Hundreds of firms successfully get FCA authorised each year. The difference between a smooth process and a frustrating one comes down to preparation and understanding what the FCA wants to see.
Every year, between 800 and 1,200 firms successfully obtain authorisation from the Financial Conduct Authority. They range from solo-adviser financial planning practices to complex payment institutions processing billions in transaction volume. The process is entirely achievable, and it follows a defined path that, once understood, removes most of the uncertainty that causes applicants anxiety. What separates the firms that receive authorisation within six months from those that spend over a year in regulatory limbo is not the complexity of their business model or the size of their balance sheet. It is preparation.
The FCA publishes its authorisation statistics quarterly, and one pattern emerges with striking consistency. Applications that are submitted as complete, with all supporting documentation attached and a clear regulatory business plan, move through assessment materially faster than those that trickle in piecemeal. In the twelve months to March 2025, the FCA returned approximately 30% of applications as incomplete before assessment even began. That represents months of wasted time for firms that could have been trading. Understanding what the regulator expects at each stage, and delivering it precisely, is the single most valuable thing you can do to accelerate the process.
Getting FCA authorised is not a tick-box exercise. The regulator wants to see that your firm has the right people, adequate resources, and a genuine commitment to treating customers fairly. Here is exactly how to demonstrate that.
Determine Whether You Actually Need FCA Authorisation
Before committing time and capital to an authorisation application, the threshold question is whether your proposed activities actually fall within the FCA's regulatory perimeter. The Financial Services and Markets Act 2000 (FSMA) establishes the general prohibition in section 19: no person may carry on a regulated activity in the United Kingdom unless they are authorised or exempt. The regulated activities themselves are defined in the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (the RAO), and they cover a wide spectrum from accepting deposits and effecting contracts of insurance through to advising on investments, arranging deals, and managing portfolios.
The critical nuance lies in understanding that it is the combination of a specified activity performed in relation to a specified investment that creates the need for authorisation. Advising, for example, is only a regulated activity when it relates to a specified investment such as securities, structured deposits, or units in a collective investment scheme. Advising on general insurance products falls under a different part of the regulatory framework. Similarly, arranging deals in investments is regulated, but merely introducing a client to an authorised firm without facilitating the transaction may not be, depending on the precise nature of the introduction. These distinctions matter enormously, and getting them wrong in either direction is costly. Operating without required authorisation is a criminal offence under section 23 of FSMA, carrying up to two years' imprisonment. Applying for authorisation you do not actually need wastes months and thousands of pounds. Our Perimeter Assessment tool is designed to help you navigate exactly these distinctions before you commit to the application process.
There are also structural alternatives to direct authorisation that may suit certain business models. The Appointed Representative regime under section 39 of FSMA allows firms to conduct regulated activities under the umbrella of an existing authorised firm (the principal), which takes regulatory responsibility for the AR's activities. This can be a faster route to market, particularly for firms with limited regulatory infrastructure, though it comes with constraints on independence and commercial arrangements. The FCA has been scrutinising AR arrangements with increasing intensity since its 2022 review, and principals are now expected to demonstrate considerably more oversight than was historically the case. If the AR route appeals, it is worth understanding that the principal's due diligence process has become, in many cases, nearly as demanding as a direct authorisation application.
Map Your Permissions and Regulatory Scope
Once you have confirmed that authorisation is required, the next step is to identify precisely which Part 4A permissions you need. This is where many applicants make their first strategic error. The instinct is to apply for every permission that might conceivably be relevant to the business, on the basis that it is better to have permissions and not need them than to need them and not have them. The FCA takes a different view. Each permission you request must be justified with a clear explanation of the activity you intend to conduct, the volume you anticipate, and the compliance arrangements you have in place to manage the associated risks. Requesting permissions you cannot adequately justify triggers additional scrutiny and extends assessment timescales.
The distinction between limited permission and full authorisation is particularly relevant for consumer credit firms and certain payment services providers. Limited permission regimes carry lower application fees and less onerous ongoing requirements, but they also restrict the scope of activities you can conduct. For firms operating in payments, for example, the choice between registering as a small payment institution and obtaining full authorisation as an authorised payment institution depends on monthly transaction volumes, with the threshold currently set at EUR 3 million. Our comprehensive guide to FCA authorisation walks through the permission-mapping process in detail, including the specific forms required for each permission type.
