How to write an FCA regulatory business plan for authorisation: the sections the FCA expects, Consumer Duty, financials, compliance and governance.

The regulatory business plan sits at the heart of almost every application for authorisation by the Financial Conduct Authority. It is the document in which a firm sets out what it intends to do, who will run it, how it will hold enough capital, and how it will comply once authorised. A weak or generic plan is one of the most common reasons an application stalls, so learning to write a strong one is time well spent.
A regulatory business plan is not the same as a commercial business plan written to attract investors. It is written for the regulator, and its purpose is to demonstrate that the firm understands the regulated activities it wants to carry on, has identified the risks its business model creates for customers, and has credible arrangements to manage them. The FCA publishes a sample business plan setting out the areas it typically expects covered, and reading it closely is useful preparation.
This guide explains what an FCA regulatory business plan is, walks through the sections the FCA expects, and sets out how to evidence the harder elements such as Consumer Duty, capital and compliance monitoring, and the common weaknesses the FCA itself flags. It is educational information and not regulated advice.
A regulatory business plan, often shortened to RBP, is the narrative core of an authorisation application. Where the forms capture structured data, the plan is where a firm explains its strategy in its own words and connects it to the regulatory obligations it will carry. The FCA reviews it alongside the forms and financial information to decide whether the firm is ready, willing and organised to operate as an authorised business.
The plan supports the FCA's assessment against the threshold conditions, the minimum standards in Schedule 6 to the Financial Services and Markets Act 2000 explained in the FCA Handbook chapter COND. Among these, the business model condition requires that a firm's strategy for doing business is suitable for the regulated activities it seeks to carry on, and the appropriate resources condition looks at both financial and non financial resources. The plan is where a firm makes its case against these standards.
Crucially, the FCA emphasises that a regulatory business plan cannot be generic and must be tailored to the specific business model. A plan that repeats the rules back to the regulator, or reuses a template without adapting it, tends to raise questions rather than answer them. The regulator wants evidence that the firm has thought through how it will comply in its own setting, so the strongest plans read as a considered account of one business rather than a compliance checklist. A structured Authorization Pack approach helps the plan and the forms tell one consistent story.
The FCA's sample business plan sets out the areas it typically expects a regulatory business plan to cover, while making clear the list is not exhaustive and that a firm may need to address additional factors depending on its type. Working through each area methodically is the most reliable way to build a complete plan and avoid follow up questions that extend an assessment.
The plan generally opens with company details: the firm's principal place of business, legal status, incorporation and trading history, and full details of its control and ownership structure. It then explains the business model, covering the regulated and non regulated activities the firm will carry on, why it requires authorisation, whether client money will be held, its fee structures, and its long term strategy.
From there the plan moves through the customer facing and control elements: the customer journey from acquisition through to after sales care, the approach to customers in vulnerable circumstances, marketing plans and any financial promotions, the compliance structure and monitoring programme, complaints handling consistent with the DISP rules, staff training, staff incentives, and capitalisation. The table below summarises the areas the FCA identifies. Referencing the relevant policies and showing how they operate is far more persuasive than asserting that they exist.
| Business plan area | What the FCA expects to see |
|---|---|
| Company details | Principal place of business, legal status, incorporation and trading history, and full details of control and ownership structure. |
| Business model | Regulated and non regulated activities, why authorisation is needed, whether client money is held, fee structures and long term strategy. |
| Consumer Duty | How the Duty is embedded throughout the plan, or why the firm is out of scope, with adherence to the relevant Principles. |
| Governance | Who runs the business day to day, senior management functions held, and the background and experience of those performing them. |
| Customer journey | How customers are acquired, the step by step sales and service process, and the after sales care provided. |
| Vulnerable customers | How customers in vulnerable circumstances are identified and supported, and the related policies. |
| Marketing and promotions | Marketing plans and any financial promotions the firm uses or plans to use. |
| Compliance | The compliance structure, third party arrangements, identified risks and a risk based compliance monitoring programme. |
| Complaints | Monitoring and resolution procedures consistent with the DISP rules. |
| Capitalisation | How the firm will hold enough capital to meet the relevant capital resource requirement, corroborated by the financial information submitted. |
The FCA states that the Consumer Duty sets the standard of care that firms should give to customers in retail financial markets, and it expects the Duty to feature throughout a regulatory business plan rather than in a single standalone section. For an in scope firm, this means showing how the Duty shapes product design, pricing, customer understanding and support at each relevant point in the plan.
In practice, embedding the Duty means connecting it to concrete parts of the business: showing in the customer journey how customers receive the information they need to make good decisions, showing in the pricing and fee structures how the firm assesses fair value, and showing in the compliance monitoring programme how customer outcomes are measured rather than only risks to the firm. The FCA's review of applications makes the distinction directly, citing as good practice firms that weave the Duty through their policies, procedures, systems and controls, and flagging firms that focus on risks to the firm rather than the risks their business model exposes customers to.
Where a firm considers itself out of scope of the Duty, the FCA still expects the plan to explain why and to demonstrate continued adherence to the relevant Principles governing the treatment of customers and communications. Silence tends to invite a question, so it is better to address scope explicitly.
The financial section must explain how the firm will hold sufficient capital to meet the relevant capital resource requirement, and the FCA is clear that the narrative should corroborate the financial information submitted with the application. A plan that describes a healthy capital position while the forecasts tell a different story creates the inconsistency that slows an assessment.
