Pomegra Wiki

FCA Authorisation: How Firms Get Licensed to Operate in the UK

The FCA authorisation process is how the Financial Conduct Authority grants permission to firms that wish to conduct regulated financial activities in the United Kingdom. A firm cannot legally take deposits, trade securities, manage assets, or advise on investments without passing through this formal gatekeeping process. The FCA examines the firm’s financial resources, management expertise, operational systems, and compliance infrastructure to ensure it can conduct business safely and treat customers fairly.

The FCA Role and Scope

The FCA is the primary regulator of conduct and competition in UK financial services. It does not operate a separate licensing body for different activity types; it is a unified regulator covering retail investment, insurance, deposit-taking, consumer credit, and wholesale markets. A firm applying for FCA authorisation must be clear about which regulated activities it intends to carry out, because the scope of permission is tightly defined.

Regulated activities include: managing client assets, advising on investments, arranging deals in investments, trading as a principal, operating a deposit-taking institution, underwriting insurance, and several others. If a firm conducts an activity that falls within the regulated remit without authorisation, it commits a criminal offense and faces fines and enforcement action.

Pre-Application: Establishing Readiness

Before submitting a formal application, firms typically spend weeks or months preparing. They will appoint directors and senior managers whose fitness must be assessed; establish an internal compliance and risk framework; draft policy manuals covering complaints handling, anti-money laundering, conflicts of interest, and market conduct; and compile evidence of financial resources.

Many applicants use external consultants—compliance advisors and legal firms—to navigate the process. The FCA provides guidance documents (known as Handbook rules and related materials) that lay out expectations for governance, risk management, and conduct of business. Reading and implementing this guidance is not optional; it is the baseline framework the FCA will check against.

The Formal Application

A firm submits its application using the FCA’s electronic system (currently, the eidos portal), along with supporting documents. The core submission includes:

  • Business plan: Detailed description of the regulated activities, business model, target customer base, and projected financials.
  • Governance documentation: Organization chart, details of all directors, senior managers, and key staff involved in regulated decision-making.
  • Financial resources: Bank statements, proof of capital, audited accounts (if available).
  • Policies and procedures: Anti-money laundering and counter-terrorism financing (AML/CTF), conduct of business, complaints handling, information security, conflicts of interest management.
  • Senior Management Function (SMF) holders: Identified individuals fulfilling specific regulatory roles (e.g., Compliance Officer, Internal Audit Lead) and evidence of their fitness.

Each applicant is assigned a case manager at the FCA who reviews the submission for completeness. If critical documents are missing, the FCA will issue a deficiency notice, and the clock stops until the applicant responds.

Threshold Conditions: What the FCA Tests

The FCA assesses applications against statutory “threshold conditions,” principles that every authorized firm must meet:

Competence and capability. The firm’s management must have relevant experience in the regulated activities it plans to conduct. If the applicant wants to run a wealth-management business but the founders have only retail-banking backgrounds, the FCA may require additional hires or training evidence.

Financial resources. The firm must hold minimum capital (often £50,000 or more, depending on the activity). The FCA examines whether the capital is genuine (not borrowed) and will remain in place. Projections must be prudent—the FCA is skeptical of overly optimistic forecasts. Some firms fail this test because their business plan does not generate sufficient revenue to sustain operations plus cover regulatory capital.

Governance and risk management. The firm must have an independent board, an internal audit function, and a compliance officer with appropriate seniority and resources. A one-person operation cannot be authorized as a full-service investment manager; the FCA requires organizational depth.

Legal soundness. The FCA confirms that the firm’s constitution (articles of association, for example) are compliant with regulatory law. If a firm’s articles restrict the FCA’s ability to conduct inspections or enforce conditions, the FCA will require amendments.

Money laundering and financial crime. The applicant must detail its systems for identifying customers, verifying beneficial ownership, and detecting suspicious activity. This is particularly scrutinized if the applicant has ties to high-risk jurisdictions or operates in cash-intensive sectors.

