UK Regulatory Authorisations – What makes a successful application?
UK Regulatory Authorisations – What makes a successful application?
Why do I need Authorisation?
To conduct most types of financial services business in the UK, you will need to make an application for, and receive authorisation from the Financial Conduct Authority ("FCA") or in some cases, the Prudential Regulation Authority ("PRA"). The most common reasons for needing authorisation include launching a start-up business that carries out regulated activities (such as banking; payment services; or investment services); strategic changes such as business growth be it organically; or in a transaction such as acquiring or being acquired by other businesses where there is a requirement for the target to be regulated.
FCA or PRA Authorisation?
The process for becoming authorised varies depending on what regulated activities you plan to carry out and whether your firm will be supervised by both the PRA and/or the FCA. A firm can be either dual regulated (i.e. authorised and supervised by both the PRA and FCA) or solo regulated (i.e. authorised and supervised by the FCA alone). Most firms are solely supervised by the FCA with Banks, Insurers and some Designated Investment Firms requiring applications and later, supervision to be led by the PRA.
What is involved in an application process?
Regardless of the type of licence sought, building a successful application is a multi-stage process. Much like building a house, it requires foundational work to demonstrate that the proposition is both credible and viable as well as conforming to regulatory requirements. This is followed by work to produce the range of materials to be provided to the regulators for them to determine whether authorisation should be granted. Some materials are created for the sole purpose of supporting the application (e.g. the Regulatory Business Plan (“RBP”)) whereas others will form part of the suite of materials supporting the operation of the firm once authorised (e.g. policies and framework documents). In addition, senior management and Board members often become subject to individual accountability requirements under the Senior Managers & Certification Regime ("SM&CR") with an additional suite of application requirements and ongoing obligations to be managed.
An overview of each of the two routes to becoming authorised, for dual and solo regulated entities, are set out below:
Solo Regulated Firms
For all firms supervised only by the FCA, the complexity of applicable regulations and the degree of regulatory scrutiny associated with becoming authorised has increased over time. To support potential applicants, we have prepared a guide that outlines:
- Types of FCA Authorisation;
- The FCA's approach to authorising most solo regulated firms carrying out regulated activities in the UK;
- The common challenges and pitfalls (and how to avoid them) in authorisation projects; and
- How BDO’s Authorisations team can support you on your application journey.
Dual Regulated Firms (Banks)
If you are considering setting up a bank in the UK, you are likely aware that applying for a deposit-taking licence can be a complex and lengthy process. The prospect of starting the application journey can be daunting and the process itself can be extremely challenging without appropriate preparation, support and awareness of what the PRA and FCA expect.
To support potential bank applicants, we have prepared a guide that outlines:
- The PRA’s expectations and approach to the authorisations process including stages and expected timelines;
- The common challenges and pitfalls (and how to avoid them) in these projects; and
- How BDO’s Authorisations team can support you on your bank application journey.
Generally, fewer application materials are required to support an application to become solo regulated and the application process typically involves no formal meetings with the regulators prior to submission of the application pack. In contrast, becoming a bank or an insurance underwriter (which also requires dual regulation) entails a substantial set of materials to be prepared and submitted in support of an application as well as several formal meetings with the PRA and FCA before an application can be submitted.
Variation of Permission and Change in Control Applications
In addition to initial authorisation itself, there are several events later in the lifecycle of a regulated financial services firm that may require the regulatory permission held to be changed. This may be to reflect planned changes to the range of business activities carried out (requiring a Variation of Permission - "VoP") or to reflect a change in ownership of the regulated entity (requiring a Change in Control - "CiC"). An overview of what each of these regulatory processes entail is set out below:
Variation of Permission
The VoP process is followed when a firm decides to reduce or expand to its current set of regulated activities. Specifically, if it is:
- Starting or ceasing the provision products/services within an existing regulated activity;
- Starting or ceasing a new regulated activity;
- Changing client money or asset requirements; or
- Amending a client type or limitation to current regulated activities performed.
If you are already regulated by the FCA and you would like to engage in either deposit taking or insurance underwriting, the VoP process will in effect be identical to a de-novo dual regulated application.
The same statutory deadline applies to both VoP and authorisation applications (i.e. 6 or 12 months depending on whether the application is deemed complete). The reason for this is that the regulators need to consider the impact of any proposed strategic changes to business models and the associated impact these have on the firm’s overall risk profile; its risk management framework and the organisational arrangements supporting these.
As a minimum, the regulators will need applicants to submit sufficient information to clearly explain the planned changes and their impact on the regulated activities carried out as well as the organisational arrangements. They will also expect an assessment of the impact of these and planned mitigants to ensure the FCA’s Threshold Conditions can be met at all times. To support this, the regulators will expect VoP applicants to also submit a regulatory business plan covering the above minimum requirements together with an evaluation of the commercial and regulatory (prudential and otherwise) impacts on the firm of the proposed change in regulated activities.
