FCA Authorisation

Do I need to be FCA authorised? The perimeter explained

Wondering do I need FCA authorisation? Learn how the regulatory perimeter works, the four-part test and common activities that trigger authorisation.

8 min read Published 17 Jul 2026
Do I need to be FCA authorised? The perimeter explained

One of the first questions any new financial firm asks is deceptively simple: do I need FCA authorisation to do what I am planning? The answer sits inside what lawyers and regulators call the regulatory perimeter, the invisible line that separates activities the Financial Conduct Authority (FCA) polices from those it does not. Cross that line without permission and you may be committing a criminal offence, so getting the analysis right at the outset matters a great deal.

The perimeter is not a single test you can eyeball in a minute. It is built from primary legislation, principally the Financial Services and Markets Act 2000 (FSMA) and the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (usually shortened to the RAO), together with the FCA's own Perimeter Guidance manual, known as PERG. These sources define which activities are regulated, which investments they must relate to and which carve-outs might apply.

This guide walks through the framework in plain English. It is educational rather than advice: your own facts determine the outcome, and borderline cases usually warrant legal input. If your assessment points toward needing permission, Nasara Authorise can help you prepare and manage the application.

The general prohibition: why the perimeter matters

The starting point is section 19 of FSMA, known as the general prohibition. It states that no person may carry on a regulated activity in the United Kingdom unless they are either an authorised person or an exempt person. Everything about the perimeter flows from this single rule: if what you do is a regulated activity and none of the safety valves apply, you must be authorised or exempt before you begin.

Breaching the general prohibition is serious. Under section 23 of FSMA, carrying on a regulated activity without authorisation or exemption is a criminal offence that can carry up to two years' imprisonment and an unlimited fine. There is a defence if you can show you took all reasonable precautions and exercised all due diligence to avoid the offence, but relying on that after the event is not a wise strategy.

There are commercial consequences too. Sections 26 to 29 of FSMA can render agreements made by, or through, an unauthorised person unenforceable against the customer, so you may be unable to recover money and the customer may be entitled to recover what they paid. For credit agreements, section 26A provides a related regime. Because the stakes are high, the sensible approach is to work through the perimeter analysis carefully rather than assume you are outside it, since the FCA is clear in PERG 2.2 that the burden of understanding it rests with the person carrying on the activity.

The four-part test the FCA applies

The FCA frames the perimeter question as a structured analysis in PERG 2.2.3G. In broad terms, you need authorisation if you are carrying on an activity of a specified kind, by way of business, in relation to a specified investment (or specified property such as land in the case of mortgages), in the United Kingdom, and no exclusion or exemption removes you. The first element is the activity itself: the RAO lists specified activities such as accepting deposits, dealing, arranging, managing, advising and lending. If your activity is not on that list, it is not regulated, however financial it may feel commercially.

The second element is the business test under section 22 of FSMA: you only need authorisation if the activity is carried on by way of business. PERG 2.3.3G explains that the FCA weighs factors such as the degree of continuity, the existence of a commercial element, the scale of the activity and its proportion to your other activities. The Carrying on Regulated Activities by Way of Business Order 2001 modifies how this test applies to particular activities, so it is not a single uniform standard.

The third element is the investment: the activity must relate to a specified investment (or, for mortgages, to specified property). The fourth is a UK nexus: the activity must be carried on in the United Kingdom. Only when all four are present, and no exclusion applies, does the general prohibition bite.

1
Identify the activity
Check whether your proposed activity is a specified kind of activity listed in the Regulated Activities Order 2001.
2
Apply the business test
Assess under section 22 FSMA whether the activity is carried on by way of business, considering continuity and commercial character.
3
Confirm the investment
Verify that the activity relates to a specified investment or specified property, such as a regulated mortgage contract.
4
Establish UK nexus
Confirm the activity is carried on in the United Kingdom, as the general prohibition applies only to UK-based activity.
5
Check exclusions and exemptions
Review PERG 2.8 to 2.10 to see whether any RAO exclusion or statutory exemption removes you from the perimeter.

Specified activities and specified investments

The RAO does the heavy lifting by naming both the activities and the investments they must touch. On the activity side, Part II of the RAO specifies kinds of activity including accepting deposits (article 5), effecting and carrying out contracts of insurance (article 10), dealing in investments as principal (article 14) or as agent (article 21), arranging deals in investments (article 25), managing investments (article 37), safeguarding and administering investments (article 40) and advising on investments (article 53).

