Financial services and regulation - Financial services regul...

Learning Outcomes

This article outlines the UK financial services regulatory framework, including:

• The UK “twin peaks” model and the roles and objectives of the FCA and PRA
• FSMA 2000 general prohibition; regulated activity criteria under the Regulated Activities Order (specified activities, specified investments, and the “by way of business” test)
• Exclusions relevant to solicitors (introducing/acting through an authorised person, trustees/PRs, takeover of a body corporate, and the “necessary” professional services exclusion)
• The authorisation process for FCA/PRA permissions; threshold conditions (effective supervision, appropriate resources, suitability/fitness and propriety, and a viable business model); ongoing obligations after authorisation
• The designated professional body (DPB) exemption under s 327 FSMA; SRA Financial Services Scope Rules and Financial Services (Conduct of Business) Rules
• s 21 FSMA financial promotion restriction; “controlled” investments and activities; real-time versus non-real-time and solicited versus unsolicited communications; common exemptions
• Scenarios where legal work overlaps regulated activities (insurance distribution, consumer credit, investment advice, handling client assets); authorisation and exemption requirements in practice
• Risk-based regulation; FCA/PRA prioritisation of supervision and enforcement based on likelihood and impact; proportional responses in firm compliance

SQE1 Syllabus

For SQE1, you are required to understand the UK financial services regulatory framework, including authorisation under FSMA 2000, with a focus on the following syllabus points:

• the main regulatory bodies for financial services in the UK (FCA and PRA) and their objectives
• the authorisation process for carrying out regulated financial activities under FSMA 2000
• the concept of risk-based regulation and its application by regulators
• the intersection of legal services and financial regulation, including when solicitors require authorisation
• the practical implications for solicitors and law firms engaging in financial services work
• the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 and the “specified activity/specified investment/by way of business” tests
• relevant exclusions for solicitors (introducing or acting through an authorised person, trustees/personal representatives, takeover of a body corporate, “necessary” part of professional services)
• designated professional body exemption (s 327 FSMA), including SRA Financial Services Scope and Conduct of Business Rules
• the financial promotions regime (s 21 FSMA and the Financial Promotion Order 2005), including controlled investments/activities and communications categories
• insurance distribution and consumer credit considerations where these overlap with legal practice

Test Your Knowledge

Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.

1. Which two main bodies regulate financial services in the UK, and what are their core objectives?
2. What is the general prohibition under the Financial Services and Markets Act 2000?
3. What are the key steps in the authorisation process for a firm wishing to carry out regulated activities?
4. What is meant by risk-based regulation in the context of financial services supervision?
5. When does s 21 FSMA restrict financial promotions and what are examples of exemptions relevant to solicitors?

Introduction

The UK financial services sector is subject to a detailed regulatory framework designed to protect consumers, maintain market integrity, and support economic stability. For SQE1, you must understand the structure of this framework, the roles of the main regulators, the authorisation process for firms and individuals, and the principles of risk-based regulation. Solicitors and law firms must be aware of these requirements, especially when their work overlaps with regulated financial activities. Acting without proper authorisation is a criminal offence and may also render agreements unenforceable. Many activities can be undertaken lawfully by relying on statutory exclusions or the designated professional body (DPB) exemption, provided firms comply strictly with conditions and professional rules.

The UK Financial Services Regulatory Structure

The regulation of financial services in the UK is based on a "twin peaks" model, with two principal regulators: the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA).

Key Term: Financial Conduct Authority (FCA)
The FCA is the main conduct regulator for financial services firms in the UK, responsible for protecting consumers, maintaining market integrity, and encouraging competition.

Key Term: Prudential Regulation Authority (PRA)
The PRA, part of the Bank of England, is responsible for the prudential regulation and supervision of banks, insurers, and major investment firms, focusing on their safety and soundness.

The FCA regulates most financial services firms for conduct and some for prudential matters. The PRA supervises the largest firms for prudential matters, such as capital adequacy and risk management. Both regulators work together but have distinct objectives and powers. The broader framework sits under FSMA 2000 (as amended), with detailed rules contained in secondary legislation and rulebooks (for example, FCA’s Principles for Businesses, SYSC, COBS, MCOB, ICOBS, and PRA’s rulebook for prudential standards).

The FCA's Objectives

The FCA has three operational objectives:

• Securing an appropriate degree of protection for consumers
• Protecting and strengthening the integrity of the UK financial system
• Encouraging effective competition in the interests of consumers

Its strategic objective is to ensure that relevant markets function well. The FCA pursues these aims through authorisation, supervision (portfolio-based and thematic), and enforcement, including imposing requirements, fines, and ordering consumer redress.

The PRA's Objectives

The PRA's primary objective is to strengthen the safety and soundness of the firms it regulates. It also has a secondary objective to contribute to securing an appropriate degree of protection for insurance policyholders. The PRA focuses on capital, liquidity, governance, and risk management to reduce the likelihood and impact of firm failure, coordinating with FCA to ensure aligned conduct and prudential oversight.

Authorisation to Carry Out Regulated Activities

Under the Financial Services and Markets Act 2000 (FSMA), a person or firm must not carry on a "regulated activity" in the UK unless authorised or exempt. This is known as the "general prohibition."

Key Term: general prohibition
The rule under FSMA 2000 that no person may carry on a regulated activity in the UK unless authorised or exempt.

Key Term: regulated activity
An activity of a specified kind, carried on by way of business, relating to a specified investment, as defined in FSMA 2000 and secondary legislation.

Undertaking a regulated activity without authorisation is a criminal offence. Agreements entered into in breach can be unenforceable, and the FCA may seek injunctions, restitution, or consumer redress. The scope of “regulated activity” is determined by the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO): the activity must be of a specified kind, relate to a specified investment, and be carried on by way of business.

What Are Regulated Activities?

Regulated activities are defined in the FSMA 2000 (Regulated Activities) Order 2001. Common examples relevant to solicitors include:

• Accepting deposits
• Effecting or carrying out contracts of insurance
• Dealing in investments as principal or agent
• Arranging deals in investments (including arranging home finance)
• Managing investments
• Advising on investments
• Safeguarding and administering investments
• Entering into funeral plan contracts
• Operating collective investment schemes or stakeholder pension schemes

Specified investments include shares, debentures, instruments acknowledging indebtedness, government securities, contracts of insurance, units in collective investment schemes, pension rights, options/futures/contracts for difference, mortgages and home reversion/home purchase plan rights, and funeral plan rights. Interests in land are not specified investments; advice solely on land investment is outside the RAO definitions (though other regimes, such as financial promotions or anti-money laundering, may still be relevant).

The RAO “by way of business” test requires a commercial context. Occasional, non-commercial advice (for example, to a family member with no fee) would generally not be caught; repeated, remunerated advice as part of a professional service will be.

The Authorisation Process

To carry out regulated activities, a firm or individual must apply for authorisation from the FCA (or PRA, for dual-regulated firms). The authorisation process involves:

• Submission of a detailed application, including information on business structure, governance, financial resources, systems and controls, business plan, and compliance arrangements (including client asset handling where relevant).
• Assessment by the regulator against statutory threshold conditions, such as suitability/fitness and propriety, appropriate resources (capital and liquidity where relevant), effective supervision (including location of offices and transparency), and a sound business model.
• Decision by the regulator to grant or refuse authorisation, grant permissions subject to limitations, or impose requirements/conditions to mitigate risks.
• Ongoing supervision and compliance monitoring after authorisation, including regulatory reporting, adherence to conduct and prudential rules, and engagement with supervisory reviews.

Key Term: threshold conditions
The minimum requirements a firm must meet to be authorised, including suitability, resources, and ability to be effectively supervised.

Authorisation is permission-specific; firms must ensure they only undertake activities for which they have permission. The FCA/PRA can vary permissions, impose requirements, suspend or cancel authorisation if threshold conditions are no longer met. Individuals performing senior roles must meet fitness and propriety standards and comply with conduct rules; firms must maintain robust governance, risk controls, and training commensurate with their business.

Exclusions and Professional Body Regimes

Some professional firms, such as solicitors, may rely on exclusions when carrying out activities which would otherwise be regulated. Important exclusions relevant to legal practice include:

• Introducing or acting through an authorised person: referring a client to, and allowing arrangements to be executed by, an authorised third party (without the solicitor arranging the investment themselves).
• Trustees and personal representatives: activities when acting as a trustee or PR, provided no extra remuneration is received beyond that role.
• Takeover of a body corporate: arranging or advising on transactions where the acquisition involves 50% or more of voting shares in a company (subject to conditions).
• Necessary part of professional services: activities that are reasonably regarded as a necessary part of delivering legal services which are not otherwise regulated activities.

Some professional firms can rely on exemptions when carrying out certain regulated activities that are incidental to their main business. For example, the "designated professional body" (DPB) regime allows solicitors to carry out limited regulated activities without FCA authorisation, provided they comply with rules set by their professional regulator.

Key Term: designated professional body (DPB)
A professional body (such as the Law Society) recognised under FSMA 2000, allowing its members to carry out certain exempt regulated activities under specified conditions.

