In Kession, the Supreme Court unanimously confirmed a simple but consequential point: section 39 Financial Services and Markets Act 2000 ("FSMA") does not make principals a universal backstop for everything their Appointed Representatives ("AR") do. Responsibility and liability turn on the scope of business, or part thereof, for which the principal has accepted responsibility in writing (which makes the contractual arrangements between the parties crucial).
Having summarised the case and the outcome in our initial report, this article explores the potential wider impacts arising from Kession including: how principals can limit their responsibility, any other legal claims, the potential impact on FOS decision-making and how principals manage regulatory risk.
We will be publishing a further article in the coming weeks expanding upon how principals manage their regulatory risk and providing practical observations on the regulatory obligations on principals and the direction of travel.
How Principals can limit their responsibility for their ARs
Kession is a reminder that the principal/AR framework does not make a principal universally liable for everything an AR might do. A principal can accept responsibility for only part of an AR’s business.
This does not mean principals can exclude responsibility in all scenarios. The Court of Appeal in Anderson v Sense Network Ltd framed the extent of the responsibility accepted by the principal as a question of distinguishing between 'how' and 'what':
- 'what': relates to the scope of the AR's business for which the principal has accepted responsibility;
- 'how': explains how the business is conducted by the AR.
The dividing line between the 'what' and 'how' is critical.
In relation to the 'what', Kession confirms that restrictions relating to components of a regulated activity (as defined in FSMA) and/or limitations that the FCA can apply under FSMA form part of the 'what' and so can be carved out. For example, restricting the specified activities an AR can carry on, the specified investments with which it can 'deal with', and (as Kession illustrates) the categories of client the AR may service. This is consistent with the FCA’s authorisations, permissions and requirement / limitations regime.
Anderson accepted that a principal could limit the 'part' of the AR's business to prescribed business entered "only through and using Company Agencies" which was defined as “an agency which [Sense Network] maintains or has maintained with an institution”. This appeared to allow principals to limit their responsibility to the use of certain product providers. Practically, this would mean that even where two products are very similar and the difference will have limited/no impact on client outcomes, advice relating to product A could be lawful (and compliant) but advice on product B not. Indeed, technically advice on product B would be a criminal breach of the perimeter. The 'what' was widely drawn.
As an extension, we assume this means principals can choose to only accept responsibility for a limited range of investments within the broader specified investment universe. For example, a principal may limit an AR to arranging/advising on shares traded on a recognised investment exchange (rather than any share). It is crucial the AR agreement is tightly drafted to capture this.
This leaves the question of what amounts to the ‘how’. We expect the following would be examples:
- breaches of the AR agreement which do not go to the 'business' covered by it i.e. the AR must comply with FCA rules; and
- requirements to work from certain establishments or accept or comply with internal approval or monitoring requirements.
Kession also confirmed that a principal can limit its responsibility in scenarios where it has sufficient regulatory permissions e.g. an advice firm with retail client permission can choose to only accept responsibility for advice / regulated activities provided to the professional clients of its AR (if properly captured in the AR agreement).
Any other potential legal claims?
We expect to still see claimants bring claims against principals on the basis of S.138D FSMA where an authorised firm fails to comply with (applicable) FCA rules and that causes them loss. This is a common approach and amounts to a direct claim against the principal's actions or omissions. Indeed, the claimants made such a claim in Kession and the judge declined to provide summary judgment in the circumstances.
Such a claim would be based on a perceived failure to supervise the AR which itself caused the loss (even if any loss arose directly from the actions of the AR). Not all FCA rules can be used to bring such a claim. It is a harder case to make successfully as it will, in essence, require proving the claim against the AR and then the relevant rule breach by the principal (and demonstrating the rule breach caused the loss (along with the other constituent parts of a claim)).
Impact on FOS decision-making?
In our experience, FOS has often 'worked around' Anderson and so may take the same approach to Kession. In theory, FOS should explain when it departs from the legal position. In practice, it will often say either:
- It is deciding cases on a “fair and reasonable” basis rather than on a legal basis (which is not an answer to complaints relating to the FOS jurisdiction); and/or
- Any complaint upholds are based on perceived failings in the principal’s supervision.
Following this judgment, we expect renewed attempts by principals to assert that complaints fall outside the FOS's jurisdiction on the basis that it is not business for which the principal accepted responsibility and, therefore, not within DISP 2.3. DISP 2.3.3G appears to reflect this position, which should reinforce the importance of this distinction to the FOS.
We note this limitation is recognised in HM Treasury’s February 2026 consultation on reforming the appointed representative regime. One of the Treasury's proposals is to extend the FOS's jurisdiction to include ARs for complaints where the principal is not responsible. The consultation confirms that a complaint falls outside of the FOS jurisdiction where "the AR’s conduct giving rise to the complaint falls outside the scope of activities for which the principal is responsible under FSMA 2000, or where responsibility cannot otherwise be established".
This is important as the FOS is more susceptible to judicial review where the challenge is jurisdictional. As we explained in a previous article, although any judicial review is an uphill battle, the prospects improve where the complaint is based on the FOS's jurisdiction rather than on the substantive findings about a complaint. In the right circumstances, and where there is a potentially systemic issue, we expect a principal to pursue that type of challenge in the future.
Of course, it is possible the FOS will look to correct course without such an action and in line with the policy direction of the redress framework reforms. Either way, the FOS's approach is evidently a key area to monitor in the coming months and years.
What do Principals need to do to manage regulatory risk?
FCA expectations of principals have been clarified and increased significantly in recent years, including the recent good and poor practice guidance around managing potential risks from inactive ARs. This decision is unlikely to reduce regulatory expectations (in a post-Consumer Duty world).
Considering the Kession scenario under the Consumer Duty, the FCA would likely expect a principal to have sufficient systems and controls to monitor and ensure its AR is, for example, correctly categorising clients such that it is not dealing with retail clients where is not permitted to do so. In practical terms, the effectiveness of any systems and controls is often reviewed in hindsight after an event causing client loss. In those cases, it can appear the FCA take a 'strict liability' approach (i.e. something has gone wrong, therefore there must be a breach). Evidently, this is not correct, but principals need to be proactive in managing this regulatory risk.
Principals should consider foreseeable harm scenarios and put in place systems and controls to try to address them. From a 'scope of responsibility' perspective, principals will want to consider where an AR may inadvertently (or otherwise) go beyond what the principal has permitted. In the Consumer Duty outcomes-focussed world, we strongly recommend principals record clearly:
- The identified risks of harm and how they may arise;
- Steps taken to mitigate those risks;
- Why those steps are reasonable and sufficiently robust to guard against the identified harm; and
- What monitoring they have implemented (including the MI to indicate this is operating as expected).
The FCA will likely expect these to be included as part of the Board's annual self-assessment.
A warning to ARs: Overstepping is not a technical breach – it is criminal
The Supreme Court reaffirmed that the extent of the AR exemption and the principal's acceptance of responsibility "are coterminous".
This should act as a timely reminder to ARs. It is crucial they treat any limitations set out in their AR agreement with the utmost seriousness. Failing to do so will leave ARs criminally exposed. ARs should more carefully consider what they are permitted to do and, if in doubt, take advice - or steer clear.
Conclusion
The Supreme Court’s decision in Kession puts section 39 back on its statutory footing: principals are liable for what they have accepted responsibility for in writing. This determines where liability sits with principals and where criminal risk for ARs begins.
How we can help
Our combined team of regulatory lawyers and consultants has significant experience in advising principals and ARs on their responsibilities and obligations, including dealing with and conducting Skilled Person reviews.
We were involved throughout the FCA’s thematic review, supporting regulatory hosts with their governance, systems and controls, and prudential regulation. Whether drafting AR agreements or helping principals to document, design, implement and test their systems and controls, we have relevant expertise.
Our financial risks and liability experts regularly defend principals, such as Kession, in FOS and Court claims.
