Step-by-Step Guide to FCA Authorisation in 2026
Feb 14, 2026
·
14 min read
Securing authorisation from the UK’s Financial Conduct Authority (FCA) is one of the most important milestones for any fintech or financial services firm entering the UK market. It is the regulator’s way of confirming that a business is fit to operate, has the right people and systems in place, and can be supervised effectively. Without it, firms risk penalties, reputational damage, and the inability to operate legally.
This guide takes a practical, step-by-step approach to the authorisation process in 2026. You’ll find clear explanations of what activities require authorisation, what regulators look for in an application, and how the review process works. We also highlight common pitfalls, misconceptions, and recent FCA updates that matter for fintech founders, lawyers, and compliance officers.
The goal is to help you understand what the FCA expects and how to prepare an application that is both thorough and credible, so you can focus on building your business with regulatory confidence.
InnReg is a global regulatory compliance and operations consulting team serving financial services companies since 2013. If you need assistance with compliance or fintech regulations, click here.
What FCA Authorisation Means in 2026
For financial services and fintech firms, FCA authorisation is more than a regulatory checkbox. It is the UK’s legal framework that grants permission to carry out regulated activities such as managing investments, issuing electronic money, or offering consumer credit. Without it, firms cannot operate in these markets.
Authorisation also signals to investors, partners, and customers that a firm has the governance, resources, and systems to be trusted. The FCA’s role is not just to approve a license but to determine whether a business can be supervised effectively and deliver fair outcomes for clients. This makes authorisation both a compliance requirement and a mark of credibility in the UK financial sector.
In 2026, the process reflects a tougher regulatory environment. The FCA continues to focus on operational resilience, financial crime controls, and the new Consumer Duty framework. For fintechs, this means applications must show not only a viable business model but also robust plans for oversight, customer protection, and risk management.
Who Needs FCA Authorisation
Not every financial services business in the UK needs full FCA authorisation. The requirement depends on whether your activities fall within the scope of the Financial Services and Markets Act 2000 (as amended, including by the Financial Services and Markets Act 2023), referred to shortly as FSMA or other FCA rules.
Firms that typically require authorisation include:
Banks and neobanks accepting deposits
Payment institutions and electronic money issuers
Consumer credit providers such as lenders or Buy-Now-Pay-Later platforms
Investment firms and advisors
Insurance intermediaries and brokers
Firms safeguarding or administering client assets
If your company carries out any of these activities, you will need to apply for authorisation before launching operations. Operating without the correct permissions can result in fines, regulatory action, or being shut down.
Exemptions and Registrations
Some businesses can operate without full authorisation if they fall under an exemption or limited regime. Here are some of the common examples that can benefit from exemptions but still have to register:
Cryptoasset firms that only require FCA registration for anti-money laundering (AML) supervision
Appointed Representatives (ARs) that operate under the umbrella of an authorised principal firm (ARs are not “registered” with the FCA; the principal notifies the FCA instead)
Limited permission consumer credit firms engaging in lower-risk activities
These routes can be faster but come with restrictions. For instance, ARs depend on the oversight of their principal firm, and crypto firms remain under close FCA scrutiny. Understanding whether your business model needs full FCA authorisation or can rely on a narrower route is a critical early step.
On the other hand, some firms do not require FCA authorisation or registration, such as:
Professional firms such as accountants or solicitors, when financial services are incidental to their main work
Businesses carrying out activities that fall under explicit FSMA exclusions (e.g., certain intra-group services)
Exemptions are narrow and technical. Relying on one without legal clarity can put a business at risk of breaching regulatory requirements.
Appointed Representatives (ARs)
An AR operates under the license of an FCA-authorised “principal” firm. Here are some key highlights:
The principal is fully responsible for supervising the AR’s compliance
This route can provide quicker market access for startups
The FCA has tightened AR oversight, requiring principals to conduct annual reviews and report more details
AR status works best as a temporary stepping stone, not a permanent solution, especially for firms planning to scale
Taken together, exemptions, registrations, and AR status can shorten the path to market. But they all come with restrictions. Founders should weigh whether these options meet their long-term goals or if a direct FCA authorisation is the better route.