Under s 327 FSMA, the DPB exemption applies where the regulated activities are incidental to professional services, the firm accounts to clients for any commissions or advantages received from third parties, and the firm does not hold itself out as undertaking regulated activities beyond the exempt scope. Exempt firms must comply with SRA Financial Services (Scope) Rules and the SRA Financial Services (Conduct of Business) Rules. Core obligations include:

• Status disclosure before providing the financial service (stating the firm is regulated by the SRA, not authorised by the FCA, describing the scope of activities undertaken, and explaining complaints/redress routes).
• Execution and recordkeeping: recording client instructions and transactions, executing promptly unless delay is in the client’s best interests, and retaining records for six years.
• Commission accounting: recording commissions and accounting to clients, or obtaining documented client agreement if the firm intends to retain a benefit.
• Safeguarding clients’ investments: ensuring secure custody, written client instructions where assets are transferred to third parties, and appropriate acknowledgements.

DPB conditions are closely policed. If a firm advertises financial services as a standalone offering or derives significant income from them, the activities may not be “incidental” and FCA authorisation may be required.

Financial Promotions

Section 21 FSMA restricts the communication of financial promotions by unauthorised persons. A financial promotion is an invitation or inducement to engage in investment activity (covering “controlled” investments and “controlled” activities specified by the Financial Promotion Order (FPO) 2005).

The restriction applies to communications made in the course of business, whether originating in the UK or capable of having effect in the UK. Communications include:

• Real-time (face-to-face meetings, phone calls or other interactive dialogue) and non-real-time (letters, emails, brochures, websites).
• Solicited (initiated by or at the express request of the recipient) and unsolicited communications.

Unless an exemption applies, content must be approved by an authorised person. Relevant exemptions include trustees/personal representatives and takeover communications; DPB-specific exemptions exist for exempt professional firms in respect of certain real-time and non-real-time promotions. Breach of s 21 can be a criminal offence. Importantly, a solicitor may be carrying out an activity which is not itself a regulated activity, yet the communication could still be a “financial promotion” requiring approval or falling within an exemption.

Risk-Based Regulation

Both the FCA and PRA use a risk-based approach to regulation and supervision. This means they focus their resources on the greatest risks to their objectives.

Key Term: risk-based regulation
A regulatory approach that prioritises supervision and enforcement based on the likelihood and impact of risks to regulatory objectives.

Regulators assess the risks posed by firms and activities, allocate resources accordingly, and take proportionate action. For example:

• Firms judged higher-impact may receive closer, proactive supervision; lower-impact firms fall into flexible portfolios with event-driven oversight and thematic work.
• Thematic reviews and multi-firm supervisory projects target emerging risks (e.g., mis-selling practices or client asset safeguarding).
• Enforcement is prioritised where misconduct causes significant consumer harm, market abuse, or threatens safety and soundness.

Proportionate responses can range from guidance and supervisory recommendations to requirements, restrictions, public censure, fines, or cancellation of authorisation.

Worked Example 1.1

A law firm wishes to offer investment advice to clients as part of its legal services. The advice relates to specific shares and is not merely generic information. The firm is not authorised by the FCA.

Question: Can the firm provide this advice without FCA authorisation?

Answer:
No. Giving specific investment advice is a regulated activity. Unless the firm can rely on a DPB exemption and the advice is truly incidental to its legal services, FCA authorisation is required. The firm must ensure compliance with both SRA and FCA rules.

Worked Example 1.2

A new fintech company wants to launch a payment service that holds client funds and processes transactions. What must the company do before starting business?

Answer:
The company must apply for authorisation from the FCA, providing detailed information about its business, systems, and controls. It must meet the threshold conditions and be capable of effective supervision. It cannot lawfully operate until authorisation is granted.

Worked Example 1.3

A solicitor’s firm is considering offering a new financial product to clients. The product is complex and carries significant risk. What should the firm do before proceeding?

Answer:
The firm must assess whether the activity is regulated and whether it has the necessary authorisation or exemption. It should conduct a risk assessment, ensure staff are trained, and implement robust compliance systems. If in doubt, the firm should seek specialist regulatory advice.

Worked Example 1.4

A litigation team settles a claim and, in a follow-up email, sends the client a brochure recommending investment in a named fund, including subscription details. The firm is not FCA-authorised.

Question: Is this a permitted communication?

Answer:
Likely not without approval or an exemption. Naming a specific fund and encouraging subscription is a financial promotion under s 21 FSMA. Unless the content is approved by an authorised person or an FPO exemption applies (for example, a DPB-specific exemption for exempt firms and compliant status disclosures), the communication risks breaching s 21.

Worked Example 1.5

A corporate team arranges the sale of 75% of the shares in a private company and advises on transaction documents. The firm is not FCA-authorised.

Question: Does this breach the general prohibition?