On the investment side, Part III of the RAO specifies the investments those activities must relate to, including deposits (article 74), contracts of insurance (article 75), shares (article 76), debt instruments such as debentures (article 77) and units in collective investment schemes (article 81). Regulated mortgage contracts are treated separately because they relate to land rather than a conventional financial instrument.

The activity and the investment have to line up. Advising someone on the merits of a particular share brings you within article 53 read with article 76, whereas advising on a physical commodity or a piece of art generally does not, because those are not specified investments. This pairing is what makes the perimeter analysis precise rather than intuitive. Credit and mortgage lending sit within the same framework: consumer credit was brought into FSMA regulation in 2014, so lending under a regulated credit agreement, credit broking, debt counselling, debt adjusting and debt collecting each have their own RAO articles, covered in PERG 2.7.

Common activities: regulated or not?

It helps to see how the framework maps onto everyday activities. The table below summarises whether some common activities are typically regulated, based on the RAO and PERG. It is a general guide only: the by-way-of-business test, the specific facts and any exclusion can all change the outcome in a particular case.

Notice how fine the distinctions can be. A personal recommendation about a specific investment usually falls within article 53, while purely generic or educational material about investing typically does not, as the FCA explains in PERG 2.7 and PERG 2.8. Similarly, merely introducing a customer to an authorised firm can be excluded from arranging under article 33 of the RAO, whereas actively bringing about the transaction is more likely to be caught.

So treat the table as a starting point rather than a substitute for your own analysis. Where an activity appears close to the line, checking the precise RAO article and relevant PERG chapter, and taking advice, is the safer course.

ActivityTypically regulated?Key reference
Accepting deposits from the public by way of businessYesRAO article 5
Advising a person on the merits of buying a particular share or investmentYesRAO article 53; PERG 2.7
Providing purely generic or educational information about investingGenerally noPERG 2.7 / PERG 2.8
Arranging deals in investments (bringing about transactions)YesRAO article 25; PERG 2.7
Merely introducing a customer to an authorised firmOften excludedRAO article 33; PERG 2.8
Managing investments on a discretionary basis for clientsYesRAO article 37
Lending under a regulated credit agreement to a consumerYesRAO article 60B; PERG 2.7
Credit broking (introducing borrowers to lenders)YesRAO article 36A; PERG 2.7
Advice given in a newspaper, broadcast or similar serviceGenerally excludedRAO article 54; PERG 2.8
Common activities and whether they are typically regulated (based on the RAO and PERG). General guidance only.

Exclusions: back outside the perimeter

Even where an activity looks regulated, the RAO contains exclusions that can take specific situations back outside the perimeter. The FCA collects these in PERG 2.8 and PERG 2.9, and they are often the difference between needing authorisation and not.

Several exclusions are widely relevant. The absence of holding out exclusion under article 15 can apply to some dealing as principal where you do not hold yourself out as making a market or regularly soliciting the public. The introducing exclusion under article 33 can take certain introductions outside arranging. The media exclusion under article 54 can apply to advice in newspapers, broadcasts or similar services where the principal purpose is not to give regulated advice.

There are also exclusions tied to the character of the person or business. Article 66 provides exclusions for activities carried on in the course of a profession or a business that does not otherwise consist of regulated activities, subject to conditions, and trustees, nominees and personal representatives benefit from exclusions across several regulated activities. Exclusions are narrow and condition-heavy, though: each has its own wording and limits in the RAO, and the FCA warns in PERG 2.8 and PERG 2.9 that they must be read carefully against the specific facts.

Exemptions: authorised, exempt or neither

The general prohibition is satisfied if you are an authorised person or an exempt person, so exemption is the other main route to operating lawfully without your own full authorisation. The FCA covers exempt persons in PERG 2.10.

The best-known route is the appointed representative regime under section 39 of FSMA. An appointed representative carries on certain regulated activities under a written contract with, and under the responsibility of, an authorised principal firm, and is exempt in respect of those activities. There are limits: one carrying on insurance distribution must be on the FCA register under article 93 of the RAO, and some credit-related activities cannot be conducted this way. PERG 2.10 also describes exemptions for recognised investment exchanges and clearing houses, supranational bodies, certain deposit-takers such as municipal banks and local authorities, and members of a designated professional body such as some solicitors and accountants.

