The UK remains a leading global hub for fintechs. UK tech venture capital investment is third in the world (behind the US and China) according to research from TechNation. The fintech ecosystem is supported by a progressive approach to regulation, access to international investment and a skilled workforce.

There are growth opportunities for fintechs, including in playing a role in both addressing underlying environmental, social and governance (ESG) issues, and in deploying AI and other technologies to enable ESG data to be collected and monitored in response to regulation requiring standardised reporting of ESG data. This is an area where the UK fintechs are thriving – the UK is third in the world for investment into impact tech according to research from Tech Nation.

In addition, COVID-19 has accelerated the growth of digital adoption. There is also a shift in consumer behaviour, with increasing payment volumes moving online and an increased use of e-commerce.

The regulatory landscape will continue to evolve to address concepts such as crypto-assets and stablecoins, cloud technology and artificial intelligence (AI).

There are thousands of fintechs across the UK, including mature brands and start-ups, and covering a wide range of sectors and using a variety of business models. The business models vary for firms across the different sectors.

There is no single regulatory regime for fintech. Instead, both the nature of the activities a firm performs and its business model determine whether it is regulated.

As discussed in 2.1 Predominant Business Models, the UK fintech market is notable for the breadth and depth of its sectoral coverage. It encompasses a wide range of services such as crowdfunding, cross-border payments, foreign exchange services, digital wallets and e-money, robo advice and crypto-asset-related activities. Firms must assess the regulatory regime that applies to their business on a case-by-case basis.

We have included a high-level overview of the general licensing regime and the framework applicable to payment institutions and e-money firms.

General Licensing Regime under FSMA

All firms should consider the general prohibition in Section 19 of the Financial Services and Markets Act 2000 (FSMA), which prohibits carrying on a regulated activity by way of business in the UK without authorisation or an exemption.

A regulated activity is an activity of a specified kind that is carried on by way of business and relates to an investment of a specified kind. The list of regulated activities is set out in the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (the RAO). This includes (to name a few) accepting deposits, issuing electronic money, advising on or arranging deals in investments, dealing in investments as agent or principal and operating an electronic system in relation to lending. If a specified activity is carried on by way of business and relates to a "specified investment", it will be caught as a regulated activity. The list of specified investments includes (but is not limited to) deposits, electronic money, shares and units in a collective investment scheme.

Payment Institutions and E-Money Firms

Firms should also consider whether they are subject to regulation under the Payment Services Regulation 2017 (the PSR 2017) or Electronic Money Regulation 2011 (the EMR 2011).

Payment institutions and electronic money firms must safeguard customer funds to ensure that, in the event of an insolvency of the firm, customers' funds are returned in a timely and orderly manner. This is particularly important as funds held with payment institutions and e-money firms are not protected by the Financial Services Compensation Scheme.

The Financial Conduct Authority (FCA) is focused on ensuring that payments are safe and accessible (see further in 2.6 Jurisdiction of Regulators). Its main supervisory priority for the payments sector is ensuring that firms have robust safeguarding arrangements, prudential resilience and risk management arrangements, and systems and controls to prevent financial crime.

The FCA intends to extend the Senior Managers and Certification Regime to apply to payment institutions and e-money firms.

New Consumer duty

The FCA has consulted on a proposal for a new consumer duty that would raise the standard of care that firms need to provide to retail consumers. This includes firms that do not have a direct relationship with retail clients (eg, firms involved in the manufacture or supply of products and services to retail clients). The FCA is expected to publish the final rules by July 2022.

Specific Rules for Particular Fintech Business Models

There are specific requirements relevant to certain types of fintech business models. Many of these, including peer-to-peer lending and crypto-asset-related activities, are discussed further below.

Impact of Brexit on the UK Regulatory Regime

The UK left the EU on 31 January 2020 (Brexit), and the transition period (during which period EU law applied in the UK) ended on 31 December 2020. Following the end of the transition period, the European Union (Withdrawal) Act 2018 (the EUWA) provided for the onshoring of certain EU legislation as it applied at that date into UK domestic law.

Kalifa Review

An HM Treasury-commissioned independent report on the UK fintech sector was published in 2021 (the Kalifa Review). This contains a number of recommendations, including proposals for a new digital finance regulatory framework. The government committed to implementing many of its recommendations.

The compensation models that fintech firms can utilise vary depending on the nature of a firm's business and the regulatory rules applicable to that firm.

There are restrictions on charging fees for certain types of payment methods. The Consumer Rights (Payment Surcharges) Regulations 2012 (SI 2012/3110) (the Surcharges Regulations) impose a ban in relation to payment surcharges, and limits on surcharges for certain payments.

Card Surcharge Ban

Payees must not charge a payer any fee in respect of payment by means of card-based payment instruments or other payment instruments (other than commercial cards or other payment instruments as set out in the Surcharges Regulations) to the extent that certain conditions are met.

Limit on Surcharging for Other Payments

There are also limits in relation to some business-to-business and consumer-to-business payments.

The regulation applicable to both legacy players and fintechs depends on the nature of a firm's business model and the activities that it conducts, which must be determined on a case-by-case basis. That being said, there are areas of regulation aimed at fintechs. For example, the PSR 2017 includes specific rules for small payment institutions.

The FCA is a global pioneer in developing initiatives to support firms using innovative technologies.

FCA Regulatory Sandbox

The FCA has offered a regulatory sandbox since 2016 to allow firms to test innovative products in a controlled environment whilst ensuring there are appropriate consumer protection safeguards in place.

