Checklist: Preparing an application to the FCA or the PRA for a Part 4A permission (UK) 

Introduction

This checklist will assist in-house counsel, private practice lawyers and risk compliance teams to prepare an application for authorisation under Part 4A of the Financial Services and Markets Act 2000 (as amended) (FSMA) to the Financial Conduct Authority (FCA) or the Prudential Regulation Authority (PRA) (referred to as a Part 4A permission).

A person (a firm or an individual) is prohibited from carrying on a regulated activity in the UK, or purporting to do so, unless they are an authorised person or an exempt person (section 19, FSMA). Most types of financial services business in the UK will be considered regulated activities. An authorised person is someone who has made a successful application to the FCA or the PRA and has been granted a Part 4A permission to carry on regulated activities in the UK.

Applications for a Part 4A permission can be both time-consuming and complex. It is important to understand the requirements of the application process and to prepare well in advance. A lack of planning and preparation during the pre-application stage will create gaps and lead to requests from the regulator asking for additional information and seeking further clarification. This will result in delays for the business as regards its ability to market, increased costs and extend the time taken to process the application.

This checklist addresses the following steps:

1. Considering whether authorisation is necessary and determining required permissions
2. Preparing to apply for authorisation – what do you need to consider?
3. Practical considerations for making a Part 4A permission application to the FCA or the PRA

The checklist is presented as a list of requirements that you can check off as they are addressed. There are explanatory notes to assist with drafting and which correspond with each step in the checklist.

This checklist can be used in conjunction with the following How-to guides: Introduction to the UK financial services regulators, The general prohibition - beware the consequences of breach and Checklists: Preparing an application to vary a Part 4A permission at the request of a firm and Preparing an application to cancel a Part 4A permission at the request of a firm.

Step 1 – Consider whether authorisation is necessary and determine required permissions

Step 2 – Preparing to apply for authorisation – what do you need to consider?

Step 3 – Practical considerations for applying for a Part 4A permission to the FCA or the PRA

Explanatory notes

Overview

Preparing an application for a Part 4A permission requires significant time and resources. Applicants need to understand how the authorisation process works depending on the financial services they carry out and the regulator they are applying to (see Step 1.3). The relationship with the regulator is critical and building a good relationship from the outset is important. Senior management should be actively engaged throughout the process to review, manage and ensure operational capabilities align with all aspects of the application.

Spending time gathering all the information and understanding the regulatory requirements in advance is worthwhile. This extra effort during the pre-application stage will reduce long-term delays, costs and the administrative headaches associated with incomplete or inaccurate applications (eg, fielding tricky regulatory questions where there are ‘gaps’ in the information provided). Applications for authorisation need to be explained and evidenced. Applicants need to satisfy the regulator that they meet certain minimum standards upon authorisation, and that they can maintain these standards on an ongoing basis. The onus is on the applicant to ensure that it submits a complete and accurate application for authorisation.

This checklist is not an exhaustive list but will help guide applicants when preparing an application for a Part 4A permission.

Legal framework

The main framework for financial services regulation is set out in the Financial Services and Markets Act 2000 (as amended) (FSMA) and secondary legislation.

Under section 19, FSMA, it is illegal for any person to carry on regulated activities (or purport to do so) in the UK unless they are an authorised person or an exempt person. Failure to comply carries risk and can result in significant civil and criminal penalties. See How-to guide: The general prohibition – beware the consequences of breach.

The scope of regulated activities is set out in section 22, FSMA (supplemented by Schedule 2) and includes activity of a specified kind which is carried on by way of business in the UK and relates to an investments of a specified kind. Activities are specified in the Regulated Activities Order 2001, as amended (RAO). Examples include deposit-taking, advising or arranging deals in investments or advising on mortgage contracts, among others. More information on regulated activities and investments requiring authorisation can be found in Chapter 2, Annex 2 of the Perimeter Guidance Manual (PERG). The RAO also sets out certain exclusions from the scope of different regulated activities.

Both the PRA and the FCA have power to give Part 4A permission. An application for a Part 4A permission can be made by an individual, a body corporate, a partnership or an unincorporated association (section 55A(1), FSMA). For ease of reference, throughout the remainder of this checklist we refer to all persons capable of authorisation under section 55A(1) as firms.