The following table summarises the most commonly requested Part 4A permissions and their typical application context.
| Permission | RAO Article | Typical Applicant | Key Consideration |
|---|---|---|---|
| Advising on investments | Article 53 | IFAs, wealth managers | Must specify investment types |
| Arranging deals in investments | Article 25(1) | Platforms, networks | Distinguish from introducing |
| Managing investments | Article 37 | DFMs, portfolio managers | Requires robust suitability framework |
| Insurance mediation | Article 25(1)/(2) | Brokers, MGAs | General vs pure protection |
| Consumer credit lending | Article 60B | Lenders, BNPL providers | Limited vs full permission |
| Payment services | PSRs 2017 | Fintechs, PSPs | Small PI vs authorised PI |
| Safeguarding and administering | Article 40 | Custody providers, platforms | Significant capital requirements |
Appoint Your Key Individuals Under SMCR
The Senior Managers and Certification Regime applies to all FCA-authorised firms, and the appointment of your Senior Management Functions is a core component of the authorisation application. At a minimum, most firms will need to appoint individuals to SMF1 (Chief Executive), SMF16 (Compliance Oversight), and SMF17 (Money Laundering Reporting Officer). Depending on the firm's size and the permissions sought, additional SMFs may be required, including SMF3 (Executive Director), SMF9 (Chair), and SMF27 (Partner). Each proposed Senior Manager must be assessed for fitness and propriety, and the FCA will conduct its own checks including criminal records, credit history, and regulatory history through the Financial Services Register.
The Statement of Responsibilities for each Senior Manager is a document the FCA examines with particular care. It must clearly delineate which Prescribed Responsibilities are allocated to which individual, and the FCA will push back if it sees gaps or overlaps that suggest the firm has not properly thought through its governance structure. A common pitfall is the small firm where a single individual holds three or four SMF roles. The FCA does not prohibit this, but it will want to see a credible explanation of how that individual can discharge all of those responsibilities effectively, particularly where there are inherent conflicts such as combining the Chief Executive and Compliance Oversight functions. Our SMCR Navigator helps you map your proposed governance structure against the FCA's expectations and identify potential issues before they become reasons for the regulator to ask uncomfortable questions.
The fitness and propriety assessment extends beyond formal qualifications. The FCA's FIT section of the Handbook sets out the criteria across three pillars: honesty, integrity, and reputation; competence and capability; and financial soundness. Previous regulatory action, county court judgments, and even unresolved complaints at previous firms can all surface during the assessment and require explanation. It is far better to identify and address these issues proactively in your application than to have the FCA raise them during assessment, which inevitably causes delay and creates an adversarial dynamic that serves no one's interests. For firms planning a comprehensive implementation, our SMCR implementation service provides end-to-end support from role mapping through to ongoing certification.
Prepare Your Regulatory Business Plan
If there is one document that determines the trajectory of your authorisation application, it is the regulatory business plan. The FCA's own guidance states that this should demonstrate a clear, coherent, and viable business model, and that is precisely how the case officer will read it. A strong regulatory business plan is not a marketing document. It is a sober, detailed explanation of what the firm intends to do, how it will do it, who it will serve, and how it will manage the risks inherent in its activities.
The plan should open with a clear description of the business model, including the specific regulated activities to be conducted, the target market, and the distribution strategy. Revenue projections should be realistic and supported by assumptions that the FCA can test. Overly optimistic projections invite scrutiny; conservative projections supported by market evidence demonstrate commercial awareness. The FCA wants to see three years of financial projections as a minimum, including profit and loss forecasts, cash flow statements, and balance sheet projections that demonstrate the firm can meet its capital requirements throughout the projection period and beyond.
The compliance arrangements section of the business plan is where many applications either distinguish themselves or fall short. The FCA expects to see a compliance monitoring programme that is proportionate to the firm's activities, a clear complaints handling procedure, arrangements for the approval and oversight of financial promotions, and a documented approach to meeting the Consumer Duty. Since the Consumer Duty came into force on 31 July 2023, the FCA has been explicit that new applicants must demonstrate how they will deliver good outcomes across the four pillars: products and services, price and value, consumer understanding, and consumer support. A wind-down plan is also required, setting out how the firm would manage an orderly closure if the business became unviable, including how client assets and ongoing service obligations would be handled.
