FCA Authorisation

Authorised vs Small Payment Institution: which do you need

Compare authorised vs small payment institution status under the PSRs 2017: the EUR 3 million threshold, capital, safeguarding and how to choose.

8 min read Published 17 Jul 2026
Authorised vs Small Payment Institution: which do you need

Anyone planning to provide payment services in the United Kingdom must sit somewhere inside the Payment Services Regulations 2017. For most new firms the first strategic decision is whether to become an authorised payment institution (API) or to register as a small payment institution (SPI). The two routes carry very different obligations, costs and growth ceilings, so getting the choice right at the outset saves time, money and a possible forced re-application later.

The headline that separates the two is a volume figure. Registration as a small payment institution is only open to firms whose monthly average of total payment transactions, over the 12 months preceding the application, does not exceed EUR 3 million. Cross that line, or expect to, and full authorisation becomes mandatory rather than optional. Around that single threshold sit a set of differences in initial capital, safeguarding, permitted services and reach.

This guide explains the authorised vs small payment institution distinction using the primary rules in the Payment Services Regulations 2017 and the FCA's approach document. It is educational rather than regulatory advice, and it is written to help founders, finance teams and compliance leads frame the decision before they engage with the detail of an application.

The two regimes at a glance

The Payment Services Regulations 2017 create a single perimeter for payment services and then split firms that need permission into two categories. An authorised payment institution is fully authorised by the FCA and can provide the whole range of payment services without a volume ceiling. A small payment institution is registered rather than authorised, operates under a lighter-touch regime, and is capped by the EUR 3 million monthly average transaction limit.

Both categories capture the same underlying activities, such as executing payment transactions, issuing payment instruments, acquiring payment transactions and money remittance. The difference is not usually what you do, but how much you do it and how much regulatory weight the FCA places on your firm as a result.

For a firm testing a proposition, a small payment institution registration can be an efficient way to launch. For a firm that already expects to scale beyond EUR 3 million a month, or that needs to offer account information or payment initiation services, full authorisation is the only viable route. The rest of this article works through the specific points of difference so you can map your own plan onto the correct regime.

It helps to think of the SPI route as a proportionate entry point and the API route as the full-scope permission. Understanding where your business model lands, and where it is heading, is the core of the Nasara Authorise planning process.

The EUR 3 million threshold explained

The defining condition sits in regulation 14 of the Payment Services Regulations 2017. To register as a small payment institution, the monthly average over the 12 months preceding the application of the total amount of payment transactions executed by the applicant, including any of its agents in the United Kingdom, must not exceed EUR 3 million. This is an average across the period, not a single-month cap, so a firm can have busier and quieter months provided the rolling average stays inside the limit.

New firms are not excluded simply because they lack a trading history. Where an applicant has yet to commence providing payment services, or has been providing them for less than 12 months, the monthly average may be based on a projected total over a 12 month period. That projection needs to be realistic and evidenced, because it becomes the basis on which the FCA assesses eligibility for the lighter regime.

The threshold is a live condition, not a one-off entry test. Under regulation 16, a small payment institution that no longer meets the conditions for registration, for example because it has breached or expects to breach the EUR 3 million average, must apply for authorisation as a payment institution within 30 days in order to keep operating. Growth therefore forces an upgrade, and firms that anticipate rapid scaling often decide to apply for full authorisation from the start to avoid a disruptive mid-flight change.

Because the limit is expressed in euros while most UK firms report in sterling, monitoring it in practice means tracking your transaction volumes carefully and converting on a consistent basis. Building that monitoring into your systems from day one is a sensible operational discipline whichever regime you choose.

Initial capital requirements

Authorised payment institutions must hold a minimum amount of initial capital, set out in Schedule 3 to the Payment Services Regulations 2017. The amount depends on the services the firm provides. For money remittance only, the requirement is EUR 20,000. For payment initiation services, it is EUR 50,000. For the broader payment services, such as executing payment transactions and acquiring, the requirement is EUR 125,000.

Where a firm provides more than one category of service, Schedule 3 requires it to hold the greater of the corresponding amounts rather than adding them together. A firm offering both money remittance and payment execution, for example, would look to the higher EUR 125,000 figure. Beyond initial capital, authorised institutions must also maintain ongoing own funds calculated under the methods in the regulations, so the initial figure is a starting point rather than the full prudential picture.