FCA Digital Sandbox Pilot

The FCA's second cohort of the Digital Sandbox is focused on testing and developing products and services in the area of ESG data and disclosure.

FCA Regulatory Nursery

In April 2021, the FCA announced it will launch a regulatory nursery to provide additional support to firms that have recently been authorised.

FCA Green Fintech Challenge

The FCA's Green FinTech Challenge aims to support firms in navigating regulation and supports live market testing of new products and services that will aid the transition to a net zero economy.

FCA TechSprints

The FCA has been hosting TechSprints since 2016, which are events that bring together industry participants to develop technology-based ideas to address specific industry challenges.

The Global Financial Innovation Network (GFIN)

The GFIN was launched in 2019 by an international group of financial regulators and related organisations, including the FCA. This built on the FCA’s early 2018 proposal to create a global sandbox, and the FCA now leads and chairs the GFIN.

The GFIN seeks to develop a cross-border testing framework (or "global sandbox") to allow firms to trial and scale new technologies or business models in multiple jurisdictions.

The key regulators for the UK fintech market are the FCA, the Bank of England, the Prudential Regulatory Authority (PRA) and the Payment Systems Regulator. A brief description of each of their roles and objectives is summarised below:

• FCA – the FCA's strategic objective is to ensure that markets for financial services function well and it is responsible for, amongst other things: regulating standards of conduct in retail and wholesale financial markets; supervising trading and infrastructures that support those markets; and supervising payment institutions and e-money firms;
• Bank of England – the Bank of England's objective is to protect and enhance the stability of the UK's financial system and it is responsible for monetary policy and financial stability;
• PRA – responsible for the prudential regulation and supervision of banks, building societies, credit unions, insurers and major investment firms; and
• Payment Systems Regulator – the independent regulator for UK payment systems which is responsible for the regulation of payment systems designated by HM Treasury and the participants in such systems.

Co-operation between Regulators

The Bank of England, FCA, PRA and Payment Systems Regulator have entered into a Memorandum of Understanding setting out how they will co-operate with one another in relation to payment systems in the UK. This includes requirements to consult with one another in certain circumstances, or on matters of common regulatory interest.

Other Regulatory and Public Bodies

There are several other regulatory and public bodies that are relevant to the UK fintech market, including the Financial Ombudsman Service, the Competition and Markets Authority (the CMA) and the Information Commissioner’s Office (the ICO).

Outsourcing Requirements

Regulated firms may outsource certain functions to third-party service providers; however, they retain full responsibility and accountability for their regulatory duties. Firms are not permitted to delegate any part of this responsibility to a third party.

Different outsourcing requirements apply to different types of firms, and these requirements often depend on the type of function being outsourced (eg, outsourcings deemed material, critical or important are subject to more stringent rules).

In general terms, a non-exhaustive list of some of the outsourcing requirements includes:

• regulatory notification obligations where the proposed outsourcing is critical or important;
• performing due diligence on the outsourcing service provider (before the outsourcing, and during the term of the outsourcing arrangement);
• identifying and managing operational risks;
• retaining the expertise to supervise the outsourced functions effectively;
• ensuring there is a written policy; and
• regularly evaluating the contingency arrangements to ensure business continuity in the event of a significant loss of services from the outsourcing service provider.

The FCA expects firms to apply a risk-based and proportionate approach when meeting their outsourcing requirements, considering the nature, scale and complexity of a firm’s operations.

Operational and Cyber-resilience

The FCA's new rules on operational resilience come into force in March 2022.

These rules include requiring firms to map important business services (including the people, processes, technology, facilities and information that supports these services) and robustly test contingency arrangements. Firms need to consider their dependency on services supplied by third parties and the resilience of these third-party services.

The requirements apply to a wide range of firms, including payment institutions, e-money firms, UK banks, building societies and PRA-designated investment firms.

Certain platform providers may be carrying on regulated activities triggering authorisation under FSMA, depending on their activities and business model. Where FSMA authorisation is triggered, they will need to comply with relevant conduct of business requirements relating to the operation of the platform. The regulated activities that may be triggered in relation to operating a trading platform are discussed in 7.1 Permissible Trading Platforms.

The government has announced plans to introduce a regulatory regime aimed at the largest digital firms designated with "strategic market status". In addition, there is a draft Online Safety Bill which intends to improve online safety for UK users by requiring in-scope firms to prevent the proliferation of illegal and harmful content. This is discussed below.

Digital Firms with Strategic Market Status

The government's consultation on its proposal for a new pro-competition regime for digital markets closed in October 2021. The UK government has committed to legislating when Parliamentary time allows.

In the interim, a Digital Markets Unit (DMU) was established in shadow form in April 2021 to prepare for the new regime, and it will eventually oversee digital platforms designated with strategic market status.

The proposed key pillars applicable to firms with strategic market status are:

• a new, legally binding code of conduct;
• pro-competitive interventions (eg, interoperability requirements); and
• enhanced merger rules to enable the CMA to apply closer scrutiny to transactions involving firms with strategic market status.

The proposed regime is an ex ante regime, focused on preventing harm. It is proposed that the DMU be able to impose penalties of up to 10% of worldwide turnover. The FCA will also be given enforcement and implementation powers in regulated sectors.

Online Safety Bill

In May 2021, the government published a draft of the Online Safety Bill. A Joint Committee published a report in December 2021 on how this draft Bill could be improved, and the UK government is expected to issue a revised Bill (taking into account the Joint Committee's findings) which will then be formally introduced to Parliament.

