FCA Approval: How UK Businesses Get Authorised And Stay Compliant

If your business touches money, investments or financial promotions in the UK, “Do we need FCA approval?” should be one of your first questions.

Getting Financial Conduct Authority (FCA) authorisation can feel daunting, but don’t stress – with the right plan, documents and timelines, you can get authorised and operate with confidence.

This guide breaks down when you need FCA approval, how to become FCA regulated step-by-step, what the FCA registration requirements look like in practice, timelines and costs, and what ongoing obligations apply once you’re live.

Do You Actually Need FCA Approval?

Not every money-adjacent business needs FCA approval. FCA authorisation is required if you carry on a “regulated activity” in the UK by way of business under the Financial Services and Markets Act 2000 (FSMA). The FCA’s Perimeter Guidance (PERG) sets out activities that are regulated, including:

• Accepting deposits and operating a bank
• Arranging or advising on investments (e.g. shares, funds, bonds)
• Dealing in investments as agent or principal
• Consumer credit (e.g. lending, credit broking, debt counselling, debt administration)
• Payment services and e-money (regulated under the Payment Services Regulations 2017 and Electronic Money Regulations 2011)
• Insurance distribution (arranging, advising on, or assisting with claims)
• Safeguarding and administering investments or client money
• Operating a multilateral trading facility (MTF) or organised trading facility (OTF)

Common small-business examples that may need a FCA licence include: a lending platform, a broker introducing consumers to credit, a budgeting app moving customer funds, an investment comparison site that strays into advice, or an insurtech distributing policies.

Two quick rules of thumb help you early on:

• If your business takes custody of client money or client assets, you likely need FCA permissions.
• If your marketing involves “financial promotions” (inviting or inducing someone to engage in investment activity), strict rules apply – and unauthorised firms face limits on what they can say.

Before you register with the FCA, map your business model against the FCA Handbook and PERG to confirm whether you perform any regulated activities, and whether an exclusion applies. Where the line isn’t obvious, get tailored advice – perimeter mistakes can be costly.

How To Become FCA Regulated: Step-By-Step

For most firms, you’ll apply for authorisation (or registration, for certain regimes) through the FCA’s online Connect system. Here’s the typical journey.

1) Define Your Regulated Activities And Permissions

Start by clearly describing your services and who your customers are. From this, identify the exact permissions you’ll need (e.g. “credit broking (limited permission)” or “arranging (bringing about) deals in investments”). Being precise matters: too narrow and you can’t operate; too broad and the FCA may question whether you’re ready to control the risks.

2) Choose Your Structure And Governance

The FCA expects a robust legal entity with clear governance. Many founders incorporate a limited company for limited liability and investment-readiness. If you haven’t already, set up your company and put in place decision-making documents like a Shareholders Agreement and appropriate board governance so your management and control are clear from day one. If you need to register a company, do that before starting the FCA application.

3) Appoint Senior Managers And Map SMCR

Most firms must comply with the Senior Managers and Certification Regime (SMCR). You’ll nominate individuals for Senior Management Functions (SMFs), such as SMF1 (Chief Executive), SMF3 (Executive Director) and SMF16 (Compliance Oversight), depending on your firm type. Each Senior Manager needs a Statement of Responsibilities and must be fit and proper. Build your org chart early, and ensure employment terms for these roles are documented, typically using a tailored Directors Service Agreement or relevant Employment Contract.

4) Draft Your Regulatory Business Plan

The FCA will assess how your firm meets the Threshold Conditions (e.g. effective supervision, appropriate resources, suitability of persons, business model viability). Your plan should cover:

• Business model and products/services
• Target market and customer outcomes (Consumer Duty focus)
• Governance and SMCR structure
• Financial projections and capital resources
• Outsourcing and third-party risk management
• Compliance Monitoring Plan and key policies
• IT, data and operational resilience
• Complaints handling and vulnerable customer strategy

5) Build Your Policies, Controls And Customer-Facing Legals

The FCA cares most about how you’ll deliver good outcomes and control risk. Expect to prepare and implement policies like Conduct Risk, Conflicts of Interest, Financial Promotions, Complaints (DISP), SYSC governance, Outsourcing, Anti-Financial Crime, and Data Protection. For customer trust and compliance, have consumer-facing terms in place such as Website Terms and Conditions, appropriate app or platform Terms of Use or SaaS Terms, and a GDPR-compliant Privacy Policy with a supporting Data Processing Agreement for vendors who process personal data.

6) Prepare Financials And Capital

Depending on your permissions, prudential requirements may apply (e.g. capital requirements for investment firms under IFPR, safeguarding requirements for payment services/e-money, or client money rules under CASS). Your financial forecasts should show you meet minimum capital and liquidity and remain solvent under stress.

7) Complete The Application In Connect

Through the FCA’s Connect portal you’ll file your application, including form details, controller information, SMF applications, business plan and policy attachments. Be ready for questions and “information requests” during assessment. It’s normal for the FCA to probe how your controls match your business model.

8) Build Your Launch Readiness

While the application is assessed, finish operational readiness: finalize staff training on Conduct Rules, complete IT and data-security controls, set up incident response (a practical Data Breach Response Plan helps), and roll out internal policies via your Staff Handbook. If you run a consumer-facing site or app, implement your Cookie Policy and consent tools in line with PECR and UK GDPR.

What Are The FCA Registration Requirements And Documents?

