of section 60F(3) of the Financial Services and Markets Act 2000 (FSMA). Legislation is expected in mid-2023.

The government has also proposed reforming the CCA following the recommendations of the FCA’s retained provisions report and the Woolard Review. Current proposals include bringing some of the substantive elements of the CCA into the direct remit of the FCA. Further details are expected.

The CONC chapter in the FCA Handbook sets out detailed rules that regulated consumer credit firms must comply with and covers areas such as the conduct of business, financial promotions, pre-contractual disclosure of information, responsible lending, post-contractual requirements, arrears, default and recovery, cancellation of credit agreements and agreements that are secured on land.

In addition to the CONC, authorised consumer credit firms must also comply with other applicable chapters of the FCA Handbook.

Failing to comply with the requirements of the CCA may result in those agreements being unenforceable against borrowers and the FCA imposing financial penalties on the firm in question.

Entering into a regulated mortgage contract is a regulated activity. Such contracts are loans where:

  • the contract is one under which a person (lender) provides credit to an individual or trustee (borrower);
  • the contract provides for the obligation of the borrower to repay to be secured by a mortgage on land in the United Kingdom; and
  • at least 40 per cent of that land is, or is intended to be, used:
    • in the case of credit provided to an individual, as or in connection with a dwelling by the borrower; or
    • in the case of credit provided to a trustee that is not an individual, as or in connection with a dwelling by an individual who is a beneficiary of the trust, or by a related person.

Secondary market loan trading

Are there restrictions on trading loans in the secondary market in your jurisdiction?

Provided that the loan itself is being traded, and not the loan instrument (eg, an instrument creating or acknowledging indebtedness), then there are no restrictions on trading loans in the secondary market.

Collective investment schemes

Describe the regulatory regime for collective investment schemes and whether fintech companies providing alternative finance products or services would fall within its scope.

Establishing, operating or winding up a CIS is a regulated activity in the United Kingdom for which firms must be authorised by the FCA.

The definition of a CIS is set out in section 235 of the FSMA. Broadly, a CIS is any arrangement with respect to property of any description, the purpose or effect of which is to enable the persons taking part in the arrangements to participate in or receive profits or income arising from the acquisition, holding, management or disposal of the property or sums paid out of such profits or income. The persons participating in the arrangements must not have day-to-day control over the management of the property. The arrangements must also have either or both of the following characteristics:

  • the contributions of the participants and the profits or income out of which payments are to be made to them are pooled; or
  • the property is managed as a whole by, or on behalf of, the operator of the scheme.


Whether a fintech company falls within the scope of this regime will depend on the nature of its business. For example, fintech companies that manage assets on a pooled basis on behalf of investors should consider carefully whether they may be operating a CIS. On the other hand, fintech companies that only provide advice or payment services may be less likely to operate a CIS. Certain cryptoassets or platforms that offer cryptoasset staking, in particular, may be exposed to the risk of being categorised as a CIS, but this analysis is fact-dependent. Fintech companies are advised to seek legal advice on this subject and to have regard to their other regulatory obligations.

The management of two forms of regulated collective investment schemes, undertakings for the collective investment in transferable securities and alternative investment funds, are also regulated activities. Peer-to-peer or marketplace lenders or crowdfunding platforms are regulated separately under their own regimes.

Alternative investment funds

Are managers of alternative investment funds regulated?

Managers of alternative investment funds are regulated in the United Kingdom under the Alternative Investment Fund Managers Directive, which has been implemented in the United Kingdom by the Alternative Investment Fund Managers Regulations 2013 and rules and guidance contained in the FCA Handbook. In a key divergence with the European Union, the United Kingdom has not implemented similar legislation to the EU’s Cross-Border Distribution of Funds regime regarding the marketing of funds. Instead, certain elements are covered by the UK’s financial promotion regime.

Peer-to-peer and marketplace lending

Describe any specific regulation of peer-to-peer or marketplace lending in your jurisdiction.

Peer-to-peer (P2P) lending is a term that generally refers to loan-based crowdfunding. In the United Kingdom, the FCA regulates loan-based crowdfunding platforms.

Under article 36H of the RAO, operating an electronic system that enables the operator (A) to facilitate persons (B and C) becoming the lender and borrower under an article 36H agreement is a regulated activity (and a firm will require FCA authorisation) where the following conditions are met:

  • the system operated by A is capable of determining which agreements should be made available to each of B and C;
  • A (or someone acting on its behalf) undertakes to receive payments due under the article 36H agreement from C and make payments to B that are due under the agreement; and
  • A (or someone acting on its behalf) takes steps to procure the payment of a debt under the article 36H agreement or exercises or enforces rights under the article 36H agreement on behalf of B.