This will establish a new legal duty of care for in-scope companies and aims to improve the safety of their users online. The proposal includes a requirement for in-scope companies to:

• prevent the proliferation of illegal content and activity online;
• ensure that children who use their services are not exposed to harmful content; and
• maintain appropriate systems and processes to improve user safety.

The Online Safety Bill is intended to apply to companies (including companies outside the UK) whose services either host user-generated content which can be accessed by users in the UK and/or facilitate public or private online interaction between service users, one or more of whom are in the UK.

Only companies with direct control over the content of and activity on a service will be subject to the duty of care. Business-to-business services will remain outside the scope, and there are a number of exemptions, including for services which play a functional role in enabling online activity (eg, internet service providers), services used internally by businesses, and certain low-risk businesses with limited functionality.

Ofcom will be the regulator and its enforcement powers include the ability to impose fines of up to GBP18 million or 10% of a company's annual turnover (whichever is higher) and blocking non-compliant services from being accessed in the UK.

The PSR and FCA has taken enforcement action against a number of payments firms. Most notably, in January 2022, the PSR fined five companies more than GBP33 million for breaching antitrust rules in the prepaid cards market. In February 2021 the FCA publicly censured a regulated payment institution for failing to safeguard its customers' money and for misuse of its payment accounts under the PSRs 2017. Currently, the PSR has a number of open investigations regarding potential breaches of payments regulation.

In addition, the Office of Financial Sanctions Implementation (OFSI) recently imposed financial penalties on two fintechs for breaches of financial sanctions regulations.

UK regulators have not otherwise concluded any significant enforcement actions against fintechs. However, given the sector is under increasing scrutiny, it is expected that regulators will take enforcement action against fintechs if they identify regulatory breaches.

Firms should assess the impact of non-financial services regulation, including data privacy rules and guidance in relation to big data and AI ethics.

Data Privacy

The UK data protection regime is set out in the Data Protection Act 2018 along with the General Data Protection Regulation ((EU) 2016/679), as it forms part of the domestic law of the UK by virtue of the EUWA. Firms will need to assess the requirements on the processing and storage of personal data on a case-by-case basis. For example, business models using blockchain or distributed ledger technology will need to ensure compliance with the data privacy requirements, which can raise practical issues given the decentralised and immutable nature of blockchain technology.

Technology Development – Big Data and AI Ethics

Firms developing innovative technology and software need to assess the legal and regulatory framework in relation to big data and AI ethics.

One of the ICO's top three strategic priorities includes addressing data protection risks arising from technology and, specifically, the implications of AI and machine learning. The ICO has published guidance on AI and data protection, which includes advice on how to interpret data protection law as it applies to AI. Additionally, the ICO has published guidance on how organisations can best explain their use of AI to individuals. This addresses transparency and "explainability" in relation to AI, meaning the ability to give full and clear explanations of the decisions made by or with the assistance of AI.

The UK House of Lords published a report in December 2020 which recommended that steps be taken to operationalise ethics and establish national standards to provide an ingrained approach to ethical AI, including a framework for ethical development of AI which addresses issues of prejudice and bias.

The UK government is due to publish a White Paper in early 2022 on the UK's position on the governance and regulation of AI. See 2.8 Gatekeeper Liability.

Industry groups and trade associations (such as UK Finance) play a key role in representing stakeholders, engaging in dialogue with regulators and publishing guidance.

Firms may also need to comply with the rules and standards imposed by operators of payment systems. In particular, Pay.UK operates the UK's retail payment systems and is responsible for delivering a New Payments Architecture, see 5.1 Payment Processors' Use of Payment Rails.

Firms may need to engage with other external parties such as auditors (to conduct an audit of the accounts or carry out the requisite safeguarding audit) or external consultants.

In broad terms, it is permissible for a regulated entity to provide unregulated products and services.

The FCA noted that where an FCA-authorised firm carries on unregulated activity (eg, in relation to an unregulated crypto-asset), while that activity may not require a permission in itself, it is possible in certain circumstances that some FCA rules — like the Principles for Business and the individual conduct rules under the Senior Managers and Certification Regime — may still apply to that unregulated activity.

The FCA reminded authorised firms in a Dear CEO letter dated January 2019 that they must not indicate or imply that they are regulated or otherwise supervised by the FCA in respect of unregulated activities that they carry on. Any financial promotions that also refer to unregulated products or services should make clear those aspects which are not regulated.

Experience shows that some firms establish a separate entity to provide unregulated products and services.

See 12.2 Local Regulators' Approach to Blockchain in relation to future possible changes in the regulatory perimeter with respect to crypto-assets, including HM Treasury consultations on extending the UK financial promotions requirements under FSMA to unregulated crypto-assets and on the UK regulatory approach to crypto-assets and stablecoins.

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) impacts both regulated firms (eg, payment institutions and e-money firms) and unregulated firms. For example, certain crypto firms that are not currently regulated by the FCA must register with the FCA and comply with the requirements of the MLR 2017, including customer due diligence requirements, see 7.3 Impact of the Emergence of Cryptocurrency Exchanges.

Based on public records, many crypto-asset firms that have applied for registration under the MLR 2017 have not sufficiently demonstrated that their AML systems and controls are adequate for registration. This is likely due to the FCA applying high standards when assessing the AML controls of crypto-asset firms.

Robo-advice is an umbrella term that refers to a broad spectrum of automated digital or online advice tools. Many firms use hybrid business models which combine automated advice with some potential for interaction with a human adviser. The FCA "think it is likely that hybrid models will continue to dominate the sector" (in a report dated December 2020).

