PERG Perimeter Guidance: Navigating What Is and Isn't Regulated

What It Is

The Perimeter Guidance manual (PERG) is the FCA's guide to the boundary between regulated and unregulated financial services activity. It helps firms, individuals, and their advisers determine whether a particular activity requires FCA authorisation — or whether it falls outside the regulatory perimeter through an exclusion, exemption, or because it does not constitute a regulated activity in the first place.

The perimeter is defined by the Financial Services and Markets Act 2000 (FSMA), the Regulated Activities Order 2001 (RAO), and various secondary legislation. PERG does not itself create rules — it provides the FCA's interpretation and guidance on how the statutory framework applies to common business models and activities. While not legally binding, PERG guidance carries significant weight: a firm that follows PERG guidance in good faith is in a stronger position than one that ignores it.

PERG covers a wide range of territory: general guidance on regulated activities (PERG 2), guidance on the communication of financial promotions (PERG 8), specific guidance on insurance distribution (PERG 5), consumer credit (PERG 14), payment services and e-money (PERG 15), and several other sector-specific chapters. For any firm operating near the edge of the regulatory perimeter, PERG is essential reading.

Why the FCA Cares

The general prohibition is the foundation of the UK's financial regulatory framework. Section 19 of FSMA makes it a criminal offence to carry on a regulated activity in the UK without authorisation or an applicable exemption. The maximum penalty is two years' imprisonment and an unlimited fine. Agreements entered into in breach of the general prohibition may be unenforceable, meaning the firm cannot recover money owed under the contract.

The FCA actively monitors the perimeter. Its Unauthorised Business Department investigates firms and individuals that appear to be carrying on regulated activities without authorisation, and it publishes consumer warnings about unregulated entities. The FCA can seek injunctions, restitution orders, and criminal prosecution against those who breach the general prohibition.

Perimeter issues also matter for authorised firms. A firm that carries on regulated activities beyond the scope of its permissions is in breach of section 20 of FSMA. This can result in enforcement action, variation or cancellation of permissions, and — critically — the unenforceability of contracts made in breach. The FCA has taken action against firms that have expanded their business into new activities without obtaining the necessary permissions.

From the FCA's perspective, perimeter integrity protects consumers. Regulated firms are subject to conduct standards, capital requirements, complaints handling obligations, and the Financial Services Compensation Scheme. Consumers dealing with unregulated entities have none of these protections. Every firm that operates outside the perimeter without detection represents a gap in consumer protection.

Who It Affects

Perimeter questions affect three broad categories of firm. First, businesses that are not currently FCA-authorised but may be carrying on activities that require authorisation. This includes fintech companies, technology platforms, introducers, lead generators, and professional services firms whose activities may have strayed into regulated territory.

Second, FCA-authorised firms that are expanding into new business lines, launching new products, or changing their distribution model. A firm authorised to provide investment advice may inadvertently begin managing investments; a firm authorised to arrange insurance may begin effecting contracts. Each new activity must be assessed against the RAO to determine whether additional permissions are required.

Third, firms that rely on exemptions — particularly appointed representatives and firms relying on the professional or group exemptions. These exemptions have specific conditions, and if those conditions are not met, the firm is carrying on a regulated activity without authorisation.

Consumer credit firms are particularly affected. The consumer credit perimeter is complex, with detailed provisions governing lending, credit broking, debt collecting, debt adjusting, and ancillary activities. The expansion of the FCA's consumer credit remit in 2014 brought thousands of previously unregulated firms within scope, and perimeter questions in this sector remain frequent.

Payment services firms and e-money issuers operate under a separate but parallel regulatory framework, where the perimeter is defined by the Payment Services Regulations 2017 and the Electronic Money Regulations 2011. PERG 15 provides guidance on these regimes, including the scope of payment services, agent and distributor arrangements, and the application of exclusions.

What Firms Get Wrong

The most dangerous error is assumption. Firms assume that because their activity does not feel like financial services — or because similar businesses appear to operate without authorisation — their activity is not regulated. The perimeter does not depend on how the activity feels; it depends on whether the statutory definition is met. Introducing customers to lenders is credit broking. Helping someone complete an insurance application may be arranging. Managing a client's portfolio on a discretionary basis is managing investments. The labels firms use for their activities are irrelevant; the substance is what matters.

The second common error is misapplying exclusions. Exclusions in the RAO are narrowly drafted, and their application depends on precise factual circumstances. The "generic advice" exclusion, the "introducer" exclusion, and the "groups and joint enterprises" exclusion are all frequently misapplied. Firms read the exclusion broadly, assume it covers their activity, and do not seek legal advice. When the FCA investigates, the exclusion often does not apply — and the firm has been operating illegally.

Third, firms fail to reassess the perimeter when their business evolves. A firm that starts by providing information may, over time, begin providing advice. A firm that introduces clients to product providers may begin negotiating terms on the client's behalf. Each incremental change may cross a perimeter boundary, but because the change is gradual, the firm does not recognise the transition.

