Financial Services

The firm advises on Financial Services legal and regulatory matters, and assists in authorisations, engagement with regulators as well as engagement with other public and government bodies. Our focus is on Financial Technology including payments, mobile and unregulated payment services, credit, crypto asset services and the impact of central bank digital currencies on the financial services sector. We assist regulated institutions as well as technology businesses that seek to operate in this sector.

We assist our clients with transactional and advisory work on the Financial Services and Markets Act 2000 (FSMA) regime, which is the principal regulatory regime that regulates the provision of financial services in the UK including financial instruments, investment management, banking, payment services, commercial lending and consumer credit.  

We handle all aspects of financial regulatory compliance with these regimes for leading UK and international financial institutions including preparing applications for regulatory authorisation and advising on core obligations under the FSMA regime. We help our clients stay informed of new regulatory developments which may have an impact on their businesses, contribute to the development of new regulated financial products and services, and assist with implementing and maintaining effective compliance monitoring plans and controls. 

Our team has invested considerable time building relationships with financial regulators such as the Financial Conduct Authority (FCA) as well as other regulatory and government bodies in the UK, EU and ROW that are competent to regulate in financial sectors. 

Payments

Our regulatory lawyers advise international and domestic payment service providers, including banks, payment institutions, e-money institutions and other businesses wishing to offer payment products. We have extensive experience in providing regulatory advice on UK and EU payments and e-money regulatory regimes. Through our well-established relationships with local law firms around the globe, we also offer ROW multi-jurisdictional advice on regulatory matters. Our objective is to assist clients in integrating their regulatory policies on a global basis minimising operational variations wherever possible.

We were responsible for undertaking the first authorisation of a Payment Institution in the UK and the EU, and have assisted businesses in seeking authorisations on a regular basis. 

We advise clients on core obligations under these regulatory regimes including obligations relating to licensing requirements, safeguarding of funds and corporate governance structures. 

We advise clients wishing to offer payment services on the perimeter of regulation, and on applicable regulatory frameworks.

Similarly, the firm has dedicated experts to advise on the negative scope of regulation including exclusions consumer credit legislation, and under the payments and e-money regulations, such as the UK and EU Limited Network Exclusion, Electronic Communication Exclusion and Technical Service Provider Exclusion, and other safe harbours that may be available in ROW.

We further support our clients by drafting and negotiating commercial contracts, with third parties, as well as intra-group, such as for example for outsourced services. We can also draft framework contracts for payment and other services to ensure compliance with conduct of business rules.

We advise and represent the interests of our clients when major incidents occur as well as assisting with timely reporting obligations, notifications and timelines, and recommending good practices.

Electronic Money 

FM Legal has been at the forefront of the electronic money regulatory space, advising on innovative legal and regulatory structures to enable businesses to offer their services on a pan European basis. Our lawyers led the first authorisation of an electronic money institution in the UK and the EU, prior to the formation of the firm, as part of our sister consultancy Flawless Money Limited.

We have since led industry engagement with regulators on countless issues, have assisted in developing innovative business models and have advised on the interpretation of regulatory provisions impacting products, business practices and operations.

Our lawyers proposed and developed exemptions from anti money laundering customer due diligence obligations for low value e-money payments, and succeeded in having acceptance for simplified due diligence processes in both UK and EU legislation.

Our lawyers continue to be engaged with regulators on the evolution of the concept of e-money, its regulatory treatment and the impact of distributed ledger technology in implementing the regulatory framework to crypto equivalents of e-money, such as fiat backed stable coins.

We advise on e-money in various form factors, whether account based, token, voucher, card or mobile app based, and are also engaged in understanding the impact of Central Bank Issued Digital Currencies (CBDC) on e-money businesses. 

AML and Financial Crime

Compliance with anti-money laundering (AML), counter-terrorist financing (CTF) regulations as well as sanctions regimes are some of the most significant challenges faced by payment service providers. 

Our team comprises lawyers with extensive experience of AML & CTF regulations in multiple jurisdictions both in the UK and EU as well as the ROW. They have also been involved in the development of industry guidance for the e-money, payments and crypto asset industry, as well as in engaging with legislators and regulators in consultations and implementations of various legislative frameworks.

We assist our clients by providing expert advice and opinions on regulatory obligations and we have represented clients with the Financial Conduct Authority, securing favorable outcomes. 

We carry out staged regulatory investigations to prepare for FCA visits and reviews, and conduct regular AML audits to test and evaluate compliance programmes and provide recommendations in the case deficiencies are found. 

Our international clients engage us to develop and implement a risk-based approach to AML/CTF/Sanctions compliance that is tailored to individual products as well as advise on the duties and liabilities of designated individuals and the governing Board.

The firm has dedicated experts for drafting policies and procedures addressing key AML obligations such as internal and external suspicious activity reporting and customer due diligence (CDD), including advising on simplified and enhanced CDD, as well as electronic CDD. We can also advise on the implementation of national risk assessments, the UK Joint Money Laundering Steering Group Guidance, as well as EU Supra National Risk Assessments. Our staff can assist in designing risk assessments focusing on product, customer, channel and geographic risks and developing policies that are sensitive to the risks posed.

We provide general AML training for staff and specialised AML training for MLROs, the board of directors and the nominated officer. 

Our lawyers have participated in FATF hearings, industry groups and regularly assist clients in formulating responses to public consultations on financial crime.

Our financial crime practice extends to issues arising from fraud including regulatory developments relating to authorised push payment scams (APP Scams) and the liability of payment service providers for such fraud.

Data Protection 

Our lawyers are sector specialists in highly regulated areas of financial services and data protection.

