Back to Resources

FCA Application Readiness Checklist

Raymond Shuai 36 items 50 min

FCA & Regulatory

Share
Important note: This checklist covers financial and operational readiness for an FCA authorisation application. It does not constitute legal or regulatory advice. The FCA's requirements vary by permission type — full FCA authorisation, EMI licence, payment institution registration, and consumer credit authorisation each have distinct requirements. Always engage specialist regulatory legal counsel before submitting an application.

1. Business Plan & Regulatory Business Plan

  • Regulatory Business Plan drafted: scope of regulated activities, target market, revenue modelThe RBP is the centrepiece of the application. It must describe exactly which regulated activities you intend to carry out, who your customers are, and how the business generates revenue. Vague descriptions will result in clarification requests that add months to the timeline.
  • Financial projections covering 3 years: P&L, balance sheet, cash flowThree-year forecasts with monthly detail for Year 1. The FCA will scrutinise whether the firm can sustain its capital requirements over the projection period — not just at the point of application.
  • Wind-down plan included: how the firm would cease regulated activities in an orderly wayThe FCA requires a credible wind-down plan demonstrating that customers would be protected if the firm ceased trading. This includes how safeguarded funds would be returned and how long the wind-down would take.
  • Stress-testing assumptions documented and quantifiedThe business plan should demonstrate the firm's viability under adverse scenarios. Stress tests must be quantified — not just described qualitatively. Show what happens to capital and liquidity if revenue is 30% below plan.
  • Programme of operations prepared covering key milestones and timelineA clear implementation roadmap: when the firm will apply, when it expects to receive authorisation, and the key operational milestones between application and going live with regulated activities.
  • Compliance monitoring programme outlined at a high levelHow the firm will monitor ongoing compliance with FCA rules — who is responsible, what is monitored, at what frequency, and how breaches are escalated and reported.
  • Recovery and resolution planning at an appropriate level for firm sizeProportionate to the firm's scale and systemic significance. A startup payment firm does not need a full resolution plan, but should have documented triggers and actions for financial distress scenarios.

2. Governance & Senior Management

  • Board composition documented: executive and non-executive directors identifiedThe FCA expects appropriate governance for the firm's size and complexity. For most regulated firms, having at least one independent non-executive director is considered good practice and may be required.
  • FCA-approved persons identified — applications in progressControlled Functions (SMF 1, 3, 16, 17 or equivalent) identified and individual applications prepared. The FCA will assess fitness and propriety for each approved person — this process runs in parallel with the firm application.
  • Regulatory responsibilities mapped to named individuals (SMF / Certification Regime)Senior Management Functions clearly assigned to named individuals. Responsibilities map (Statements of Responsibilities) prepared for each SMF holder. No regulatory gaps — every required function must have an identified owner.
  • Conflicts of interest policy drafted and board-approvedA written policy covering how conflicts are identified, disclosed, managed, and escalated. Board-approved and actively implemented — not a template document sitting in a drawer.
  • Board meeting cadence and minute-taking process establishedRegular board meetings scheduled (at least quarterly; monthly for early-stage firms) with a formal minute-taking process. The FCA may ask to see board minutes as evidence of active governance.
  • Fitness and propriety assessments completed for all key function holdersCriminal record checks, financial soundness checks (CCJs, bankruptcy), regulatory history, qualifications, and experience verified for all SMF holders and certified persons. Document the process and conclusions.

3. Financial Resources & Capital

  • Own funds calculation prepared under the FCA's relevant methodThe capital requirement calculation methodology (fixed overhead requirement, variable capital requirement, or base capital) identified and computed. For payment institutions and EMIs, the relevant method under the Payment Services Regulations applied correctly.
  • Capital resources demonstrated to exceed requirement by adequate marginOwn funds should exceed the regulatory minimum by a meaningful buffer — not just £1 above the floor. The FCA expects to see a management buffer that accounts for operational uncertainty.
  • Source of capital documented: equity, shareholder loans, retained earningsThe source and nature of the firm's capital clearly evidenced. Shareholder loans may not qualify as own funds depending on their terms — review subordination requirements carefully.
  • Capital adequacy stress test showing buffer under adverse scenariosStress test demonstrating that capital remains adequate under the downside scenario in the business plan. If capital breaches the minimum in any scenario, the plan must show how it would be restored.
  • Liquidity assessment: can the firm meet its obligations as they fall due?A forward-looking 12-month liquidity assessment. For payment firms, this includes the timing of settlement obligations and the liquidity impact of safeguarding requirements.
  • Management accounts for the last 12 months (or projections if pre-revenue)If trading: signed management accounts for the last 12 months in a consistent format. If pre-revenue: detailed financial projections with assumption documentation and evidence of committed funding.

