FSMA s.39 and the AR regime
Section 39 of the Financial Services and Markets Act 2000 is the statutory source of the Appointed Representatives regime. Every Handbook rule that follows (SUP 12, SUP 15, SYSC, DISP, PRIN) sits on top of s.39. The product’s data model treats the s.39 contract as the primary record for every appointment.
The statutory text
Section titled “The statutory text”An Appointed Representative is a person who is party to a contract with an authorised person (the principal) which permits or requires the AR to carry on business of a description prescribed by the Treasury, and for which the principal has accepted responsibility in writing. The legal effect is that the principal is treated as responsible to the same extent as if it had expressly permitted the conduct, for anything done or omitted by the AR within the scope of the appointment.
Consequences of vicarious responsibility
Section titled “Consequences of vicarious responsibility”Three consequences follow directly from the statutory text and they shape the product:
- The principal carries vicarious regulatory responsibility for in-scope AR conduct, including for redress, supervisory action, and FCA enforcement. There is no firewall between AR conduct and principal liability.
- Out-of-scope activity by an AR is the AR’s own problem in formal terms, but the principal is expected to detect and constrain scope creep through the written contract and ongoing oversight. Failure to detect scope creep is itself a supervision failing.
- Section 39 does not prescribe how supervision is performed. That detail sits in SUP 12 (the AR rulebook), SYSC (systems and controls), and the sector conduct sourcebooks. Section 39 sets the consequence; the Handbook sets the method.
The first consequence drives the product’s central premise. A principal firm that cannot evidence supervision cannot defend its s.39 position. The product’s design philosophy is that every supervisory act is recorded, attributed, and retrievable, so the s.39 defence is reconstructable on demand.
How the product encodes the s.39 contract
Section titled “How the product encodes the s.39 contract”Every appointment record in the AR register is a structured representation of the s.39 contract. The fields the product captures from the contract:
| Field | Source in s.39 / SUP 12 | Product surface |
|---|---|---|
appointmentType: "AR" | "IAR" | Distinguishes full ARs from introduction-only IARs (SUP 12.2) | AR register, AR detail header badge |
permissions[] | The regulated activities the principal has accepted responsibility for | AR detail Overview tab, permissions matrix |
regulatedActivities | The Treasury-prescribed business descriptions in scope | Permissions chips on the register row |
exclusivity | Whether the AR may act for other principals (SUP 12.4 due diligence) | AR detail Overview tab |
contractSignedAt | Date of the latest written agreement | AR detail Overview tab, annual review packet |
contractCurrentVersionRef | Reference to the current contract document on file | AR detail Documents tab |
The annual fitness review packet renders the current contract version on file and flags overdue refreshes. The breach triage queue uses permissions[] to flag activity outside the scope of the appointment as a SUP 15 immediate notification trigger.
What s.39 does not say
Section titled “What s.39 does not say”Section 39 does not set a supervisory cadence, a record-retention period, a breach reporting deadline, or a fitness threshold. Those are Handbook rules and they live in their own pages in this chapter. The product’s design separates the s.39 layer (the contract record) from the operational supervision layer (everything built on top of it).