Key Regulatory Considerations Before Applying
Before starting an application, firms must understand what the FCA expects. The regulator looks at both the business model and whether the company has the people, systems, and resources to operate responsibly. Applications that miss these fundamentals often stall or fail.
FCA Threshold Conditions
The FCA applies five threshold conditions to every applicant:
Location of offices: The firm must be directed and managed from the UK.
Adequate supervision: The FCA must be able to monitor the firm without obstacles from complex group structures.
Appropriate resources: Adequate financial, human, and IT resources must be in place.
Suitability: Senior managers and owners must be fit and proper, with the right expertise and integrity.
Business model: The plan must be sustainable and not pose undue risks to customers or markets.
These conditions are the foundation of every application. If a business cannot demonstrate them, it will not progress.
Senior Managers and Certification Regime (SM&CR)
Applicants must identify individuals who will hold Senior Management Functions. This includes roles such as CEO, compliance officer, and money laundering reporting officer. Each person is assessed against fitness and propriety standards covering honesty, competence, and financial soundness.
For fintechs, hiring experienced compliance staff early can be difficult, but it is often the difference between approval and rejection. The FCA does not accept “to be hired later” for critical positions.
Consumer Duty and Customer Protection
Since 2023, the FCA has required firms serving retail clients to comply with the Consumer Duty. This means businesses must:
Design products for good customer outcomes
Provide fair value and transparent pricing
Communicate clearly so customers understand risks
Monitor outcomes to identify and correct potential harm
The Consumer Duty is now a central part of the FCA authorisation process. Any application involving retail customers should show a clear plan for meeting this higher standard.
See also:
Capital and Funding Expectations
The FCA goes beyond minimum capital rules. Firms must demonstrate adequate funding to operate for at least a year, plus transparent sources of money. Thin financial projections or unrealistic growth assumptions are red flags. The regulator expects buffers that reflect the real costs of launching and running a financial services business.
Need help with payments compliance?
Fill out the form below and our experts will get back to you.
Step-by-Step FCA Authorisation Process
The FCA authorisation journey is not just about filling forms. It’s about proving that your business is ready to operate from day one. Each stage builds the case that your firm is viable, well-managed, and capable of meeting regulatory standards.
Step 1: Define Permissions and Regulated Activities
The starting point is to identify the specific permissions you need. This means mapping your business activities against the FCA’s regulated activities under FSMA.
For example, a payment app may need electronic money permissions, while a robo-advisor will need investment management permissions. Applying for the wrong permissions can slow down approval or lead to breaches later. Firms should take time at this stage to align their business model with the FCA’s perimeter guidance and, where necessary, seek specialist input.
Step 2: Build a Business Plan Aligned with FCA Standards
A credible business plan is central to authorisation. The FCA is looking for more than commercial potential. It wants evidence that the firm can meet regulatory obligations while remaining financially sustainable.
Strong applications include clear descriptions of:
Products
Customer types
Revenue sources
Supporting financial forecasts and scenario analysis
Importantly, the plan should integrate compliance. Policies for risk management, AML, complaints handling, and governance should be woven into the business model, not bolted on as an afterthought. A detailed, well-structured plan shows both commercial clarity and regulatory readiness.
Step 3: Prepare Documentation and Compliance Policies
The FCA expects a complete set of supporting documents, so you should gather the documents that support your application. At a minimum, this includes:
Financial forecasts and capital statements
AML compliance and policies
Risk management and governance frameworks
Customer journey or fund flow diagrams
Missing or inconsistent documents are among the most common reasons applications stall. Consistency across documents is key: if the business plan says one thing but the financial forecasts say another, the case officer will notice.