An article 36H agreement is an agreement by which one person provides another with credit in relation to which:

  • A does not provide the credit, assume the rights of a person who provided credit or receive credit; and
  • either the lender is an individual or the borrower is an individual and the credit is less than £25,000, or the agreement is not entered into by the borrower wholly or predominantly for the purposes of a business carried on, or intended to be carried on, by the borrower.


In addition to falling within the definition of an article 36H agreement, a loan may also constitute a regulated credit agreement, unless an exemption applies and so a lender, through a platform authorised under article 36H, may also be required to have permission to enter into a regulated credit agreement as lender. Two of the most common exemptions are:

  • where the amount of credit exceeds £25,000 and the credit agreement is entered into wholly or predominantly for business purposes; and
  • where the borrower certifies that they are ‘high net worth’ and the credit is more than £60,260.


Other complex exemptions are available that relate to, among other things, the total charge for the credit, the number of repayments to be made under the agreement and the nature of the lender.

The rules governing P2P lending are found in the Conduct of Business Sourcebook and Senior Management Arrangements, Systems and Controls, and include:

  • enhanced requirements for platform governance arrangements including in relation to credit risk assessment, risk management and fair valuation practices;
  • strengthening rules on wind-down planning in the event of platform failure;
  • setting out the minimum information that a platform should provide to investors; and
  • introducing a requirement to monitor the investors that can use a platform, including that platforms assess investors’ knowledge and experience of platform lending where no advice has been given to them. Firms are required to ensure that retail clients:
    • are certified or self-certified as ‘sophisticated investors’ or ‘high net worth investors’; or
    • confirm before a promotion is made that they will receive regulated investment advice or investment management services from an authorised person; or
    • do not invest more than 10 per cent of their net investible assets in P2P agreements in the 12 months following certification.


In January 2022, the FCA consulted on strengthening financial promotion rules for high-risk investments. One of the proposed changes would be to categorise P2P lending as a ‘restricted mass-market investment’, however, there are no changes proposed to the current restrictions on financial promotions in relation to P2P investments to retail customers.


Describe any specific regulation of crowdfunding in your jurisdiction.

In the United Kingdom, reward-based crowdfunding (where people give money in return for a reward, service or product) and donation-based crowdfunding (where people give money to enterprises or organisations they wish to support) are not currently regulated in their own right.

Equity-based crowdfunding is where investors invest in shares in, typically, new businesses. Equity-based crowdfunding is not specifically regulated in the United Kingdom (in the same way as loan-based crowdfunding).

However, a firm operating an equity-based crowdfunding service must ensure that it is not carrying on any other regulated activity without permission. Examples of regulated activities that equity-based crowdfunding platforms may carry on (depending on the nature and structure of their business) include:

  • establishing, operating or winding up a CIS;
  • arranging deals in investments; and
  • managing investments.


Additionally, equity-based crowdfunding platforms must not market to retail clients unless an appropriate exemption applies.

In the FCA’s policy statement on P2P lending, investment-based crowdfunding platforms were also covered. Recent work has focused on restrictions on the types of clients these platforms can market to and how this is managed.

Invoice trading

Describe any specific regulation of invoice trading in your jurisdiction.

Currently, there are no regulations relating specifically to invoice trading.

However, depending on how the business is structured, a firm that operates an invoice-trading platform may be carrying on regulated activities for which it must have permission, including:

  • establishing, operating or winding up a CIS; and
  • managing an alternative investment fund.


There is also a possibility that the firm may need to register with the FCA as an Annex 1 financial institution because it carries on commercial lending. As an Annex 1 financial institution, the firm would need to comply with all the detailed anti-money laundering requirements under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

Payment services

Are payment services regulated in your jurisdiction?

Payment services are regulated under the PSRs, which implement the second Payment Services Directive (PSD2) in the United Kingdom. Following, and relating to, Brexit the FCA published an updated version of its Approach Document setting out guidance for payment and e-money firms to reflect certain required amendments. Payment services include:

  • services enabling cash to be placed on a payment account and all the operations required for operating a payment account;
  • services enabling cash withdrawals from a payment account and all the operations required for operating a payment account;
  • the execution of the following types of payment transaction:
    • direct debits, including one-off direct debits;
    • payment transactions executed through a payment card or a similar device; and
    • credit transfers, including standing orders;
  • the execution of the following types of payment transaction where the funds are covered by a credit line for the payment service user:
    • direct debits, including one-off direct debits;
    • payment transactions executed through a payment card or a similar device; and
    • credit transfers, including standing orders;
  • issuing payment instruments or acquiring payment transactions;
  • money remittance;
  • payment initiation services (initiating a payment order at the request of a payment service user with respect to an account held with another payment service provider); and
  • account information services (online services that are intended to provide consolidated information on one or more payment accounts held by the payment service user with another one (or more) payment service provider).


The PSRs broaden the scope of transactions governed by its provisions, narrow the scope of certain exclusions, amend the conduct of business requirements and introduce security requirements.