There is no single, specific regime for robo-advisers. The regulatory requirements applicable to each firm depend on the nature of the activities it performs. The provision of investment advice is a regulated activity in the UK. There are also a number of other regulated activities which may be performed in connection with robo-advisory services such as arranging transactions in investments and making arrangements with a view to transactions in investments.

The FCA confirmed that it expects automated investment services to meet the same regulatory standards as traditional discretionary or advisory services, particularly in relation to suitability requirements.

The FCA established its Advice Unit in 2016, which provides regulatory feedback to firms developing automated advice models.

According to the FCA, all major retail banks are expected to have an automated advice proposition in the next few years. Such legacy players will be able to leverage their existing client base.

The best execution rules are capable of applying to robo-advisers, depending on the nature of the activities conducted by the firm.

Best execution means firms must obtain the best possible result for their clients when executing client orders or passing them to other firms for execution. The requirements vary depending on the nature of the activities conducted by the firm. Firms that execute orders on behalf of clients are subject to more onerous requirements than firms that transmit or place orders with other entities for execution. The best execution requirements are primarily set out in the FCA's Conduct of Business Sourcebook (COBS).

The UK best execution rules are derived from the EU regime (in particular, under MiFID2 and MiFIR). Firms are expected to adhere to guidance issued by ESMA and CESR prior to Brexit, interpreting it in light of the UK's withdrawal from the EU and associated UK legislative changes.

There are significant differences in the regulation of lending to consumers and commercial lending. Commercial lending activities do not typically trigger a regulatory licence or authorisation requirement. In contrast, there are a number of regulated consumer credit activities in the UK, including the activity of entering into a regulated credit agreement.

For details on peer-to-peer lending, see 7.1 Permissible Trading Platforms.

The requirements in relation to the underwriting process depend on the type of credit activity which is being carried out. COBS requires firms to undertake a creditworthiness assessment of a customer. The FCA has also communicated its expectations in relation to vulnerable consumers. Firms will also need to comply with the applicable rules relating to anti-money laundering and KYC requirements.

The source of funds permissible for each business depends primarily on the nature of the lender. For example, banks are permitted to use deposits to fund loans subject to certain conditions, whereas some entities may obtain funds through peer-to-peer lending.

Consumer credit loans are not typically syndicated.

HM Treasury has the power to designate a payment system as a regulated payment system, which brings the system’s participants (operators, infrastructure providers, and payment service providers that provide payment services using the system) within the scope of the Payment Service Regulator’s powers. There are currently eight payment systems which have been designated by HM Treasury, as follows:

• BACS;
• CHAPS;
• Faster Payments Scheme (FPS);
• LINK;
• Cheque and Credit;
• Northern Ireland cheque clearing;
• Visa Europe; and
• Mastercard.

New Payments Architecture

Retail payments in the UK have historically been processed using separate infrastructures, resulting in a mix of rules and standards around processing, settlement cut-off times and messaging formats. There is a proposal to bring certain payment systems together to simplify the requirements for payment service providers.

Pay.UK (the operator of BACS and FPS) is responsible for facilitating the delivery of the New Payments Architecture (the NPA), which is a new way of organising interbank payments. The NPA is intended to replace the existing central infrastructure for BACS and FPS. The core clearing and settlement layer is expected to take over the processing of BACS and FPS, which accounted for nearly GBP7 trillion of payments in 2020.

The Payment Services Regulator has commented that there are "unacceptably high risks" that the NPA programme may not provide value for money and could stifle competition. The Payment Services Regulator published a policy statement in December 2021 setting out requirements on both Pay.UK and a central infrastructure services provider that aims to address risks to competition and innovation relating to the NPA ecosystem. The Payment Services Regulator plans to publish and consult on draft directions closer to the go-live date for the NPA (which, according to Pay.UK’s baseline plan will be in mid-2024).

Other Payment Systems

Payment processors are permitted to create their own payment rails.

HM Treasury confirmed that there are other payment systems that are currently too small to warrant consideration for designation as a regulated payment system or are not operational in the UK. The examples provided in 2015 were American Express, Diners Club, PayPal, Paym, Zapp, M-Pesa and Google Wallet, although HM Treasury noted that if these were launched in the UK and/or became important enough, they could potentially then be included in the scope of regulation.

Payments Landscape Review

HM Treasury published its Response to the Call for Evidence in October 2021 on the UK payments landscape, which may lead to changes to the regulation of payments systems networks in the UK. For example, there is proposal to consult on bringing systemically important firms in payments chains into Bank of England regulation and supervision.

Brexit has resulted in changes to the regulation of cross-border payments in the UK, including in respect of the UK Cross Border Payments Regulation, UK Funds Transfer Regulation and Single Euro Payments Area (SEPA) transactions.

Cross-Border Payments Regulation

Up until 31 December 2020, Regulation (EC) No 924/2009, as amended by Regulation (EU) 2019/518 as regards certain charges on cross-border payments in the Union and currency conversion charges (EU CBPR), applied in the UK. The EU CBPR includes an equality of charges principle which requires that intra-EU euro cross-border payments must be the same for corresponding national payments either in euro or in a non-euro currency of an EU member state. The EU CBPR legislation no longer applies in the UK as a result of Brexit.

The UK has onshored some aspects of the EU regime under the EU CBPR as it forms part of domestic law of the UK by virtue of the EUWA (the UK CBPR). The UK CBPR onshores transparency requirements on currency conversion charges, however the equality of charges principle is not part of the UK CBPR regime.

Certain provisions in the EU CBPR regime relating to post-transaction disclosure for card-based transactions have applied from 19 April 2021. These have not been onshored into the UK regime, as these provisions did not become part of EU retained law at the end of the transition period.

