By Priya Giuliani

The Appointed Representative (AR) model is an established feature of the UK regulatory landscape and plays a legitimate role in enabling firms to broaden distribution, innovation and scale. However, by its very design, the model places firms on inherently thin ice from a financial crime perspective.

When regulated activity is carried out at arm’s length, by entities that themselves are not authorised, the principal firms behind them face a structural amplification of risk. Financial crime exposure in AR networks is not simply a function of poor behaviour by individual ARs; it arises from distance, delegation and scale. Without sustained oversight, the ice may appear solid on the surface whilst dangerous weaknesses form below.

The AR model: A fragile surface

An AR is not directly authorised by the Financial Conduct Authority (FCA0. Instead, it carries on regulated activity under the permissions of its principal, which retains full regulatory responsibility for the AR’s conduct. That responsibility is absolute and non‑delegable. No contractual arrangement, policy allocation or reliance on AR attestations alters where regulatory accountability sits.

The FCA has recently reinforced this point in its work on inactive ARs^[1], reiterating that responsibility for ARs rests firmly with the principal. The guidance makes clear that inactivity does not dilute accountability. Where AR activity is limited, or has ceased, this places greater importance on the principal’s ability to maintain an accurate, up‑to‑date understanding of its AR population.

The AR regime plays an important part in the provision of financial services allowing a broader range of providers to enter the market and therefore aligning to the Government’s and regulators’ objectives of promoting competition (and consumer choice), supporting innovation, and contributing to economic growth. From a firm’s perspective, using ARs allow extension of reach and cost efficiency. In 2024, ARs generated £11.1bn in regulated revenue from financial services.^[2]

In recent years, the FCA has tightened the AR regime through the introduction of new rules^[3] and has kept it top of mind as evidenced by the Government’s recent consultation^[4] which identifies weaknesses in AR oversight as a key driver of consumer detriment. The FCA, through its supervisory work, considers risks to consumers higher where services are delivered through ARs than directly authorised firms, and it is focussed on strengthening principal firm oversight of ARs.

The scale of the AR model: Why the risk exposure is material

The AR population has grown significantly from the inception of the model in 1986 reaching approximately 34,000 active ARs in September 2025.^[5] To put this into context, the latest figures show that the FCA supervises around 16,000 firms for AML (less than half the total AR population).^[6] It falls squarely on the principal to ensure their ARs are adhering to AML requirements.

The FCA’s data shows that there were approximately 2,500 principals in September 2025; an average of 13 ARs to one principal. This concentration of responsibility means that a small number of principals act as regulatory choke points for large AR populations, materially increasing financial crime, governance, and operational risk.

Stress fractures beneath the surface

In practice, failures rarely stem from an absence of policies. They arise where principals cannot independently see or test how controls are executed at AR level.

Principal firms’ inherent risks increase through the use of ARs as the firm is  one step removed from the customer and often rely on ARs to conduct key financial crime controls, such as client onboarding. The ARs themselves are not regulated, any failure by the ARs becomes the responsibility of the principal. Accountability cannot be transferred.

As shown above, the FCA data indicates, on average, that one principal can have many ARs. Unless the principal determines a minimum standard for controls execution, the potential variability in AR frameworks creates risks in oversight.

When the ice breaks: Common financial crime themes

The FCA’s findings on financial crime failures with corporate finance firms sheds some light into AR failures.^[7] It found that 29% of principal firms assessed did not conduct financial crime risk assessments of their ARs, and 19% of principal firms did not assess the effectiveness of their own oversight and control mechanisms for AR financial crime risks.

The findings further revealed that some firms did not conduct on-site visits or other audits of their ARs, nor did they independently investigate the reports they receive from ARs concerning financial crime controls or incidents. This creates a blind reliance on AR self‑reporting and significantly increases the likelihood that financial crime issues remain undetected under the surface until triggered by regulatory intervention.

