FCA Temporary Permissions Regime (TPR) Explained

If you’re a small business operating in UK financial services (or relying on an overseas provider that serves UK customers), you’ve probably heard of the FCA’s Temporary Permissions Regime (TPR).

It’s a Brexit-era safety net that’s still relevant in 2025 - but it’s not a permanent solution.

In this guide, we’ll break down what the TPR is, whether it applies to you, what you need to do while you’re under it, and how to prepare for a smooth move to full UK authorisation or an orderly exit. We’ll keep things practical and focused on what a growing UK business needs to stay compliant and protected.

What Is The FCA Temporary Permissions Regime?

The FCA Temporary Permissions Regime (TPR) allows certain EEA firms that previously “passported” into the UK to keep doing regulated business here on a temporary basis while they seek full UK authorisation. It was introduced when EU passporting ended, so firms wouldn’t have to stop serving UK customers overnight.

Key points in plain English:

• The TPR is a temporary landing zone, not a licence for life.
• It only applies to EEA firms that notified the FCA within the original notification windows - it’s now closed to new entrants.
• While in the TPR, you must meet UK rules relevant to your business, and you’ll be allocated a “landing slot” to submit your full UK authorisation application.
• Separate but related is the Financial Services Contracts Regime (FSCR), which lets certain firms run off existing contracts without taking on new UK business.

If you’re a UK small business that partners with or buys services from an EEA firm, the TPR affects you indirectly - it’s important to know whether your supplier is in the TPR or fully authorised, and what that means for your contracts, compliance, and customer communications.

Does The Temporary Permissions Regime Apply To Your Business?

There are two common scenarios for SMEs:

1) You’re An EEA Firm Serving UK Clients

If you’re an EEA-headquartered firm that notified into the TPR, you can continue your UK regulated activities for now, but you must:

• Operate within the scope of your temporary permission (the activities and investments you notified).
• Meet applicable UK requirements (for example, conduct rules, prudential standards, and the Consumer Duty, where relevant).
• Submit your Part 4A application within your FCA landing slot and be ready for supervisory engagement.

If you did not notify into the TPR, you cannot rely on it now. In that case, consider whether you need full authorisation, can restructure (for example, via a UK subsidiary), or can fall within a narrow exemption such as the overseas persons exclusion (specialist legal advice is essential here).

2) You’re A UK Business Using An EEA Provider

Plenty of UK fintechs, lenders and brokers rely on EEA providers for technology, processing, or outsourced services. If that provider is operating under the TPR, you should:

• Confirm their TPR status and timeline to full UK authorisation.
• Build contractual protections (including service continuity, regulatory change clauses, audit rights, data-handling commitments, and termination/transition support if authorisation is refused).
• Plan how you would switch suppliers or adjust your model if their position changes.

A well-drafted agreement can make all the difference if your provider’s permissions change or the FCA imposes restrictions. If you’re reviewing or negotiating supplier terms while you’re reliant on TPR status, consider a focused Contract Review to ensure the risk allocation and exit mechanics work in practice.

How The TPR Works In Practice: Authorisation, Landing Slots And Ongoing Compliance

Being in the TPR isn’t a “light touch” regime. The FCA expects firms to be authorisation-ready and compliant with relevant parts of the UK rulebook from day one.

Landing Slots And Authorisation

Firms in the TPR are allocated a landing slot - a window when you must submit your application for a UK Part 4A permission (or relevant variation). Missing the slot can lead to supervisory action, including removal from the TPR.

Your application typically includes:

• A clear regulatory business plan that explains your model, products, customers, and risks.
• Governance and control frameworks (board, committees, policies, oversight).
• SMCR arrangements (Senior Managers & Certification Regime) - statements of responsibilities, fit and proper assessments, and conduct rules training.
• Prudential materials, such as your ICARA under the IFPR (for investment firms) or applicable solvency/own funds information for your sector.
• Wind-down planning that’s realistic and proportionate to your business.

The FCA assesses whether you meet the “threshold conditions” (including effective supervision, appropriate resources, suitability, and business model viability). Preparation takes time - well-run authorisations are usually months in the making.

What UK Rules Apply In The TPR?

While not every part of the Handbook will apply, most TPR firms should expect to comply with UK standards that align to their activities. Common examples include:

• High-level standards (Principles for Businesses), the Consumer Duty for retail-facing firms, and conduct rules.
• Prudential requirements (e.g. IFPR for MIFID investment firms; sector-specific capital rules for insurance or e-money/payment services under the PSRs/EMRs framework).
• Systems and controls (SYSC), outsourcing rules and operational resilience expectations.
• Client asset protection (CASS) where you hold client money or custody assets.
• Financial promotions rules - including for websites, social media and partnerships.

If you use appointed representatives or distribution partners while in TPR, make sure your oversight meets UK standards. The FCA has increased scrutiny of principals, and poor oversight is a fast track to supervisory intervention. Where your structure is based on introducing or distributing through third parties, it’s sensible to revisit your Agency Relationships and Agreements so your legal arrangements mirror what the regulator expects.

Operational Resilience And Outsourcing

The FCA expects firms to identify important business services, set impact tolerances, and build resilience for severe but plausible events. That often means stress-testing suppliers and having exit and substitution strategies.

In outsourcing arrangements (including cloud and critical service providers), you should have:

• Clear scope and service levels tied to your regulatory obligations.
• Robust audit, access and information rights (including for the FCA and PRA, where applicable).
• Data protection and security commitments that fit your risk profile.
• Termination rights that support your wind-down plan and resilience strategy.