To provide payment services in the United Kingdom, a firm must fall within the definition of a ‘payment service provider’. Payment service providers include authorised payment institutions, small payment institutions, credit institutions, e-money institutions, the post office, the BoE and government departments and local authorities.

A firm that provides payment services in or from the United Kingdom as a regular occupation or business activity (and is not exempt, or a bank) must apply for authorisation or registration as a payment institution.

E-money institutions are regulated under the Electronic Money Regulations 2011 (SI 2011/99). They must be authorised or registered to issue e-money and undertake certain payment services. The FCA’s Approach Document provides useful guidance for e-money institutions alongside explanations of most requirements in the FCA Handbook.

The European Commission has launched several initiatives assessing the status of PSD2, including proposing changes to the regulatory oversight of certain delegated models, a simplification of the payments regime, and a central database to record sanctions across EU member states. There have been no similar proposals from UK regulators, but such changes may influence the development of the PSR.

Key upcoming UK regulatory initiatives include proposals on bringing systemically important firms in payments chains under BoE regulation, creating rules and standards for Account to Account Payments, and the implementation of Confirmation of Payee services and other measures to tackle the rise in authorised push payment fraud.

Open banking

Are there any laws or regulations introduced to promote competition that require financial institutions to make customer or product data available to third parties?

Open Banking has been operational since 2018 and has been driven by the United Kingdom’s competition authority (the Competition and Markets Authority (CMA)) and the Open Banking Implementation Entity operating under the CMA’s Retail Banking Market Investigation Order 2017, together with the implementation of PSD2.

Following its investigation into the retail and small and medium-sized enterprise (SME) banking sectors between 2013 and 2016, the CMA ordered a number of remedies to help promote greater competition in the retail and SME banking markets.

One of the core remedies ordered by the CMA requires the nine largest retail banks in Great Britain and Northern Ireland to develop and implement an open banking standard application programming interface (API) to give third parties access to information about their services, prices and service quality to improve competition, efficiency and stimulate innovation. The open APIs also allow retail and SME customers to share their own transaction data with trusted intermediaries, which can then offer advice tailored to the individual customer.

These measures are intended to make it easier for customers to identify the best products for their needs. Additionally, the PSRs require banks to allow third-party payment service providers to initiate payments from their customers’ accounts.

In March 2022, the CMA provided an update on Open Banking and highlighted the following three items that required implementation:

  • variable recurring payments for sweeping (due July 2022);
  • enhanced management information submission mechanisms (due July 2022); and
  • certain consent and access dashboard standards (due September 2022).


With regards to future regulations, HMT, the CMA, the FCA and PSR have issued a Joint Statement on the future of Open Banking, recommending a Joint Regulatory Oversight Committee to be led by the FCA and the PSR, which will agree and implement next steps.

Insurance products

Do fintech companies that sell or market insurance products in your jurisdiction need to be regulated?

Effecting or carrying out a contract of insurance, arranging contracts of insurance, or dealing in insurance as an agent are regulated activities and fintech companies that wish to do this must be regulated. Key regulation includes the retained EU law version of Regulation (EU) No. 1286/2014 on key information documents for packaged retail and insurance-based investment products (PRIIPs) and has been applied since the end of the Brexit transition period. Companies that wish to market insurance products must either be regulated, have their marketing material approved by a regulated firm or fall within an applicable exclusion. For example, exemptions may be available for communications to high net worth individuals, companies, sophisticated individuals and other investment professionals.

Credit references

Are there any restrictions on providing credit references or credit information services in your jurisdiction?

Providing credit information services and providing credit references are regulated activities for which firms must be regulated. A firm provides credit information services where it takes (or gives advice in relation to any of the following steps) on behalf of an individual or relevant recipient of credit:

  • ascertaining whether a credit information agency holds information relevant to the financial standing of an individual or relevant recipient of credit;
  • ascertaining the contents of such information;
  • securing the correction of, the omission of anything from, or the making of any other kind of modification of, such information; and
  • securing that a credit information agency that holds such information:
    • stops holding the information; or
    • does not provide it to any other person.


Providing credit references involves providing people with information relevant to the financial standing of individuals or relevant recipients of credit where the person has collected the information for that purpose.

In addition, the Small and Medium-Sized Business (Credit Information) Regulations 2015 (the SMB Regulations) require:

  • designated banks to share specified credit information about SMEs with designated credit reference agencies (with the permission of the relevant SME); and
  • designated credit reference agencies to provide this information to finance providers at the request of the SME and to the BoE.


While the provision of this information is not a regulated activity under the FSMA, the FCA does monitor and enforce compliance with the SMB Regulations.

As part of HMT’s incoming changes to BNPL, it has proposed ensuring that BNPL providers carry out the relevant affordability checks in relation to users and that there is ‘clear, consistent and timely credit reporting’ across the credit reference agencies in relation to this.