UK Financial Services Licences: What Needs FCA Approval

Jul 07, 2026 - 13:58
0
UK Financial Services Licences: What Needs FCA Approval
Image by Oli/ Pexels

If you're a foreign founder eyeing the UK for a fintech, lending platform, payments app, or advisory business, there's one question you need answered before you write a single line of a business plan: does what I want to build require a licence?

Get it wrong, and the consequences aren't a slap on the wrist. Operating a regulated financial activity in the UK without authorisation is a criminal offence. It means your unauthorised business signs can be legally unenforceable, meaning a customer could walk away from a contract with you and keep your money. Get it right, and the UK remains one of the most credible, well-regulated places in the world to build a financial services company. The FCA "stamp" carries real weight with investors, banking partners, and customers who've seen enough unregulated apps disappear overnight.

This guide breaks down what actually needs a licence, what doesn't, how the authorisation process works in practice, and where founders most often trip themselves up.

Who Regulates Financial Services in the UK?

Almost everything in this space runs through the Financial Conduct Authority (FCA), the conduct regulator for roughly 50,000 firms. Larger or higher-risk firms, banks, insurers, and big investment houses also answer to the Prudential Regulation Authority (PRA), part of the Bank of England, which focuses on financial stability (making sure firms hold enough capital and don't collapse) rather than day-to-day conduct.

The rule that catches most first-time founders off guard is the "general prohibition" under the Financial Services and Markets Act 2000 (FSMA): if what you're doing counts as a "regulated activity", and you're doing it by way of business in the UK, you need FCA authorisation. There's no size threshold; a two-person startup is caught by the same rule as a high-street bank. "We're small, we'll fly under the radar" is not a strategy the FCA recognises, and it's one of the more expensive mistakes a founder can make.

This is exactly the kind of question worth getting a second opinion on early, Emooves can connect you with regulatory specialists who work with foreign founders.

Whether an activity is "regulated" is defined precisely in secondary legislation (the Regulated Activities Order), so this isn't a matter of interpretation; it's a checklist exercise, and a good regulatory lawyer will run your business model against it line by line.

Financial Services That Require FCA Authorisation

If your business model touches any of the following, budget real-time and legal fees for the authorisation process; it's rarely fast, and rarely cheap.

Banking and deposit-taking

Accepting deposits from the public requires a full banking licence, jointly regulated by the FCA and PRA. This is the heaviest lift on this list; full authorisation typically takes 12 months or more, and the FCA runs a dedicated "mobilisation" pathway that lets you get a restricted licence first, build out systems and capital, then apply to go live. Most challenger banks (Monzo, Starling) went this route rather than launching fully authorised on day one.

Payments and e-money

Money transfer apps, payment processors, and e-money issuers (think Wise- or Revolut-style products) need authorisation as a Payment Institution (PI) or an Electronic Money Institution (EMI). This is the single most common entry point for fintech founders coming into the UK, largely because the capital requirements are far lower than a banking licence, as little as £20,000 initial capital for a small PI, versus millions for a bank. There's also a lighter "Small Payment Institution" registration tier for businesses under certain transaction volume thresholds, worth checking if you're pre-scale.

Consumer credit

Lending, credit broking, debt collection, and peer-to-peer lending platforms all sit under FCA consumer credit rules, which were folded into the main FCA regime in 2014. This covers everything from a BNPL-adjacent product to a B2B invoice financing platform; the rules apply based on what the activity is, not what you call your product.

Investment services

Dealing in securities, managing portfolios, giving investment advice, or arranging investment deals are all regulated, typically under UK MiFID-derived rules. This is the category most robo-advisors, wealthtech platforms, and trading apps fall into, and it comes with some of the most detailed conduct-of-business requirements in the FCA Handbook.

Insurance

Underwriting requires PRA/FCA authorisation. Distributing or advising on insurance products (insurtech comparison sites, embedded insurance at checkout, brokers) requires FCA authorisation on its own, separate track; you don't need to be an underwriter to be regulated here.

Mortgage broking and lending

Any regulated mortgage activity, arranging, advising on, or lending against a residential mortgage, needs FCA sign-off.

Cryptoasset businesses

Crypto exchanges and custodian wallet providers currently need FCA registration under the UK's anti-money laundering regime, a lighter-touch process than full authorisation, focused on financial crime controls rather than prudential requirements. That said, the UK has been actively building out a fuller regulatory framework for cryptoassets (stablecoins, trading venues, custody), so treat this as one of the fastest-moving areas of UK financial regulation and check the current status before finalising your model.

Claims management and debt advice

Both have been brought fully under FCA regulation in recent years, closing what used to be a lightly supervised corner of the market.

Financial Services That Don't Require FCA Authorisation

Not everything adjacent to "finance" needs a licence. Founders sometimes over-build compliance infrastructure they don't need, or under-build it in areas they wrongly assumed were safe. These typically sit outside the FCA scope:

Generic financial content or education: an explainer on "what is a UK business bank account," aimed at the public rather than a specific person, isn't regulated advice.