Step 4: Appoint Senior Managers and Key Individuals
Every application is assessed against the fitness and propriety of its senior managers. This includes the CEO, compliance officer, and money laundering reporting officer. Each must submit detailed background information and be prepared to demonstrate competence if interviewed.
The FCA is sceptical of applications where critical roles are left unfilled or assigned to inexperienced founders without proper support. Hiring experienced compliance leadership early often determines whether an application succeeds.
Step 5: Set Up Operational Systems and Risk Controls
By the time of application, firms should have their systems built or contracted, not just in the planning stage. This includes IT infrastructure for transactions, customer onboarding, and monitoring, as well as risk controls for financial crime and operational resilience.
The FCA increasingly expects firms to show how they would handle outages, cyber incidents, or a rapid increase in customer volume. Startups that rely on third-party technology providers should provide evidence of contracts and oversight processes. Operational readiness is one of the clearest signals to the FCA that a firm is truly prepared.
See also:
Step 6: Submit the FCA Application via Connect
All applications are filed through the FCA’s Connect platform. The process involves completing a detailed online form, uploading supporting documents, and paying the application fee.
Firms should expect to answer granular questions about governance, financial crime controls, and capital planning. Submitting a complete application matters: if the FCA deems it incomplete, the statutory six-month clock will not start, and the process can stretch to a year or more.
Step 7: Engage with the FCA During the Review
Once submitted, applications are assigned to a case officer. Expect follow-up questions, requests for additional documents, and possibly interviews with senior managers. The FCA uses this phase to test whether the firm understands its obligations, not just whether the paperwork looks right.
Prompt, thorough responses demonstrate that the business is “ready, willing, and organised.” Delays, vague answers, or shifting business models can undermine confidence and trigger further scrutiny.
Step 8: Receive FCA Authorisation and Register Entry
If the FCA is satisfied, the firm receives authorisation and is entered on the public Financial Services Register. The authorisation notice will detail the permissions granted and any limitations or conditions.
Some firms may receive restrictions at the outset, such as not holding client money until additional safeguards are in place. These conditions are legally binding and must be managed carefully.
Step 9: Meet Ongoing Compliance Obligations
Authorisation is not the finish line. It marks the beginning of continuous supervision. Firms must file regulatory reports, maintain capital buffers, and comply with obligations like the Consumer Duty.
Any significant changes in structure, leadership, or business model must be reported to the FCA. Ongoing compliance is where many new firms struggle, which is why building strong systems early is as important as getting approval.
Common Challenges in FCA Authorisation
Even firms with strong business models can face setbacks during the authorisation process. The FCA applies a high bar, and applications often fail because of issues that could have been anticipated. Knowing the common challenges in advance can save months of delay.
Documentation and Consistency Issues
One of the most frequent problems is inconsistent or incomplete documentation. Business plans, financial forecasts, and compliance policies must all align. If one document describes activities differently from another, case officers will question the firm’s readiness. Submitting drafts or generic templates is another common mistake.
Capital and Resourcing Gaps
The FCA expects firms not only to meet minimum capital requirements but also to show they can sustain operations for at least a year. Applications that rely on uncommitted investor funding or thin projections raise concerns. Similarly, underestimating staffing needs for compliance, finance, or risk management often signals a lack of planning.
Weak Compliance and Governance Frameworks
Applications that present compliance as an afterthought rarely succeed. The FCA wants to see a compliance monitoring program, AML controls, and clear governance arrangements from day one. A weak framework suggests the firm is not ready for ongoing supervision.
Inexperienced or Unfit Senior Staff
Senior managers are scrutinised closely. If applicants propose unqualified individuals for key roles or leave positions unfilled, the application will stall. Even competent founders may need to bring in experienced compliance or risk professionals to strengthen the team.
Misunderstanding the Scope of Permissions
Finally, some firms apply for the wrong permissions or overlook activities that are regulated. This can force costly variations later or, worse, lead to operating outside the scope. Firms should carefully map their business model to the FCA’s perimeter rules before submitting.