Step 1 – Consider whether authorisation is necessary and determine required permissions

1.1 Is the firm carrying on a regulated activity in the UK by way of business?

Firms wishing to carry on ‘regulated activities’ in the UK by way of business must be authorised to do so.

Whether or not an activity is regarded as being carried on ‘in or from the UK’ appears straightforward; however, it can depend on many factors and is not as obvious as it may seem. For an activity to be a regulated activity, it must be ‘carried on by way of business’. This is sometimes known as the ‘business test’. The term is not comprehensively defined in FSMA or the RAO, and when activities are commercial it is more obvious than when acting for individuals or smaller unregulated firms when it is not quite so obvious. Caution is recommended. The restriction applies to any type of regulated activity and is not limited to financial services business. It is often a question of judgement based on the facts and assessed on a case-by-case basis, with the elements of profit and continuity usually considered to be the key relevant factors. For further details of this, see How-to guide: The general prohibition – beware the consequences of breach.

At the first step of the pre-application preparation, it is essential to understand the business model and strategy and decide if authorisation is necessary, namely:

• What products and services are being offered?
• What type of ‘firm’ are you dealing with?
• Who are the target customers (eg, retail or professional)?
• Will you manage client money or control client assets?
• Where are the customers situated?
• Where is the office located?
• Where will the business activities take place?
• What distinguishes you from the competition?
• What is your overall business strategy?

Completing this detailed regulatory analysis will help to confirm whether authorisation is required, ensure the correct regulated activities and customer types are selected, identify the relevant UK regulations that apply to the application (eg, FSMA) to confirm the type of application and the specific permissions required. For guidance on activities which are regulated and when you may require authorisation, in addition to the statutory references set out under Legal framework above, please also refer to the FCA Handbook (in particular PERG) and the PRA Rulebook. See also the FCA website and the PRA webpage which set out the actions you will need to take depending on what type of business you are. It may be worth seeking specialist legal advice to confirm the nature of the license and the exact range of supporting documentation required.

1.2 Which rules and standards apply?

Regulators expect firms to prepare thoroughly for their application. The regulator will consider this when making the assessment as to whether a firm is ready, willing and organised to meet the required standards upon authorisation and on an ongoing basis (see the FCA Handbook glossary, standards of the regulatory system). Conducting the correct research, taking advice, addressing enquiries regarding your regulatory obligations is likely to be viewed favourably. All firms are expected to deal with the regulator in an open and cooperative way and must tell the PRA or the FCA promptly of anything relating to the firm of which the PRA or the FCA would reasonably expect notice.

Firms applying for authorisation need to have a clear understanding of their regulatory compliance obligations arising from their planned business model and have arrangements in place to comply with them. For example, are you familiar with and have you considered your firm’s ability to abide by the FCA Principles for Business and the PRA Fundamental Rules? These are the standards expected of all authorised firms. Do you know which rules in the FCA Handbook and PRA Rulebook apply to your business? 

1.3 Who is the appropriate regulator?

A firm must seek permission to carry on one or more regulated activities from the relevant regulator. The two key regulators in the UK are the FCA and the PRA, and they have the power to authorise a firm to carry on regulated activities, depending on the nature of the activity. See How-to guide: Introduction to the UK financial services regulators. Applications for permission must be made in such a manner and contain such information as required by the relevant regulator (see section 55U(4), FSMA).

The appropriate and applicable regulator to apply to and the type of authorisation granted will often be determined by the types of activities firms intend to carry on and these should be set out in the regulatory business plan (see section 2.3 below).

Under section 55A, FSMA the PRA is the appropriate regulator to apply to where the firm is to be dual-regulated by the FCA (for conduct purposes) and the PRA (for PRA-regulated activities or for PRA-authorised persons). Otherwise, it is the FCA in any other case. Examples of PRA-authorised firms are banks, insurance companies, major investment firms or credit unions. In the case of non-PRA regulated firms such as brokers and smaller financial firms, the FCA deals with the prudential rules.

