Payment Services Authorization: EMI and PI Licensing Guide

The FCA offers several authorization pathways for payment services, each with different requirements and permissions. Selecting the appropriate license type is a critical first decision that affects your entire authorization journey.

Small Payment Institutions (SPIs) represent the entry-level option for firms with monthly payment transaction volumes below €3 million. Registration rather than full authorization applies, with lighter regulatory requirements. However, SPIs cannot passport services into other EU/EEA countries and face restrictions on safeguarding approaches. This pathway suits firms testing market viability before committing to full authorization.

Authorised Payment Institutions (APIs) can conduct payment services without transaction volume limits and may passport into other jurisdictions. The authorization process is more demanding, requiring demonstration of adequate capital, governance arrangements, and operational systems. Most firms seeking to build substantial payment businesses pursue API authorization.

Electronic Money Institutions (EMIs) can issue electronic money in addition to providing payment services. This broader permission set comes with additional requirements, including higher capital thresholds and more complex safeguarding obligations. EMI authorization suits firms whose business models involve stored value or e-money wallets.

Money remittance services require specific consideration. Firms exclusively providing money remittance may register as Small Payment Institutions or seek API authorization depending on volumes. The high-risk nature of remittance from an AML perspective means enhanced scrutiny regardless of the authorization pathway chosen.

Successful authorization requires demonstrating competence across multiple domains. The FCA assesses whether your firm has the governance, systems, resources, and controls necessary to conduct payment services safely and in compliance with regulatory requirements.

Programme of operations describes your business model, target markets, products, and projected financials. This document must be detailed and realistic, showing that you understand your market and have viable plans for sustainable operation. Vague or overly optimistic projections raise FCA concerns.

Governance arrangements must demonstrate clear accountability and appropriate oversight. You need a board with relevant experience, defined responsibilities, and documented decision-making processes. The FCA expects to see that individuals directing the business understand regulatory obligations and are committed to compliance.

Financial resources requirements vary by license type but all authorized firms must maintain adequate capital on an ongoing basis. Your application must include financial projections demonstrating capital adequacy and a credible plan for maintaining required resources as you scale.

Safeguarding arrangements protect customer funds from your firm's insolvency. You must demonstrate how you will segregate relevant funds, either through a safeguarding account with an authorized credit institution or through insurance/guarantee arrangements. The FCA scrutinizes safeguarding proposals closely given the consumer protection implications.

AML and financial crime controls require particular attention. Payment services are inherently high-risk from a money laundering perspective, and the FCA expects robust customer due diligence, transaction monitoring, and suspicious activity reporting capabilities. Your application must include your AML risk assessment and policies.

Operational resilience and IT security capabilities must be demonstrated. Payment services depend on reliable systems, and you must show how you will maintain operational continuity, protect against cyber threats, and manage technology risks. Business continuity planning and incident response procedures form part of this assessment.

Authorization applications follow a structured process, though timelines vary based on application quality and FCA workload. Understanding the process helps you prepare appropriately and set realistic expectations.

Pre-application engagement is optional but valuable. The FCA offers meetings for prospective applicants to discuss their business models and authorization requirements. These sessions help identify potential issues early and clarify FCA expectations for your specific circumstances.

Application submission occurs through the FCA's Connect system. Your application pack must include the completed application forms, supporting documents, and required fees. Incomplete applications are rejected, so thorough pre-submission review is essential.

Initial assessment determines whether your application is sufficiently complete for detailed review. The FCA may request additional information before accepting the application for processing. Prompt, comprehensive responses to information requests prevent delays.

Detailed assessment involves thorough review of your governance, financial resources, systems, and controls. FCA case officers may pose clarifying questions and challenge aspects of your application. This phase typically takes three to six months for well-prepared applications but can extend significantly for complex cases or where concerns arise.

Decision and conditions conclude the process. If satisfied, the FCA grants authorization, potentially with conditions or requirements attached. These might include reporting obligations, business restrictions, or remediation requirements. Firms must comply with any conditions to maintain authorization.

Authorization applications fail for predictable reasons. Understanding common pitfalls helps you avoid them and improves your chances of success.

Insufficient governance experience is frequently cited. The FCA expects individuals directing payment firms to have relevant experience in financial services, compliance, and the specific activities proposed. Applications featuring boards without adequate collective expertise face rejection or extensive conditions.

Unrealistic financial projections undermine credibility. Projections that show immediate profitability or hockey-stick growth curves without supporting evidence suggest the applicants do not understand their market. Conservative, well-reasoned projections demonstrate maturity.

Inadequate AML frameworks represent a common weakness. Generic AML policies copied from templates do not demonstrate genuine understanding of your specific risks. Your AML risk assessment must reflect your customer base, products, and geographic exposure, with controls calibrated accordingly.

Poor safeguarding proposals create concern. Vague descriptions of safeguarding arrangements or reliance on approaches that do not meet regulatory requirements signal that the applicant does not understand fundamental obligations. Detailed, compliant safeguarding proposals are essential.

Incomplete applications waste time. Applications missing required documents or containing inconsistencies are rejected or delayed. Thorough internal review before submission, ideally with external professional support, prevents these easily avoided problems.

Failure to demonstrate operational readiness extends timelines. The FCA may require evidence that systems are built and tested before granting authorization. Firms that apply before having operational infrastructure in place face conditional authorizations or delays.

Authorization is the beginning, not the end, of your regulatory journey. Authorized payment firms face ongoing obligations that require sustained attention and resources.

Regulatory reporting requirements include periodic returns covering transaction volumes, capital adequacy, and safeguarding. Failure to submit accurate returns on time attracts FCA attention and potential enforcement action.

Notification obligations require you to inform the FCA of material changes to your business, governance, or operations. Changes to directors, significant incidents, and alterations to business models all require notification. Failure to notify can result in regulatory action.

Capital adequacy must be maintained continuously, not just at authorization. Your monitoring systems must track capital against requirements and trigger action when thresholds approach. The FCA expects firms to maintain buffers above minimum requirements.

Safeguarding reconciliation must occur daily for most payment firms. You must demonstrate that customer funds are fully protected at all times, with robust processes for identifying and resolving discrepancies.

Conduct and compliance obligations continue indefinitely. Treating customers fairly, maintaining adequate systems and controls, and complying with relevant regulations are permanent requirements. Building compliance into your operating model from the start is far more efficient than retrofitting it later.

Payment services authorization demands significant preparation and investment but opens access to a growing market with substantial opportunity. Firms that approach authorization strategically—understanding requirements, preparing thoroughly, and avoiding common pitfalls—position themselves for successful market entry.

The choice of license type shapes your entire regulatory journey. Select the pathway that matches your business model and ambitions, recognising that you can potentially upgrade as your business grows. Starting with a solid foundation is more important than starting with the broadest possible permissions.

Post-authorization success depends on building compliance into your operations from day one. The ongoing obligations of authorized payment firms are substantial, and firms that treat authorization as a milestone rather than a destination quickly encounter difficulties. Sustainable payment businesses build regulatory compliance into their operating DNA.