How the UK regulates its financial markets — the FCA, PRA, and the rules that govern the City.
Following the 2008 financial crisis, the UK replaced the Financial Services Authority (FSA) with a twin-peak model. The Financial Conduct Authority (FCA) regulates conduct across the financial services industry — how firms treat customers and maintain market integrity. The Prudential Regulation Authority (PRA), a subsidiary of the Bank of England, supervises the safety and soundness of banks, insurers, and major investment firms. This division means a single bank might answer to both regulators: the PRA for its capital adequacy and the FCA for its sales practices. The overarching legislative framework is the Financial Services and Markets Act 2000 (FSMA), as substantially amended by the Financial Services Act 2012 and subsequent legislation.
Any firm wishing to carry on a regulated activity in the UK — such as accepting deposits, managing investments, or arranging insurance — must obtain authorisation from the FCA (or PRA, for dual-regulated firms) under Part 4A of FSMA. Operating without authorisation is a criminal offence. The Regulated Activities Order (RAO) defines the precise scope of activities that trigger this requirement. Lawyers advise clients on whether their business model falls within the regulatory perimeter — a question that has become increasingly complex as fintech, crypto, and platform-based models blur traditional boundaries. The authorisation process itself involves demonstrating adequate resources, competent management, and appropriate systems and controls.
The UK Market Abuse Regulation (UK MAR) prohibits three core forms of market misconduct: insider dealing (trading on material non-public information), unlawful disclosure of inside information, and market manipulation (artificially influencing the price of a financial instrument). These are civil offences enforced by the FCA, which can impose unlimited fines. Separate criminal offences under the Criminal Justice Act 1993 and FSMA carry custodial sentences. For lawyers advising on M&A or capital markets transactions, managing the flow of inside information — through insider lists, trading restrictions, and carefully timed announcements — is a critical part of the role.
The Money Laundering Regulations 2017 (MLRs) require regulated firms — including law firms — to conduct know-your-customer (KYC) checks, monitor transactions for suspicious activity, and file suspicious activity reports (SARs) with the National Crime Agency. The UK's anti-money laundering regime sits within a broader framework including the Proceeds of Crime Act 2002 and the Terrorism Act 2000. Lawyers occupy a dual role: they advise clients on AML compliance while being subject to AML obligations themselves. Failing to report knowledge or suspicion of money laundering is itself a criminal offence, creating real tension between client confidentiality and reporting duties.
UK sanctions are administered by the Office of Financial Sanctions Implementation (OFSI), part of HM Treasury. Since Russia's invasion of Ukraine, the UK has imposed its most extensive sanctions regime to date, targeting individuals, entities, and entire sectors of the Russian economy. Lawyers advise clients on screening counterparties, structuring transactions to ensure sanctions compliance, and applying for licences where activity would otherwise be prohibited. The Economic Crime and Corporate Transparency Act 2023 introduced a new "failure to prevent fraud" offence for large organisations, expanding corporate criminal liability. Sanctions compliance has become one of the fastest-growing areas of legal practice.
The Consumer Duty (effective July 2023) represents the FCA's most significant conduct reform in years, requiring firms to deliver good outcomes for retail customers across four key areas: products, price, understanding, and support. The Edinburgh Reforms and subsequent legislation aim to tailor the UK's post-Brexit regulatory framework for competitiveness, replacing retained EU law with UK-specific rules — a process often called the Smarter Regulatory Framework. Crypto regulation is being brought within the FSMA perimeter, with stablecoins and certain crypto-asset activities now requiring FCA authorisation. Operational resilience — the ability of financial firms to prevent, respond to, and recover from disruptions — has emerged as a regulatory priority following high-profile IT failures.
Financial regulation underpins every transaction that touches the City of London. Whether you end up in M&A, capital markets, or banking, you will encounter regulatory constraints daily. Interviewers at firms with strong regulatory practices — and that includes most of the Magic Circle — expect you to know who the FCA and PRA are, understand what market abuse means, and have a view on how the UK's post-Brexit regulatory landscape is evolving.
“Who are the FCA and PRA, and what is the difference between their roles?”
What they're assessing
Basic regulatory literacy — candidates applying to City firms must know who regulates financial services in the UK.