Answer:
No. The takeover exclusion applies to acquisitions or disposals involving at least 50% of voting shares in a body corporate, subject to conditions. Advising or arranging on such transactions is excluded from regulated activity. The firm must still avoid financial promotions which fall outside the exclusion and comply with professional rules.

Worked Example 1.6

A probate team, acting as personal representatives, instructs a broker to sell a portfolio of listed shares and receives a commission from the broker. The firm intends to retain the commission.

Question: Is retaining the commission acceptable without FCA authorisation?

Answer:
Under the DPB regime, exempt firms must account to clients for commissions or obtain informed, written agreement to retain them. Provided the activity is incidental to legal services, the firm complies with the SRA Scope and Conduct of Business Rules (including status disclosure and recordkeeping), and obtains the client’s documented consent, it may retain the commission without FCA authorisation.

The Intersection of Legal and Financial Regulation

Solicitors and law firms may encounter financial regulation when:

• Advising on financial products or investments (specific investment advice is a regulated activity)
• Handling client money or assets (client asset rules and custody considerations may apply; safeguarding and administering investments is a regulated activity)
• Providing services that overlap with regulated activities (arranging investments, managing investments, insurance distribution, consumer credit arrangements)
• Communicating financial promotions (s 21 FSMA applies even if the activity is not a regulated activity)

It is essential for solicitors to identify when their work falls within the scope of financial regulation and to ensure that they have the necessary authorisation or exemption. Failure to comply with FSMA 2000 can result in criminal and civil penalties, unenforceable agreements, supervisory intervention, and disciplinary action under SRA Standards and Regulations. Practical steps include:

• Scoping matters at intake to identify regulated activities and potential financial promotions
• Using exclusions or introducing clients to authorised persons where appropriate
• Applying the DPB exemption only when activities are incidental to legal services and ensuring status disclosures, recordkeeping, and commission accounting
• Avoiding targeted, unapproved communications that may constitute financial promotions
• Implementing training and controls for staff who may inadvertently cross the regulatory perimeter

Exam Warning

For SQE1, be alert to scenarios where legal services cross into regulated financial activities. Always check whether FCA authorisation or a DPB exemption is required. Acting without proper authorisation is a criminal offence.

Ongoing Supervision and Enforcement

Once authorised, firms are subject to ongoing supervision by the FCA or PRA. This includes:

• Regular reporting and disclosure requirements
• Compliance with conduct and prudential rules (including client asset rules where relevant)
• Risk assessments, supervisory visits, thematic reviews, and event-driven interventions
• Enforcement action for breaches, including fines, suspensions, restrictions, redress orders, or withdrawal of authorisation

Firms must maintain adequate systems and controls, ensure staff are competent, and treat customers fairly. Senior management must take responsibility for compliance culture and governance. Unauthorised firms engaging in financial promotions may face criminal investigations and civil sanctions; authorised persons approving communications must ensure they meet regulatory standards.

Where firms rely on the DPB exemption, SRA supervision and enforcement also apply. Firms should:

• Give status disclosures and maintain appropriate records for six years
• Account to clients for commissions or obtain informed advance consent
• Implement secure custody and transfer procedures for investments
• Ensure “execution-only” transactions follow the prescribed confirmation process
• Maintain compliance monitoring and provide staff training proportionate to the risks

Key Point Checklist

This article has covered the following key knowledge points:

• The UK financial services regulatory framework is based on the FCA and PRA, each with distinct objectives.
• The general prohibition under FSMA 2000 requires authorisation to carry out regulated activities.
• Regulated activities include a wide range of financial services, defined in secondary legislation; the RAO requires a specified activity, specified investment, and “by way of business.”
• Exclusions relevant to solicitors include introducing/acting through authorised persons, trustees/personal representatives, takeover transactions, and “necessary” professional services.
• The authorisation process involves meeting threshold conditions and ongoing supervision; permissions are specific and can be varied or withdrawn.
• Solicitors may rely on DPB exemptions for incidental regulated activities, but must comply with SRA financial services rules (status disclosure, records, commissions, custody).
• Financial promotions under s 21 FSMA require authorisation or approval unless an exemption applies; communications can be real-time/non-real-time and solicited/unsolicited.
• Risk-based regulation means regulators focus on the greatest risks to their objectives; supervision and enforcement are proportionate to impact and likelihood.
• Solicitors must identify when their work overlaps with financial regulation and ensure proper authorisation or exemption; breaches can result in criminal and civil penalties and disciplinary action.

Key Terms and Concepts

• Financial Conduct Authority (FCA)
• Prudential Regulation Authority (PRA)
• general prohibition
• regulated activity
• threshold conditions
• designated professional body (DPB)
• risk-based regulation