Financial Conduct Authority data now live: 6 new regulatory tests

The Financial Conduct Authority (FCA) is now Senserity's 27th data source. We have connected to the FCA's Financial Services Register, the public record of firms and individuals authorised or registered to carry out regulated financial activity in the UK, and built six new automated tests that check a company's authorisation status, enforcement history, regulatory conditions, and the scope of what it is actually permitted to do.

Unlike a bulk dataset such as the Food Hygiene Rating Scheme, the FCA register is an enrichment source. When a company is on your watchlist, Senserity queries the live register and stores the result against that company's risk profile, so the data reflects the firm's standing as of the last enrichment run.

If you work with, buy from, lend to, or invest in financial services firms, payment providers, e-money issuers, brokers, or advisers, these tests tell you something a credit check or a Companies House record cannot: whether a firm is actually permitted to do what it claims, and whether the regulator has ever taken action against it.

Why the Financial Services Register matters for due diligence

Carrying out a regulated financial activity in the UK without authorisation is a criminal offence under the Financial Services and Markets Act 2000 (FSMA). The FCA's Financial Services Register is the authoritative public record of which firms hold that authorisation, what they are permitted to do, and whether any conditions or enforcement actions sit against them.

For a procurement, finance, or compliance team, that record answers questions that sit entirely outside the scope of financial accounts or a credit report. A payment provider might be solvent and well capitalised, but if its authorisation was cancelled last month, or if it only ever held appointed representative status under a principal firm that has since withdrawn, the relationship you are about to enter carries a regulatory risk that no balance sheet will reveal.

The register also distinguishes between several kinds of authorisation that matter in practice. A directly authorised firm has applied for and been granted its own permissions. An appointed representative operates under the umbrella of a principal firm, which is a legitimate model but one that leaves the representative dependent on the principal's continued authorisation. An electronic money or payment institution, the category that covers firms such as Revolut and Wise, operates under a specific regime with its own safeguarding requirements. Knowing which category a counterparty falls into changes how you assess it.

What the six tests check

The six tests form a new Regulatory section in every risk profile and report. Here is what they cover.

Authorisation status. FCA Authorisation Status (COM-100) is the core check. It confirms whether the company appears on the register and reports its current status: Authorised, Registered, or, for the largest firms, dual-regulated by both the FCA and the Prudential Regulation Authority (PRA). It identifies the firm's business type, including directly regulated firms, Electronic Money Directive (EMD) firms, appointed representatives, and Consumer Buy-To-Let (CBTL) firms, and it flags any company whose authorisation has been cancelled or is no longer active. FCA Status Change Recency (COM-103) sits alongside it, watching for recent movement. A status change within the last 30 days is flagged as a medium concern and one within six months as low, because a firm that has just gained, lost, or altered its permissions warrants a closer look. A status that has been stable for years is a quietly positive signal.

Enforcement and conditions. FCA Disciplinary History (COM-101) surfaces any enforcement action the FCA or PRA has recorded against the firm, including fines, public censures, suspensions, and restrictions. These are formal sanctions imposed after an investigation, and they are among the strongest signals of conduct risk available anywhere in the public record. FCA Regulatory Requirements (COM-102) checks for specific requirements or conditions the regulator has placed on the firm beyond the standard rules. Requirements of this kind can point to a past concern, an ongoing remediation programme, or a limit on what the firm is allowed to do, and a firm carrying several of them deserves scrutiny.

Permission scope. FCA Permission Scope (COM-104) is an informational summary of what the firm is actually authorised to do. It reports the business type, the number of permissions held, and several statuses that are easy to overlook but important to understand. These include the firm's Money Laundering Regulations (MLR) supervision status, which shows whether the FCA supervises it for anti-money laundering compliance; its Payment Services Directive (PSD) or Electronic Money Directive (EMD) status, which shows whether it is authorised as a payment institution or e-money issuer; and whether it holds permission to control client money. A firm permitted to hold client funds carries a different risk profile from one that simply advises.

The authorisation gap. FCA Register Not Found (COM-105) works in the opposite direction. It identifies companies whose Companies House SIC codes place them in financial services (Section K, codes 64 to 66, covering banking, insurance, and financial intermediation) but which do not appear on the FCA register at all. Because FSMA 2000 requires authorisation for regulated activity, that absence is worth investigating. It may mean the company is operating without the authorisation it appears to need, or it may simply mean the registration is held by a different entity within the same corporate group. Either way, it is a gap you want explained before you proceed.

Which plans include FCA data

Three of the six tests are available on the free tier: FCA Authorisation Status (COM-100), FCA Disciplinary History (COM-101), and FCA Register Not Found (COM-105). Those cover the questions most users ask first: is this firm authorised, has the regulator acted against it, and should a financial services company that is missing from the register concern me. Any Senserity user can run those checks without paying.

The remaining three, covering regulatory requirements (COM-102), status change recency (COM-103), and the detailed permission scope summary (COM-104), are available from the Starter tier upward.

How Senserity matches companies to the FCA register

The Financial Services Register identifies firms by a Firm Reference Number (FRN), not by a Companies House company number, so the two have to be matched. Senserity searches the register for the company and resolves the result to the correct FRN, then stores the firm's authorisation details, permissions, and enforcement history against the company on your watchlist. Each result links straight through to the firm's entry on the public FCA register so you can verify it yourself.

Because this is an enrichment source rather than a static dataset, the data refreshes on Senserity's normal enrichment cycle. When a firm's status changes between runs, the relevant tests update and, where the change is material, raise an alert.

What to do next

If you already have companies on your watchlist, the FCA tests will run automatically on the next scheduled assessment. Any company with a match on the Financial Services Register will show its results in a new Regulatory section of the risk profile, and any company in a financial services SIC code that is missing from the register will be flagged.

If you are evaluating Senserity for the first time, the free tier includes three FCA checks alongside the full suite of Companies House, sanctions, and public register tests. Add a financial services company, a payment provider, or an authorised broker, and the FCA data will appear alongside everything else.