Financial Conduct Authority
The Financial Conduct Authority (FCA) is the independent regulator in the United Kingdom responsible for financial conduct rules, market integrity, and consumer protection. It oversees banks, investment firms, insurance companies, and payment processors operating in the UK financial system.
Origins and mandate
The FCA was established in 2013 following the 2008 financial crisis and the breakup of the Financial Services Authority (FSA). The FSA had struggled to balance two conflicting mandates—prudential (safety and soundness) and conduct (market behavior)—and was criticized for failing to prevent the crisis.
The UK redesigned its regulatory architecture into two independent bodies:
- PRA (Prudential Regulation Authority): focuses on capital adequacy, solvency, and systemic risk (oversees large banks and insurers).
- FCA (Financial Conduct Authority): focuses on conduct—how firms treat customers, market manipulation, fair dealing, and anti-money-laundering.
The FCA is a quasi-autonomous non-governmental organization (quango) funded by levies on regulated firms, not taxpayers. It answers to Parliament and the Treasury, but operates day-to-day independently.
Regulatory framework and rulebooks
The FCA publishes the Handbook, a comprehensive rulebook covering:
Market conduct. FMSA 2000 Section 118 empowers the FCA to prosecute market manipulation and insider trading. The FCA monitors exchanges and dark pools for suspicious patterns, unusual volume, or trading ahead of major announcements.
Treating customers fairly (TCF). Firms must act honestly, fairly, and professionally in customers’ interests. This includes:
- Disclosure of fees and conflicts of interest.
- Suitability assessments before recommending investments.
- Fair pricing and execution.
Anti-money laundering and sanctions (AML/sanctions). Firms must implement Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures, report suspicious activity, and screen customers against OFAC and UN sanctions lists. The FCA works with FinCEN (the US), FATF, and other bodies on AML compliance.
Operational resilience. Firms must identify critical services and be able to continue them during cyber incidents, natural disasters, or supply chain shocks. The FCA’s “Operational Resilience” framework requires firms to test and document their recovery capabilities.
Consumer credit and mortgage lending. The FCA oversees consumer credit rules (affordability checks, responsible lending) and mortgage underwriting. This is where the FCA directly impacts retail borrowers—lenders must verify income and assess whether a mortgage is affordable, not just profitable for the bank.
Enforcement and penalties
The FCA has teeth. Enforcement actions include:
Fines. The FCA can fine firms up to 10% of worldwide revenue or £20 million, whichever is higher. High-profile cases include:
- HSBC (2012): $1.9 billion (joint US/UK fine) for AML failings.
- Barclays (2015): £284 million for forex rate-rigging.
- Facebook/Meta (2023): £16 million for advertising disclosure.
License revocation. The FCA can revoke a firm’s authorization, effectively ending its business. This is the nuclear option, used for serious breaches (e.g., Wirecard-type fraud, massive Ponzi scheme operations).
Enforceable undertakings. The FCA can require firms to implement controls, hire compliance staff, or undergo audits without formal fines—a less punitive but still binding remedy.
Public warnings. The FCA names and shames unauthorized firms (scam operations pretending to be legitimate) in periodic warnings.
FCA and industry change
The FCA is not anti-industry; it balances firm viability with consumer protection. Notable recent initiatives:
Open Banking (PSD2). The FCA enforced Payment Services Directive 2 (PSD2), which requires banks to open APIs so fintech firms can access customer account data (with consent) and initiate payments. This broke bank monopolies on customer data.
Regulatory sandbox. The FCA created a “sandbox” where startups can test new products under FCA supervision without immediately complying with all rules. This has accelerated fintech innovation (cryptocurrency platforms, robo-advisors, open banking).
Consumer duty (2023). The FCA’s newest rulebook requires firms to put consumer outcomes first, not just avoid causing harm. This raises the bar for suitability and advice quality.
Relationship with PRA and international regulators
The FCA and PRA coordinate via a memorandum of understanding. On big firms (HSBC, Barclays, Lloyds), both regulators have a say: the PRA ensures the firm is capitalized; the FCA ensures it is not ripping off customers or manipulating markets.
Internationally, the FCA cooperates with:
- SEC and CFTC (US): On cross-border enforcement and market manipulation.
- ECB and national regulators (EU): Even post-Brexit, European firms operating in the UK need FCA approval.
- IOSCO and FSB: The FCA participates in international standard-setting.
Implications for investors and borrowers
For investors: The FCA ensures exchanges are fair and that insider trading is prosecuted. UK-listed stocks are less likely to be manipulated than OTC stocks in unregulated markets. But the FCA’s suitability rules also restrict leverage and certain derivatives for retail investors—you cannot buy a crude oil futures contract on a UK retail platform without proof of experience.
For borrowers: The FCA’s affordability rules mean UK mortgages require income verification and stress-testing (e.g., can you afford the mortgage if rates rise 3%?). This is protective but also restrictive—you cannot get a liar’s loan in the UK.
For fintech: The sandbox and open banking rules have made the UK a fintech hub. But the FCA’s operational resilience requirements mean smaller startups must invest heavily in compliance, favoring larger, better-capitalized players.
See also
Closely related
- PRA (Prudential Regulation Authority) — sister regulator for capital/prudence
- Market conduct and manipulation
- Know Your Customer (KYC)
- Insider trading law