If your business is entering the UK financial services sector, understanding the difference between FCA authorisation and registration is crucial.
This distinction determines the scope of your legal activities, your compliance obligations, and the regulatory oversight you'll face. Whether you’re launching a fintech product, operating a payment service, or entering the crypto space, choosing the wrong route can lead to delays, unnecessary costs, or even criminal penalties.
By working with our financial services solicitors, you’ll have the expert support you need to navigate the FCA’s requirements with confidence, from structuring your business model to submitting the correct application at the right time.
Contents:
What are authorisation, registration and exemption?
Authorisation
Authorisation means the FCA has given your firm permission to carry out one or more regulated activities. It’s the highest level of scrutiny by the FCA, and with it comes a broader set of requirements (depending on your firm type), including the senior managers regime, detailed business plans, capital thresholds, systems and controls, and regular reporting.
If you’re offering services like investment advice or operating as a lender, authorisation is usually required.
Registration
Registration, on the other hand, is a more limited form of oversight. It generally applies where your firm’s activities don’t fall under the Financial Services and Markets Act (FSMA). However, the FCA still has a role to play, typically with smaller providers of payment services or e-money, as well as anti-money laundering (AML) and counter-terrorist financing.
An example is a crypto asset exchange registered under the Money Laundering Regulations (MLRs) – it would not be authorised to carry out regulated activities. However, the FCA would still monitor its AML compliance.
Exemption
A relevant exemption applies, which means your firm carries out activities that would otherwise be regulated, but you’re allowed to operate without full FCA authorisation or registration.
For example, appointed representatives can carry out certain regulated activities for which their principal authorised firm has accepted responsibility in writing.
Exempt firms still need to comply with the relevant exemption’s requirements, otherwise they will be in breach of the general prohibition, which is a criminal offence.
Why does the difference matter?
The route you take determines your compliance obligations.
Authorised firms face the highest regulatory burden but potentially gain the widest ability to carry out regulated activities. Registered firms have a narrower scope and fewer obligations. Exempt firms may have lighter requirements, but that doesn’t mean no regulation, and operating outside your exemption could lead to enforcement.
Examples: Who needs what?
Let’s break down how the differentiation works in practice across typical firm types.
EMIs vs small EMIs
A fully authorised Electronic Money Institution (EMI) can issue e-money and provide payment services. This comes with higher capital requirements, strict safeguarding rules, and more intensive FCA oversight.
A Small EMI, by contrast, can still issue e-money but only below certain thresholds. The compliance burden is lighter, but so are the permissions, and firms that grow quickly will need to apply for full authorisation.
Crypto firms under the MLRs
Crypto asset businesses that provide crypto asset exchange or custodian services in the UK must register with the FCA under the Money Laundering Regulations (MLRs). This covers AML obligations but doesn’t grant permission to carry out regulated financial services. If your crypto business also wants to offer investment services or custody of regulated tokens, you’ll likely need authorisation under FSMA as well.
Payment institutions, account information service (AIS) or payment initiation service providers (PISPs)
Firms offering payment services (like money remittance, direct debits, or credit transfers) typically need to be either authorised or registered as a Payment Institution, depending on size and scope.
If your business only provides account information services or payment initiation services, such as accessing account data or initiating payments with user consent, you’ll need to be registered or authorised under the Payment Services Regulations. Even though AISPs and PISPs don’t hold customer funds, they still fall under FCA oversight.
Appointed Representatives (ARs)
Some firms rely on an Appointed Representative (AR) model, where they act under the umbrella of a fully authorised firm (called the ‘principal’). This can be a faster route to market, especially for startups. However, the principal firm is on the hook for the AR’s compliance, and the FCA has increased scrutiny on AR arrangements in recent years, especially in financial promotions and consumer harm cases.
There are also introducer ARs, with even more limited permissions (essentially restricted to referrals). These models can suit firms testing a market but won’t be appropriate for those conducting regulated activities directly.
In both cases, ARs and introducer ARs will have to comply with the requirements of their principal, such requirements typically being set out in an appointed representative agreement between the parties.
Thresholds and decision-making
Whether your business needs to register, apply for authorisation, or qualify for an exemption depends on what you do and how much of it you do.
For example, small EMIs must keep their average outstanding e-money balances under €5 million. If they exceed the limit, they must apply for full authorisation. Similarly, small payment institutions must keep their average monthly transactions under €3 million over 12 months to remain eligible under the FCA’s lighter regime. Exceeding these limits means you’re no longer eligible for the lighter regime.
Crypto firms often trip up here. Many believe that registration under the MLRs is a stepping stone to full FCA authorisation, but that’s not the case. MLR registration allows a firm to operate for anti-money laundering compliance purposes only; it doesn’t permit it to carry out regulated financial activities like offering investment advice or running a trading platform.
When assessing applications, the FCA will look at your business model, financials, governance, risk controls, and your understanding of how to apply for authorisation. If your activity grows or changes, you may need to “level up” from registration to authorisation, and the FCA expects firms to monitor this themselves and apply in good time. Missing that window can land you in serious trouble.
What happens if you get it wrong
Running a regulated business without the correct FCA permissions is a criminal offence. If you're found to be operating outside the scope of your authorisation or without any authorisation at all, the consequences range from fines and enforcement notices to being named on the FCA’s public warning list and even custodial sentences.
Even firms that submit the wrong application, for example, applying as a small EMI when they should be a complete EMI, risk having their application refused, which is a matter of public record. That can raise red flags with banks, investors, and commercial partners, especially in early-stage funding rounds or due diligence processes.
You may also face restrictions on marketing products, opening accounts, or onboarding new customers while your permissions are being clarified. In some cases, the FCA may launch a supervisory investigation or impose limits on your activities while it investigates further.
Getting your regulatory status right is therefore essential, and the best way to ensure that you remain compliant is by instructing a financial services solicitor from the beginning.
Getting the right authorisation from the start
Whether your firm falls under authorisation, registration, or an exemption, your regulatory status affects how you can operate, scale, and attract investment. Mistakes can have long-term consequences, particularly in fast-moving sectors like payments, crypto, and fintech. By working with our financial services solicitors, you’ll get strategic guidance that ensures your firm is correctly classified and fully compliant, minimising risk and helping you move forward with clarity and confidence.