When asked why they founded their fintech business, few entrepreneurs would reply “Because I really wanted to engage with the intricacies of financial services regulation”.
At first glance, fintech and financial regulation may not appear to be a match made in heaven. The former often moves more quickly than the latter. Given this, regulation can sometimes lag behind technological and commercial reality. Moreover, the fact that
fintechs are rarely cheap to establish, means that founders may be wary of the costs associated with applying for and maintaining authorisation from the Financial Conduct Authority (FCA).
In view of all this, some fintechs are reluctant to look into the regulatory status of their business. They fear that, if they do ask the question, they may get the ‘wrong’ answer (i.e. they may be told that they need to be authorised by the FCA). While
perhaps understandable, such an attitude is unwise. The consequences of breaching financial services regulation can be severe. In addition to the costs of bad publicity and business interruption, the potential penalties include significant fines and even imprisonment.
The downsides of getting the ‘wrong’ answer may therefore be considerably outweighed by the downsides of not asking at all, and of inadvertently committing a criminal offence as a result.
If they do decide to review their regulatory status, some fintechs will find that they get the ‘right’ answer. While financial services regulation has a wide scope, that scope is not all-encompassing. Many fintechs are able to operate without FCA authorisation.
Some have designed their business models with specific regard to the need to operate outside the regulatory perimeter. As such, many businesses that wish to trade without FCA authorisation are able to do so.
Undeniably, some fintechs will need to be FCA-authorised. Where this is the case, the relevant founders may take comfort from the fact that many of the concerns about the burden associated with FCA authorisation are overblown. As stated in its most recent
Annual Report, the FCA wants the UK to be the “best place in the world for financial services to thrive.”
While the FCA rightly sets high standards, it is also committed to the encouragement of innovation. With this in mind, the FCA operates various innovation initiatives which allow participants to develop their ideas, gain access to mentors, and network
with their peers.
Fintechs that apply for FCA authorisation can expect a fair hearing and may find that their business benefits from the helpful resources that the FCA can provide.
Relevant legislation
The Financial Services and Markets Act 2000 (FSMA) sets the framework for the regulation of financial services in the UK. Sitting within this framework is the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 which lists the activities
and investments that are subject to regulation under FSMA (Regulated Activities and Regulated Investments).
The list of Regulated Activities includes, inter alia, (i) dealing in investments as principal, (ii) arranging deals in investments, and (iii) advising on investments. The list of Regulated Investments includes, inter alia, (i) shares, (ii) options, and
(iii) contracts for differences (CFDs).
The Payment Services Regulations 2017 set out the list of regulated payment services (Regulated Payment Services), together with exclusions. The Money Laundering, Terrorist Financing, and Transfer of Funds (Information on the Payer) Regulations 2017 set
out the list of cryptoasset activities (Cryptoasset Registration Activities), that are subject to anti-money laundering registration requirements.
Section 19 FSMA establishes the ‘General Prohibition,’ making it a criminal offence to carry out a Regulated Activity by way of business in the UK unless the relevant person is either authorised under FSMA or exempt from the need to be authorised under FSMA.
It is also a criminal offence to provide a Regulated Payment Service in the UK without the correct regulatory status. Depending on the circumstances, it may also be a criminal offence to carry out Cryptoasset Registration Activities in the UK without the
correct regulatory status.
The relevant legislation also sets out exclusions and exemptions from the scope of various Regulated Activities, Regulated Payment Services, and Cryptoasset Registration Activities.
Establishing whether or not FCA authorisation is required
The conclusion as to whether or not a given business model is subject FCA regulation can turn on seemingly small points of detail. It can therefore be common for there to be two firms pursuing similar (but not identical) business models where one is carrying
out a Regulated Activity but the other is not. This will often be because an exclusion applies to the second business but not to the first.
New entrants to a given market sometimes assume that, because none of their competitors are FCA-authorised, they do not need to be authorised themselves. Such assumptions can frequently prove to be mistaken. Firstly, it may be that the given competitors
actually do need to be authorised and that they are themselves in breach of the relevant regulation. Secondly, even if there is no need for the competitors to be authorised, the new entrant may be operating a subtly different business model; and that subtle
difference can bring the new entrant into the scope of regulation while its competitors remain outside that scope.
The question of whether or not a particular product is a Regulated Investment can be of particular interest to cryptoasset businesses. There is no ‘one size fits all’ for the regulation of cryptoassets; some tokens are Regulated Investments while others
are not. Again, the determination of this point can require a detailed analysis of the relevant token(s).
Restructuring
If an initial analysis suggests that a given business model does fall within the scope of FCA regulation, there may then be a question as to whether it may be re-structured to take it outside this scope. Sometimes this might mean limiting the nature of
the target market so that the business only offers its services to certain types of clients. Alternatively it may mean restricting the range of products offered by the business so that it does not offer Regulated Investments. More technically, it may mean
not carrying out certain parts of the proposed business at all.
If a business is not willing/able to restructure in this way it may be able to partner with a firm that is FCA-authorised. One of the most common ways of doing this is to become an appointed representative (AR) of an FCA-authorised firm (which would be
known as the AR’s Principal).
ARs are able to carry out some (though not all) Regulated Activities without authorisation because they benefit from their Principal’s FCA permissions. They are sometimes described as operating under the relevant Principal’s regulatory ‘umbrella’. ARs are
not subject to direct regulation by the FCA, but Principal firms often operate fairly stringent monitoring procedures in relation to their ARs. While many businesses are long-term ARs, AR status can also be a useful staging post for a fintech that is preparing
for its own FCA authorisation, but is not yet ready to apply for such authorisation.
Fintechs that are looking to explore ways in which they can redesign their businesses so as to avoid carrying out Regulated Activities, or to learn more about the AR option, may wish to seek legal advice in this regard.
Applying for FCA authorisation
If it becomes clear that a business will need to apply for FCA authorisation, then the firm should look to approach the exercise in manageable steps. Many fintechs are able to benefit from the FCA’s Innovation Hub.
One of the most important initiatives in this regard is the FCA’s Digital Sandbox. The Digital Sandbox offers participants access to features such as synthetic data, an API marketplace, a digital testing environment, and a collaboration platform. The idea
is that fintechs can use the Digital Sandbox to give their business models a trial run in a realistic, but safe, environment. The Digital Sandbox also provides access to mentors and the opportunity to take part in networking opportunities.
Once a prospective applicant is ready to get cracking on its application, they should look to engage its professional advisers at an early stage with a view to preparing a comprehensive and robust application that will give the FCA the comfort that it needs.
FCA authorisation is not always necessary
Some fintech founders may automatically assume that their business models require FCA authorisation, but this is not always the case. Simply operating in the financial services industry does not in and of itself guarantee that a business must be authorised.
Even if it appears that a fintech’s business model would entail the carrying out of Regulated Activities, it may be possible to restructure things in such a way that the business moves outside the scope of regulation.
Where authorisation is required, it may be possible to use some of the FCA’s pro-innovation resources to improve the relevant business model and to make the application process easier for all involved.
The crucial point is that fintech founders should be proactive in their approach to regulation.