Specific requirements vary by firm type and permissions, but expect the FCA to ask for documents and evidence across these themes:

• Business plan – model, target market, risks, financials, and Consumer Duty approach.
• SMCR documentation – org chart, Statements of Responsibilities, fit and proper assessments, training plans.
• Policies and procedures – compliance monitoring, complaints (DISP), outsourcing, financial promotions approvals, conflicts, whistleblowing (a dedicated Whistleblower Policy is best practice), and data protection.
• Financial resources – opening balance sheet, capital calculations, funding sources, liquidity plans.
• Outsourcing and third parties – contracts with critical providers, exit/transition plans, oversight arrangements.
• IT and operational resilience – architecture, cyber controls, backups, BCP/DR, incident management.
• Customer documentation – terms, disclosures, financial promotions sign-off process, vulnerable customer measures.

The FCA assesses this information against its Threshold Conditions and relevant sourcebooks (e.g. SYSC for systems and controls, PRIN for Principles for Businesses, DISP for complaint handling, and PROD/Consumer Duty for product governance and customer outcomes). Keep your policies practical and matched to your actual operations – the FCA prefers usable, embedded controls over a long “policy library” that no one follows.

Finally, ensure directors and controllers disclose any issues honestly. Non-disclosure of adverse matters (even if historic) is a common reason applications falter.

How Long Does FCA Approval Take And What Does It Cost?

Timelines vary widely, but small firms should plan for 6–12 months from first drafting to authorisation. The FCA’s statutory clock (often six months for a complete application or 12 months for an incomplete one) starts after submission, but back-and-forth information requests are common.

Your total cost includes:

• FCA application fee – depends on your firm type/permissions.
• Professional support – legal and compliance help to scope permissions and prepare documents.
• Capital – minimum regulatory capital and working capital.
• Ongoing periodic fees – FCA periodic fees and levies once authorised.

Budget realistically for internal resourcing too. Someone senior will need to engage with the FCA, coordinate documents and answer detailed questions about the business model.

Alternatives To Full Authorisation

If you’re exploring how to register with FCA but you’re pre–product-market fit, or if your activity is narrow, alternatives can reduce complexity and time-to-market.

• Appointed Representative (AR) – Operate under a “principal” firm’s permissions for certain activities (common for credit broking and insurance distribution). You must fit within the principal’s scope and oversight, and they take regulatory responsibility for your activities.
• Introducer Appointed Representative (IAR) – A lighter version for mere introductions, with tighter limits on what you can say and do.
• Outsourcing and partnerships – For payment flows, consider using a fully authorised third party (e.g., an e-money or payment firm) while you focus on the customer interface. Make sure your contracts and customer/supplier agreements allocate risk clearly.
• FCA Innovation Pathways / Digital Sandbox – Engage the FCA early on novel models. While not an approval shortcut, it can de-risk your route to market.
• Stay outside the perimeter – Adjust your model or wording so activities fall outside regulated activities (within the law). If you rely on this approach, document your PERG analysis and keep it under review as the model evolves.

These routes can be smart stepping-stones. But remember: if you’re carrying on a regulated activity by way of business, you must obtain authorisation or operate under a valid exemption.

Ongoing Duties After You’re FCA Authorised

FCA approval isn’t a one-and-done exercise. Once you appear on the public register of FCA registered firms, your focus shifts to continuous compliance and delivering good customer outcomes.

• Consumer Duty – Design products and communications to deliver good outcomes for retail customers, monitor them, and evidence how you meet the Duty across price/value, transparency, and customer support.
• SMCR – Keep Statements of Responsibilities up to date, certify relevant staff annually, and train everyone on the Conduct Rules.
• Financial promotions – Ensure promotions are clear, fair and not misleading; unauthorised firms have strict limits on what they can communicate. Obtain approval from an authorised approver where required.
• Complaints (DISP) – Maintain a compliant process, issue timely final responses, report complaints metrics, and engage with the Financial Ombudsman Service where applicable.
• Regulatory reporting and notifications – File regular returns via RegData, and notify the FCA promptly of notifiable events (SUP 15).
• Data protection – If you process personal data, UK GDPR and the Data Protection Act 2018 apply. Maintain your Privacy Policy, vendor Data Processing Agreements, and security measures, and be ready with a Data Breach Response Plan.
• Operational resilience – Test severe-but-plausible scenarios, protect critical services, and maintain playbooks for disruption.
• Fair contracts and transparency – Keep your Terms of Use and customer terms accurate, accessible and consistent with FCA disclosures.

Think of this phase as “business-as-usual compliance.” Set a cadence: board reporting on compliance, monthly monitoring, thematic reviews, audits of financial promotions, and annual SMCR certification. The firms that thrive are the ones that embed compliance into day-to-day operations rather than treating it as a separate project.

And as you grow, revisit your permissions. New features can trigger new regulated activities; it’s better to vary your permission in advance than to risk breaching the perimeter.

Key Takeaways

• Confirm early whether you need FCA approval by mapping your model against FSMA regulated activities and the FCA’s perimeter guidance.
• Plan your permissions, governance and SMCR roles before you apply. Incorporate a company and put core governance in place, including a clear Shareholders Agreement and senior role contracts.
• Your application should include a credible business plan, fit-and-proper leadership, robust policies and controls, and adequate financial resources to meet capital and liquidity expectations.
• Expect 6–12 months from first drafting to approval. Budget for application fees, professional support, capital and ongoing FCA periodic fees.
• Consider alternatives such as an Appointed Representative model or partnering with authorised providers if full authorisation is not yet right for you.
• Once authorised, embed Consumer Duty, SMCR, complaints, financial promotions controls, reporting, and GDPR compliance into BAU – keep your Privacy Policy, DPA, and customer terms aligned and up to date.

If you’d like help scoping your permissions, preparing your application pack, or getting your customer and compliance documents drafted properly, you can reach us on 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.