If none of these routes fits and your activity is caught, the remaining path is to apply for authorisation. Getting the permissions right, and the supporting documentation in order, is where Nasara Authorise supports firms.

How to work through your own perimeter question

A disciplined approach beats guesswork. Start by writing down, in plain terms, exactly what you intend to do, for whom and how you will be paid, then map each element against the RAO and PERG rather than against a general impression of what feels regulated. Work through the four elements in order: is it a specified kind of activity, carried on by way of business, relating to a specified investment or property, and carried on in the United Kingdom? If any element is missing, the general prohibition does not bite. If all four are present, move on to exclusions and exemptions before concluding.

Document your reasoning as you go. If you conclude that you are outside the perimeter, a clear written record of why, with the specific articles and PERG references you relied on, is valuable evidence of the reasonable precautions and due diligence that section 23 recognises. Where the analysis is finely balanced, obtaining legal advice or seeking the FCA's general guidance is prudent.

The perimeter rewards precision. Small changes in how an activity is structured, such as whether you introduce or arrange, or advise on a specific product or speak generically, can move you across the line, so revisit the analysis whenever your model changes.

Conclusion

So, do I need FCA authorisation? The honest answer is that it depends on a structured legal analysis rather than a gut feeling. If you carry on a specified activity, by way of business, in relation to a specified investment, in the United Kingdom, and no exclusion or exemption applies, then the general prohibition in section 19 of FSMA means you must be authorised or exempt before you start. Getting this wrong risks criminal liability under section 23 and unenforceable contracts under sections 26 to 29.

The good news is that the framework is knowable. The RAO defines the activities and investments, and PERG explains how the pieces fit together, including the exclusions and exemptions that may apply. Work through the four-part test methodically, document your reasoning and take advice on borderline points. If your analysis shows you need permission, Nasara Authorise can guide you through preparing and submitting a robust FCA application.

Frequently asked questions

What is the regulatory perimeter?

The regulatory perimeter is the boundary between activities the FCA regulates and those it does not. It is defined by FSMA and the Regulated Activities Order 2001, and explained in the FCA's Perimeter Guidance manual (PERG). If your activity falls inside it and no exemption applies, you generally need FCA authorisation.

What happens if I carry on a regulated activity without authorisation?

Under section 23 of FSMA, carrying on a regulated activity without being authorised or exempt is a criminal offence that can carry up to two years' imprisonment and an unlimited fine. Sections 26 to 29 can also make related agreements unenforceable, meaning you may be unable to recover money and the customer may be able to recover what they paid.

What does 'by way of business' mean?

You only need authorisation if a regulated activity is carried on by way of business, under section 22 of FSMA. PERG 2.3.3G says the FCA weighs factors such as the degree of continuity, whether there is a commercial element, the scale of the activity and its proportion to your other activities. It can also be modified for particular activities by the 2001 business order.

Is giving investment advice always regulated?

Not always. Advising a person on the merits of buying, selling or holding a particular investment is typically regulated under article 53 of the RAO. However, purely generic or educational information about investing, and advice given in newspapers, broadcasts or similar services under the article 54 exclusion, may fall outside the perimeter. The specific facts matter.

Can I operate without my own authorisation?

Possibly. Besides being authorised, you can satisfy the general prohibition by being an exempt person. The main route is becoming an appointed representative under section 39 of FSMA, acting under an authorised principal firm. Other exemptions exist for certain bodies and for members of designated professional bodies, with strict conditions set out in PERG 2.10.

Where can I check whether a specific activity is regulated?

Check the Regulated Activities Order 2001 on legislation.gov.uk for the specified activities and investments, and the FCA's Perimeter Guidance manual (PERG) for how they apply. For borderline cases, consider taking legal advice or seeking the FCA's general guidance before you start.

Ready to move money with confidence?

Nasara Authorise helps UK firms send and control payments with lower fees, better rates and full visibility.

Talk to an expert
Keep reading

More insights you will like.

Stay ahead of the curve

Practical guides and updates for UK firms, straight to your inbox.

Secure by designBank-grade security and encryption
Built for UK firmsMade for FCA-regulated businesses
Data protectedYour data stays private and controlled
Global reachCross-border payments worldwide