A list of the regulated activities that are specific to firms that the PRA authorises and regulates is available in the Financial Services and Markets Act 2000 (PRA-regulated Activities) Order 2013. The PRA will take the lead on the application for authorisation (although it must obtain FCA consent before granting permission), and the FCA will lead on conduct regulation.

For other regulated activities, the application for authorisation goes to the FCA (known as solo-regulated firms) and the FCA will assess applicant firms. The FCA supervises all firms in respect of conduct of business. The FCA is not required to obtain the PRA’s consent before granting permission; however, in certain cases, the FCA must consult the PRA, for example, if the applicant is a member of a group which includes a PRA-authorised person (see section 55E(3), FSMA).

You can find out what you need to do before you apply to either regulator for authorisation on the PRA website or the FCA website. You can select the type of business you wish to carry on and follow the regulatory guidance to complete your application form.

1.4 Will you have a pre-application meeting?

Prior to applying for authorisation, you can consider setting up a pre-application meeting with the PRA or the FCA. This would be an informal discussion to advise the regulator of an incoming application, outlining the reasons why authorisation is required and providing an opportunity to clarify queries directly.

Meetings are more regularly held for applications with the PRA (particularly for first-timers).

Meetings with the FCA are often held when authorisations are considered complex or where there are a unique set of factors to consider. Note, there are dedicated hubs for the following types of application: fintech start-ups and asset managers (with the FCA) or the new bank or new insurer start-up units (with the PRA).

If you are operating as a wholesale markets firm or adviser or business association that works with wholesale firms, you may also be able to avail of the pre-application support service before you apply for authorisation.

1.5 Do you require specialised legal and compliance guidance?

If the application is particularly complex, you should also consider whether your budget allows you to seek more specialised legal and compliance regulatory guidance either from a specialist law firm or a compliance firm. They may even be able to help you read through your forms prior to submission to review the nature of the products and services, confirm the exact set of regulated activities to be applied for or provide practical support and guidance to navigate you through the application process from a ‘regulatory’ perspective or consider alternative approaches (depending on the circumstances of the application). This can save time and effort when preparing your application.

Step 2 – Preparing to apply for authorisation – what do you need to consider?

The regulator must be satisfied that the applicant meets all required minimum regulatory standards of their planned business upon authorisation, and ongoing compliance with these regulatory standards is expected after authorisation is granted.

2.1 Does the firm meet the threshold conditions?

It is necessary to satisfy the relevant regulator (PRA or FCA) that the firm meets the threshold conditions in relation to the regulated activity for which they have permission (see section 55B and Schedule 6, FSMA). Additional guidance as to how the FCA will apply the FCA-specific threshold conditions can be found in the FCA Threshold Conditions sourcebook (COND).

The threshold conditions are baseline standards that all applicants are expected to meet. They can vary in respect of different categories of person depending on whether the applicant is PRA- or FCA-authorised.

Broadly speaking, applicants are required to satisfy conditions in several areas including that the UK-incorporated body must maintain offices and central mind and management in the UK (ie, location of offices and critical personnel taking day-to-day decisions ‘on the ground’). The applicant must conduct business in a prudent manner and possess adequate resources to enable them to be capable of being effectively supervised by the PRA and the FCA (see How-to guide: Introduction to the UK financial services regulators).

Firms should review the threshold conditions that apply to them carefully prior to completing their application and ensure that they understand the requirements and are able to abide by them both upon authorisation and on an ongoing basis after authorisation.

2.2 Does the firm have adequate financial and non-financial resources?

Firms are expected to have adequate financial resources ie, demonstrate they are solvent and able to meet liabilities as they fall due on an ongoing basis. They are also expected to have adequate non-financial resources including staff with the relevant skills and experience to enable the firm to properly manage its affairs and ensure it complies with its regulatory requirements. Regulators will check that firms have taken reasonable steps to measure risks appropriate to the activities the firm carries on, identify harms related to the activities they undertake eg, that client money and custody assets are not placed at risk, and where relevant conduct additional diligence on group companies’ structures. A firm’s permission profile will determine its prudential category and the amount of regulatory capital required. The firm will need to demonstrate a commercially viable and sustainable business model.

