Section 165 Requests: What they are and why they matter

Written By Stefania Cirignano

We have observed the FCA increasingly using Section 165 (s165) information requests across all sectors as a means to obtain information that is not captured through firms' usual regulatory reporting. There can be several reasons for this, including: 

  • Routine oversight – gaining a deeper understanding of emerging risks that standard reports do not fully cover, for example wealth management s165 requests. 

  • Follow-up on previous data submissions – for instance, a notable increase in PEP (Politically Exposed Persons) relationships reported in your REP-CRIM. 

  • Thematic reviews – where the FCA is examining a broader industry issue such as the treatment of vulnerable customers, involvement in crypto-related activities, or pricing practices. 

  • Red flags – such as whistleblower reports, complaints, or adverse media coverage. 

Receiving a Section 165 request from the Financial Conduct Authority (FCA) is not a random event. It typically signals the regulator’s intention to gain a deeper understanding of your firm’s activities—or to investigate a particular concern. 

Under Section 165 of the Financial Services and Markets Act 2000 (FSMA), the FCA (or Prudential Regulation Authority) has the authority to require regulated firms or individuals to provide specific information or documents. These requests are formal and statutory in nature. They are usually delivered by letter or email and clearly outline: 

  • The legal basis for the request (i.e., “under s165 FSMA 2000”), 

  • The specific documents or information required, 

  • A deadline for compliance, and 

  • Potential penalties for non-compliance. 

Why It Matters 

In our experience, these requests can sometimes be a precursor to more intensive scrutiny. Recently, we have supported clients through Skilled Person (Section 166) reviews, each triggered by an initial Section 165 request. 

The information you provide under a Section 165 request is often used to benchmark your firm against its peers. We have also seen cases where firms have been placed under increased supervision when the data submitted was found to be an outlier compared to industry norms. 

This is why it is critical to carefully check the request and ensure the response is accurate. 

We have seen instances where firms only realised after the fact that the data they submitted was incorrect—at which point you are already in the regulatory spotlight. Mistakes at this stage can significantly increase the risk of further scrutiny, regulatory action, or reputational damage. 

How to Respond 

If you receive a s165 request, it’s vital to: 

  • Understand the scope and intent: Read the request carefully. Understand exactly what is being asked, what period it covers, and why the FCA might be asking for this information. 

  • Appoint internal owners: Assign clear responsibility for pulling together the response—ideally someone senior who can oversee the quality and accuracy of the information. 

  • Engage legal, compliance, and risk teams early: These teams can help interpret the request properly, spot any risks, and ensure that the submission is accurate, complete, and well-articulated. 

If you need expert support in managing a Section 165 request, we’re here to help. Reach out to us at contact@avyse.co.uk

Stefania Cirignano
Next

OPBAS SAR Project Phase 1 Findings: What They Mean for PBSs