Small payment institutions are not subject to these initial capital requirements. This is one of the most tangible advantages of the SPI route and a key reason firms testing a model at modest volumes find it attractive. The trade-off is the volume ceiling and the narrower scope of permitted services, which we cover below.

Capital is a factor that firms sometimes underestimate, because the initial figure must be genuinely available and evidenced, and the ongoing own funds requirement grows with the business. Modelling both the initial and the ongoing position early is part of a realistic authorisation plan.

Safeguarding customer funds

Safeguarding is the mechanism that protects customers' money if a payment firm fails. Under regulation 23 of the Payment Services Regulations 2017, authorised payment institutions must safeguard relevant funds, meaning sums received from or for the benefit of a payment service user for the execution of a payment transaction.

The regulations set out two broad methods. The first is segregation: keeping relevant funds separate from the firm's own money, placing them in a separate account with an authorised credit institution or the Bank of England, or investing them in secure, liquid assets held with an authorised custodian. The second is insurance or guarantee: covering the relevant funds with an insurance policy or a comparable guarantee from an authorised insurer or authorised credit institution. A firm may also use a combination of the two methods for different portions of funds.

For small payment institutions the position is different. Safeguarding under regulation 23 is not mandatory for an SPI, although a small payment institution may choose to safeguard and, if it does, it receives the same protections. Many SPIs safeguard voluntarily because it reassures customers and partner banks, but it is a choice rather than a strict legal requirement for the registered regime.

The FCA has consistently treated safeguarding as a priority supervisory area, and its approach document sets clear expectations about reconciliations, governance and record keeping. Firms in both regimes benefit from designing robust safeguarding arrangements rather than treating them as a box to tick.

Permitted services and reach

Scope of services is a hard line between the two regimes. Regulation 14 provides that a small payment institution's business must not include the provision of account information services or payment initiation services. These open banking activities are reserved for firms that are authorised or, for account information services alone, registered as an account information service provider. A firm whose proposition depends on aggregating account data or initiating payments cannot sit inside the SPI regime.

Reach is the other structural difference. Authorised payment institutions have historically been the category able to exercise passport rights under the regulations, whereas registration as a small payment institution has always been a domestic permission. In the current post-Brexit environment, UK firms can no longer passport into the European Economic Area at all, and the temporary regimes that allowed EEA firms to operate in the UK have now ended. In practice this means neither regime offers automatic EEA access today, and any firm planning cross-border activity will need to consider local authorisation in each relevant market.

There is also a reputational and commercial dimension. Some banking partners, card schemes and larger corporate clients prefer to work with fully authorised institutions because of the deeper prudential and conduct requirements that authorisation implies. Firms should weigh these market expectations alongside the strict legal differences.

Taken together, permitted services and reach often decide the question on their own. If your model needs open banking permissions, full authorisation is the route, and the volume and capital comparisons become secondary.

FeatureAuthorised Payment Institution (API)Small Payment Institution (SPI)
Transaction volume thresholdNo volume ceiling on payment transactionsMonthly average of total payment transactions must not exceed EUR 3 million (regulation 14)
Initial capitalEUR 20,000 (money remittance), EUR 50,000 (payment initiation), or EUR 125,000 (execution and acquiring), per Schedule 3No initial capital requirement under the regulations
SafeguardingMandatory under regulation 23 (segregation or insurance/guarantee, or a combination)Not mandatory; may safeguard voluntarily and receive the same protections
Account information and payment initiation servicesPermitted where authorised for those activitiesProhibited (regulation 14 excludes AIS and PIS)
Reach / passportingHistorically the category able to exercise passport rights; UK-EEA passporting has since ended post-BrexitDomestic registration only; never carried passport rights
FCA statusFully authorised by the FCARegistered with the FCA under a lighter-touch regime
Authorised Payment Institution (API) vs Small Payment Institution (SPI) under the Payment Services Regulations 2017

How to decide which route fits your firm

Start with volume. Estimate your realistic monthly payment transaction values over the first 12 to 24 months. If your projected monthly average comfortably stays below EUR 3 million and shows no near-term sign of crossing it, the SPI regime may be a proportionate way to launch. If you expect to exceed the limit, applying for full authorisation from the outset avoids the 30 day upgrade obligation that a breach would trigger.