What makes a regulatory business plan stand out is specificity. Rather than stating that the firm will "comply with all applicable regulations," a strong plan identifies the specific regulatory risks associated with the proposed activities and explains the specific controls in place to mitigate them. Rather than asserting that the firm will "treat customers fairly," it describes the mechanisms through which fair treatment will be monitored, measured, and evidenced. The case officer reading your plan has seen hundreds of applications, and generic compliance language does not inspire confidence. Concrete detail does.
Build Your Compliance Framework
The compliance framework you present in your application must be operational, not aspirational. The FCA expects to see documented policies and procedures that are ready to be implemented from day one of authorisation, not vague commitments to develop them in due course. At a minimum, this means having a compliance monitoring programme with a schedule of reviews covering all material regulatory obligations, a complaints handling procedure that meets the requirements of DISP, a financial promotions approval process that ensures all communications are fair, clear, and not misleading, and a data protection framework that addresses both GDPR and the FCA's own data-related requirements.
The Consumer Duty, which now applies to all new and existing products and services offered to retail customers, has added a significant layer of expectation. New applicants must demonstrate how they will conduct product and service reviews to ensure they deliver fair value, how they will test consumer understanding of their communications, and how they will identify and support customers in vulnerable circumstances. The FCA's expectations here are not theoretical. In its supervisory work since the Duty's implementation, the regulator has been clear that firms must evidence outcomes, not merely describe processes. Our Consumer Duty Assessment tool provides a structured framework for evaluating your readiness against the FCA's published expectations.
Beyond the core compliance policies, the FCA will also want to see your approach to anti-money laundering and counter-terrorist financing. This means a documented risk assessment, customer due diligence procedures that are proportionate to your identified risks, ongoing monitoring arrangements, and training for all relevant staff. If your firm will handle client money or custody assets, the requirements are more demanding still, with the FCA's CASS rules imposing specific organisational, record-keeping, and reconciliation obligations that must be addressed in your application.
Secure Adequate Financial Resources
Financial resource requirements vary significantly depending on the permissions sought and the nature of the firm's activities. At one end of the spectrum, a personal investment firm providing advice on retail investments currently faces a minimum capital requirement of GBP 20,000 under the Investment Firms Prudential Regime (IFPR), plus the need to maintain adequate professional indemnity insurance. At the other end, an authorised payment institution may need to hold initial capital of EUR 125,000 and maintain ongoing own funds calculated as a percentage of payment transaction volumes.
The FCA assesses financial resources against the threshold conditions, specifically Threshold Condition 2D (appropriate resources). This is not limited to regulatory capital minimums. The FCA will consider whether the firm has sufficient resources to meet its liabilities as they fall due, to absorb losses, and to fund its wind-down plan. If your financial projections show the firm operating at a loss for an extended period following authorisation, you will need to demonstrate convincingly that adequate funding is in place to sustain the business until it reaches profitability. This typically means providing evidence of committed capital, whether through personal investment, external funding, or retained earnings from non-regulated activities.
Professional indemnity insurance is a practical requirement for most advisory and intermediary firms, even where it is not a strict regulatory condition. The FCA will want to see that your coverage is adequate for the nature and volume of your activities, and that it includes run-off cover in the event of business cessation. For a detailed breakdown of current fee levels and capital requirements by firm category, our FCA Fee Calculator provides up-to-date figures, and our analysis of FCA authorisation costs in 2026 sets out the full picture including application fees, ongoing periodic fees, and the indirect costs of compliance infrastructure.
The following table provides an overview of indicative financial resource requirements by firm type.