UK Funds Transfer Regulation

For firms that provide cross-border payment services, as a result of Brexit, it is now necessary to provide the name of the payer and payee, and the address of the payer, when making payments between the UK and the EU.

The UK regime is set out in Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers, as it forms part of domestic law of the UK by virtue of the EUWA (the UK Funds Transfer Regulation).

The FCA has exercised temporary transitional powers to temporarily waive or modify certain obligations which have changed as a result of Brexit. In particular, the FCA's standstill direction applies in relation to amendments to the UK Funds Transfer Regulation made as a result of Brexit. This means that firms can choose to comply with the pre-Brexit or post-Brexit version of the requirements until 31 March 2022. Consequently, firms can choose to process payments initiated by EEA payment service providers, even if an EEA payment service provider has not provided the full name and address details until 31 March 2022, subject to any scheme rules that might apply.

SEPA

The UK has maintained participation in SEPA as a third country. SEPA enables quick and efficient cross-border payments across the EU and a number of third countries.

The European Payments Council published a Brexit reminder in November 2020, reminding firms of the additional requirements that apply to cross-border SEPA payments involving a UK-based SEPA payment scheme participant from 1 January 2021 (as a result of the UK being treated as a third country).

Whilst there is no regulated activity which specifically covers fund administration services, a fund administrator could potentially fall within the scope of the UK regulatory regime, depending on the nature of the activities that it conducts. In particular, a fund administrator should assess whether it is conducting the regulated activity of advising on investments, arranging deals in investments, and establishing, and operating or winding up either a collective investment scheme or an unregulated collective investment scheme. It may also need to consider whether it is acting as a manager of a UK undertaking for collective investment schemes (UCITS) or UK alternative investment funds (AIFs) or a depositary, as there are detailed rules that apply to these entities.

The contractual terms that a fund administrator enters into may need to reflect regulatory requirements in relation to outsourcing, the processing of personal data, and potentially other regulatory requirements which will depend on the specifics of the business model and nature of activities being performed.

Exchanges and Trading Platforms

Stock exchanges (including UK-recognised investment exchanges), securities markets, and operators of such markets are heavily regulated. There are three main types of trading venues (regulated markets, multilateral trading facilities (MTFs) and organised trading facilities (OTFs)) and different rules apply to companies with shares trading on each of these markets.

To the extent that an exchange or trading platform engages with crypto-assets or tokens that come into scope of the UK's regulatory perimeter (see 7.2 Regulation of Different Asset Classes), the entity may be carrying out a regulated activity. For example, this may include operating an MTF or OFT, dealing in investments as principal or as agent, arranging deals in investments, sending dematerialised instructions, making arrangements with a view to investments, and safeguarding and administering investments.

For a discussion on the regulatory regime applicable to crypto-exchanges, please see 7.3 Impact of the Emergence of Cryptocurrency Exchanges.

Peer-to-Peer and Crowdfunding

The activity of operating a crowdfunding platform may be regulated, depending on the nature of the activity conducted. The FCA regulates the following crowdfunding activities:

• loan-based crowd funding (known as peer-to-peer lending): where consumers lend money in return for interest payments and a repayment of capital over time; and
• investment-based crowdfunding: where consumers invest directly or indirectly in businesses by buying investments such as shares or debentures.

Payment services provided in connection with the following activities are also regulated:

• donation-based crowdfunding: where consumers give money to enterprises or organisations they want to support; and
• prepayment or rewards-based crowdfunding: where consumers give money in return for a reward, service or product (such as concert tickets, an innovative product, or a computer game).

EU rules on crowdfunding under Regulation (EU) 2020/1503 on European crowdfunding service providers for business (the EU Crowdfunding Regulation) were not "onshored" into UK law at the end of the Brexit transition period (which expired on 31 December 2020). In November 2020, the Cabinet Office published a letter to HM Treasury, which stated that the UK government has been actively reviewing the merits of the EU Crowdfunding Regulation but found no evidence to suggest its implementation would result in material benefit to the UK crowdfunding sector.

See 2.2 Regulatory Regime for a discussion on the licensing regime. In broad terms, an activity is a regulated activity if it is an activity of a specified kind that is carried on by way of business in the UK and relates to a specified investment under the RAO. In general, the MiFID2 financial instrument categories map into RAO-specified investment categories.

Firms which carry on certain crypto-asset-related activities in the UK, referred to as crypto-asset exchange providers and custodian wallet providers, are subject to the MLR 2017.

Crypto-asset exchange providers and custodian wallet providers are required to register with the FCA. They are subject to ongoing obligations, such as requirements to take steps to identify and manage the risks of money laundering and terrorist financing. These include establishing appropriate policies, controls and procedures, and carrying out the requisite customer due diligence.

Crypto-asset exchanges may be subject to other regulatory requirements depending on the regulatory characterisation of the types of crypto-assets that are traded on the exchange, and the activities that the firm conducts. For example, if the crypto-asset qualifies as a transferable security or other financial instrument, the operator of the exchange may need to be authorised as the operator of an MTF or OTF. A crypto-exchange business should also consider whether it is issuing electronic money or providing a payment service.

There are no specific listing standards for unregulated platforms (or for listing unregulated crypto-assets).

However, crypto-assets that have substantive characteristics that are akin to traditional securities (eg, shares or bonds) will be regulated as securities. 

For example, if a crypto-asset or token is a transferable security and the tokens are either offered to the public in the UK or admitted to trading on a regulated market, the issuer will need to publish a prospectus unless an exemption applies.