Misconceptions About FCA Authorisation
Many founders approach FCA authorisation with assumptions that don’t hold up in practice. These misconceptions often slow down applications or create compliance gaps later. Clarifying them upfront can prevent wasted time and resources.
Registration vs. Full FCA Authorisation
Some firms mistake registration under the Money Laundering Regulations for full FCA authorisation. Here is an overview of the scope between registration and full FCA authorisation:
Aspect | Registration | Full FCA Authorisation |
|---|---|---|
Scope | Covers limited activities, such as cryptoasset firms under Money Laundering Regulations | Permits a full range of regulated activities under FSMA, including lending, investments, and e-money |
Regulatory Focus | Primarily anti-money laundering and counter-terrorist financing | Broader oversight of governance, customer protection, capital, and ongoing compliance |
Permissions Granted | Narrow and activity-specific | Wide-ranging, aligned with the firm’s business model, and permissions applied for |
Market Signal | Shows AML compliance only | Signals full regulatory approval and credibility in the UK financial market |
Role of Consultants and Advisors
Specialist advisors can add real value to the FCA authorisation process. They help firms:
Translate FCA rules into practical requirements
Identify gaps in business plans, policies, or governance structures
Draft or refine documentation so it meets regulatory expectations
Anticipate questions that case officers are likely to raise
That said, the FCA expects leadership to understand and take ownership of the application. Case officers may interview founders or senior managers directly, and weak responses can raise concerns. Outsourcing the work does not outsource accountability.
At InnReg, we often support fintech firms as an outsourced compliance department or extension of their teams. Our role is to provide deep regulatory expertise and fintech-specific insight while making sure the firm’s leaders are equipped to speak confidently about their application.
Hiring Compliance Staff After Approval
It can be tempting for startups to delay hiring compliance professionals until after FCA approval, especially when budgets are tight. But the FCA reads this as a lack of readiness. Applications that list critical roles as “to be hired later” rarely move forward.
Key functions, including the compliance officer and money laundering reporting officer (MLRO), must be filled at the time of application. These individuals need to demonstrate experience, competence, and independence. The regulator may even interview them to test their understanding of the firm’s risk profile and obligations.
Building Technology Post-Approval
Some startups hope to secure authorisation first and build their tech stack afterwards. The FCA expects systems to be built or contracted before approval. Whether it’s onboarding tools, AML checks, or transaction monitoring, operational readiness is part of the test.
Believing FCA Authorisation Is Permanent
Approval is not forever. Firms can lose permissions if they fail to use them within 12 months or if they neglect reporting and compliance obligations. Authorisation is conditional on ongoing standards, not a one-time hurdle.
Recent FCA Updates and Trends for 2026
The FCA continues to raise the bar for new applicants. Firms entering the process in 2026 face a regulatory environment that is stricter and more resource-intensive than in prior years. Being aware of the latest trends helps applicants anticipate what the FCA will scrutinise most closely.
See also:
New FCA Timelines and Processing Targets
The FCA aims to decide complete applications within six months. However, if an application is deemed incomplete, the statutory clock does not start, and the process can stretch to 12 months or more.
In practice, fintechs in higher-risk categories, such as crypto platforms, cross-border payments, or firms with complex group structures, are seeing longer review periods. The regulator has publicly stated that speed will not come at the expense of thoroughness.
Scrutiny of High-Risk Business Models
Business models involving novel products, rapid scaling, or exposure to volatile markets now face closer review.
This includes areas like:
High-frequency trading apps
Leveraged products
Crypto-linked offerings
Applicants are being asked to provide detailed stress testing, liquidity planning, and governance arrangements to demonstrate resilience.
Consumer Duty in Authorisation Applications
Since the Consumer Duty took effect in 2023, the FCA has moved from guidance to active enforcement. New applicants are expected to show how they embed the Duty into their product design, pricing models, and customer support.
Case officers now routinely ask for customer journey mapping and data monitoring plans at the authorisation stage. This shift means firms cannot treat Consumer Duty as an afterthought; it must be built into the business plan and compliance framework from day one.
Appointed Representative Oversight Changes
The FCA has tightened the rules around ARs, responding to concerns that ARs were a source of misconduct and consumer harm. Principal firms are now required to conduct more extensive due diligence, ongoing monitoring, and annual reviews of their ARs.
They must also file more detailed data with the FCA about the AR’s activities. For startups, this makes the AR route harder to access, as principals are becoming more selective about who they take on.
Use-It-or-Lose-It Permission Rules
In 2024, the FCA began actively removing permissions from firms that had not used them within 12 months. This “use-it-or-lose-it” approach is now standard practice in 2026. The policy is designed to keep the Financial Services Register accurate and prevent firms from holding permissions they cannot support.
For new entrants, it means authorisation must be followed quickly by operational readiness. Sitting on unused permissions is no longer tolerated.
Early and High Growth Oversight Program
The FCA continues to expand its Early and High Growth Oversight initiative, which provides additional supervision for newly authorised firms. While this program offers firms the chance to engage more directly with the regulator, it also means they are subject to higher levels of reporting and scrutiny in their first years.
FCA Authorisation Steps at a Glance
The entire FCA authorisation process has many moving parts and can feel overwhelming. To make it easier to follow, here’s a quick-reference table that summarises the nine steps outlined earlier, what each involves, and what the FCA is focused on at each stage.
Step | What It Involves | FCA Focus |
|---|---|---|
1. Define Permissions and Regulated Activities | Map your business model to the FCA’s regulated activities and identify the right permissions. | Accuracy of permissions requested; alignment with FSMA perimeter. |
2. Build a Business Plan | Create a plan showing products, customers, revenue, and integration of compliance. | Commercial viability and regulatory readiness. |
3. Prepare Documentation and Policies | Assemble forecasts, compliance, AML policies, governance frameworks, and flow diagrams. | Completeness and internal consistency across documents. |
4. Appoint Senior Managers | Assign fit and proper individuals to key roles like CEO, Compliance Officer, and MLRO. | Competence, integrity, and readiness of key personnel. |
5. Set Up Operational Systems | Put in place IT, onboarding, monitoring, and risk controls. | Operational resilience, financial crime controls, and vendor oversight. |
6. Submit Application via Connect | File the complete application with documents and fee through the FCA platform. | Application completeness and quality. |
7. Engage During the Review | Respond promptly to FCA questions and provide clarifications. | The firm’s ability to demonstrate understanding and readiness. |
8. Receive Authorisation | Gain approval and appear on the FCA Register with permissions granted. | Accuracy of permissions; conditions may apply. |
9. Meet Ongoing Obligations | Maintain capital, file reports, and comply with the Consumer Duty and supervision rules. | Continuous compliance and effective oversight. |
Preparing for FCA Authorisation in 2026
FCA authorisation is both a regulatory gateway and a credibility test. By 2026, the process will have become more rigorous, with higher expectations around governance, operational readiness, and customer protection.
Firms that approach it as a box-ticking exercise often face delays or rejection. Those who treat it as a chance to build a durable compliance foundation are better positioned for long-term growth.
At InnReg, we work with fintechs that operate at the intersection of innovation and regulation. Our team supports firms through the authorisation process by helping them refine documentation, design compliance frameworks, and prepare for supervisory engagement.
Get in touch with us to discuss your authorisation strategy.
How Can InnReg Help?
InnReg is a global regulatory compliance and operations consulting team serving financial services companies since 2013.
We are especially effective at launching and scaling fintechs with innovative compliance strategies and delivering cost-effective managed services, assisted by proprietary regtech solutions.
If you need help with payments compliance, reach out to our regulatory experts today:
Last updated on Feb 14, 2026
Related Articles
Feb 19, 2026
·
12 min read
Feb 17, 2026
·
14 min read
Featured LinkedIn Posts