Answer skeleton
The Financial Conduct Authority regulates the conduct of financial services firms — how they treat customers, market integrity, and consumer protection. It authorises and supervises firms including investment banks, asset managers, and financial advisers, and enforces rules against market abuse and mis-selling. The Prudential Regulation Authority, which sits within the Bank of England, regulates the financial soundness of banks, insurers, and major investment firms — its focus is on systemic stability rather than conduct. In practice, the largest banks are dual-regulated: supervised by both the FCA for conduct and the PRA for prudential matters. The distinction matters for lawyers because different rules apply depending on whether you are dealing with a conduct issue or a capital adequacy question.
“What is market abuse and why does it matter for lawyers advising on transactions?”
What they're assessing
Understanding of a key regulatory risk in deal-making — and awareness that lawyers need to actively manage it.
Answer skeleton
Market abuse covers conduct that undermines the integrity of financial markets — primarily insider dealing and market manipulation. Insider dealing involves trading securities on the basis of material non-public information; market manipulation involves artificial price movements or misleading signals. Both are prohibited under the Market Abuse Regulation. For lawyers on M&A or capital markets transactions, this is a live risk throughout: they work with price-sensitive information and must implement information barriers, maintain insider lists, and advise clients on disclosure obligations. Getting this wrong can expose clients to FCA enforcement and, in serious cases, criminal prosecution. A strong awareness of these obligations is essential for anyone working in transactional practice.
“How has Brexit affected the UK's financial regulatory landscape?”
What they're assessing
Awareness of a major structural change in UK financial regulation and its practical implications for the City.
Answer skeleton
Brexit meant the UK left the EU's single rulebook — the body of financial regulation that previously governed UK markets. In the short term, the UK largely replicated EU rules into domestic law (the "onshoring" approach) to avoid disruption. Over time, the UK has diverged: the Edinburgh Reforms announced in 2022 aimed to make the UK more competitive, including changes to Solvency II for insurers and reform of the listing regime. The key ongoing consequence for lawyers is the loss of passporting rights — UK-authorised firms can no longer automatically offer services across the EU without separate local authorisation. Many firms have established EU subsidiaries, creating a more complex regulatory structure to advise on. Understanding this landscape matters because cross-border financial transactions now involve navigating two distinct regulatory regimes.
“A financial services firm is launching a new AI-driven credit scoring product in the UK — what regulatory approvals and legal issues should it address before going to market?”
What they're assessing
The ability to apply regulatory thinking to a novel product — identifying the applicable regimes without being prompted, and flagging the interaction between financial regulation and data/AI law.
Answer skeleton
Context: an AI credit scoring tool is regulated under both financial services law (as it affects credit decisions under the Consumer Credit Act and FCA Consumer Duty) and data protection law (automated decision-making under the UK GDPR Article 22 where decisions are taken solely by automated means). Commercial implication: the firm must build explainability and human review into the product not just for good practice but as a legal requirement, which affects the product architecture and increases compliance cost. Legal angle: FCA authorisation for credit broking or lending may be required depending on the product's structure; Consumer Duty requires fair outcomes for retail customers; and any automated credit decision must allow the customer to request human review and explanation. Current hook/your view: I think this is a live example of regulatory law struggling to keep pace with AI — the ICO's draft guidance on AI and automated decision-making is helpful but not yet settled, and firms that engage early with the FCA's regulatory sandbox are better positioned to navigate the uncertainty.
“What is the Senior Managers and Certification Regime (SMCR) and why does it matter to lawyers advising regulated financial institutions?”
What they're assessing
Understanding of a significant piece of post-financial crisis regulatory architecture that directly affects how clients structure their governance and how lawyers advise on it.
Answer skeleton
Context: SMCR replaced the Approved Persons Regime following the 2008 financial crisis, placing personal accountability on named senior managers for failures in their areas of responsibility — including a duty to take reasonable steps to prevent regulatory breaches. Commercial implication: firms must map responsibilities to named individuals, maintain detailed statements of responsibilities, and ensure their governance structure is documented and defensible — non-compliance carries personal enforcement risk. Legal angle: lawyers advise regulated clients on SMCR implementation (drafting statements of responsibilities, reviewing governance documents), and on enforcement matters where the FCA investigates a senior manager personally — the standard of 'reasonable steps' is fact-specific and case-by-case. Current hook/your view: I think SMCR has genuinely changed the culture of accountability in financial services — cases like the FCA's action against senior managers at Barclays show that personal liability is not just theoretical — and it has created a sustained demand for regulatory lawyers who understand governance as well as rules.