There are detailed rules governing the eligibility requirements and ongoing obligations for a premium and standard listing of shares on a UK-regulated market, including prospectus requirements. A fintech firm interested in listing would need to consider these requirements.

FCA rules also set out requirements for operators of MTFs and OTFs which must have rules setting out eligibility criteria, amongst other things.

The FCA's Handbook contains rules in relation to client order handling requirements and client limit orders.

See 7.1 Permissible Trading Platforms for further details on the regulatory framework for peer-to-peer platforms.

See 3.3 Issues Relating to Best Execution of Customer Trades for further details on the best execution requirements.

An FCA report dated April 2019 discusses the expectations in relation to payment for order flows. This occurs when an investment firm (eg, a broker) that executes orders for its clients receives a fee or commission from both the client that originates the order and the counterparty the trade is then executed with (typically a market-maker or other liquidity provider). These payments can create a conflict of interest between the firm and its clients.

Regulated firms that engage in payment for order flows must consider the FCA's rules in respect of the inducements regime, managing conflicts of interest and meeting the best execution requirements.

The UK market abuse regime is primarily set out in Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse as it forms part of domestic law of the UK by virtue of the EUWA (UK MAR). This contains prohibitions on insider dealing, unlawful disclosure of inside information and market manipulation.

Broadly speaking, the scope of the market abuse regime under UK MAR covers financial instruments (including security tokens) that are traded or admitted to trading on a trading venue or for which an application for admission has been made, as well as financial instruments whose price or value depends on or has an effect on the types of financial instruments referred to above. Certain provisions of UK MAR also apply to spot commodity contracts, financial instruments that affect the value of spot commodity contracts and behaviour in relation to benchmarks. However, FX transactions and unregulated crypto-assets (such as cryptocurrencies) are not generally captured by the regime.

Algorithmic trading, including high-frequency algorithmic trading, is regulated in the UK. Algorithmic trading requirements encompass trading systems, algorithmic trading strategies and trading algorithms.

The definition of algorithmic trading is limited to trading in "financial instruments" – defined by reference to specified investments in the RAO, which broadly maps the MiFID2 financial instruments categories. Therefore, algorithmic trading in asset classes which do not constitute "financial instruments" will not constitute "algorithmic trading" for regulatory purposes.

There are specific requirements for firms who engage in algorithmic trading to pursue a market-making strategy. In particular, such firms must:

• carry out market-making continuously during a specified proportion of the trading venue’s trading hours so that it provides liquidity on a regular and predictable basis to that trading venue, except in exceptional circumstances;
• enter into a binding written agreement with the trading venue; and
• have in place effective systems and controls to ensure that it meets the obligations under the agreement.

However, HM Treasury has consulted on a proposal to remove the requirement for algorithmic liquidity providers and trading venues to enter into binding market making agreements, as part of the UK's Wholesale Markets Review published in July 2021.

There are no specific rules which distinguish between funds and dealers engaging in algorithmic trading.

Whilst providers of algorithmic trading systems are not typically subject to the same regulations as the firms employing their software, there are regulatory requirements that apply when developing and creating algorithmic trading programmes. Firms that engage in algorithmic trading must have effective systems and controls to ensure their trading systems. They must:

• be resilient and have sufficient capacity;
• be subject to appropriate trading thresholds and limits;
• prevent the sending of erroneous orders, or the systems otherwise functioning in a way that may create or contribute to a disorderly market; and
• not be used for any purpose that is contrary to UK MAR or the rules of a trading venue to which they are connected.

Market conduct considerations need to be a vital part of the algorithm development process. The FCA has noted that it is good practice for firms to consider, as part of their approval process, the potential impact of algorithmic trading strategies. The considerations would not be limited to whether a strategy strictly meets the definition of market abuse; rather, they would consider whether the strategy would have a negative impact on the integrity of the market and/or if it would likely further contribute to scenarios where there is wider market disruption.

The extent to which a financial research platform would be regulated in the UK depends on the exact nature of its activities and the content of the research it provides.

Licensing Requirements

If the research material were to be of a general and purely factual nature, it is unlikely that this would trigger any licensing requirements in the UK. However, if research materials were to provide recommendations in relation to individual securities, for example, it may constitute regulated investment advice. This would mean that the platform provider would need to be authorised by the FCA to provide investment advice.

Financial Promotion Restrictions

If the financial research platform produces content that would induce clients to enter into investment activity, this would constitute a financial promotion. There is a restriction prohibiting any person from issuing financial promotions unless that person is authorised, the content of the promotion is approved by an authorised person or, if the issuer of the financial promotion is not authorised, that person must rely on certain exemptions.

As discussed in 7.9 Market Integrity Principles, UK MAR prohibits insider dealing, unlawful disclosure of inside information and market manipulation. The dissemination of rumours and other unverified information – including through online channels – may, in some cases, constitute market manipulation.

Additionally, to the extent that a platform is providing investment advice, it must ensure that investment recommendations and supporting information are objectively presented, and disclose any conflicts of interest.

If the financial research platform is engaged in financial promotions, the content of any financial promotions must be clear, fair and not misleading.

UK MAR prohibits insider dealing, unlawful disclosure of inside information and market manipulation; see 7.9 Market Integrity Principles.

The FCA's Handbook provides descriptions of behaviour that amounts to market abuse. This includes taking advantage of occasional or regular access to the traditional or electronic media by voicing an opinion about an in-scope investment while having previously taken positions on that investment, and profiting from the impact of the opinions voiced on the price of that instrument without having disclosed that conflict of interest to the public. It also includes pump and dump and trash and can schemes (which entail taking a position on an in-scope investment and disseminating misleading information about that investment with a view to changing its price).

