The appointed representative (AR) regime is one of the most significant — and most scrutinised — features of UK financial regulation. Under Section 39 of the Financial Services and Markets Act 2000, an authorised firm (the principal) can appoint another person (the appointed representative) to carry out regulated activities on its behalf, under its regulatory umbrella. The AR does not need its own FCA authorisation — it operates under the principal's permissions, and the principal bears full regulatory responsibility for the AR's conduct. For payment institutions, the AR regime is relevant where the firm acts as principal for ARs carrying out activities such as credit broking, insurance distribution or consumer credit intermediation. This article examines the obligations of PI principals, the FCA's reform agenda and common compliance failures.
How the AR Regime Works
The AR regime enables authorised firms to extend their regulated activities through a network of appointed representatives without each AR requiring separate FCA authorisation. The principal firm grants the AR permission to carry out specific regulated activities within defined parameters. In return, the principal assumes full regulatory responsibility for the AR's conduct — including compliance with FCA rules, consumer protection obligations and financial crime requirements.
For payment institutions, the AR regime is most commonly used where the PI holds additional permissions beyond its core payment services authorisation. For example, a PI that also holds credit broking permissions may appoint ARs to introduce customers to its lending products. A PI with insurance distribution permissions may appoint ARs to distribute insurance alongside payment services. The AR regime does not apply to payment services activities themselves — agents appointed under the Payment Services Regulations 2017 are subject to a separate regime.
PS22/11: The FCA's AR Regime Reforms
In December 2022, the FCA implemented significant reforms to the AR regime through Policy Statement PS22/11 ('Improving the Appointed Representatives regime'). These reforms were driven by the FCA's findings that the AR regime was a significant source of consumer harm, with principals frequently failing to exercise adequate oversight of their ARs. Key reforms include:
Enhanced pre-appointment due diligence. Principals must conduct thorough due diligence before appointing an AR, including assessment of the AR's competence, financial position, business model viability and the fitness and propriety of its key individuals. The due diligence must be documented and retained.
Annual AR review. Principals must conduct a comprehensive annual review of each AR's activities, compliance and performance. The review must assess whether the AR continues to meet the criteria for appointment and whether the principal's oversight arrangements remain effective.
Improved data reporting. Principals must submit enhanced data to the FCA about their AR networks, including revenue generated by each AR, complaints data and information about the regulated activities each AR is conducting.
Self-assessment. Principals must conduct an annual self-assessment of their own AR oversight capabilities, considering whether they have sufficient resources, expertise and systems to oversee their AR network effectively.
Notification requirements. Principals must notify the FCA before appointing a new AR, providing specified information about the proposed AR and the activities it will conduct. The FCA has the power to object to appointments.
Principal Firm Obligations
The principal's obligations extend across the full lifecycle of the AR relationship:
Governance. The principal's board or governing body must have clear oversight of the AR programme. A senior manager must be accountable for AR oversight under the Senior Managers and Certification Regime (SM&CR). AR risks must be reflected in the firm's risk management framework.
Due diligence. Pre-appointment due diligence must assess the AR's competence, financial stability, regulatory history, fitness and propriety of key persons and the viability of the proposed business model. This is not a one-time exercise — ongoing due diligence must be conducted throughout the relationship.
Agreements. The principal-AR agreement must clearly define the scope of permitted activities, compliance obligations, reporting requirements, termination provisions and the allocation of responsibilities. Agreements must be reviewed and updated as circumstances change.
Monitoring. The principal must implement ongoing monitoring of each AR's activities, including transaction monitoring, complaints analysis, quality assurance sampling, financial monitoring and compliance testing. Monitoring intensity should be risk-based — higher-risk ARs require more intensive oversight.
Training and competence. The principal must ensure that AR staff are competent to perform their roles, including providing or requiring appropriate training and maintaining competence records.
Complaints handling. The principal is responsible for handling complaints about its ARs' conduct. Complaints data must be analysed for patterns and root causes, and used to inform AR oversight decisions.
Termination. The principal must be willing and able to terminate ARs that fail to meet required standards. The FCA has criticised principals that continue relationships with underperforming ARs due to commercial considerations.
Common Compliance Failures
Inadequate pre-appointment due diligence. Appointing ARs without conducting meaningful assessment of their competence, financial position or business model — relying on superficial checks or commercial enthusiasm rather than rigorous evaluation.
Insufficient ongoing monitoring. Failing to implement systematic monitoring of AR activities — relying on AR self-reporting without independent verification, or conducting monitoring that is infrequent and formulaic.
Commercial conflicts. Allowing revenue considerations to override compliance judgements — continuing AR relationships despite identified compliance failures because the AR generates significant income.
Poor management information. Failing to produce and review adequate MI on AR performance — the board and senior management lack visibility of AR risks and compliance status.
Delayed termination. Not terminating ARs promptly when performance or compliance issues are identified — extending remediation periods indefinitely rather than making difficult exit decisions.
Scope creep. Permitting ARs to conduct activities beyond their agreed scope — either through inadequate controls or wilful blindness.
What Firms Should Do Now
- Review your AR governance framework — is there clear board-level oversight and senior management accountability for the AR programme?
- Assess the quality of your pre-appointment due diligence — does it meet the FCA's enhanced expectations under PS22/11?
- Conduct the annual AR review for each AR, assessing competence, compliance and continued suitability.
- Review AR monitoring programmes — are they risk-based, systematic and producing actionable MI?
- Assess your willingness to terminate underperforming ARs — have commercial considerations delayed necessary exit decisions?
- Ensure FCA reporting requirements are met accurately and on time.
Regulatory Context and Outlook
The FCA has been clear that the AR regime remains a supervisory priority. In its 2024/25 Business Plan, the FCA highlighted concerns about principals failing to exercise adequate oversight and stated its intention to take action against principals where AR misconduct causes consumer harm. The FCA has also indicated that it may propose further reforms if the PS22/11 changes do not produce sufficient improvement. Payment institutions acting as principals should treat AR oversight as a core compliance function — not a peripheral activity — and invest accordingly.
Regulatory Counsel advises payment institutions on AR regime compliance, including governance frameworks, due diligence programmes, monitoring systems and FCA engagement. Contact us for a free initial consultation.
Frequently Asked Questions
A firm or individual permitted to carry out regulated activities under the regulatory permissions of an authorised firm (the principal), without needing its own FCA authorisation.
No. The AR regime under FSMA covers activities like credit broking and insurance distribution. PI agents under the PSRs 2017 are a separate regime for payment services activities.
FCA reforms effective December 2022 that strengthened principal obligations — including enhanced due diligence, annual AR reviews, improved data reporting and FCA notification before appointment.
Yes. The principal bears full regulatory responsibility for its ARs' conduct and can face supervisory or enforcement action for failures in AR oversight.