Letter of Authority (England & Wales)

A Letter of Authority in the United Kingdom authorises a named attorney to act for the donor and sets the limits of the powers granted, and takes its legal force from the Mental Capacity Act 2005.

In English law, the Letter of Authority is grounded in the law of agency. Under common law agency principles, a principal may authorise an agent to act on their behalf, and acts done by the agent within the scope of that authority bind the principal as if the principal had acted personally. The Letter of Authority is the written expression of that authorisation; it notifies the third party (such as a bank, HMRC, the NHS, or a local authority) that a specific individual has been appointed to act and defines the scope of their authority.

Letters of Authority are used across a vast range of contexts in England and Wales. In banking, a Third Party Bank Mandate (which is the form-specific equivalent used by most high street banks) authorises a person to operate a bank account, view statements, and in some cases make payments or transfers on the account holder’s behalf. In tax, a Letter of Authority submitted to HMRC (or completed using HMRC’s Agent Authorisation service) enables an accountant, tax adviser, or family member to discuss and manage tax affairs on the taxpayer’s behalf. In healthcare, a Letter of Authority enables a carer, family member, or advocate to discuss a patient’s care with their GP, hospital, or other healthcare provider (subject to the Caldicott Principles and data protection requirements). In property matters, a Letter of Authority may enable a solicitor or estate agent to communicate with conveyancers, councils, or utility companies on a property owner’s behalf.

A Letter of Authority is distinct from a Power of Attorney (POA) and a Lasting Power of Attorney (LPA). Unlike a POA (which is executed as a deed and confers broad legal authority, often including the power to enter into contracts or transfer property), a Letter of Authority is typically narrower in scope, less formal, and revocable at will. Unlike an LPA under the Mental Capacity Act 2005 (which must be registered with the Office of the Public Guardian and is designed for use when the donor lacks mental capacity), a Letter of Authority is used while the principal retains full legal capacity.

The UK GDPR and Data Protection Act 2018 are directly relevant to Letters of Authority. When an organisation discloses personal data about the principal to the authorised person in reliance on the Letter, it is processing personal data and must have a lawful basis for doing so. The principal’s explicit consent, expressed in the Letter of Authority, provides that lawful basis.

A Letter of Authority is needed whenever a person in England and Wales wishes to authorise another individual or organisation to act on their behalf for a specific purpose, without resorting to the formality and expense of a Power of Attorney. The situations calling for a Letter of Authority are extremely diverse.

Banking and financial services are among the most common uses. Account holders who are temporarily abroad, hospitalised, or otherwise unable to manage their own finances may use a Letter of Authority (or the bank’s equivalent Third Party Mandate form) to authorise a trusted family member, carer, or adviser to access their account, check balances, set up standing orders, or deal with queries. Banks and building societies have strict identity verification procedures and will typically require the letter to be signed in branch or accompanied by certified identification documents.

HMRC and tax matters frequently require Letters of Authority. A taxpayer who wishes to appoint an accountant, tax agent, or family member to deal with HMRC on their behalf must provide authority in the appropriate form. HMRC operates an online Agent Authorisation service (64-8 forms) for professional agents, but for informal family arrangements a signed Letter of Authority is often accepted for correspondence and enquiries.

Medical and healthcare situations often require authority letters. A patient may authorise a carer, spouse, or adult child to speak to their GP, hospital, or care home on their behalf, to receive information about their condition and treatment, and to make decisions within the scope of the authority. Healthcare providers are bound by the Caldicott Principles and the UK GDPR, and will only disclose information to an authorised person if the patient has given valid consent or if another lawful basis applies.

Local authority and public sector matters also frequently require Letters of Authority: for example, authorising someone to collect housing benefit payments, deal with council tax queries, manage a blue badge application, or correspond with social services on the principal’s behalf.

Property and conveyancing matters sometimes require Letters of Authority to enable a solicitor, surveyor, or estate agent to communicate with local councils, utility companies, or the Land Registry on a property owner’s behalf, particularly where the owner is abroad or unavailable.

Business and commercial situations include authorising an employee to act on a company’s behalf in dealings with suppliers, customers, or public authorities, or authorising a solicitor or agent to negotiate contracts or attend meetings as the company’s representative.

End-of-life and bereavement planning may also call for a Letter of Authority: an elderly person may grant authority to a trusted family member to begin engaging with financial institutions, pension providers, or insurers before a formal Grant of Probate is obtained, where the institution is willing to accept such authority for preliminary discussions.

A well-drafted Letter of Authority for use in England and Wales must contain certain essential elements to confirm that it is accepted by the recipient, protects all parties, and is effective within the applicable legal framework.

Clear identification of the principal is fundamental. The full legal name, address, date of birth (or other identifying information such as a national insurance number, account number, or passport number), and contact details of the principal must be stated clearly. This enables the recipient organisation to verify that the letter relates to the correct individual and to match it to the appropriate records.

Clear identification of the authorised person is equally important. The full legal name, address, contact number, and identification details of the authorised person must be stated. Some organisations require the authorised person’s date of birth or passport number to verify their identity when they present the letter in person. The relationship between the principal and the authorised person (son, solicitor, accountant, friend, employee) is useful context.

Identification of the recipient narrows the authority to the intended organisation or person and prevents the letter from being used as a general authorisation to disclose information. Where possible, the specific department or team should be identified (for example, “Personal Banking Customer Services”) and any relevant account or reference numbers should be stated.

The scope of authority must be defined with precision. The letter should list, specifically and exhaustively, every action the authorised person is permitted to take on the principal’s behalf. General wording such as “to act in all matters on my behalf” is likely to be interpreted narrowly or rejected by cautious organisations. Instead, the letter should state precisely what is authorised: “to access statements, enquire about balances, cancel standing orders, and give instructions for payments up to £1,000” is more effective than “to manage my account”.

Express limitations on authority add a further layer of protection. Where the principal does not want the authorised person to have full authority over all matters (for example, where they may access information but not make withdrawals), stating the limitations expressly prevents misuse and protects the principal from being bound by unauthorised acts.

A data protection consent clause is essential for any letter that will result in the disclosure of personal data from the recipient to the authorised person. The clause should identify the categories of personal data to be shared, the purpose for which they will be shared, and confirm that the consent is given freely, specifically, informedly, and unambiguously, as required by the UK GDPR.

A duration clause should specify whether the authority is open-ended (valid until revoked in writing), limited to a fixed period (with start and end dates), or one-off (for a single transaction or purpose). Many organisations prefer time-limited authorities for security reasons, particularly for banking mandates.

A revocation clause confirms that the principal may revoke the authority at any time by written notice, and that revocation takes effect from the date of receipt of the notice by the recipient.

A witness block, while not legally required for a Letter of Authority, is requested by many organisations as an additional safeguard against fraud. The witness should be an independent adult who is not related to the principal or the authorised person.

A governing law statement confirms that the letter is governed by the laws of England and Wales, which is important where the letter may be used across different legal jurisdictions within the UK.

Under the Companies Act 2006, Companies House maintains the register of UK companies. Section 386 of the Companies Act 2006 sets accounting record obligations. The Competition and Markets Authority (CMA) enforces the Consumer Rights Act 2015. The Financial Conduct Authority (FCA) regulates financial services under the Financial Services and Markets Act 2000. The High Court of Justice has jurisdiction under the Senior Courts Act 1981. The forms-legal.com Letter of Authority (England & Wales) template covers the mandatory elements under Companies Act 2006.