4. Safeguarding (for Payment & E-Money Firms)

  • Safeguarding method selected: segregated bank account or insurance/guaranteeThe two permitted safeguarding methods are: (1) segregated bank account at an authorised credit institution, or (2) an insurance policy or bank guarantee. The chosen method must be clearly described in the RBP and supporting documentation provided.
  • Relevant funds calculation methodology documentedThe calculation of "relevant funds" (the amount that must be safeguarded at any point) must be documented, including the timing of calculations and how end-of-day positions are determined.
  • Safeguarding bank account terms confirmed — acknowledgement letter template readyIf using the bank account method, the bank must acknowledge in writing that safeguarded funds are held separately and cannot be set off against the firm's debts. Template acknowledgement letter prepared and bank approached.
  • Daily reconciliation process designed and testedA documented daily reconciliation process confirming that the amount held in the safeguarding account equals or exceeds the relevant funds calculation. Controls to prevent operational errors and detect shortfalls immediately.
  • Wind-down safeguarding plan included in regulatory business planHow safeguarded funds would be returned to customers in a wind-down scenario: the process, timeline, and responsible party. The FCA will assess whether this is genuinely deliverable given the firm's operational model.

5. Systems, Controls & Compliance

  • Compliance function: who is responsible, reporting line, independence documentedThe compliance function must be independent of the business lines it oversees. The compliance officer's reporting line should go directly to the board — not through the CEO or commercial leadership.
  • AML/KYC policies and procedures drafted and board-approvedAnti-money laundering and know-your-customer policies covering customer due diligence, enhanced due diligence, PEP screening, and sanctions screening. Board-approved and consistent with the FCA's Financial Crime Guide.
  • Suspicious activity reporting (SAR) procedure in placeA documented process for identifying, investigating, and reporting suspicious activity to the National Crime Agency via SARs Online. The MLRO's role, authority, and escalation process clearly defined.
  • Transaction monitoring system identified and configuredA transaction monitoring system (TMS) identified — either purpose-built software or a documented manual process for lower transaction volumes. Alert thresholds, review process, and record-keeping documented.
  • Data protection (GDPR) policies and privacy notice draftedA Privacy Notice meeting the UK GDPR requirements; a Data Protection Policy; Records of Processing Activities (RoPA) documented. ICO registration confirmed. Data Protection Officer appointed if required.
  • IT security policy and business continuity plan in placeIT security policy covering access controls, data encryption, patch management, and incident response. Business continuity plan covering loss of key staff, systems failure, and premises unavailability.
  • Operational resilience mapping: critical business services identifiedCritical business services identified and impact tolerances set. The FCA's operational resilience rules (PS21/3) require firms to identify their important business services, map their dependencies, and demonstrate they can remain within impact tolerances during disruption.

6. Application Mechanics

  • Connect portal access obtained and application form reviewed in fullAccess to the FCA's Connect portal established. The full application form reviewed end-to-end before starting to complete it — the form structure determines the supporting documentation required.
  • Application fee calculated and payment method confirmedThe FCA charges a non-refundable application fee which varies by permission type and firm category. Confirm the correct fee, budget for it, and confirm the payment method accepted by the FCA at the time of application.
  • All supporting documents indexed and ready to uploadA complete index of all supporting documents mapped against the application form questions. Documents clearly labelled, in the required file formats, and within file size limits. Uploading disorganised or mislabelled documents is a common cause of unnecessary delays.
  • Legal advisors briefed and engagement confirmed if using external supportSpecialist regulatory lawyers briefed on the application scope and timeline. Their role in the application — advising, drafting, or reviewing — clarified. Budget and timeline agreed.
  • Senior management team briefed on likely FCA interview processThe FCA routinely interviews senior management (particularly SMF holders) as part of the assessment process. SMF holders briefed on likely questions covering their regulatory responsibilities, the firm's risk management approach, and their personal fitness and propriety.

Work Together

Ready to action this checklist?
Book a discovery call.

CrunchSpark supports fintech firms through FCA applications — from capital adequacy calculations to regulatory business plan financial modelling and safeguarding design.

Book a Free Discovery Call →