Many firms wrongly assume that securing Financial Conduct Authority (FCA) approval is simply a case of filling in a few forms. Only after they have been rejected do they realise it is a significant legal and regulatory process. Here, Pregeshni Maduramuthu, an experienced regulatory and compliance expert at Arbor Law, explains how best to prepare for what is becoming an increasingly stringent process.
I’ve worked with firms of every size and structure as they navigate FCA authorisation. Time and again, I see similar mistakes. If your firm wants to operate in the UK market and conduct regulatory activity, preparation for FCA approval isn’t just helpful, it’s essential.
What the FCA really wants to see
Many clients are surprised by how early in the process the hard work begins. Before a single form is submitted, a firm needs a clear, detailed and defensible business plan. That includes mapping out your product or service offering, explaining your governance and ownership structure and setting out realistic financial projections, usually for five years. The FCA wants to understand what your firm does, how it makes money and how it plans to grow sustainably and legally.
One of the most common pitfalls I see is overly optimistic or incoherent financial projections. The numbers need to make sense not only on paper, but in relation to your business model. Similarly, risk assessments ought to be comprehensive and include a tailored document that reflects your actual operational risks, rather than generic templates. Submission of relevant compliance documentation is also key: everything from IT and data security policies to business continuity plans and fraud prevention measures must be in place.
The regulator also pays close attention to the people behind the business. Anyone taking on a senior management role will be vetted. Their experience, qualifications and understanding of their regulatory responsibilities must be demonstrable. The FCA may request interviews with key individuals, and they can do so at any point in the application process.
For firms in the payments or trading sectors, there are additional layers of scrutiny. Payments firms in particular must now contend with obligations under the Economic Crime and Corporate Transparency Act (ECCTA), which introduces a new corporate offence of ‘failure to prevent fraud,’ placing a legal duty on relevant organisations to take proactive steps in combating fraudulent activity. Firms, particularly those in the payments and financial services sectors, must demonstrate that they have reasonable procedures in place to prevent fraud by employees and associates. This includes implementing robust internal fraud controls, clear whistleblowing procedures and strengthening corporate governance frameworks to ensure accountability and oversight. For trading firms, especially those offering complex instruments or interacting with retail clients, the FCA wants clear evidence that consumers will be protected, including under the UK’s Consumer Duty regime.
Why you shouldn’t go it alone
Some firms choose to manage the FCA application process themselves — often because they have an in-house compliance officer, or because they’ve previously operated under a regulatory hosting arrangement (such as an umbrella firm or appointed representative (AR) platform) and believe they are familiar with the process. This usually ends in frustration. I’ve seen many applications rejected or delayed for avoidable reasons like missing documentation, unclear governance or simply a failure to present the business in the way the FCA expects.
By the time they come to us, we often have to unpick and redo work that could have been done right the first time. That’s why I always recommend engaging legal and regulatory experts from the outset — ideally from the moment you begin to design the business structure.
It’s important to advise clients not just on the application itself, but on the foundational decisions that support it. For example, ensuring the correct entity in a group structure is the one applying for authorisation, or determining whether your firm needs to register as an authorised electronic money institution (EMI) or a payment institution (API).
Post-authorisation support is also important. Many firms, especially smaller ones, don’t have the resources to maintain an in-house compliance function. In such cases, we offer outsourced compliance solutions, taking on the day-to-day activities for the firm in respect of both regulatory compliance and financial crime obligations. This allows the firm to appoint a senior executive to these roles with the assurance that we can support them by carrying out the operational responsibilities on their behalf. This helps firms meet their obligations while staying lean and focused on growth. As your business scales, we can hand over those responsibilities to an internal team, but, in the meantime, you’re covered.
From preparation to protection
FCA approval is not the finish line, it’s the starting block. Once authorised, your firm takes on a set of ongoing obligations that are just as important as the initial licence. You’ll be required to submit regulatory returns, update your policies each year, provide ongoing compliance and regulatory training, and keep up with changes to the FCA rulebook.
Other ongoing compliance tasks include running a compliance monitoring plan, keeping the FCA register up to date, reviewing financial promotions, responding to FCA requests and reporting any breaches or important changes. These responsibilities should be part of your regular compliance processes, supported by clear records and controls. This is where many firms stumble: they assume authorisation is a one-off hurdle, when in fact it marks the beginning of a continuous relationship with the regulator.
The FCA’s expectations are rising. It is more selective about who it approves, more demanding in terms of compliance and increasingly focused on operational resilience, data protection and financial crime prevention. It’s no longer enough to be a promising business. You must also be a well-governed, risk-aware and regulation-ready one.
So, to any firm considering FCA authorisation: don’t treat it like a formality. Don’t assume you can Google your way through it. And don’t wait until something goes wrong before asking for help because the FCA expects you to be ready. The best time to prepare is now.
About the author: Pregeshni Maduramuthu is a senior compliance expert at award-winning law firm, Arbor Law. She has over 20 years’ experience advising firms in the financial service industry.