Consumer protection measures. If the firm will handle client money, the FCA requires evidence of trustee arrangements, segregation procedures, and access to compensation schemes (e.g., Financial Services Compensation Scheme, FSCS). Firms cannot simply promise to keep customer deposits safe; they must show the mechanical and legal setup that guarantees it.

The Assessment Timeline

Once the FCA deems the application complete, it enters the formal assessment phase:

  • Weeks 1–2: Case manager conducts preliminary review of the submission.
  • Weeks 2–6: Detailed assessment against threshold conditions; case manager may hold clarification calls or request additional documents.
  • Weeks 6–12: Senior review and approval panels meet. Complex applications (especially those involving new market entrants or novel business models) go to a special panel for discussion.
  • Week 12+: Decision letter issued—either a formal authorisation letter or a detailed refusal notice.

Complex applications (acquisitions by foreign firms, large institutional applicants, or novel risks) can take 12+ months. Simple applications (e.g., a small mortgage broker adding compliance capability) may complete in 3 months.

Conditions, Variation, and Restrictions

The FCA may issue authorisation with conditions—for example, “you may not use client funds for proprietary trading until you hire an independent audit function.” Applicants must accept these conditions; rejection of conditions results in refusal.

An authorized firm may later request a variation in its permissions (e.g., adding a new regulated activity or modifying the scope of an existing one). This is a separate application process, though usually quicker than initial authorization.

Post-Authorisation: Ongoing Compliance

Once authorized, a firm is not done with the FCA. It must:

  • Submit annual financial returns and compliance certifications.
  • Pay annual regulatory fees (based on turnover and complexity; typically £1,000–£100,000+ for large firms).
  • Notify the FCA of significant changes (new directors, relocation, material business shifts).
  • Undergo periodic thematic reviews or targeted inspections by FCA supervision teams.
  • Maintain the systems and governance described in the authorization application.

Breach of FCA rules can result in formal warning letters, financial penalties, suspension of permissions, or full withdrawal of authorization. The FCA publishes enforcement actions regularly, naming firms and citing breaches.

Common Reasons for Refusal

The FCA publishes refusal statistics. Frequent grounds include:

  • Insufficient capital or evidence of financial resources.
  • Inadequate governance, particularly weak compliance or risk management.
  • Weakness in the fitness or competence of key individuals (directors or senior managers).
  • Unsustainable business plan or unrealistic financial projections.
  • Deficient money-laundering or counter-terrorism controls.
  • Applicant’s failure to cooperate with FCA information requests.

Refusals are not final; an applicant can reapply after addressing the deficiency, often within 6–12 months.

Scope: Perimeter Guidance and Exclusions

The FCA publishes detailed “Perimeter Guidance” that helps firms determine whether specific activities require authorization. Some activities are explicitly excluded—for example, in-house finance teams managing only internal group cash do not need authorization. Tax advice and general financial information (that does not constitute advice on specific securities) are also excluded.

This boundary is important: a firm operating at the edge of regulated/unregulated territory needs explicit FCA guidance to avoid accidentally breaking the law.

See also

  • Securities and exchange commission — US regulator; different regime but similar authorization gatekeeping
  • Central bank — Bank of England’s monetary role; FCA handles conduct regulation
  • [Compliance and governance](/{ style=“display: none;” }) — Core requirements tested in FCA assessment
  • [Anti-money laundering](/{ style=“display: none;” }) — Major FCA focus during authorization review
  • [Financial services compensation scheme](/{ style=“display: none;” }) — Consumer protection backstop FCA applicants must address

Wider context

  • Capital adequacy — Minimum capital requirements underpinning FCA threshold conditions
  • Dodd-Frank Act — US regulatory framework; illustrates different national approaches
  • Due diligence — Process FCA applies when vetting applicants
  • Going concern — Financial viability test implicit in FCA authorization review