Running a Fintech Business in the UK: Regulatory Questions and Answers for US and Other Non-UK Businesses | Goodwin

by · May 3, 2023

With more fintechs looking to expand their business internationally, it can be daunting to navigate varying regulations across national borders. This article focuses on regulations in the United Kingdom. For those also focused on expanding to the US, we have an article covering regulatory aspects to consider, which you can find here.

Many fintech companies and those offering technology-enabled financial services, particularly those offering services related to payments, are looking to new markets, including the UK. Providing services and products to customers in the UK will require an assessment of the regulatory requirements and risks associated with such services. This FAQ addresses the main types of questions we receive from US and other non-UK fintech service providers.

The UK does not have a single regulatory regime for fintech providers. Instead, a fintech firm will be subject to regulation if it carries on business in the UK, certain activities identified as regulated activities under the Financial Services and Markets Act 2000 (FSMA) and other laws, regulations and rules. , including the following:

  • These, such as the Payment Services Regulations 2017 (PSR), created to give effect to EU directives while the UK was still a member of the EU
  • Directly applicable EU regulations – such as the Markets in Financial Instruments Directive (MiFID), which includes requirements to identify whether certain foreign exchange products are regulated – that were incorporated or “onshored” into UK law before the UK left the EU

The regulated business includes long-established business such as accepting deposits and offering accounts, offering payment and card services, providing consumer credit, offering mortgages, providing insurance, providing and managing investments and providing financial advice.

They also include regulation of newer activities, including crowdfunding, peer-to-peer lending, and those related to crypto-assets, whose regulation is being expanded. (See our notice on the marketing of cryptoassets and services in and into the UK: Shifting Regulatory Sands (goodwinlaw.com).)

It is an offense for a person to operate a regulated business without being one of the following:

  • Approved by the Financial Conduct Authority (FCA) or, for deposit activities, the Prudential Regulation Authority
  • Exempted from authorization because the person is, for example, an appointed representative of an FCA authorized firm under the Financial Services and Markets Act 2000 or an agent of an FCA payment service institution under the PSR

Nor can a person communicate an invitation or solicitation to engage in investment activity – that is, make a financial promotion – without either becoming FCA authorized or having an FCA authorized firm approve the communication. This is known as the “Financial Promotion Restriction”.

As mentioned above, a fintech company will be subject to regulation if it carries out regulated activities in the UK. The FCA’s general guidance indicates that a firm will only carry on business where it has an establishment in the UK, but it also states that a person based outside the UK can carry on business in the UK even if they do not have a place of business in the UK, for example by of the internet or other telecommunications system or during occasional visits. In that case, it will be relevant to assess whether the business satisfies the food test. This test looks at factors such as degree of continuity, which, in the context of cross-border business, considers time spent in the UK, use of offices and other similar factors. The person may be able to rely on “foreign person exclusions”, although these are narrow and currently under review.

One clear exception to note is that in the case of regulated mortgage contracts, even if the contract provider is outside the UK, when the residential property secured by the mortgage is in the UK, the provider will be subject to UK regulation.

For payment and electronic money (e-money) services, the FCA guidance indicates that FCA authorization or payment services registration is not required by non-UK payment institutions wishing to provide payment and e-money services to UK customers from a location outside the UK.

The restriction on financial promotion, mentioned above, has an extraterritorial effect and applies to any financial promotion which is “capable of having effect in the United Kingdom”. Currently, the marketing of payment services and e-money services is not subject to the financial promotion restriction.

Generally, as a first requirement, a firm will need to apply to be FCA authorized and, depending on whether it is authorized under FSMA or another regime, such as that under the PSR, satisfy certain conditions for authorisation, including requirements to have .a. the things:

  • An office in the UK
  • Sufficient staff to operate its business in the UK, including staff responsible for regulatory compliance
  • Appropriate governance arrangements with individual directors and other senior managers who are fit and proper and have the necessary qualifications
  • The minimum amount of regulatory capital prescribed for its type of business
  • Appropriate arrangements to prevent financial crime, including anti-money laundering and know-your-customer systems and controls consistent with money laundering
  • Regulations 2017, Anti-Bribery and Sanctions Guidelines and Processes to Prevent Cybercrime
  • Adequate arrangements to secure customer funds where the firm issues electronic money, for example – a particular focus for the FCA recently
  • Systems and controls to manage operational risk, including the risk arising from the outsourcing of critical services to third parties
  • Processes to review financial campaigns and ensure customer documentation complies with consumer protection requirements
  • Processes for handling customer complaints
  • Processes for creating regulatory reports and alerts

The PSR, which forms the backbone of the UK payments regulatory regime, applies to anyone who provides a payment service as a regular profession or business activity in the UK. Payment services are defined in the PSR to include:

  • Services that enable cash to be deposited into or withdrawn from a payment account and all the operations required to operate a payment account
  • Execution of payment transactions by direct debit, credit transfers or a payment card or similar device
  • Issuing payment instruments or obtaining payment transactions
  • Money transfer
  • Payment Initiation Services
  • Account Information Services

The PSR also contains a list of activities that are expressly excluded from the definition of payment services. This includes payment transactions carried out between payment service providers or their agents and branches for their own account and payment transactions carried out within a payment or securities settlement system.

Issuing e-money, usually stored in a user’s account, which can be accessed using a card or an electronic device such as a mobile phone, and which can be used to pay for goods and services, is a regulated activity under the regulation of electronic money 2011 (EMR). The EMR defines e-money as electronically (including magnetically) stored monetary value as represented by a claim on the issuer of electronic money that is:

  • Issued upon receipt of funds for the purpose of carrying out payment transactions
  • Approved by a person other than the issuer
  • Not excluded by EMR

The requirement that e-money is only issued when funds are received excludes the application of the definition to credit products, such as credit cards.

The EMR provides two exceptions. They are referred to as the “limited network exclusion”, intended to prevent products such as certain retail gift cards from falling within the definition of e-money, and the “electronic communication exclusion”, which applies to products used to make payment transactions that the provider offers in addition to the delivery of electronic communications networks or services.

In general, lending to customers in the UK is not a regulated activity, unlike the position in some EU member states, unless the loans constitute regulated credit agreements or regulated mortgages and similar housing finance arrangements.

If no exemption applies, a lender must be FCA authorized and subject to the requirements set out above. Regulated credit agreements have specific requirements regarding how the agreement is designed and formatted and what information must be included. Regulated mortgages are subject to special restrictions on how the mortgages are marketed, originated and sold; how the lenders manage the loans on an ongoing basis; and how to deal with borrowers who fall behind on their payments.

The operation of an electronic system in relation to lending, which is aimed at peer-to-peer lending, is also a regulated activity in the UK.

Fintech companies looking to do business in the UK will also need to consider laws and regulations of general application. This includes the EU General Data Protection Regulation which has been incorporated into UK law (UK GDPR). UK GDPR regulates the collection, processing and transfer of personal data. The UK GDPR applies to UK companies and has extraterritorial reach that applies to companies based outside the UK that offer goods and services to UK individuals or monitor the behavior of UK individuals.

Fintech companies will also need to consider the application of immigration, employment and anti-discrimination laws and regulations when employing individuals in the UK.

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *