FCA authorisation for Digital Finance Firms: Do’s and don'ts

The Financial Conduct Authority (FCA) recently held two separate information sessions to support firms seeking authorisation in the Crypto and the Digital Finance sectors. The session for Cryptoasset applicants took place on 22 May 2025, while the session for Digital Finance firms was held on 9 June 2025. By organising these targeted events, the FCA has demonstrated a clear willingness to be more supportive of applicant firms and to help them submit higher quality applications.

The guidance below distils the key messaging and do’s and don’ts discussed in both sessions, reflecting the FCA’s approach to fostering innovation and raising standards across the industry.

What firms should DO

Engage early with Pre-Application Support (PASS)

Book a PASS meeting once your business plan is well-developed. Use this opportunity to clarify your regulatory scope, ask questions, and understand FCA expectations. Prepare for the session by defining your business model, regulatory permissions and hiring plan.

Prepare thoroughly before applying

Clearly articulate your business model, target market, and required permissions. This includes flow of funds, step-by-step description of the product, and identification of third-party providers involved in the process. Review all relevant regulations (PSRs, EMRs, MLRs) and relevant sections of the FCA Handbook such as PERG 15 and the FCA Approach Document.

Ensure your trading name is not sensitive, or, if it is, seek FCA approval.

Appoint all key individuals (e.g. CEO, CTO, COO, CCO/MLRO) as appropriate for your business type. For cryptoasset registration, a MLRO should be fully involved in the drafting of the application pack.

Consider seeking independent legal or compliance advice.

Demonstrate clearly how are you meeting initial capital requirements 

While cryptoasset firms have no minimum initial capital requirements all firms should be prepared to provide evidence of adequate resources both financial and operational. This means a capital position sufficient to support operations and absorb risk. Initial capital requirement of authorised PIs will be €20,000, €50,000 or €125,000 depending on the business activities it carries out and €350,000 for e-money firms. Ensure consistency between quantitative and qualitative information found in the business plan and clarity on funding sources and capitalisation, especially when relying on a parent company.

Search for a safeguarding provider

Digital Finance firms should plan ahead and begin initial discussions with potential safeguarding providers as early as possible. The FCA will not authorise a firm that does not have safeguarding arrangements in place, and firms should be aware that onboarding with safeguarding providers can be a lengthy process. Early engagement is essential to ensure compliance and avoid delays in the authorisation process.

Demonstrate strong governance and resilience

Establish a management team with relevant sector experience and clear reporting lines. Document robust systems and controls for risk management, financial crime prevention, despite outsourcing, firms retain responsibility and oversees outsourcing relationships daily and client money safeguarding.

If part of a group, mind and management should be independent from the group and ensure any conflicts are managed by a well-designed conflict of interest policy.

Prepare a comprehensive Business-Wide Risk Assessment (BWRA) that aligns with your business plan. Evidence operational resilience through business service mapping, scenario testing, and impact tolerance documentation.

Establish effective financial crime, terrorism financing and proliferation financing controls

Understand your financial crime risk exposure: have detailed financial crime risk assessment that consider the business (main critic is that the policies and procedures are not enough tailored to the Firm), customer risk assessment should be detailed, procedures should be provided. Provide details of any third-party providers used for screening, transaction monitoring, Customer Due Diligence.

Cryptoasset firms should remain aware of the Travel Rule which was discussed at length in previous publications.

Consider financial promotions rules for cryptoassets

Cryptoasset providers must implement robust processes to comply with rules governing the promotion of qualifying cryptoassets to retail clients, which are designed to protect UK consumers and raise industry standards. Your firm should ensure it meets all financial promotions requirements, including a mandatory 24-hour cooling-off period for new clients, the delivery of both general and personalised risk warnings, proper client categorisation, and thorough appropriateness assessments.

Embed Consumer Duty

Your application must clearly demonstrate how your firm will comply with the FCA’s Consumer Duty, specifically showing how you will consistently deliver good outcomes for retail customers. The FCA expects your submission to be tailored to your business and supported by detailed policies, processes, management information, and other relevant materials. This should include, but is not limited to, your target market analysis, product and service governance framework, fair value assessment, customer understanding and support frameworks, outcome monitoring, and root cause analysis processes. You may be asked to amend or provide additional documents if the FCA finds your submission incomplete or lacking in any area.

Show financial soundness and planning

Provide a detailed business plan, including monetisation strategy, target markets, and distribution channels. Demonstrate adequate resources financial and operational to support your business. Ensure your capital position is clear, sufficient, and sustainable, with transparent funding sources. Model and stress-test wind-down planning, including associated costs.

Be organised, transparent, and responsive

Submit complete, high-quality, and internally reviewed and approved documentation. Be proactive, respond promptly and openly to FCA queries, providing all requested information. Be ready to engage constructively with feedback and make adjustments as needed. Have all key personnel in place at the time of submission.

What firms should NOT DO

Rush or underprepare

Avoid submitting your application before your business plan, governance, and risk controls are fully developed. Don’t overlook the importance of reviewing all relevant regulations and FCA guidance.

Neglect key individuals or governance

Never leave key roles unfilled or appoint individuals lacking relevant experience. Don’t underestimate the FCA’s scrutiny of your management team and governance arrangements.

Provide incomplete or inconsistent information

Avoid inconsistencies between your business plan, financial statements, and application forms. Don’t omit details about funding sources, capitalisation, or wind-down planning.

Ignore Operational Resilience

Don’t treat operational resilience as a tick-box exercise; the FCA expects clear, practical evidence of scenario testing and impact tolerance.

Be unresponsive or defensive

Never delay responses to FCA requests or withhold material information. Don’t resist feedback or fail to adapt your application when required.

Assume low-risk means easy approval

Even application with low-risk business models can be rejected if controls are weak, or documentation is lacking. High-risk business models may be approved if the applicant firm demonstrates strong governance, resources, and controls.

Final thoughts

Success in the FCA authorisation process comes down to being ready, willing, and organised. Invest in early planning, engage with FCA support, and approach the process with transparency.

Cosegic has deep expertise in supporting firms through FCA authorisation and ongoing regulatory requirements across the Digital Finance sectors. If you would like to discuss how Cosegic can support your firm, please get in touch with our team to arrange a consultation.

Get in touch