You will need to provide financial projections (usually over a three-year period), source of funding details and consider how the firm will be capitalised to meet the initial capital requirement at the point of authorisation. Specific guidance on the FCA prudential requirements for specific firm types is set out in the sourcebooks of the FCA Handbook (eg, GENPRU for banks, building societies, insurers and investment firms). Please refer to the FCA Handbook Prudential Standards which set out all the different standards across business type.

PRA rules on prudential requirements vary by type of firm (eg, insurers and banks each have different regulatory requirements).

2.3 Have you prepared a regulatory business plan?

Firms must submit a regulatory business plan (RBP) in their application for authorisation. When preparing a RBP it is important to include comprehensive and detailed information tailored (including policies and procedures) to the specific business model. Consider the type of firm and the permissions you are applying for – this is not a generic document.

The RBP will include a forecast budget calculation which demonstrates to the regulator that the applicant has the appropriate resources (financial and non-financial) and the business is commercially viable. It also explains the organisational and governance structure (including key personnel, internal control mechanisms and composition of the board), lays out the customer journey and risk management framework and sets out what services the firm will provide as well as the areas the firm specialises in. Include as much detail as possible relating to the company eg, how long the firm has been trading, principal place of business and full details of the firm’s control structure.

Firms will also be expected to consider risk policies and procedures (eg, outsourcing, operational resilience, business continuity, IT systems), set out marketing plans and planned financial promotions, include key compliance policies (eg, anti-money laundering (AML), provide details of the customer journey (from acquisition to after-sales care) and how the firm will comply with the Consumer Duty (if in scope) (see section 2.6) – if not in scope explain why to demonstrate that the firm has fully considered the implications of the Duty). Consider too how the firm will identify and meet the needs of vulnerable customers, detail approach to staff training and staff incentives and provide details of the firm’s complaints policy. Some firms may also be required to submit a wind-down plan as part of their application too should their business become no longer viable.

Firms need to assess and determine how all the different parts of the RBP work together, and remember that compliance, risk and governance processes are ongoing requirements.

A sample FCA template business plan and PRA guidance on what a RBP should include is available online. It is important that the RBP provides sufficient evidence and that the assumptions used are realistic with a strong emphasis on quality and consistency.

2.4 Do you know which people in the business require qualifications and approval, and do they pass the fit and proper test?

Regulators will consider the suitability of each person who conducts a senior function within the business. You may have to certify their suitability or seek formal approval. This means that either the PRA or the FCA (as appropriate) must be convinced that the person is fit and proper, possesses appropriate capabilities and competencies, is financially sound and has a suitable degree of honesty and integrity to carry out their role. See here.

2.4.1 Controlled functions – requirements

All significant individuals in senior positions who are specifically registered with the regulators are required to demonstrate that they meet particular requirements to receive approval as ‘approved persons’ and need to satisfy the regulator (as appropriate) that they are suitable eg, CEO, Money Laundering Reporting Officers. In addition, other personnel may interact with customers in a way that affects customers or the firm directly eg, advising clients. Employers need to provide evidence that they have conducted all necessary checks to certify such personnel as ‘fit and proper’ to the satisfaction of the regulators. See SYSC 27.7.3 for a list of FCA certification functions.

2.4.2 Senior managers – requirements

Regulators use the ‘fit and proper’ test to assess whether a candidate is suitable to perform a senior manager role. The applicant firm is expected to conduct due diligence on senior managers (eg, by checking references, criminal records and certificates of qualifications).

Senior managers are expected to make full disclosures, including any negative information about themselves. Failure to disclose this to the regulator will be viewed badly.

Firms should note that senior managers are subject to approval under the Senior Managers and Certification Regime (SM&CR) and the requirements which apply depend on the categorisation of the firm and its type. The SM&CR sets standards of conduct and firms need to certify certain individuals or those who hold ‘Senior Manager Functions’ or ‘SMFs’ as being suitable for their roles. The ability of firms to meet SM&CR requirements will be considered as part of the authorisation application and will depend on whether the application is made to the FCA or the PRA.

As part of improvements to the application process for authorisation, the FCA has introduced a new Form A, used for Senior Management and Controlled Functions applications. Guidance is provided on the FCA webpage ‘Using the new Form A.’ See Fit and Proper Test for Employees for Senior Personnel (FIT) module of the FCA Handbook.