Then test scope. Ask whether your proposition requires account information services or payment initiation services. If it does, the SPI route is closed to you and full authorisation is the answer regardless of volume. Map every activity in your product roadmap against the permitted services, not just your launch feature set.

Finally, weigh capital, safeguarding and commercial expectations. The SPI regime avoids the initial capital requirement and does not make safeguarding mandatory, which lowers the barrier to entry. The API regime carries higher upfront and ongoing requirements but signals maturity to banks, schemes and clients and removes the volume ceiling entirely. Many firms find that the combination of growth ambition and partner expectations points them to full authorisation even where the SPI route would technically be available.

Whichever way the analysis points, document your reasoning and build the monitoring and controls that your chosen regime demands. Structured planning around these questions is exactly what the Nasara Authorise approach is designed to support.

1
Estimate transaction volume
Project your monthly average payment transaction value and test it against the EUR 3 million SPI threshold.
2
Check service scope
Confirm whether your model requires account information or payment initiation services, which are closed to SPIs.
3
Assess initial capital
Establish whether you can meet the API initial capital of EUR 20,000, EUR 50,000, or EUR 125,000 depending on your services.
4
Plan your safeguarding
Decide your safeguarding approach, noting it is mandatory for APIs and voluntary for SPIs.
5
Choose and build controls
Factor in growth ambitions and partner expectations, then select the correct regime and build matching controls.

Conclusion

The authorised vs small payment institution decision comes down to volume, scope, capital and ambition. The EUR 3 million monthly average threshold is the gateway to the lighter SPI regime, while the restrictions on open banking services and the absence of a growth ceiling frequently push scaling firms towards full authorisation. Understanding these differences from the primary rules, rather than from summaries, lets you choose the regime that fits both today's model and tomorrow's plans.

This article is educational and does not constitute regulatory advice. Firms should read the Payment Services Regulations 2017 and the FCA's approach document in full, and consider tailored support, before committing to an application. Getting the route right at the outset is one of the highest-leverage decisions a new payments firm can make.

Frequently asked questions

What is the main difference between an authorised and a small payment institution?

An authorised payment institution is fully authorised by the FCA with no ceiling on payment transaction volumes, while a small payment institution is registered under a lighter-touch regime and is capped by the EUR 3 million monthly average transaction threshold in regulation 14 of the Payment Services Regulations 2017.

What is the EUR 3 million threshold for a small payment institution?

To register as a small payment institution, the monthly average over the 12 months preceding the application of the total amount of payment transactions executed by the applicant, including its UK agents, must not exceed EUR 3 million. New firms may base this on a projected 12 month figure.

How much initial capital does an authorised payment institution need?

Under Schedule 3 to the Payment Services Regulations 2017, the initial capital is EUR 20,000 for money remittance, EUR 50,000 for payment initiation services and EUR 125,000 for services such as payment execution and acquiring. Where several services are provided, the firm holds the greater applicable amount.

Do small payment institutions have to safeguard customer funds?

Safeguarding under regulation 23 is mandatory for authorised payment institutions but not for small payment institutions. An SPI may choose to safeguard voluntarily and, if it does, it receives the same protections. Many SPIs safeguard by choice to reassure customers and banking partners.

Can a small payment institution offer open banking services?

No. Regulation 14 provides that a small payment institution's business must not include account information services or payment initiation services. A firm whose proposition depends on these open banking activities must seek full authorisation instead of SPI registration.

What happens if a small payment institution exceeds the EUR 3 million limit?

Under regulation 16, a small payment institution that no longer meets the conditions for registration, including breaching or expecting to breach the EUR 3 million average, must apply for authorisation as a payment institution within 30 days to continue operating.

Ready to move money with confidence?

Nasara Authorise helps UK firms send and control payments with lower fees, better rates and full visibility.

Talk to an expert
Keep reading

More insights you will like.

Stay ahead of the curve

Practical guides and updates for UK firms, straight to your inbox.

Secure by designBank-grade security and encryption
Built for UK firmsMade for FCA-regulated businesses
Data protectedYour data stays private and controlled
Global reachCross-border payments worldwide