FCA Authorisation: A Practical Checklist

Before any substantive work begins on an authorisation application, firms must undertake a rigorous analysis of their intended business activities and the corresponding regulatory permissions required. This exercise demands more than a cursory review of the FCA Handbook's Regulated Activities Order. It requires a granular understanding of how the firm's products, services, and operational model interact with the regulatory framework.

The consequences of incorrectly scoping permissions can be severe. Firms that apply for insufficient permissions may find themselves unable to conduct planned activities, necessitating subsequent variation of permission applications that introduce delays and additional costs. Conversely, firms that apply for broader permissions than their business model requires face heightened regulatory expectations and capital requirements that may prove commercially challenging.

Consider, for example, a firm intending to offer payment services. The distinction between operating as an Authorised Payment Institution under the full regulatory regime versus a Small Payment Institution with simplified requirements carries significant implications for capital, safeguarding arrangements, and ongoing compliance obligations. Similarly, firms contemplating e-money issuance must carefully assess whether their activities genuinely require e-money authorisation or whether payment institution permissions would suffice.

The FCA expects applicants to demonstrate a sophisticated understanding of their regulatory perimeter. This means articulating not only what activities the firm intends to conduct, but also explaining why certain adjacent activities fall outside the scope of the application. Where the regulatory classification of particular products or services is ambiguous, proactive engagement with the FCA's Perimeter Enquiries team is advisable before submitting the application.

The FCA's assessment of governance arrangements has intensified considerably following the introduction of the Senior Managers and Certification Regime. Applicant firms must demonstrate that their governance architecture provides for effective oversight, clear accountability, and appropriate challenge at every level of the organisation. This is not an area where template structures or generic descriptions will satisfy the regulator's expectations.

The composition of the board merits particular attention. The FCA expects to see directors with relevant experience and expertise, including individuals with demonstrable backgrounds in the specific regulated activities the firm intends to conduct. For firms seeking authorisation in complex areas such as investment management or derivatives trading, the absence of directors with direct sector experience will likely prompt significant regulatory questioning.

Non-executive directors play an increasingly important role in the FCA's assessment framework. The regulator looks for evidence that non-executives provide genuine independent challenge rather than serving merely as formal appointments. This means demonstrating that non-executives have sufficient time commitment to the firm, relevant expertise to scrutinise management decisions, and genuine independence from executive management and significant shareholders.

The Senior Managers Regime requires firms to allocate prescribed responsibilities to identified individuals. For authorisation applicants, this means preparing comprehensive Statements of Responsibilities that clearly delineate who is accountable for each aspect of the firm's operations. The FCA will scrutinise these allocations for gaps, overlaps, and evidence that responsibilities have been assigned to individuals with appropriate capability and capacity.

Management information arrangements warrant detailed explanation in the application. The FCA expects to understand how information flows from operational levels to the board, what key risk indicators are monitored, and how escalation processes function when issues arise. Firms that present mature MI frameworks at the authorisation stage signal their commitment to effective governance.

The regulatory business plan sits at the heart of any authorisation application. This document must achieve a delicate balance: providing sufficient detail to demonstrate thorough planning whilst remaining sufficiently concise to facilitate regulatory review. The most effective business plans are those that anticipate and address the questions that FCA case officers will inevitably raise.

Revenue model articulation requires particular care. The FCA needs to understand not only how the firm intends to generate income, but also whether these revenue streams are sustainable and whether they create any conflicts of interest or conduct risks. For firms operating fee-based models, the pricing structure and its impact on different customer segments must be explained. For firms relying on transactional revenues, the volume assumptions underlying financial projections must be justified with reference to market data or demonstrable customer demand.

Financial projections must extend over a minimum three-year horizon and include detailed profit and loss forecasts, balance sheet projections, and cash flow analyses. The FCA scrutinises these projections for realism, paying particular attention to customer acquisition costs, staff cost growth, and technology investment requirements. Projections that show rapid growth to profitability without adequate justification will attract sceptical review.

Scenario analysis and stress testing demonstrate the sophistication of a firm's financial planning. The application should include sensitivity analyses showing how the firm would perform under adverse conditions, whether arising from market factors, operational challenges, or delays in achieving projected growth. The FCA expects to see that firms have considered downside scenarios and have identified the actions they would take to preserve viability.

Capital adequacy receives detailed attention from the regulatory assessors. The application must demonstrate that the firm meets its initial capital requirement and will maintain adequate capital throughout the projection period. For firms subject to variable capital requirements based on business volumes, the projections must show how capital will be managed as the business scales. Firms should also address their approach to capital buffers beyond minimum requirements, recognising that operating at regulatory minimums leaves no margin for unexpected losses or growth opportunities.

The FCA's assessment of systems and controls has evolved substantially in recent years, reflecting the increasing operational complexity of financial services and the growing prevalence of technology-enabled business models. Applicant firms must present a comprehensive control framework that addresses operational risk, technology risk, financial crime risk, and conduct risk.

Operational risk management arrangements should reflect the specific nature of the firm's business activities and risk profile. This means identifying the key operational risks to which the firm will be exposed and explaining the controls implemented to mitigate each risk. Generic risk and control descriptions are insufficient; the FCA expects to see evidence that the firm has undertaken a genuine risk assessment and designed controls that address identified exposures.

