FCA v2.0 The Transformed Regulator and Authorisations: Laying the foundations

Posted on: 9 March 2022

Written by: James Borley

In its 2021/22 Business Plan the FCA informed us of its Transformation Programme, where it recognised a need to make changes internally and promised to make its standards higher [implicitly accepting that they have been lower], with more intensive assessment and greater scrutiny of firms’ financials and business models. As a response to these proposed changes at the FCA, we intend to explore what this might mean to how firms run and manage their day-to day compliance obligations through a series of articles and webinars. Perhaps where we have seen these changes the most is at the Authorisation’s ‘gateway'.

Having been hauled over the coals in recent times – London Capital and Finance and Connaught the prime examples – the FCA is taking clear steps towards a ‘more robust gateway’ with more pushback on applicant firms and less tolerance for ‘handholding’ during the assessment process. This article, the first in a series, provides a commentary on the authorisation process in general terms and how the process is changing and serves as a taster for our webinar on the topic on 28th March, details for which can be found here. Subsequent articles in the series in the coming weeks will provide some specific pointers of what the FCA is looking for, and importantly what it is not looking for, and those areas where firms really must be getting it right first time.

Permission and ‘Threshold Conditions’ - Getting the basics of your application right…

Before starting work on an application, firms will need to understand which ‘permission’ and regulated activities they will need to apply for. 'Permission' is a legislative term, peculiar to the UK, as set out in Part 4A of the Financial Services and Markets Act 2000 (FSMA), that is often used interchangeably with terms like ‘authorisation’ or ‘licence’ (a term used more frequently in Europe and worldwide). Some firms will need to seek permission to operate in the UK under Part 4A of FSMA, while others will need  to be authorised or registered under the Payment Services Regulations 2017 (PSRs), or the Electronic Money Regulations 2011 (EMRs).

In order to grant ‘permission’ the FCA must be satisfied that the applicant firm satisfies, and can be expected to continue to satisfy, the relevant conditions of authorisation. For FSMA firms these are set out as high-level ‘threshold conditions’ in Schedule 6: location of offices, effective supervision, appropriate resources, suitability, business model.

Some are binary, depending on the activities that a firm wishes to undertake. For example, the amount of regulatory capital a firm is required to hold and maintain is clearly set out and (relatively) easy to understand. Others, however, are more subjective and open to interpretation. Key for these will be to present supporting information in such a way that you can clearly demonstrate to the FCA that the relevant condition is met. For example:

1. Location of offices – a firm must have its head office in the UK. Now, a simple reading would be for the physical location of the office itself. However, the FCA is more concerned with the location of the firm’s ‘mind and management’ i.e. the location of the directors and senior management who take material day-to-day decisions about the firm’s central direction. Even where we have seen a shift in working patterns from office-based to more remote working-at-home, the expectation is that the firm is still based in the UK and the FCA can still supervise the firm. This means being able to show that the firm’s senior management have properly considered the risks and how the firm will be able to remain compliant. Firms should therefore ensure that any decision to move to remote or hybrid working has been discussed, a proper plan is in place and that the risks have been considered and addressed, and most importantly, that this has been evidenced in writing.

2. Effective supervision – leading directly from the ‘mind and management’ point, firms should consider whether the composition/location of their governing body, or the nature of their activity (whether regulated or unregulated) impact the FCA’s ability to effectively supervise the firm. Certainly, if no one is in the UK, there is no one for the FCA to engage with and nothing they can effectively supervise. As with the remote working point on location of offices above, the FCA needs to be able to visit any location where work is performed, business is carried out and employees are based. This includes employees’ home addresses (if this is where they are working) and would be the case for both supervisory and enforcement visits. Firms should ensure that they make their employees aware of this.

3. Appropriate resources – a common area of weakness in applications submitted to the FCA is the (lack of) knowledge, skills and experience of key staff within the firm; it’s non-financial resources. Whilst this makes complete sense if taken to the extreme (e.g. a school leaver wishing to set up a bank) it is often less clear, and more subjective, where such knowledge and experience is less obviously relevant. Here an individual may not have worked in the same type of business before but might nevertheless have transferable skills from previous roles. Key to ensuring that this doesn’t become an issue in your application will be setting out for the FCA as to why you believe these skills to be appropriate. Preferable of course would be experience in similar roles at another authorised firm, or perhaps as an appointed representative or agent. We are seeing now that the FCA will not just take the firm’s word for such knowledge and experience, but will look to conduct interviews with candidates to assess the depth – and appropriateness - of that knowledge and experience. On the financial side of things, the FCA will look to ensure that the business will be solvent, and will at all times have sufficient capital and liquid resources available to it. Increasingly, the FCA is also looking at firms to supply wind-down plans, setting out how the firm would close its business in an orderly way, such that its closure prevents or minimises risk to consumers and market integrity.

4. Suitability – another condition that could apply to the ‘fit and proper’ assessment of individuals within the firm; are they ‘suitable’ to perform the roles to which they have been appointed? The FCA will be looking for the firm to make clear how they have come to that conclusion (‘show your workings’ as we say!). It can also refer to the activities which a firm proposes to undertake and how they might impact UK consumers. Certainly, the FCA wants to ‘keep the bad guys out’ and will do so based on the history and background presented in each individual application, whether for a controller or a senior manager function. Key here is what you don’t say to the regulator, as much as what you do say. The FCA expects firms and individuals to be open and honest in their dealings with the FCA, and so would expect full disclosure of all material matters. The FCA takes a dim view of non-disclosure and may seek to refuse an application even if the underlying ‘offence’ was not so egregious.

5. Business model – linking to the previous condition, but focussing entirely on what the firm proposes to do, how and with whom. Clearly, some business models pose greater risk of harms to consumers, or to the integrity of the UK financial system than others. But that’s not all. Increasingly, the FCA is taking a holistic view of the firm’s business activities, such that any unregulated activities it may carry on will absolutely be taken into account when assessing the potential harms posed to consumers. For example, the extent to which a firm’s unregulated mortgage contracts might impact its book of regulated mortgage contracts, or a firm’s foreign currency business carried on alongside a payments business. The FCA will look at both the ‘contagion risk’ – to what extent might the failure of the unregulated business impact the regulated business and firm as a whole- and the ‘confusion risk’ – where consumers are unclear as to what right of recourse is afforded to which activities.

In summary…

The FCA will expect the applicant to clearly demonstrate how it meets the threshold conditions now and how it will meet them on an ongoing basis. In addition, the FCA no longer has the appetite to ‘help’ applicants through the application process; the expectation is that the application is ‘right first time’. Instead, the FCA is pushing back on poor quality applications earlier, suggesting the firm withdraw their application, or be taken down the refusal process. The importance of getting your application right the first time cannot be underestimated.

In our next article we will be looking at the relevant application timings: balancing what the legislation actually says with what a firm should reasonably expect.  

James Headshot

James Borley

James, our Managing Director for Payment Services, is a highly qualified financial services expert and a familiar name to many in the payments and e-money community.

Contact James

Related resources

All resources
iStock 479324890 Event

Payment Services Regulatory Compliance Forum 2025

iStock 1065111748 Article

Managing reputational risk

iStock 1160915536 Article

FCA issues guidance on Payment Services Regulations 2024

iStock 171292310 Article

Identifying the weaknesses in firms’ transaction reporting governance and control frameworks