Finance and compliance tasks to complete before going live as an authorised payment institution — capital, safeguarding, reporting and operational readiness.
1. FCA Authorisation Confirmation
- FCA authorisation letter received and filed Scope of permissions confirmed against original application.
- FCA Connect profile updated Correct registered address and supervisory contact details in place.
- Approved persons (SMF holders) confirmed on register No gaps in cover; all Senior Managers registered and active.
- Regulatory fee calculation reviewed Payment schedule set up; first year's periodic fee confirmed.
- FCA supervisory contact identified Initial introduction made; contact details recorded for compliance team.
2. Capital & Safeguarding Go-Live
- Opening capital position calculated under authorisation Meets minimum own funds requirement on day one of trading.
- Safeguarding bank account opened Account held at FCA-approved credit institution; designated purpose confirmed in account documentation.
- Acknowledgement letter from safeguarding bank signed and filed Letter confirms the ring-fenced nature of the account.
- Relevant funds calculation tested end-to-end Daily reconciliation process runs without manual intervention; variances escalate automatically.
- Initial safeguarding audit scheduled Auditor engaged; appointment confirmed within first 6 months of authorisation.
- Capital adequacy model updated for live volumes Headroom over minimum own funds confirmed at projected month-3 and month-12 business volumes.
3. Regulatory Reporting Setup
- RMAR reporting: next submission date identified Calendar reminder set; reporting officer briefed on deadline.
- Reporting methodology confirmed for each RMAR section Volumes, capital position, and breach reporting methodology documented and signed off.
- Nominated reporting officer confirmed FCA Connect access granted; individual can submit returns without dependency.
- Breach reporting procedure in place Decision tree documented: who decides materiality, who reports to FCA, within what timeframe.
- Record-keeping obligations documented Transaction records retention period confirmed; storage location and access controls specified.
4. Operational Finance Controls
- Separate client account structure in place Business funds never co-mingled with relevant funds; tested under UAT conditions.
- Payment processing limits set Daily transaction limits and velocity controls active; breach alerts configured.
- Chargeback and dispute resolution process tested end-to-end Timeframes, escalation path, and P&L treatment confirmed.
- Scheme membership confirmed (Visa / Mastercard) Sponsor bank obligations understood; settlement cycles mapped to treasury forecast.
- FX hedging policy in place Applies where business deals in multiple currencies; hedge ratios and instruments approved by board.
- Operational risk register complete Top 10 payment-specific risks assessed, rated, and assigned to named owners.
- Insurance confirmed Professional indemnity and cyber liability cover in force; policy terms reviewed by legal.
5. Customer & Compliance Readiness
- AML / KYC policies live Customer onboarding tested for all risk tiers; enhanced due diligence triggers confirmed.
- Terms and conditions and payment services framework contract published Legal sign-off obtained; version control in place.
- Complaints handling procedure in place FCA-compliant process documented; 8-week maximum response timeline built into workflow.
- Consumer Duty obligations mapped All retail-facing products assessed against the four Consumer Duty outcomes; gaps remediated.
- GDPR data protection impact assessments completed DPIAs finalised for core payment data flows; Data Protection Officer notified where required.