| Firm Type | Minimum Capital | PI Insurance Typical | Application Fee |
|---|---|---|---|
| Personal investment firm | GBP 20,000 | GBP 1,500 - 5,000 p.a. | GBP 1,500 |
| MIFIDPRU investment firm | GBP 75,000 - 750,000 | GBP 5,000 - 25,000 p.a. | GBP 5,000 |
| Consumer credit (limited) | No fixed minimum | GBP 800 - 2,500 p.a. | GBP 500 |
| Consumer credit (full) | GBP 50,000 | GBP 2,000 - 10,000 p.a. | GBP 1,500 |
| Small payment institution | N/A (registration) | Varies | GBP 500 |
| Authorised payment institution | EUR 125,000 | GBP 10,000+ p.a. | GBP 1,500 |
| Insurance intermediary | GBP 25,000 or 5% of revenue | GBP 2,000 - 8,000 p.a. | GBP 1,500 |
Complete and Submit Your Application
All FCA authorisation applications are submitted through the FCA Connect portal, and the specific forms required depend on the permissions being sought. The core application form for Part 4A permission is the combined application form, supplemented by individual forms for each proposed Senior Manager (Form A) and additional schedules depending on the firm's activities. Payment services and e-money firms submit separate application packs, and consumer credit applicants have their own streamlined forms.
The supporting documentation checklist is substantial, and this is where the completeness principle becomes critical. A typical application for an investment advisory firm will include the regulatory business plan, financial projections and supporting assumptions, compliance policies and procedures, the compliance monitoring programme, organisational charts showing governance and reporting lines, Statements of Responsibilities for each Senior Manager, CVs and fitness and propriety information for all approved persons, evidence of professional indemnity insurance or confirmation of cover, evidence of capital adequacy, a complaints handling procedure, a wind-down plan, AML risk assessment and policies, sample client agreements, and details of any outsourcing arrangements. The FCA's published guidance is clear: if any of these items are missing, the application will be returned as incomplete and the clock will not start on the statutory assessment period.
Our analysis of FCA authorisation timelines in 2026 shows that applications returned as incomplete add an average of two to three months to the overall process. The investment in getting the application right first time is significant, but it is invariably less than the cost of delay. Before submitting, review every section of the application against the FCA's published completeness checklist, which is available on the FCA Connect portal. Consider having the entire pack reviewed by someone who has not been involved in preparing it; a fresh pair of eyes will often catch gaps and inconsistencies that the drafter has become blind to.
Navigate the Assessment Process
Once the FCA accepts your application as complete, the statutory assessment period begins. For most applications, this is twelve weeks for straightforward cases and six months where the FCA needs to undertake more detailed assessment. In practice, the timeline can extend beyond these periods if the FCA issues information requests that stop the clock while awaiting your response. A dedicated case officer is assigned to your application, and this individual becomes your primary point of contact throughout the assessment process.
The case officer's role is to assess your application against the threshold conditions set out in Schedule 6 of FSMA. These conditions cover the location of offices (the firm's head office and, if relevant, its registered office must be in the UK), effective supervision (the FCA must be able to supervise the firm effectively, which has implications for group structures and overseas activities), appropriate resources (both financial and non-financial, including human resources and IT systems), suitability (the firm must be fit and proper, having regard to all the circumstances including its connections with other persons), and the business model (which must be suitable for the regulated activities for which permission is sought). Each of these conditions must be met, and the case officer will probe any areas of uncertainty.
The single most important thing you can do during assessment is respond to information requests promptly, thoroughly, and without defensiveness. Every response is an opportunity to demonstrate the competence and professionalism that the FCA wants to see in an authorised firm.
Information requests from the case officer should be treated as opportunities rather than obstacles. A well-crafted response that directly addresses the question, provides supporting evidence, and anticipates follow-up queries can significantly accelerate the assessment. Conversely, late, incomplete, or evasive responses create precisely the impression of organisational capability that the FCA is trying to assess. If you do not understand a question, ask for clarification rather than guessing at what the case officer wants to see. If a question reveals a genuine gap in your arrangements, acknowledge it and explain how you intend to address it. Transparency is valued far more highly than a pretence of perfection.
Meet Your Post-Authorisation Obligations
Receiving your authorisation notice is a significant milestone, but it marks the beginning of your regulatory obligations, not the culmination of the process. From the date of authorisation, your firm is subject to the full range of FCA supervisory expectations, and the first twelve months are a period of particular scrutiny. The FCA's early and high oversight programme for newly authorised firms means you should expect proactive engagement from your supervisory team, which may include requests for information about how your business is developing relative to the projections in your application.
Ongoing regulatory reporting obligations begin immediately. Depending on your firm category, you will need to submit regulatory returns including annual financial statements (via the FCA's RegData system), Gabriel returns covering complaints data, client money and assets reporting (if applicable), and annual attestations confirming ongoing compliance with threshold conditions. Annual fees are payable to both the FCA and the Financial Ombudsman Service, calculated based on the firm's income from regulated activities, and failure to pay fees on time can result in enforcement action and, ultimately, cancellation of permissions.
