If you are planning to launch a financial services business in the UK, whether it is a payments firm, investment adviser, e-money institution, or cryptoasset service provider, obtaining authorisation from the Financial Conduct Authority (“FCA”) is a critical step. FCA authorisation not only validates your firm’s legitimacy and credibility but also allows you to legally offer regulated financial products and services in the UK market.
This article provides a detailed overview of the FCA authorisation process, offering practical guidance on how to prepare, apply and maintain your status as an authorised firm.
Why FCA Authorisation Matters
The FCA is the UK’s conduct regulator for around 50,000 financial services firms and markets. Its role is to ensure consumer protection, market integrity and competition. FCA authorisation demonstrates that your firm meets high standards for governance, conduct, prudence and customer protection.
Being authorised:
- Legitimises your operations under UK law
- Enhances customer and investor confidence
- Facilitates access to UK financial markets.
- It is often required for partnerships, banking services, and investment
Who Needs FCA Authorisation?
You need FCA authorisation if you carry out regulated activities as defined in the Financial Services and Markets Act 2000 (FSMA). These include, but are not limited to:
- Advising on investments
- Managing investments
- Dealing in securities
- Arranging credit or mortgages
- Safeguarding and administering client money
- Issuing electronic money (e-money)
- Providing payment services
- Offering cryptoasset services (subject to registration and/or authorisation depending on activities)
Note: Some firms may fall under the Prudential Regulation Authority (PRA) as well, especially banks, building societies and large insurers.
Step-by-Step Guide to FCA Authorisation
- Determine the Type of Authorisation You Need
Start by confirming your regulatory perimeter. PERG guidance can be technical and open to interpretation, especially for new or hybrid models like embedded finance, decentralised finance (DeFi), or tokenised assets. Legal advice or compliance consultancy is strongly recommended to avoid accidental perimeter breaches.
Options include:
- Full Authorisation: For firms conducting regulated activities under FSMA (e.g., investment firms, e-money and payment institutions)
- Registration under the MLRs: For certain cryptoasset businesses, as required under the Money Laundering Regulations (MLRs). Note: This is not the same as full FCA authorisation.
- Variation of Permission (VoP): If your firm is already authorised but wishes to expand its activities.
- Appointed Representative (AR): Appointed Representative (AR): A firm conducting regulated activities under the supervision of an authorised Principal Firm. Following the FCA’s 2021 AR regime review, principal firms face enhanced expectations around due diligence, oversight and reporting. Consider the long-term compliance implications before choosing this route.
Consult the FCA Handbook’s Perimeter Guidance Manual (PERG) to clarify whether your activities are regulated.
- Design a Robust Business Model
Your business model must demonstrate viability and compliance. The FCA expects:
- Clear product/service descriptions
- Target customer segments and markets
- Defined revenue generation strategy
- Governance and organisational structure
- Operational resilience and risk controls
You will be assessed against the below five Threshold Conditions (COND), which relate to business viability, location, effective supervision, resources, suitability and business model.
- Location: Your ‘mind and management’ must be in the UK.
- Effective Supervision: The FCA must be able to supervise your firm adequately.
- Appropriate Resources: Includes financial, technological, and human resources.
- Suitability: Your firm and its controllers must be fit and proper.
- Business Model: Must be viable and not cause consumer harm.
- Prepare Key Documents
The FCA expects a well-documented and transparent application. Common requirements include:
- Regulatory Business Plan
- Compliance Monitoring Programme
- Risk Management Framework
- Outsourcing Policy (if applicable)
- IT and Cybersecurity Controls
- Anti-Money Laundering (AML) Policy
- Capital and Financial Forecasts
- Details of Controllers and Close Links
- Organisational Chart
- Customer Journey Map and T&Cs
- Appoint Fit and Proper Individuals
You must have suitably qualified and experienced personnel. The FCA will assess:
- Senior Management (e.g., CEO, CFO, Head of Compliance)
- Persons performing Senior Management Functions (SMFs) under the Senior Managers & Certification Regime (SM&CR)
- Compliance Officer and Money Laundering Reporting Officer (MLRO): these must meet the ‘fit and proper’ test
Include CVs, references, role descriptions and background checks with your application.
- Submit the Application via FCA Connect
Applications are submitted through the FCA Connect online portal. You’ll need to complete:
- Application forms (e.g., Form A, Form O, Firm Details)
- Supporting documentation uploads
- Fee payment
The application fee varies based on the type of firm and complexity, ranging from £289 to £25,000+.
The FCA is required to determine complete applications within six months, per section 55V of FSMA. For incomplete or deficient submissions, this extends to twelve months. The complexity of your business model, control framework, or prior regulatory engagement can materially impact processing time.
- Engage with the FCA During the Review
Your application will be reviewed by the FCA Authorisations Division, which assesses whether your firm meets the statutory and regulatory expectations. The FCA has stated it will scrutinise applications in sectors such as high-risk investments, cryptoassets, and AR networks more closely in line with recent thematic reviews and its Business Plan priorities.
Once submitted, the FCA typically acknowledges your application within 7 days. The formal review process may take:
- Up to six months if the application is complete and satisfactory
- Up to twelve months if the application is incomplete or raises concerns
Expect queries, information requests and interviews. Be proactive, transparent and responsive.
- Receive Authorisation and Start Trading
Once authorised, your firm will appear on the FCA Financial Services Register and receive a Permission Notice outlining the specific activities you are permitted to conduct.
You must comply with ongoing regulatory requirements from Day 1, including:
- Regulatory reporting (via RegData)
- Compliance reviews and audits
- SM&CR compliance
- AML procedures
- Customer disclosures and complaints handling
- Operational resilience requirements
- Ongoing compliance with Consumer Duty
- Ongoing Obligations
All authorised firms must comply with the FCA’s 11 Principles for Businesses (PRIN), which set out fundamental obligations. These include acting with integrity (Principle 1), treating customers fairly (Principle 6), and being open and cooperative with the FCA (Principle 11). These principles underpin enforcement actions and supervisory expectations.
Common Pitfalls to Avoid
- Incomplete or inconsistent documentation
- Lack of internal compliance infrastructure
- Insufficient capital or financial resources
- Unclear or high-risk business models
- Appointment of underqualified key individuals
- Misunderstanding the boundary between MLR registration and full authorisation
How can Complyport Help?
The FCA authorisation process can be complex. Hiring a compliance consultant can significantly increase your likelihood of success. At Complyport, we guide firms through every step to help you launch confidently and compliantly. Our services include:
- Regulatory Strategy and Scoping: Helping define your regulatory perimeter and advise on the most appropriate authorisation route.
- Business Plan and Policy Drafting: Preparing FCA-ready business plans and key compliance documents to meet regulatory expectations.
- FCA Connect Application Management: Managing the entire application process on your behalf, including form completion, document uploads and FCA liaison.
- SMF and Personnel Support: Assisting with SMF role design, fit and proper assessments and key individual readiness.
- Post-Authorisation Readiness: Setting up your compliance framework to ensure your firm is fully prepared from Day 1 of authorisation.
- Ongoing Compliance Support: Providing retained support, training and regulatory updates to help your firm stay compliant long-term.
Book a Meeting with a Complyport SME
To understand how the FCA authorisation process applies to your firm and get expert guidance on meeting regulatory requirements, book a meeting with a Complyport Subject Matter Expert today.
Ask ViCA, your Virtual Compliance Assistant.
Access instant answers on regulatory changes.
Claim your complimentary 20 queries today! Register here: https://vica.chat
