Authorisation and Registration Applications: Good Practice and Areas for Improvement

On 12 September 2025, the Financial Conduct Authority (FCA) published a review of its authorisation and registration application process titled “Authorisation and registration applications: Good practice and areas for improvement”. The review evaluated over 800 applications across five sectors submitted between January 2022 and June 2023. 

The review reinforces the FCA’s emphasis on ensuring that regulated firms meet the minimum standards and continue to do so on an ongoing basis. This includes robust scrutiny of applications as part of the gateway process. 

Application Success Rates and Issues 

The review revealed that around 1 in 5 applications were either refused, rejected or withdrawn. The FCA noted that in many cases, applications were withdrawn after the regulator raised substantive questions. 

Firms that submitted high-quality applications had typically sought external professional compliance support, which contributed to their successful outcomes. 

What Sets Top Applicants Apart 

From the FCA’s report, the following practices were consistently observed in successful applications: 

Staffing with Strength and Substance 

• Firms conducted their own suitability assessments for key individuals and approved persons, rather than relying solely on external advisers. 

• Ownership structure charts were clear and comprehensive, particularly in cases involving controllers or complex ownership chains. 

• Firms identified anticipated staffing gaps and provided recruitment plans or skills development pathways. 

• Incentive structures were aligned with delivering positive customer outcomes, not solely focused on sales or growth targets. 

Robust Policies, Processes and Controls 

• Business plans aligned with the FCA’s sample templates, ensuring that all relevant components were addressed. 

• Policies clearly outlined governance frameworks for decisions made overseas and how these are reported through UK entities, to ensure appropriate protection for UK consumers. 

• There was a strong alignment between regulated activities and permissions, often supported by legal advice and reference to the FCA’s Perimeter Guidance Manual (PERG). 

• The Consumer Duty was embedded across all policies, systems and control frameworks, demonstrating a holistic approach rather than a tick-box compliance exercise. 

Financial Clarity and Strength 

• Firms utilised FCA-provided templates for financial forecasting and scenario planning, across both retail and wholesale/investment business models. 

• Supporting notes accompanied financial forecasts, detailing assumptions, sources of funding and contingency planning. 

• Historic financial statements were submitted upfront, alongside credible evidence of available funds and arrangements to meet regulatory and prudential requirements (e.g. under MIFIDPRU or the relevant capital adequacy rules). 

Common Pitfalls Firms Should Avoid 

On the other side of the spectrum, the FCA’s report highlights recurring missteps that can delay or weaken applications: 

• Over-reliance on compliance consultants without sufficient internal understanding of regulatory obligations. The FCA expects firms to demonstrate ownership of their compliance frameworks. 

• Lack of clarity when individuals hold multiple roles for example, how “Person A” will allocate time across conflicting or overlapping responsibilities. 

• Insufficient evidence of a meaningful UK presence, such as inability to demonstrate UK-based staff, eligible work status or physical premises. 

• Generic or templated policies that are not tailored to the firm’s actual business model, leading to operational gaps in how compliance is implemented. 

• Emphasis on risks to the firm (e.g. reputational or financial risk) rather than adequately identifying and mitigating risks to consumers, particularly vulnerable customers. 

• Incomplete financial disclosures, including missing historical accounts, inadequate forecasting or failure to demonstrate how regulatory and prudential thresholds (e.g. capital requirements under MIFIDPRU) will be met. 

Why It Matters (Beyond Tick-box Compliance) 

• Time efficiency: Well-prepared submissions reduce prolonged back-and-forth with the FCA, helping to accelerate decision timelines. 

• Reputation: Firms that demonstrate genuine consumer focus and robust internal controls stand out in a competitive market. 

• Risk mitigation: Addressing compliance gaps early on reduces the risk of regulatory enforcement, financial penalties or reputational harm. 

• Trust-building: For customers, counterparties and investors, strong authorisation practices signal a culture of governance, transparency and integrity. 

Practical Takeaways: How to Strengthen Your Application 

Here are actionable steps any firm can take now: 

1. Map out all key roles and prepare a realistic time-allocation plan for individuals with multiple responsibilities. 
2. Use FCA’s templates for business plans and financial forecasts. Ensure assumptions are transparent, especially for “what if” or stress-testing scenarios. 
3. Develop policies tailored to your business model, considering size, services and customer demographics. Include provisions for managing customer vulnerability. 
4. Clearly demonstrate your UK footprint, including physical premises, eligible UK-based staff and leadership presence. 
5. Embed the Consumer Duty across every system, control and decision path, not just within a standalone policy document. 
6. Gather historic financial accounts and evidence of available resources well in advance of submission. Cross-check against applicable prudential requirements (e.g. MIFIDPRU or sector-specific capital thresholds). 

Conclusion: Positioning Yourself for Success 

Firms that treat FCA authorisation as more than a regulatory formality and instead view it as an opportunity to demonstrate robust governance and operational readiness, are the ones that progress more smoothly and with fewer surprises. 

By adopting the good practices outlined in the FCA’s review and proactively addressing common pitfalls, applicants can not only meet the regulator’s standards but also lay strong foundations for long-term compliance and resilience. 

If you are preparing an application, taking stock of these criteria now could save you significant time, cost, and regulatory risk in the future. 

How Can Complyport Help? 

At Complyport, we help firms bridge the gap between insight and implementation, ensuring your resilience strategies are robust, pragmatic and aligned with regulatory expectations. Drawing on the FCA’s latest insights, we can support clients with: 

• Supplier Resilience Reviews: Assessing third-party dependencies, reviewing contracts and testing substitution strategies; 

• Threat-Led Testing Support: Helping firms prepare for CBEST and other penetration test frameworks, ensuring vulnerabilities are identified and managed effectively; 

• Vulnerability Management Frameworks: Designing processes that capture the cumulative effect of smaller weaknesses and integrate intelligence-led prioritisation; 

• AI Risk and Governance: Advising on policies and controls for AI adoption, vendor oversight, and defensive measures against emerging AI-related threats; and 

• Board and Senior Management Briefings: Translating complex cyber risk themes into actionable insights for leadership teams, supporting informed decision-making. 

Ready to Strengthen Your Regulatory Readiness? 

Achieving FCA authorisation is not a one-off task, it requires ongoing commitment to strong governance, regulatory understanding and operational resilience. Whether you’re preparing a new application, varying your permissions or enhancing your compliance framework, Complyport is here to help. 

Book a meeting with one of our Subject Matter Experts today. 

Ask ViCA, your Virtual Compliance Assistant. Claim your complimentary 20 queries today! Register here: https://vica.chat