Data Protection touches all aspects of e-commerce. Notwithstanding the UK’s exit from the EU, the General Data Protection Regulation (GDPR) remains the key data protection legislation in the UK in the form of the UK GDPR as defined by the Data Protection Act 2018. 

We advise on all aspects of data protection regulation including data protection compliance requirements, and drafting of data protection policies and data transfer agreements for the UK and EU as well as the ROW through our well-established relationships with local law firms. 

We also offer our clients training in data protection compliance.

Authorisation

Our managing partner, Dr Thaer Sabri, advised on and successfully obtained the first UK e-money authorisation in 2002 and has since advised and obtained authorisations for many of the current UK e-money issuers. He also advised and successfully obtained the first Payment Institution authorisation in 2009 and has since advised on many more, in conjunction with our sister consultancy firm, Flawless Money.

Our full-service authorisation offering can be tailored and includes advice on the appropriate permissions to support service delivery. This entails performing an analysis of the services provided by the applicant’s business to assess which permissions are required and whether any exclusions may be utilised. It may be possible to structure services under different regulatory interpretations, each with consequent implications for the business.

We work with the applicant to produce the application package for submission to the relevant regulator, including the requisite forms and operational documents. In conjunction with our sister company, consulancy firm Flawless Money, we can support all required areas of an application, in particular: IT security, legal advice and drafting, AML and regulatory compliance.

This process can also support variations of permissions for existing authorised entities and will, in both instances, utilise FM Legal’s full range of expertise that distinguishes us from our competitors.

We also offer practical assistance to facilitate the establishment of the applicant’s business, including incorporation, legal and recruitment services.

Crypto Asset Services

FM Legal have worked at the forefront of new areas of crypto asset regulation advising crypto asset and fintech firms engaging in the provision of innovative crypto asset related services including stablecoins, NFTs and other crypto assets. Our experts have both a technical understanding of the technology and its implementation in financial services and NFT products.  We have also engaged with the development of regulatory regimes in the UK and the EU as well as many other jurisdictions. Our lawyers also participate in a number of international crypto forums, and currently contribute the development of Guidelines relating to the Travel Rule.

Our lawyers’ involvement in the crypto space dates back to the predecessor technologies of public key cryptography, PKI and their implementations in financial services such as that of DigiCash, Mondex and early attempts to create digital bearer instruments. 

We have experience in the application of financial services regulation to novel and innovative services, and seek to comment on the evolving regulatory regimes for crypto assets, whether relating to financial crime, or to prudential and conduct of business regulation. We are also committed to a risk based and proportionate perimeter, arguing for example for the exclusion of most NFTs from financial services regulation.

At the EU level, we have advised on MiCA, covering key provisions relating to the prudential framework for e-money and asset referenced tokens, the exclusion for NFTs and the treatment of significant service providers. We are currently focussing on the development of level II text comprising RTS, ITS, and guidelines to be prepared by the EBA and ESMA.

We have also been involved in commenting on the OECD Crypto Asset Regulatory Framework (CARF), addressing tax reporting, and its implementation in the EU through the revised Directive on Administrative Cooperation (DAC).  We have also advised on the EU AML package, namely, crypto asset related provisions within the AML Regulation and the updated Fund Transfer Regulation (FTR or Travel Rule) now also addressing crypto assets, including EBA guidelines and more broadly Financial Action Task Force (FATF) recommendations.

We have also advised on the crypto asset service provider registration requirements across Member States based on the implementation of the 5MLD, including the triggers of the requirement to register, scope of services covered, together with the varying legal and practical requirements of registration.

Within the UK, we have successfully helped clients with crypto asset registrations, as well as advised on the UK’s evolving regulatory approach to crypto assets, stablecoins and decentralised finance. 

Some key recent regulatory developments that we have advised clients on include advertising regulations such as the UK financial promotions regime planned to be introduced by the UK Financial Services and Markets Bill 2022, as well as the broader impact of Section 20 of the Financial Services and Markets Bill 2022 on crypto asset service providers.

Corporate and Commercial

Our lawyers are experts in complex, high-value commercial transactions. We support our clients, established in both the UK and abroad, across a wide range of sectors on contractual issues that are key to the ongoing running and success of their business.

We advise and assist our clients with all aspects of the contractual lifecycle including development, negotiation, finalisation, guarantees and indemnities, ongoing management, performance evaluation and variations. 

We offer our clients a breadth of expertise that helps achieve favourable outcomes during the course of complex, contractual negotiations.  We aim to provide commercially advantageous advice whilst remaining compliant with any relevant regulatory requirements (such as financial services regulatory requirements) or other legal obligations at play.  

Operational resilience

We provide expert counsel on operational resilience requirements, including the Financial Conduct Authority’s (FCA) new rules effective March 2025. Our comprehensive guidance ensures full compliance with this complex regulatory framework.

We assist firms in identifying important business services, assessing impact tolerance, mapping resources and processes, conducting scenario testing, and remediating vulnerabilities. These activities are essential for establishing a resilient operational framework and ensuring regulatory compliance.

Through our international network, we also support EU-based firms with the implementation of the Digital Operational Resilience Act (DORA). Our team helps financial entities understand the impact of these new requirements, develop robust ICT risk management frameworks, establish efficient incident reporting mechanisms, and manage risks and contractual arrangements with ICT third-party service providers, all of which are crucial components of regulatory compliance.

To support firms in meeting operational resilience requirements, we conduct detailed gap analyses and create customised action plans. These plans provide clear guidance to align existing operations with the new rules and guidelines.

Additionally, we offer comprehensive staff training and ongoing support, enabling you to enhance your firm’s operational resilience and confidently navigate these new regimes.