The SMCR obligations continue on an ongoing basis. You must ensure that all persons performing certification functions are assessed as fit and proper at least annually, that conduct rules training is delivered and documented, that the directory of certified and assessed persons is maintained and kept up to date on the Financial Services Register, and that any changes to Senior Manager arrangements are notified to the FCA through the appropriate variation of permission or change in control processes. Firms operating in wealth management and other advisory sectors should pay particular attention to the ongoing suitability requirements, including the new Consumer Duty obligation to conduct regular reviews of products and services to ensure they continue to deliver fair value. Change is constant in financial services regulation, and maintaining authorisation requires the same quality of attention and resource that went into obtaining it.
Frequently Asked Questions
How much does it cost to get FCA authorised?
The FCA's own application fees range from GBP 500 for limited permission consumer credit firms to GBP 25,000 for the most complex applications such as banks and insurers. Most advisory and intermediary firms pay between GBP 1,500 and GBP 5,000 in application fees. However, the total cost of the authorisation process, including professional advisory fees, compliance framework development, capital requirements, and professional indemnity insurance, typically falls between GBP 15,000 and GBP 75,000 depending on the complexity of the application. Our detailed breakdown of FCA authorisation costs in 2026 provides current figures across all firm categories.
Can I trade while my application is pending?
No. The general prohibition under section 19 of FSMA means that you cannot carry on regulated activities until your authorisation has been granted. Doing so is a criminal offence and will almost certainly result in your application being refused. Some firms structure their pre-authorisation period to build their client pipeline through non-regulated activities such as general financial education or corporate consulting, but great care must be taken to ensure that nothing done during this period crosses into regulated territory. If in doubt, seek specific legal advice on the scope of the general prohibition as it applies to your proposed activities.
What if I have been rejected before?
A previous refusal does not automatically prevent a successful future application, but it does require careful handling. The FCA will have a record of any previous application, and your new application should directly address the reasons for the prior refusal and demonstrate what has changed. If the refusal related to fitness and propriety concerns about an individual, and that individual is no longer part of the firm, this should be clearly stated. If it related to inadequate financial resources or compliance arrangements, the new application should provide robust evidence that these deficiencies have been remedied.
Do I need a physical office in the United Kingdom?
Yes. Threshold Condition 2B requires that a body corporate seeking authorisation has its head office and registered office in the United Kingdom. For sole traders and partnerships, the head office must be in the UK. The FCA interprets "head office" as the location from which the firm is managed and directed on a day-to-day basis, which means the place where senior management decisions are taken. A registered office address alone is not sufficient if the actual management of the firm takes place overseas. Remote and hybrid working arrangements are acceptable provided the firm can demonstrate that its UK presence is genuine and that the FCA can exercise effective supervision.
Taking the Next Step
The FCA authorisation process is demanding by design. The regulator's role is to ensure that only firms with the right people, adequate resources, and genuine commitment to consumer protection enter the regulated market. But demanding does not mean opaque or arbitrary. The requirements are published, the process is defined, and firms that approach it with rigour and transparency consistently achieve positive outcomes.
If you are planning to apply for FCA authorisation, the most valuable investment you can make is in preparation. Understand the permissions you need, appoint the right people to the right roles, build a compliance framework that reflects how your business will actually operate, and present it all in a regulatory business plan that demonstrates commercial viability and regulatory awareness in equal measure. Our FCA Authorisation service supports firms through every stage of this process, from initial perimeter assessment through to post-authorisation compliance, drawing on direct regulatory experience to ensure your application meets the FCA's expectations first time. Whether you are establishing a new firm in wealth management, launching a payments business, or bringing an innovative financial product to market, the path to authorisation follows the same fundamental principles. Preparation, precision, and professionalism will get you there.
MEMA Regulatory Team
The MEMA Regulatory Team includes ex-FCA supervisors and Big 4 consultants with deep expertise across all aspects of UK financial services regulation and compliance.
Need regulatory support?
Our team can help with FCA authorisation, compliance outsourcing, and regulatory change implementation.
Book a consultation