Accountancy and tax advice: governed by professional bodies like ICAEW or ACCA, not the FCA, unless investment advice is layered on top.

Bookkeeping.

Pure introductions or referrals: pointing someone toward a regulated firm, without advising or arranging on their behalf, can fall under a narrow exemption. This one is genuinely easy to misjudge, so don't lean on it without legal sign-off.

General market commentary and financial journalism.

Generic money coaching or budgeting help: as long as it stops short of specific product recommendations, which is where it tips into regulated advice.

Software and infrastructure providers: a company that builds the backend tech for a regulated firm (KYC tooling, ledgering software, white-label infrastructure) usually isn't itself regulated, provided it isn't the one dealing directly with customers' money or giving advice. Many successful UK fintech "picks and shovels" businesses are built entirely in this unregulated layer.

How FCA Authorisation Actually Works

If you land in the "needs a licence" bucket, here's roughly what the road looks like:

Work out your exact permissions. The FCA doesn't issue one generic licence; it grants specific "permissions" tied to specific regulated activities. You apply for exactly what you need, no more.

Build your regulatory business plan. This includes your financial projections, systems and controls, safeguarding arrangements for client money, and your approach to financial crime prevention.

Appoint your senior management function (SMF) holders. Certain roles, including compliance and money laundering reporting officers, require individual FCA approval under the Senior Managers & Certification Regime (SMCR), on top of the firm-level application.

Submit and wait. Standard applications are meant to be determined within 6 months of a complete submission; complex applications can take up to 12 months. In practice, incomplete applications (a very common founder mistake) reset this clock.

Consider the sandbox route. The FCA's Regulatory Sandbox and Innovation Pathways let genuinely innovative firms test products with real customers under close supervision, sometimes before full authorisation is finalised. It's not a shortcut around the rules, but it can meaningfully de-risk your go-to-market timeline.

Budget for this realistically: legal and consulting costs for a straightforward EMI or PI application commonly run into the tens of thousands of pounds before you've onboarded a single customer, and that's before ongoing compliance headcount.

Where Founders Usually Get This Wrong

"Advice" vs "information" is blurrier than it sounds; The moment general information becomes a recommendation tailored to one person's circumstances, you've likely crossed into regulated territory. This is the single most common enforcement trap, and it catches wealthtech and money-coaching products especially often.

Appointed representative (AR) status is an underused shortcut. You can sometimes carry out regulated activities under an already-authorised firm's "principal" umbrella, as an appointed representative, without going through full authorisation yourself. This is how a lot of early-stage UK fintechs launch fast, trading under a principal's permissions while they build toward direct authorisation. It comes with real constraints (the principal is on the hook for your conduct, and the FCA has tightened AR oversight rules in recent years), but it's worth exploring seriously before assuming you must build from zero.

AML registration and FCA authorisation aren't the same thing. Some businesses, crypto firms, and certain money service businesses need to register under the UK's Money Laundering Regulations even when they don't need full FCA authorisation. Don't assume ticking one box covers the other; they're separate regimes with separate applications.

Buy-now-pay-later is a moving target. It's sat in a regulatory gap historically, but the UK government has been actively working to bring BNPL under FCA oversight. If your model touches deferred payment, check the current status before building around rules that may not exist by the time you launch.

Passporting is gone. Pre-Brexit, an EU financial services licence gave automatic UK market access, and vice versa. That's over. If you're already authorised in an EU country, you need a standalone UK authorisation (or a UK subsidiary structure); there's no shortcut from your home-market licence.

Conclusion for Foreign Founders

The UK's financial services rulebook is detailed, but it's also predictable once you know which bucket your business falls into. The real risk isn't the regulation itself; it's assuming your model is exempt without getting that confirmed, or discovering six months into building that your entire product needs a licence you didn't budget time or money for. A short conversation with an FCA-focused regulatory lawyer before incorporation is far cheaper than finding out after launch that your contracts aren't enforceable.


This article is for general information only and isn't legal or financial advice. Regulatory status depends on the specifics of your business model; always confirm your position with the FCA or a qualified regulatory lawyer before operating.

Frequently Asked Questions

It depends entirely on the activity, not the label "fintech." Payments, lending, e-money, and investment products generally need FCA authorisation. Software, KYC tooling, and other backend infrastructure sold to regulated firms generally doesn't.

Officially up to 6 months for a complete standard application, or 12 months for complex cases, but incomplete submissions restart the clock, so realistic timelines often run longer.

No. Since Brexit ended passporting rights, EU and other foreign licences don't grant automatic UK market access. You need standalone UK authorisation or an appropriate UK entity structure.

Becoming an appointed representative of an already-authorised principal firm is typically the fastest and cheapest route to market, though it comes with oversight constraints and isn't available for every activity.

Comments (0)

User