There is no reason to believe that the AR population would not exhibit the same AML failures as directly supervised firms, including inadequate customer due diligence, risk assessments and ongoing monitoring. In AR environments, these weaknesses can enable high‑risk introducer‑led business, inconsistent customer due diligence across ARs, delayed SAR escalation and increased sanctions exposure through overseas activity.

Testing the ice: What good looks like

The FCA is clear. Principal firms are accountable for their AR networks. They are expected to manage these networks responsibly and conduct higher standards of due diligence. Trusted relationships cannot replace objective due diligence. Firms must maintain rigorous, objective financial crime controls rather than relying on the length of a relationship, or personal trust as a justification for bypassing checks.

The FCA is focused on strengthening principal firm oversight of ARs to prevent harm to consumers and markets.^[8] This should include:

• Board‑level ownership of AR risk, including financial crime risk
• Inclusion of the AR channel in business-wide risk assessments
• Risk‑based AR segmentation driving differentiated oversight
• Clear policies and procedures for managing financial crime risks introduced through ARs
• Robust onboarding and pre‑appointment due diligence
• Regular financial crime reviews, beyond box‑ticking, and not over relying on AR attestations
• Consideration of the AR culture to identify risk factors that could increase financial crime risk such as volume-driven sales models, rapid growth without corresponding increase in controls, and weak compliance culture
• Clear, enforced consequences for control failures

Stronger AR oversight is not about thicker rulebooks; it is about knowing, at any moment, where the ice is weakest.

ARs are a business choice. Financial crime risk is not optional

The FCA’s goal is to ensure that while the AR regime enables innovation and growth, it does not become a weak point that bad actors can exploit. The AR model is commercially attractive, but risk ownership remains firmly with the principal. When AR controls fail, it is the principal that falls through the ice, regardless of where the failure originated.

Those that treat AR oversight as a compliance formality are likely to be exposed. Those that embed robust, risk‑based supervision will be better placed with regulators and clients alike.

Innovation may skate ahead, but accountability stays where the ice breaks.

References:

[1] Managing potential risks from inactive appointed representatives | FCA

[2] Appointed representatives data | FCA

[3] Principal firms embedding the new rules for effective appointed representative oversight: Good practice and areas for improvement | FCA

[4] Consultation: The Appointed Representatives Regime – GOV.UK – closed on 9 April 2026

[5] Appointed representatives data | FCA

[6] 24-25_Annual_Report_.pdf

[7] Financial crime controls in corporate finance firms: survey findings | FCA

[8] Principal firms embedding the new rules for effective appointed representative oversight: Good practice and areas for improvement | FCA

---

About the Author:

Priya Giuliani is a specialist in financial crime investigations & compliance with nearly 30 years’ experience, including a decade as a Partner. She specialises in helping clients on a proactive basis to assess and manage the risk of financial crime including assessing governance, oversight, conduct, and training Senior Managers and Boards. Her investigative experience provides insight in to how various financial crime types (e.g. money laundering, terrorist and proliferation financing, sanctions and tax evasion, bribery, corruption and fraud) can occur, including through the use of professional enablers, and the controls required to manage these risks effectively. Priya has been appointed on many Skilled Person engagements. Widely regarded as a well-qualified and highly experienced expert in financial crime risk management and investigations. She understands risk well and works with clients to assess and develop proportionate and effective control frameworks.

---

This article presents views, thoughts or opinions that are provided for general information purposes only. It does not represent the views of, or constitute advice of any form (legal, professional or otherwise) from, HKA or any of its affiliates. While HKA takes reasonable care to ensure the accuracy of its contents at the time of publication, the article does not deal with all aspects of the referenced subject matter and may not be relied upon as a substitute for professional judgement or independent analysis. Accordingly, neither HKA nor the author accepts liability for any use of, or reliance on, the information presented in the article. This article is protected by copyright © 2026 HKA Global, LLC/© 2026 HKA Global Ltd. All rights reserved.