Fourth, firms confuse FCA registration with authorisation. Payment services firms, e-money issuers, and certain consumer credit firms may be registered rather than authorised, but registration still imposes regulatory obligations. Other firms assume that Companies House registration or professional body membership substitutes for FCA authorisation — it does not.

What Evidence the FCA Expects

When the FCA investigates a perimeter issue, it examines substance over form. The regulator will look at what the firm actually does — not what its website says, not what its contracts state, and not what the firm's directors believe. Customer communications, call recordings, email correspondence, and the firm's actual processes all form part of the evidential picture.

For firms relying on exclusions, the FCA expects contemporaneous evidence that the conditions of the exclusion are met. If a firm relies on the introducer exclusion, for example, the FCA will want to see evidence that introductions are made to authorised persons, that the firm does not advise, and that the firm's remuneration is disclosed.

For authorised firms, the FCA expects evidence that the firm monitors the scope of its permissions against its actual activities. This means a regular perimeter assessment — ideally annual — that maps the firm's business lines, products, and activities against its FCA permissions and identifies any gaps. The compliance function should own this assessment and escalate any issues to the board.

Where a firm has identified a perimeter issue and self-reported, the FCA will look at the firm's response: did it stop the unauthorised activity promptly, assess customer impact, consider whether redress is required, and take steps to prevent recurrence? Self-reporting and proactive remediation are significant mitigating factors.

Good Implementation

A firm with good perimeter governance maintains a permissions map — a document that links each of the firm's business activities to a specific FCA permission (or to a documented exclusion or exemption). This map is reviewed whenever the firm launches a new product, enters a new distribution channel, or changes its business model. It is owned by the compliance function and approved by the board.

Staff who are involved in client-facing activity understand the firm's permissions and the boundaries of what they can and cannot do. Training covers practical scenarios, not just regulatory abstractions. Front-line staff know that arranging a transaction is different from providing information, that recommending a product requires advice permissions, and that handling client money triggers CASS obligations.

The firm's contracts and terms of business accurately reflect the regulated activities it performs. Client agreements do not disclaim regulation when the firm is in fact carrying on regulated activities — such disclaimers have no legal effect and may actually make things worse by suggesting the firm is aware of the issue.

For firms operating near the perimeter — introducers, technology platforms, professional firms — legal advice is obtained before launching the business and periodically thereafter. The firm does not rely on informal guidance or competitor behaviour to justify its position.

How Our Tool Helps

The MEMA perimeter assessment tool provides a structured framework for mapping your business activities against the FCA's regulated activities definitions. It walks you through each activity specified in the RAO, helps you identify which activities your firm performs, and flags where authorisation, additional permissions, or an exclusion analysis may be required.

The tool generates a documented permissions gap analysis that you can use as the basis for a board-level perimeter review. It highlights common risk areas for your sector and prompts you to consider activities that firms frequently overlook — such as financial promotions, arranging activities, and client money handling.

For firms that rely on exclusions, the tool includes a structured exclusion assessment that prompts you to document the factual basis for each exclusion relied upon, the conditions that must be met, and the monitoring you have in place to ensure those conditions continue to be satisfied.

How Our Service Helps

Our FCA authorisation service supports firms at every stage of the perimeter analysis and authorisation process. For firms that are unsure whether their activities are regulated, we conduct a detailed perimeter assessment — examining your business model, client interactions, revenue streams, and operational processes to determine whether FCA authorisation is required and, if so, which permissions you need.

For firms that need to apply for authorisation or vary their existing permissions, we manage the application process from start to finish. We prepare the regulatory business plan, draft the compliance monitoring programme, advise on capital adequacy, and coordinate with the FCA Gateway team throughout the assessment process.

For existing authorised firms, we provide periodic perimeter reviews to ensure that your permissions remain aligned with your business activities as they evolve. This is particularly valuable for firms undergoing growth, diversification, or changes in their distribution model.

Relevant Sectors

Consumer credit firms face some of the most complex perimeter questions in UK financial regulation. The distinction between credit broking, lending, debt administration, debt collecting, and ancillary credit activities is frequently misunderstood. Firms that believe they are simply introducing customers to lenders may in fact be carrying on credit broking. Buy-now-pay-later providers, salary advance firms, and peer-to-peer platforms all face nuanced perimeter questions.

Payment services firms must navigate the boundary between payment services (regulated under the PSRs) and other activities that may require FCA authorisation under FSMA. The interaction between e-money issuance, payment initiation services, and account information services creates perimeter complexity, particularly for fintech businesses with innovative business models.

Insurance brokers must distinguish between arranging insurance (a regulated activity requiring appropriate permissions), providing information about insurance products (which may fall within an exclusion), and advising on insurance (which requires specific advice permissions). The perimeter is further complicated by the distinction between insurance distribution (regulated under IDD) and activities that fall outside the distribution definition. Connected travel insurance, warranties, and group schemes all raise specific perimeter questions.