Insurtechs have transformed the underwriting processes used in the insurance industry. These firms typically use big data and AI technology to inform underwriting decisions, including pricing strategies and risk assessments.

Insurtechs must consider their regulatory obligations in relation to data privacy, the use of big data and AI ethics (see 2.10 Implications of Additional, Non-financial Services Regulations).

In principle, all types of insurers are regulated in the same way. Subject to a few exceptions, they are all subject to the UK regime, which implemented the Solvency II Directive, and to prudential regulation by the PRA. The UK is currently reviewing how to tailor the prudential regime to support the unique features of the insurance sector and regulatory approach in the UK, in a post-Brexit context.

There is no specific regulatory regime for regtech providers.

Regtech providers typically provide technical services and so may be less likely to trigger a regulatory licensing requirement. However, such firms should assess whether they are conducting a regulated activity in light of their specific business model and the activities that they perform.

A regtech provider may need to reflect in its contractual terms any requirements relating to outsourcing, the processing of personal data, and potentially other regulatory requirements which will depend on the specifics of the business model and nature of activities being performed.

The financial services industry has been exploring the use of distributed ledger or blockchain technology in a number of areas, including cross-border payments and remittance, trade finance, and identity verification.

Financial institutions have traditionally taken a cautious approach to adopting blockchain technologies. This is likely due to reputational, data privacy and security considerations. However, there are increasing signs of growth assisted by regulators providing legal clarity in relation to blockchain-related activities. It is expected that legacy players will increase their use of private, permissioned blockchain networks, particularly where pilot projects have demonstrated the feasibility and benefits of use.

We have included a non-exhaustive list of the key developments in the regulatory framework applicable to blockchain technology.

• The UK has brought custodian wallet providers and crypto-asset exchange providers into the scope of AML regulation. See 7.3 Impact of the Emergence of Cryptocurrency Exchanges.
• In 2018, a Cryptoassets Taskforce was announced which consists of the FCA, the Bank of England and HM Treasury. It published a joint report in October 2018 setting out the UK's policy and regulatory approach to crypto-assets and distributed ledger technology.
• In July 2019, the FCA published its Final Guidance on when crypto-related activities will fall within the scope of its regulatory perimeter, including a taxonomy for crypto-assets comprising:
1. security tokens;
2. e-money tokens; and
3. unregulated tokens (including utility tokens and exchange tokens), see 12.3 Classification of Blockchain Assets.
• On 18 November 2019, the UK Jurisdiction Taskforce published a Legal Statement on Crypto-assets and Smart Contracts to address legal questions as regards the status of crypto-assets and smart contracts. In December 2019, these statements were referenced in a High Court judgment.
• In March 2021, the UK tax authority (HMRC) published a manual on the tax treatment of crypto-assets (following previous guidance published in December 2019).
• On 6 January 2021, a ban on the sale, marketing and distribution to all retail consumers of derivatives and exchange-traded notes that reference unregulated transferable crypto-assets by firms acting in, or from, the UK came into effect.

Additionally, some of the key proposals on changes to the UK regulatory regime in respect of crypto-assets are summarised below.

• On 18 January 2022, HM Treasury published its response to its 2020 consultation on crypto-asset promotions, confirming the UK's intention to bring additional types of crypto-assets into the scope of financial promotion regulations. At present, security tokens and e-money tokens fall within the scope of the UK financial promotions regime, and the government is proposing to extend this to "unregulated crypto-assets".
• On 19 January 2022, the FCA also published a consultation on proposals to strengthen its financial promotion rules for high-risk investments (including crypto-asset promotions that HM Treasury plans to bring within scope of the UK financial promotion regime as outlined above), and for authorised firms which approve and communicate financial promotions.
• On 7 January 2021, HM Treasury published a consultation on the UK regulatory approach to crypto-assets and stablecoins. The government is considering expanding the scope of regulated tokens to include stablecoins, ie, tokens which stabilise their value by referencing one or more assets, such as fiat currency or a commodity, and could for that reason more reliably be used as a means of exchange or store of value.
• In April 2021, the Bank of England and HM Treasury launched a joint Central Bank Digital Currency (CBDC) Taskforce to co-ordinate the exploration of a potential UK CBDC. The CBDC Taskforce is expected to consult in 2022 on the case for a UK CBDC and merits of developing an operational and technology model for a UK CBDC.

Whilst there is no specific legislation for blockchain assets, recent developments have made it clear that many uses of blockchain technology and related crypto-asset types could fall within the UK's regulatory perimeter. The versatility of blockchain and distributed ledger technologies means they can be used to perform various regulated activities. Therefore, the regulatory treatment of blockchain assets depends on the nature and characterisation of the blockchain asset and the context in which it is used.

The FCA has provided guidance in relation to crypto-assets. Currently, some (but not all) crypto-assets are regulated in the UK. The FCA has indicated that a case-by-case analysis is needed to determine the correct regulatory treatment of a particular crypto-asset or token, depending on “the token’s intrinsic structure, the rights attached to the tokens and how they are used in practice”. Therefore, the structure and substantive characteristics of the blockchain asset determine whether it is regulated in the UK.

The FCA has identified three broad categories of crypto-assets (comprising two types of crypto-assets which are regulated, and a residual category of unregulated crypto-assets), as follows.

