.svg)
A recent publication from the UK’s Financial Conduct Authority (FCA) provides insight into where firms are succeeding and failing when completing authorisation and registration applications.
Although presented as guidance, the document also signals regulatory expectations that are likely to shape supervisory engagement in the months ahead.
For firms operating in the UK banking, retail lending and investment services sectors, it offers both practical lessons and early warnings.
Key themes
- Consumer Duty: Firms must not treat Consumer Duty as an add-on, but integrate it throughout policies, customer journeys and oversight structures. The FCA’s focus on this point suggests that weak Consumer Duty evidence will increasingly be grounds for queries or delay.
- Operational resilience: Applications must show more than ambition – realistic delivery roadmaps, IT system detail and recovery planning are essential. Although payments/e-money firms will be under particular scrutiny, banks and lenders must also align with resilience requirements.
- Cross-border oversight: The FCA’s concern about overseas control is relevant for groups operating from non-UK hubs. Clear evidence of UK decision-making authority is critical, especially for investment firms.
Key findings
-
Staff and governance
- What the FCA wants: The regulator expects firms to demonstrate internal ownership of compliance and governance frameworks, with Senior Managers and Certification Regime (SM&CR) accountability and clear time commitments from senior staff. The FCA has stressed that outsourcing compliance functions cannot substitute for internal expertise.
- Risks observed: The document identifies a number of key issues in this area, such as multiple senior individuals holding overlapping roles without clear allocation of time and responsibility. It also warns against applications that lean heavily on consultants without showing in-house capability or that provide weak evidence of genuine UK presence when key functions are managed overseas.
- Implications: Banks and lenders must document how senior managers oversee credit, conduct, and operational risks. Investment firms must evidence that suitability oversight and conflict management are embedded at the senior level.
- What the FCA wants: The regulator expects firms to demonstrate internal ownership of compliance and governance frameworks, with Senior Managers and Certification Regime (SM&CR) accountability and clear time commitments from senior staff. The FCA has stressed that outsourcing compliance functions cannot substitute for internal expertise.
-
Policies, procedures and controls
- What the FCA wants: Firms should provide bespoke documentation, linked to their business models and permissions sought, that demonstrates how the Consumer Duty is embedded within the organisation. Oversight arrangements must be effective where firms operate cross-border.
- Risks observed: Common failings include generic policy templates that merely restate the rules, weak or vague IT and infrastructure plans presented as placeholders, and misaligned documents that undermine credibility.
- Implications: Banks and lenders must show evidence of affordability checks, arrears handling and support for vulnerable customers. Investment firms need detailed suitability and best execution procedures.
- What the FCA wants: Firms should provide bespoke documentation, linked to their business models and permissions sought, that demonstrates how the Consumer Duty is embedded within the organisation. Oversight arrangements must be effective where firms operate cross-border.
-
Financial resources
- What the FCA wants: The regulator wants to see transparent and evidenced financial forecasts that align with prudential requirements. It has identified and outlines good examples where firms provide both assumptions and stress scenarios, alongside historic accounts.
- Risks observed: Firms must avoid incomplete submissions, missing accounts and unrealistic growth assumptions. The regulator is also going to be dissatisfied if they offer insufficient evidence of liquidity or contingency funding.
- Implications: Banks, lenders and investment firms must align with ICAAP/ICARA standards, ensuring downside stress testing.
- What the FCA wants: The regulator wants to see transparent and evidenced financial forecasts that align with prudential requirements. It has identified and outlines good examples where firms provide both assumptions and stress scenarios, alongside historic accounts.
Key strategic takeaways
The FCA is raising the bar on evidence over intent, and applications that lack granular proof of capability will face delays or rejection.
In addition, the regulator is continuing to extend the reach of the Consumer Duty, which is now influencing authorisation requirements as much as ongoing supervision.
Firms with ambitious growth or complex cross-border models should expect heightened scrutiny and be sure to prepare comprehensive governance, operational and financial documentation.
The authorisation and registration applications publication is more than a checklist: it provides a window into the FCA’s current mindset.
The regulator is placing increased emphasis on demonstrable capability, integration of Consumer Duty and resilience in practice.
Firms preparing applications should treat the document as a strategic blueprint, ensuring submissions are not only complete but also evidence-driven, tailored and forward-looking.
The weaknesses the FCA has flagged should be seen as red flags for any serious applicant.
