UK marketplace payments: authorisation, agent status, or Asima’s third-party verification

The scenario

You operate a marketplace. Your customer (the Payment Service User, PSU, or payer) buys from independent sellers (merchants) who each receive funds into their own bank account. You don’t want to hold client money, and you don’t want to become a payments firm, but you do want a robust, regulator-friendly way to route payments and vet recipient accounts.

Two key questions follow:

1. Do we need FCA approval? If so, which kind?
2. Is there a lower-friction alternative to full authorisation that still gives comfort on where money is going?

First principles: which regime applies?

In UK law there are two distinct regimes often conflated:

• FSMA Appointed Representative (AR) regime – used for investment, insurance, and certain credit activities under the Financial Services and Markets Act. The FCA tightened this regime in PS22/11, increasing principals’ oversight and data reporting.^[1][2]
• Payment Services Regulations 2017 (PSRs) – govern payment services, including Payment Initiation Services (PIS) and Account Information Services (AIS), plus money remittance and acquiring. The FCA’s Approach Document and PERG 15 set the perimeter and options for firms in scope.^[3][4][5]

Important: for payment services you do not use the FSMA Appointed Representative route. The relevant construct is becoming an “agent of a payment institution” (or a distributor/agent of an e-money institution) under the PSRs, and being listed on the FCA Register accordingly.^[4:1][5:1]

What triggers payment services status for a marketplace?

It depends on your role in the flow of funds and the act of initiating payments:

• If you hold or control customer funds on behalf of buyers or sellers — for example, collecting payments before onward settlement — you will normally need to be authorised or registered under the Payment Services Regulations 2017 (e.g., as an Authorised Payment Institution or Electronic Money Institution) and comply with the associated safeguarding and conduct of business rules. By contrast, a pure Payment Initiation Service Provider (PISP) may never hold client money, so safeguarding does not apply. In that model, payments move directly from the PSU’s account to the verified merchant account, removing custody risk entirely.^[3:1][6]
• If you initiate a payment from the payer’s account to the merchant’s account (PIS), that is a regulated payment service. You either obtain your own PISP permission, or act as an agent of a firm that has it.^[4:2][5:2]
• If you only provide the interface to a licensed PISP — for example, you integrate Asima as the payment initiator so that PSUs pay into verified accounts that you, as the marketplace operator, own and Asima has approved for settlement — and you do not hold or control client money, you are generally not a payment service provider yourself. However, you still need to meet operational and consumer protection obligations, such as clear customer terms, fraud-prevention controls, and compliance with data-protection and platform-liability rules.
• Some platforms rely on the Commercial Agent Exclusion (CAE). This is narrow: the agent must act for either the payer or the payee (but not both) and be genuinely authorised to negotiate or conclude the sale. Many marketplace models do not qualify.^[7][8]

Why Appointed Representative isn’t the right fit

An Appointed Representative arrangement (FSMA) lets a firm carry out a principal’s regulated activities (like arranging insurance) under that principal’s supervision. That regime does not cover payment services. For payments, the analogue is becoming an agent under the PSRs, which involves different registration, oversight and safeguarding expectations.^{[1:1][4:3][5:3]}

If you see providers offering “regulatory hosting” for marketplaces, check which regime they mean. For PIS/AIS, it must be the PSRs agent route (your name appears on the FCA Register as an agent of the authorised payment institution/e-money institution).^[4:4][5:4]

Design choices for marketplace operators

The remaining gap: verifying third-party payees at scale

Where funds move directly from payer to a merchant’s own account (no platform custody), the regulator’s focus is: do you know who is being paid, and is the account legitimate? That is where marketplaces often need more than a contract with their payment provider; they need confidence in the payee’s account ownership.

Asima’s Third-Party Verified Accounts (TPVA)

For clients running “marketplace-type” services, Asima offers an optional (and for certain flows, mandatory) Third-Party Verified Accounts service:

• Account ownership verification for recipient merchants using regulated AIS, plus IDV checks and PEPs/sanctions screening.
• Ongoing monitoring so verification isn’t a one-off.
• No platform custody: payments are initiated payer → merchant through PIS, but only to verified beneficiary accounts.
• Audit trail: evidence of consent, checks performed, and payment initiation, to support dispute handling and regulatory enquiries.

This approach reduces fraud exposure (e.g., misdirected payouts, mule accounts) and strengthens the platform’s control environment without turning the marketplace into a money-holding PSP.

In short: use PIS to avoid custody risk, and layer TPVA to avoid “unknown payee” risk.

Recommended pathway for a UK marketplace

1. Decide whether you will ever hold client money. If yes, expect authorisation and safeguarding obligations under the PSRs/EMRs.^[3:3][6:2]
2. If you won’t hold funds, choose between:
   • integrating a licensed PISP/AISP (e.g., Asima) and remaining outside PSP status, or
   • becoming an agent under the PSRs of a principal PSP.
3. Do not rely on the Appointed Representative regime for payment services; it’s FSMA, not PSRs.^{[1:2][4:6][5:6]}
4. Avoid over-reliance on the CAE unless your model truly meets it (one-sided agency, authority to conclude sales).^[7:2][8:2]
5. Add payee controls: adopt Third-Party Verified Accounts to validate merchants’ destination accounts and monitor them over time.

Bottom line

• AR ≠ agent for payments. In UK payments, use the PSRs agent route or integrate a licensed PSP.
• Keep custody risk off the platform if you can: PIS enables payer-to-merchant settlement without you holding funds.
• Close the payee-verification gap with Third-Party Verified Accounts, so you can scale your marketplace with a clear, auditable control framework.

If you’d like help mapping your exact model to the regulatory perimeter, we can review flows, roles and responsibilities, then implement PIS + TPVA so your marketplace stays fast, safe and compliant.

Footnotes

1. FCA, PS22/11: Improving the Appointed Representatives regime (policy statement and rule changes from December 2022). [Link]
2. FCA, PS22/11 (PDF): rule changes and principal responsibilities. [Link]
3. FCA, Payment Services Regulations 2017 and Electronic Money Regulations – landing page (scope and who needs authorisation/registration). [Link]
4. FCA Handbook, PERG 15.4 – Small payment institutions, agents and exempt persons (agent regime under PSRs). [Link]
5. FCA, Our approach to payment services and electronic money (PSRs/EMRs approach document). [Link]
6. The Payment Services Regulations 2017 (SI 2017/752) – authorisation, safeguarding and conduct requirements. [Link]
7. FCA, Commercial agent exclusion (CAE) – guidance and limits. [Link]
8. FCA, Scope and exclusions: changes under the PSRs and EMRs (PSD2 narrowed CAE to acting for either payer or payee, not both). [Link]