2.5 Have you considered the systems and controls necessary to support the firm’s activities?

2.5.1 Systems and controls – requirements

Firms are expected to demonstrate that they have adequate systems and controls appropriate to the nature, scale and complexity of the business (see the FCA guidance, Senior management arrangements, Systems and Controls (SYSC) and the FCA Training and Competence sourcebook (TC)). This includes demonstrating that they have in place adequate policies and procedures around matters such as outsourcing (oversight and controls over critical third parties), compliance obligations, financial crime and money laundering, internal audit, business continuity and record-keeping. The prescribed application forms list the policies required.

The applicable PRA rules will depend on the type of firm (eg, whether it is a bank or an insurer).

2.5.2 IT systems – requirements

Firms are expected to design and test their IT systems before authorisation and ensure that they are operationally resilient. They should have an IT risk management framework and key risk policies for IT operations and security. This will link in with eg, procedures and processes in relation to Anti-money laundering (AML)/Financial Crime and safeguarding client money policies. Applicants may be required to complete an IT self-assessment questionnaire which will require input from different teams from within a firm. Senior managers may have to certify that the firm has aligned their systems and controls with all required rules and guidelines. The prescribed application used by each firm provides guidance on the supporting documentation required. See How-to guide: The UK operational resilience regime in financial services.

2.6 Have you considered whether you are in scope of the Consumer Duty?

If your firm is in scope of the Consumer Duty, you must detail in your application how your firm will deliver good outcomes for retail customers. The FCA has introduced a new principle 12 (see section 1.2 in relation to the Principles for Business).

These rules are far-reaching to ensure firms put their customers’ needs first. The time and resources to demonstrate compliance should not be underestimated. You need to consider ‘retail market business’ and note this is not just applicable to firms with retail clients and may also apply eg, to regulated firms whose products or services are in a distribution chain with retail clients. Firms should take reasonable steps to comply with specific aspects of the Duty, considering the nature of the products or services being offered, the characteristics of the relevant retail customers and the firm’s role in relation to the product or service. They are not expected to take responsibility for the actions of other firms in the distribution chain.

Firms applying for authorisation must prove they can comply with the Consumer Duty. This includes setting out product and service governance frameworks and measures to protect consumers, focus on customer outcomes, and consider whether customers are put in a position where they can make effective decisions.

These rules came into force on 31 July 2023. The scope of the Consumer Duty is set out in Chapter 2 of the FCA finalised guidance for firms.

See also How-to guide: The FCA’s Consumer Duty: putting the needs of customers first and Checklist: Embedding the Consumer Duty: practical considerations.

Step 3 – Practical considerations for applying for a Part 4A permission to the FCA or the PRA

3.1 Have you registered for a Connect Account?

If you do not already have access, you will need to create an account and register with Connect to submit your application and application fee. Connect is the FCA’s online system that is used to submit applications and notifications for Part 4A permissions (unless you are a dual-regulated firm regulated by both the PRA and the FCA).

Dual-regulated firms must still apply for authorisation using a paper-based form (sending two hard copies of the application form to the PRA).

Once your application has been submitted you will be assigned a case officer or given an indication as to the likely date that a case officer will be assigned. The case officer will undertake the review, communicate with the applicant and raise any queries (if applicable).

3.2 What is the timeframe to process an application?

If an application is complete, the FCA will usually assess it within six months for FSMA firms, and 3 months for payments or e-money firms. Applying for authorisation with the PRA typically takes between 6 and 12 months. However, where the application is assessed as incomplete (eg, where there are missing or incomplete documents), it could take up to 12 months. The timeframe to process the application may be impacted by a range of factors eg, how busy the regulator is at the point of application, the complexity of the application, or how much additional information they need for the applicant to demonstrate they are able to satisfy all criteria to be authorised.

There is no definition of a ‘complete’ application; but the less complete the application, the more likely the delay and this sends the wrong message to the regulator. Forms should be completed fully and correctly, and you must provide sufficient evidence that you meet all requirements to be registered.

Where the application cannot be determined without the consent of the other regulator, the other regulator’s decision must also be made within this timeframe (see section 55V(3), FSMA).