Technology arrangements warrant detailed explanation, particularly for firms whose business models rely heavily on digital platforms or automated processes. The application should address system architecture, data security arrangements, disaster recovery capabilities, and change management processes. For firms using third-party technology providers, the due diligence conducted on these providers and the contractual arrangements governing these relationships must be explained.

Financial crime controls represent a critical area of regulatory focus. The application must include comprehensive anti-money laundering policies and procedures, sanctions screening arrangements, and fraud prevention measures. The FCA expects these controls to be proportionate to the firm's customer base, product range, and geographic footprint. Firms serving higher-risk customer segments or operating in jurisdictions with elevated money laundering risks must demonstrate commensurately robust controls.

Outsourcing arrangements require careful treatment in the application. The FCA expects firms to retain effective oversight of outsourced functions and to ensure that outsourcing does not impair regulatory compliance or customer outcomes. The application should explain what functions are outsourced, to whom, and how the firm maintains appropriate control over these activities. Particular attention should be paid to material outsourcing arrangements and intra-group outsourcing where the firm is part of a larger corporate structure.

The introduction of the Consumer Duty has fundamentally reshaped the FCA's expectations regarding customer treatment. Authorisation applicants must now demonstrate that their business models are designed from the outset to deliver good outcomes for retail customers. This represents a shift from a rules-based compliance approach to an outcomes-focused framework that demands genuine commitment to customer welfare.

Product governance arrangements must be articulated in detail. The FCA expects to understand how the firm will ensure that its products and services are designed to meet the needs of identified target markets. This includes explaining the product approval process, the criteria for identifying target customers, and the mechanisms for monitoring whether products are being distributed appropriately and delivering intended outcomes.

Fair value assessment methodology warrants specific attention. The firm must explain how it will assess whether the price customers pay is reasonable relative to the benefits they receive. This is not simply a matter of competitive pricing analysis; the FCA expects firms to consider the totality of value delivered, including product features, service quality, and the overall customer experience. The assessment should also address how value will be monitored on an ongoing basis and what actions will be taken if value deteriorates.

Communications and disclosure arrangements must be designed to support customer understanding. The application should explain how the firm will ensure that its communications are clear, fair, and not misleading, and that customers receive the information they need to make informed decisions. This includes addressing the approach to financial promotions, product disclosures, and ongoing customer communications.

Customer support arrangements complete the consumer protection framework. The FCA expects firms to provide support that enables customers to realise the benefits of products and services and to address problems when they arise. The application should explain customer service channels, complaint handling procedures, and arrangements for supporting customers in vulnerable circumstances.

The manner in which an application is prepared and submitted significantly influences the likelihood of a smooth authorisation process. Firms that approach the application strategically, anticipating regulatory questions and providing comprehensive supporting evidence, typically achieve authorisation more efficiently than those that take a minimalist approach.

Pre-application engagement with the FCA can be valuable, particularly for novel business models or complex permission requirements. The FCA's Innovation Hub provides a mechanism for discussing innovative propositions before formal application. For more conventional applications, the New Firm Authorisation service offers pre-application meetings that can help clarify regulatory expectations and identify potential concerns early in the process.

The quality of supporting documentation materially affects assessment timelines. Every policy, procedure, and governance document referenced in the application should be provided in final form. Draft documents or placeholder descriptions create uncertainty for assessors and typically generate additional information requests. The supporting document pack should be logically organised and cross-referenced to the relevant sections of the application form.

Responsiveness to information requests is essential for maintaining momentum. The FCA operates statutory determination deadlines, but these timelines can be extended when applicants are slow to respond to queries. Firms should ensure they have appropriate resources available throughout the assessment period to respond promptly and comprehensively to any additional information requests.

Post-authorisation planning should commence well before authorisation is granted. Firms need to be operationally ready to conduct regulated business as soon as permissions are received. This means ensuring that staff are recruited and trained, systems are operational, and all required regulatory notifications and registrations are prepared. Firms authorised under the temporary permissions regime must be particularly attentive to transition planning as they move to full authorisation.

Achieving FCA authorisation requires sustained commitment, comprehensive preparation, and genuine engagement with regulatory expectations. The firms that navigate this process most successfully are those that recognise authorisation not as a bureaucratic obstacle to be overcome, but as an opportunity to establish the governance infrastructure and compliance culture that will support their regulated activities over the long term.

The checklist approach outlined in this analysis provides a framework for ensuring comprehensive coverage of regulatory requirements. However, every authorisation application is unique, reflecting the specific characteristics of the applicant firm, its business model, and its target market. The most effective applications are those that demonstrate not only compliance with regulatory requirements but also a sophisticated understanding of the risks inherent in the firm's proposed activities and a genuine commitment to managing those risks effectively.

As regulatory expectations continue to evolve, firms must approach authorisation with flexibility and a willingness to adapt their proposals in response to regulatory feedback. The FCA's published guidance, supervisory statements, and enforcement actions provide valuable insights into current regulatory priorities and areas of concern. Firms that engage thoughtfully with this material and incorporate its lessons into their applications position themselves for success both in the authorisation process and in their subsequent regulated operations.