• Security tokens are crypto-assets with characteristics akin to certain specified instruments under the RAO (such as shares, debt instruments and units in a collective investment scheme), other than electronic money. Broadly, these are likely to be tokenised, digital forms of traditional securities.
• E-money tokens are crypto-assets that meet the definition of electronic money under the EMR 2011. In general terms, this captures digital payment instruments that store value, can be redeemed at par value at any time, and offer holders a direct claim on the issuer.

Both security tokens and e-money tokens fall within the scope of the UK's regulatory perimeter as specified investments under the RAO.

• Unregulated tokens are crypto-assets that are neither security tokens nor e-money tokens. This includes crypto-assets that the FCA refers to as exchange tokens (ie, cryptocurrencies such as Bitcoin) as well as utility tokens (eg, tokens used to buy a service or access a distributed ledger platform) and other types of unregulated crypto-assets.

The guidance clarifies that tokens can take a hybrid form and fall into different categories at different points in time.

There is no single regulatory regime for issuers of blockchain assets. An issuer may come within the scope of the UK's regulatory perimeter, depending on the nature of its activities.

In particular, issuers of blockchain assets should consider whether they are crypto-asset exchange providers as discussed in 7.3 Impact of the Emergence of Cryptocurrency Exchanges.

Issuers should be aware of potential future changes to the regulatory regime, including the HM Treasury's January 2021 consultation on the UK regulatory approach to crypto-assets and stablecoins, which considers expanding the scope of regulated tokens to include stablecoins. In December 2020, the Bank of England published a report on systemic stable token payment systems which noted that issuers or system operators that attain systemic status may become subject to regulation and enhanced requirements.

The FCA has confirmed that "a firm wanting to create infrastructure for the buying, selling and transferring of security tokens (commonly known as exchanges or trading platforms) must ensure it has the appropriate permissions for the activities it wants to carry on". The regulated activities that may be triggered in relation to operating a trading platform are discussed in 7.1 Permissible Trading Platforms.

Additionally, blockchain asset trading platforms should consider whether they fall within the categories of crypto-asset exchange providers or custodian wallet providers as described in 7.3 Impact of the Emergence of Cryptocurrency Exchanges.

Funds that invest in blockchain assets are subject to the usual regulatory rules applicable to investment funds and collective investment schemes.

The FCA has confirmed that firms can gain exposure to unregulated tokens (such as exchange tokens) through financial instruments such as fund units and derivatives referencing those tokens. These financial instruments are likely to fall within the UK regulatory perimeter (even though they reference unregulated crypto-assets) as specified investments (eg, options, futures or contracts for difference under the RAO).

There is a ban on the sale to retail consumers of derivatives and exchange-traded notes that reference unregulated transferable crypto-assets, as discussed in 12.2 Local Regulators’ Approach to Blockchain. 

The UK regulatory regime is technology agnostic. The regulatory treatment of virtual currencies does not depend on whether they rely on blockchain technology.

See 12.3 Classification of Blockchain Assets for details on the regulatory classification of crypto-assets.

Decentralised finance (DeFi) is an umbrella term covering the use of blockchain technology which commonly takes the form of decentralised apps that use smart contracts to automate transactions to provide traditional financial services (such as loans and insurance) without human involvement.

An HM Treasury consultation published in January 2021 confirmed that, at present, certain DeFi activities could fall within the UK's regulatory perimeter, and the "government does not currently propose to bring specific DeFi activities into the scope of regulation", but this will be kept under review.

NFTs are a type of crypto-asset that can be used to create tokenised ownership of a unique digital version of underlying physical or digital assets (eg, artworks, sports memorabilia, and other collectibles). Each NFT is unique, meaning that NFTs are distinguishable from and not interchangeable with other NFTs.

There is currently no NFT-specific regulation in the UK. However, depending on the NFT's features and activities being carried on, certain activities with respect to some types of NFTs could fall within the UK's existing regulatory perimeter.

See 12.3 Classification of Blockchain Assets for details on the regulatory classification of crypto-assets and 7.3 Impact of the Emergence of Cryptocurrency Exchanges on requirements for crypto-asset exchange providers or custodian wallet providers.

The PSR 2017 has facilitated the roll out of open banking by introducing regulation for third-party payment service providers (TPPs).

At present, nine of the UK's largest banks and building societies are required to make customer data available through open banking, but other smaller banks and building societies have also chosen to take part in open banking (including as a means of compliance with broader obligations to facilitate TPP access to accounts under the PSR 2017).

There may be an expansion of open banking to a wider range of accounts and financial products (such as savings, mortgages, consumer credit, investments and insurance) as part of the FCA's proposed open finance initiative.

The UK has also been considering similar broader initiatives as part of its Smart Data review; the government proposed Next steps for Smart Data in September 2020. In the area of pensions, the Pension Schemes Act 2021 introduces a legislative framework for pensions dashboards that will enable consumers to access data about all their pensions in one place. However, the regime is not yet operational with further secondary legislation and guidance under development.

The PSR 2017 includes rules on the access and use of data by TPPs as well as strong customer authentication (SCA) and secure communication standards, which address some of the concerns in relation to data sharing in the context of open banking.

Although regulatory rules introducing SCA requirements generally began to apply from 14 September 2019, the FCA granted certain sectors of the industry additional time to prepare and implement these requirements to minimise potential disruption to merchants and customers.

In the context of proposals for open finance, the FCA has noted that greater access to data gives rise to the potential for personalised pricing to almost an individual basis, which could lead to forms of discrimination. The FCA has emphasised the importance of ensuring that data is held securely and used in an ethical manner in its open finance feedback statement published in March 2021.