If the regulators grant permission, each can impose such requirements or limitations on that permission as it considers appropriate.

3.3 Have you checked which fee applies?

Authorisation application fees are payable to the PRA and/or the FCA, which are non-refundable. Fees for new authorisations are assessed against whether the application is straightforward, moderately complex or complex, and the fees can vary depending on the type of application and the type of business the firm operates. Note, fees may change in the future so it is always advisable to check the latest figures before submitting your final application.

The FCA authorisation fee you are likely to pay will fall within one of the pricing categories as set out in the FCA Handbook at Fees 3 Annex 1A. Each category covers a different group of permissions with fee categories ranging from £270 to £217,500. For more information on the full range of fees and charges payable please see here. For PRA fees, see Regulatory Transaction Fees within the PRA Rulebook.

Once authorised, firms must pay an annual fee to the PRA or the FCA. The FCA provides an annual fee calculator to help firms to determine the fees they need to pay.

3.4 Have you prepared all required forms and provided all necessary supporting documents?

It is up to firms to decide when they are ready to apply, and all required forms and documents must be completed to an acceptable standard. You must ensure that your organisation has prepared the correct application form, along with all supporting documents and that there is sufficient detail provided. The forms required depend on the authorisations sought and the different categories of business (see PRA new firm authorisation, which provides more detail on the application forms and FCA how to apply for authorisation, which includes links to FCA checklists per firm type). It is a good idea to have the documents proofread by a fresh set of eyes before submission as accuracy is vital. You may receive requests for further information from the case officer and it is advisable to respond to these comprehensively and in good time.

3.5 What should you expect when your application is submitted?

All applications to the PRA from new firms wishing to become a bank or insurer will be copied to the FCA for its consideration.

Applications are assigned a case officer who reviews and assesses the application for completeness. If the case officer identifies any gaps, they will request further information. The case officer will keep the applicant updated.

3.6 How do you know if the application is successful?

If an application meets all the criteria and is expected to succeed, the regulator will issue an ‘approval in principle’ that you have met the conditions of authorisation and the date on which it takes effect (section 55V(5) and (6), FSMA). The notice will detail the regulated activities the firm has permissions for and might stipulate certain additional conditions that the regulator will want satisfied (eg, final IT system checks, any requirements or limitations, for example, limitations on the type of customer an authorised person may provide services to, annual fee and reporting requirements). When a firm is authorised and has a Part 4A permission, its regulated activities, list of permitted customer types and any restrictions or limitations on activity will be noted in the Financial Services Register.

Once authorised, you must meet the threshold conditions at all times, comply with the regulatory requirements relevant to your business and comply with all disclosure and reporting obligations.

3.7 How do you know if the application is not successful?

Unsuccessful applications will either be rejected or refused. Applications are rejected by the FCA or the PRA where sufficient information has not been provided.

Where it is considered that your application will not meet the standard for authorisation, the case officer will send a minded to refuse letter stating the reasons why refusal is being considered. Firms can choose to withdraw at this stage, or the regulator commences the process to confirm its position internally, and subject to that decision, the FCA or PRA may issue a warning notice confirming its decision to refuse (section 55X(1) and (2), FSMA). Firms have a right to appeal a decision made by the FCA or the PRA (section 55Z3, FSMA). Prior to submitting the appeal, it is advisable to seek specialist legal guidance.

Additional resources

FCA authorisation webpage
PRA authorisation webpage

Related Lexology Pro content

How-to guides:

Introduction to the UK financial services regulators
The general prohibition - beware the consequences of breach
The FCA’s Consumer Duty: putting the needs of customers first

Checklist:

Preparing an application to vary a Part 4A permission at the request of a firm
Preparing an application to cancel a Part 4A permission at the request of a firm
Embedding the Consumer Duty: practical considerations.

Reliance on information posted:

While we use reasonable endeavours to provide up to date and relevant materials, the materials posted on our site are not intended to amount to advice on which reliance should be placed. They may not reflect recent changes in the law and are not intended to constitute a definitive or complete statement of the law. You may use them to stay up to date with legal developments but you should not use them for transactions or legal advice and you should carry out your own research. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents.