What legal considerations must UK businesses address when providing financial services through mobile applications?

11 June 2024

In today's digital age, mobile applications have become an essential component of daily life, with many businesses leveraging these to provide a variety of services. Among the most popular are financial services. From banking and investing to financial planning and tax preparation, mobile apps are transforming the way businesses offer financial solutions. However, with this digital revolution comes a myriad of legal considerations that UK businesses must address in line with the law and regulations. This article aims to shed light on those key considerations.

Data Protection and Privacy Laws

The advent of mobile financial services has heralded an era where vast amounts of personal and sensitive data are transferred and stored digitally. This data includes customer names, addresses, and financial information – all of which must be handled with utmost care.

It's crucial for businesses to comply with the UK's Data Protection Act 2018, which aligns with the General Data Protection Regulation (GDPR). This law mandates companies to acquire explicit consent from consumers before collecting, processing, or storing their personal data. It also necessitates businesses to implement robust security measures to protect this data from breaches.

In addition, businesses must comply with the Privacy and Electronic Communications Regulations (PECR), which sets rules for electronic communications. For instance, businesses must inform users about cookies and obtain their consent to use them. Furthermore, the PECR outlines guidelines for direct marketing, obliging businesses to respect consumers' wishes if they opt-out of marketing communications.

Consumer Protection Regulations

Another pivotal legal consideration is the Consumer Rights Act 2015, which strengthens consumer protection in relation to digital content, including mobile applications. This Act stipulates that digital content must be of satisfactory quality, fit for purpose, and as described.

As financial services businesses, you have to ensure your mobile applications meet these criteria and do what they are meant to. For example, a banking app should allow customers to smoothly conduct transactions without errors or crashes. If the app fails to deliver its promised services, it could be seen as not fit for purpose, leaving the business liable under this Act.

Moreover, the Financial Conduct Authority (FCA) regulates the conduct of financial services firms. Its rules require firms to treat customers fairly and provide clear, fair, and not misleading information about financial products and services. Hence, businesses must ensure their mobile apps comply with these rules.

VAT and Digital Services Rules

With respect to digital services, businesses must comply with the VAT rules for electronically supplied services. In the UK, these services are subject to the standard VAT rate, which currently stands at 20%.

However, the VAT rules differ for business-to-business (B2B) and business-to-consumer (B2C) supplies. For B2B supplies, the VAT is usually accounted for by the customer, under the reverse charge mechanism. On the other hand, for B2C supplies to consumers in other EU Member States, the VAT is due in the consumer's country, and businesses must register for the VAT Mini One Stop Shop (MOSS) to report and pay the VAT.

Regulatory Compliance for Fintech Apps

Typically, financial services offered via mobile apps fall under the fintech category. In the UK, fintech businesses are subject to regulation by the FCA. The FCA has stringent rules and regulations pertaining to fintech businesses, which are designed to protect consumers and maintain the integrity of the financial services industry.

For instance, businesses that offer mobile payment services must comply with the Payment Services Regulations 2017. These regulations set out requirements for authorization or registration, conduct of business, and safeguarding of customers' funds.

Another key regulatory consideration for fintech businesses is the Electronic Money Regulations 2011. This legislation governs businesses that issue electronic money, for example, businesses that enable customers to store funds in a digital wallet on their mobile app.

Intellectual Property Rights

Finally, intellectual property (IP) rights are another key legal consideration for businesses providing financial services through mobile apps. These rights encompass the ownership and protection of unique ideas, designs, or concepts used in the app.

Businesses must ensure that their app does not infringe upon the IP rights of other entities. This includes the app's name, logo, user interface design, and underlying code. At the same time, businesses should take steps to protect their own IP rights, for instance, by registering trademarks or copyright, as applicable.

In conclusion, as businesses continue to innovate and offer financial services through mobile apps, it is paramount to be aware of these legal considerations. Ensuring compliance with these laws and regulations not only serves to protect businesses from legal repercussions but also builds trust with consumers, which is key to long-term success in the digital financial services landscape.

Anti-Money Laundering and Counter-Terrorist Financing Regulations

When it comes to financial services, it's imperative to take note of the UK laws relating to anti-money laundering and counter-terrorist financing. These regulations are particularly relevant for businesses that provide payment services or facilitate transactions of any kind.

Under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, businesses are required to carry out risk assessments, establish internal policies, and conduct due diligence on customers. This includes verifying the identity of customers, monitoring their transactions, and reporting any suspicious activity to the National Crime Agency.

In the context of mobile applications, businesses must ensure they have robust systems in place for data processing, which can effectively detect and prevent money laundering or terrorist financing. Besides, they need to consider data portability rules to allow customers to transfer their personal data from one service provider to another safely and securely.

Moreover, businesses should be aware of the Fifth Anti-Money Laundering Directive (5AMLD), which extends these regulations to virtual currencies. If your app involves any form of cryptocurrency, you must adhere to the same rules as traditional financial services.

Machine Learning and Artificial Intelligence

The application of machine learning and artificial intelligence (AI) in financial services mobile applications is an emerging trend. These technologies can significantly enhance user experience and operational efficiency. However, they also present unique legal considerations.

One such concern is the need to maintain transparency and explainability in decision-making processes. Under the GDPR, individuals have a right to receive an explanation about decisions made solely based on automated processing, including profiling. This is particularly relevant when AI is used for credit scoring or investment advice.

It's also crucial to consider the ethical implications of using AI. Businesses should conduct an AI Impact Assessment, similar to a Data Protection Impact Assessment, to identify and mitigate any potential risks associated with the use of AI.

Furthermore, while using third-party AI solutions, businesses must ensure that they comply with all relevant laws and regulations. They should also consider the potential legal and reputational risks associated with data breaches or misuse of AI.


In the evolving landscape of financial services provision through mobile applications, businesses must navigate a complex web of regulatory requirements. From data protection and consumer rights to VAT rules and anti-money laundering regulations, businesses must be proactive in understanding and complying with the law.

Moreover, with the advent of emerging technologies like machine learning and AI, businesses must also grapple with additional legal and ethical considerations. The key to successfully navigating these challenges lies in staying informed, seeking legal advice where necessary, and always prioritising the interests of the consumer.

The digital revolution has indeed transformed financial services. However, with this transformation comes increased scrutiny and regulation, underscoring the importance of legal compliance. By doing so, businesses can not only avoid potential legal pitfalls but also foster a sense of trust and reliability with their customers, which is crucial for success in the digital age.