The appropriate resources threshold condition looks at whether a firm has adequate financial and non financial resources for the activities it seeks to carry on. Detailed prudential requirements sit in the FCA Handbook and vary by activity, so the plan should connect the firm's capital position to the requirement that actually applies rather than to a generic figure.
The FCA's review of applications is specific about what strong financial evidence looks like. It cites as good practice firms that use the FCA financial analysis templates to present information clearly, provide notes and assumptions to explain their forecasts, and supply evidence of their funding arrangements while highlighting funding commitments. Conversely, it flags failing to submit historic financial accounts and submitting inaccurate information as things that delay assessment. The practical lesson is that assumptions should be visible and defensible, so the case officer can follow how projected income, costs and capital were derived.
The governance section explains who will run the business day to day and sets out the senior management functions each key individual will hold, along with the background and experience that makes them suitable. The suitability threshold condition places the emphasis on the suitability of the firm itself, including whether its affairs are conducted appropriately with regard to consumer interests and the integrity of the financial system, so the plan should show responsibilities are clearly allocated.
The compliance section should describe the compliance structure, any third party or outsourced arrangements, the identified risks and, importantly, a risk based compliance monitoring programme. The FCA distinguishes between risks to the firm and risks the business model creates for customers, and a programme that reflects both is stronger than one framed only around protecting the firm. Where a compliance consultant is used, the plan should still show that the firm itself understands its obligations, since the FCA flags applicants who overly rely on a consultant.
Beyond this, the plan should reference the policies relevant to the business model, cover staff training including how staff are kept competent and how vulnerable customer needs are addressed, and explain any staff incentive arrangements. Tools such as Nasara Authorise help firms organise these elements and map them to the areas the FCA expects a plan to cover.
It helps to build the plan in a deliberate order, framing the whole around the FCA's expectation that a firm is ready, willing and organised. The steps below outline a practical sequence, and throughout the guiding principle is proportionality: detail should be proportionate to the nature of the business.
The FCA publishes its observations on good practice and areas for improvement in authorisation applications, and these are among the most useful references for anyone writing a business plan because they describe, in the regulator's own words, what separates a strong submission from a weak one.
The most frequently cited weakness is a lack of tailoring: the FCA flags policies that are not tailored to the specific business, plans that repeat the rules rather than documenting how the firm will comply in its own setting, and a failure to consider all the likely customer scenarios when designing systems. Other recurring issues concern financial evidence and ownership, with the FCA pointing to failing to submit historic accounts, submitting inaccurate information, and not verifying that resources meet prudential requirements, alongside applicants relying too heavily on a compliance consultant. Presenting clear forecasts, supplying historic accounts, and ensuring management genuinely owns the content all address these directly.
The FCA also highlights good practice worth emulating, such as providing a firm's own suitability assessment of its approved persons, presenting ownership structures clearly, explaining how staff will allocate their time to fulfil their roles competently, and, for firms operating across borders, showing how decisions are made in the United Kingdom. Building these in from the outset is what a strong Authorization Pack is designed to achieve.
A well written FCA regulatory business plan is not a formality but the document that most directly shapes how an assessment proceeds. It must be tailored to the firm's business model, cover the areas the FCA sets out in its sample business plan, embed Consumer Duty throughout, evidence capital consistently with the financial information submitted, and demonstrate genuine ownership by the firm's management. Getting these elements right reduces follow up questions and helps an application progress.
The clearest way to write a strong plan is to treat the FCA's own guidance as the blueprint: work through the expected sections, apply the good practice the regulator has published, and avoid the weaknesses it repeatedly flags. Proportionality means a small firm and a large one are held to the same principles but examined in proportion to the risk they present. This article is educational and not regulated advice, so use it to frame your preparation and take professional support tailored to your firm where appropriate.
It is the narrative document at the heart of an authorisation application in which a firm explains what regulated activities it will carry on, how it will be run, how it will hold enough capital, and how it will comply once authorised. It is written for the regulator rather than for investors.
The FCA's sample business plan identifies areas including company details, the business model, Consumer Duty, governance, the customer journey, treatment of vulnerable customers, marketing and financial promotions, the compliance structure and monitoring programme, complaints handling and capitalisation. The list is not exhaustive and detail should be proportionate to the business.
The FCA expects the Consumer Duty to feature throughout the plan rather than in a single section, showing how it shapes product design, pricing, customer understanding and support. Its review cites weaving the Duty through policies, procedures, systems and controls as good practice, and focusing on risks to the firm rather than to customers as an area for improvement. Out of scope firms should explain why.
The plan must explain how the firm will hold sufficient capital to meet the relevant capital resource requirement, and the narrative should corroborate the financial information submitted. The FCA cites using its financial analysis templates, providing notes and assumptions behind forecasts, and evidencing funding arrangements as good practice, and flags failing to submit historic accounts as a cause of delay.
You can use a template as a starting structure, but the FCA is explicit that a regulatory business plan cannot be generic and must be tailored to your specific business model. It flags policies that are not tailored, and plans that repeat the rules rather than documenting how the firm will comply within its own setting, so any template must be substantially adapted.
The FCA applies proportionality, stating that the amount of detail should be proportionate to the nature of the business the applicant intends to carry on. A small firm is held to the same principles as a large one but examined in proportion to the risk it presents, so it must still address each relevant area with evidence, even if the volume is smaller.
Nasara Authorise helps UK firms send and control payments with lower fees, better rates and full visibility.



Practical guides and updates for UK firms, straight to your inbox.