Contracts And Risk Management While You’re In TPR

The legal paperwork you put in place during the TPR period sets the tone for your UK compliance and your relationship with customers, partners and suppliers. A few practical tips:

Customer-Facing Terms

• Ensure your UK retail or SME customer terms reflect UK regulatory disclosures and complaint/compensation arrangements (e.g. FOS eligibility, FSCS coverage where relevant).
• Your UK website and app should have legally sound Website Terms and Conditions and fair, transparent product terms.
• If you offer subscriptions or renewals, be mindful of UK rules on auto-renewal and cancellation, as well as the Consumer Duty’s fairness, value and communications requirements.

Supplier And Partner Agreements

• Use regulatory change clauses so you can update processes if the FCA imposes conditions during authorisation.
• Include data and audit rights that allow you to demonstrate oversight of outsourcing and critical third parties.
• Consider contingency plans in the contract - for example, phased termination and transition assistance if your or your supplier’s permission changes.
• When sharing personal data with vendors, put a proper Data Processing Agreement in place; for joint-controller or onward sharing models, you may need a Data Sharing Agreement too.

Internal Policies And Training

• Make SMCR workable - define responsibilities and reporting lines, train staff on conduct rules, and keep records.
• Document your complaints handling, vulnerable customer approach, product governance, and financial promotions approvals.
• Align your privacy notices, cookie practices and records of processing with UK GDPR.

If you’re putting sensitive information in front of prospective partners or investors while you navigate the TPR, a simple Non-Disclosure Agreement remains a practical way to protect your confidential materials.

Data Protection, Consumer And Marketing Rules Still Apply

Don’t let the “temporary” label fool you - your non-FCA legal obligations still apply in full while you’re in TPR.

UK GDPR And Data Protection

If you collect or process personal data from UK customers, you must comply with the UK GDPR and the Data Protection Act 2018. In practice:

• Be transparent about data use with a clear and accessible Privacy Policy tailored to your products and channels.
• Use appropriate lawful bases, manage consent properly (especially for marketing), and honour data subject rights.
• Secure your systems, apply data minimisation and put vendor contracts on a compliant footing.

Consumer Protection And Fairness

Firms engaging with consumers or micro-enterprises must also ensure their terms are fair and transparent and that advertising is not misleading. Beyond the Handbook requirements, general UK consumer law will still apply to your sales and marketing practices.

It’s important to understand your obligations under core Consumer Protection Laws (including unfair terms and misleading practices). Aligning your compliance approach to both the FCA’s Consumer Duty and consumer law helps avoid gaps.

Financial Promotions

Financial promotions must be fair, clear and not misleading, and in many cases require approval by an authorised firm. If you’re in the TPR, pay special attention to:

• Online channels - websites, in-app journeys, social media, affiliates and influencers.
• Target audience - ensure communications are appropriate for retail vs professional clients.
• Approval governance - who signs off, record-keeping and periodic reviews.

Your website and app legal pages (terms of use, privacy, cookies, complaints) should be aligned with marketing content and regulatory disclosures. If you’re refreshing your digital customer journey for the UK, it’s worth reviewing your Terms of Use alongside your product terms and compliance signposting.

What Happens When TPR Ends? Options And Next Steps

TPR status will end for each firm either when they are fully authorised (or refused/withdrawn), or when the regime sunsets for that population. It’s smart to plan for all outcomes now so there are no surprises for your business or your customers.

If You Obtain Full UK Authorisation

Great news - but there’s still work to do. After authorisation you’ll need to:

• Implement any “s21 approver” or promotions permissions needed for your model.
• Update contractual references from “temporary permissions” to your full permission scope.
• Embed ongoing regulatory reporting and notification processes.
• Complete any remedial actions required by FCA authorisation feedback.

If Your Application Is Refused, Withdrawn Or You Exit The UK

In these circumstances, you may rely (where eligible) on the FSCR to run off existing contracts, but you cannot take on new UK business. You’ll need to:

• Execute your wind-down plan, including customer communications and fair treatment.
• Terminate or novate UK customer and supplier contracts in an orderly way.
• Migrate or delete personal data in line with UK GDPR, respecting retention and deletion rules.
• Maintain adequate resources and oversight until your obligations are fully discharged.

If you think your business model would be better served by a UK-incorporated entity, you can plan a transition to a UK subsidiary and migrate permissions, staff and contracts in phases. That’s often smoother if you prepare your governance documents and commercial agreements early, rather than during a compressed exit timeline.

If You’re A UK SME Relying On A TPR Provider

Keep a watching brief. Ask your provider for their landing slot, authorisation progress and contingency planning. In parallel, build your own back-up options, including alternative suppliers and clear exit rights in your contracts. The goal is continuity for your customers - with minimal friction if you need to pivot quickly.

Key Takeaways

• The FCA Temporary Permissions Regime lets certain EEA firms continue UK regulated business while they seek full authorisation, but the notification window is closed and it’s not a long-term licence.
• If you’re in the TPR, be authorisation-ready: prepare your regulatory business plan, SMCR, prudential materials, operational resilience and wind-down planning, and meet your landing slot.
• Use strong customer, supplier and partner contracts to manage regulatory change and service continuity - a targeted Contract Review can help you stress-test the risk allocation.
• Non-FCA laws still apply during TPR. Put in place a clear Privacy Policy, ensure proper Data Processing terms with vendors, and align your digital journey with UK consumer and promotions rules.
• Plan ahead for the end of TPR. Whether you obtain full UK authorisation, use the FSCR to run off contracts, or pivot to a UK subsidiary, early preparation reduces risk and disruption.
• If you rely on a TPR provider, build contractual protections and contingency plans now so your business stays resilient if their regulatory status changes.

If you’d like help reviewing your UK customer terms, supplier agreements, privacy documents or overall regulatory roadmap while you navigate the TPR, our team can help. You can reach us on 08081347754 or at team@sprintlaw.co.uk for a free, no-obligations chat.