Change in Control
When individuals, companies or trusts wish to acquire or increase control in any type of regulated firm it may be necessary to apply for a CiC. Whilst this process is strictly speaking a notification, in reality this looks and feels like an application. The documentary requirements associated with this process are often less onerous than what is required for a VoP or a new authorisation, particularly where an already authorised firm acquires another regulated entity with a broadly similar business model.
Where acquisitions of any regulated firm take place, the CiC process will require the applicant to demonstrate how the new owner(s) will make the acquired business viable and demonstrably fit in within the wider context of their existing or affiliated businesses (so as to ensure customer/market outcomes are not unduly compromised) by the purchase. This may take many months to complete and would entail the provision of a substantial amount of the supporting documentation to the regulators.
The statutory deadline for the regulators to complete their assessment of an application is in theory 60 working days, although the 'clock will stop' each time additional information is requested by the regulators.
How can we help?
Application Preparation Support
Our structured and bespoke approach to supporting all types of regulatory applications allows us to support you at any stage in the regulatory process; whether from the very outset, after the feedback has been provided by the regulators on your RBP; or once you have entered Mobilisation (if applying to be a bank). A key feature of our approach is that it remains flexible throughout the life of application project to accommodate often changing requirements for example as your own resourcing and / or technical capabilities change.
- On-Demand support: Occasional support as required with targeted review/challenge on documents and input on regulatory correspondence;
- Hybrid support: Review/challenge support as per the On-Demand option combined with more targeted “hands on” drafting assistance and technical input on some documents; or
- Enhanced support: Full drafting support across most documents with BDO providing first drafts and subsequent updates as the application progresses.
For some, having a partner to act as a sounding board and to provide feedback and recommendations across a limited range of application materials, is sufficient to complete the regulatory process successfully. For others, more substantial support may be required to help draft key application artefacts as well as policies and framework documents. For most clients, support required will be a combination of these varying between subject matter and specific documents. Whatever your need, BDO’s Authorisations team is here to help.
Post-Authorisation Support
Once authorised, you will be subject to a plethora of regulatory requirements and standards. Some of these obligations include:
- Periodic reporting on financial and non-financial data;
- Keeping Senior Management and customer facing staff compliant with their individual regulatory requirements (under SM&CR);
- Designing and executing fit-for-purpose compliance monitoring programmes;
- Staying on top of new regulatory changes & implementing these into policies and procedures; and
- Training employees on existing and upcoming regulations.
Conducting these activities to a high standard may despite best intentions, become secondary in the quest for business growth and profit following authorisation. This is common, given newly authorised firms are often resource constrained with individuals carrying out multiple roles. However, under SM&CR, the regulators have made it clear that they will hold individual Senior Managers accountable for regulatory shortcomings and being newly authorised is not a valid defence for not meeting regulatory standards. Therefore BDO’s Retained Compliance Services team can work with you once authorised to provide services to support you through these challenges. These include:
Why BDO?
- Expertise: Access to a dedicated team experienced in delivering authorisation and post-authorisation work. Our team comprises not only former regulators (including former authorisations case officers) and experienced subject matter experts, but also former regulatory approved persons with experience of running Risk and Compliance functions within authorised firms;
- Flexible: We do not offer a "one size fits all" service but rather tailor our support to your unique circumstances and remain flexible throughout the project adjusting up or down the level of support needed as required;
- Structured and bespoke: When supporting clients to obtain authorisation for the first time, we typically split our support into a range of modules to allow concurrent progress to be made across several areas at any one time. Depending on the expertise and experience of your team you may not need support across all modules; or you may need a different type of support across them – our approach can accommodate this fully;
- Focused: A dedicated project manager, regardless of the level of support chosen, is appointed to each project. This individual acts as your day-to-day contact at BDO. However, the Engagement Partner will remain involved throughout the process and will be able to provide access to the wider set of advisory services offered by BDO (e.g. Tax and Accounting) should you need it; and
- Commercial: We only ever charge you for time properly spent delivering advisory services to you. In the interest of transparency and allowing you to manage cashflow effectively, we provide a monthly cost break-down by module as a matter of course.
Our credentials
BDO has been helping clients successfully become authorised by the PRA and FCA for over a decade. As part of this our dedicated authorisations team, both at BDO and across their wider careers, has supported a large number of bank licence applications ranging from FinTech start-ups, to stand alone niche banks, through to both branches and subsidiaries of overseas banks. Furthermore, BDO has supported regulatory applications for solo regulated firms including payment and e-money firms; wealth and asset managers; insurance brokers; wholesale and retail investment firms, funeral plan providers, principals operating appointed representative networks and consumer credit firms.