Authorisation Pathways, Sector-Specific Frameworks and Senior Team Requirements for UK Fintech
Fintech compliance in the UK is sector-diverse — covering payments firms, e-money institutions, robo-advisers, lending platforms, cryptoasset firms, insurtech, regtech, and the broader population of firms applying technology to financial services. Each sub-sector operates under distinct regulatory frameworks, but common themes run across the population: rapid growth challenging operational governance, intensive FCA supervisory attention since 2022, substantial focus on operational resilience and customer outcomes, and the recurring tension between innovation pace and substantive compliance discipline. The 2022 introduction of MIFIDPRU/IFPR, the Consumer Duty in 2023, the Russia sanctions programme, and the ongoing development of cryptoasset regulation have all combined to substantially raise the regulatory expectations on UK fintech firms.
This guide explains how UK fintech compliance actually works in practice — the principal regulatory frameworks across the sector, the authorisation pathways for different fintech sub-sectors, the operational compliance challenges specific to high-growth technology-led firms, and the recurring patterns where firms encounter difficulty. It also covers the recruitment dimension — the senior team UK fintech firms need across compliance, finance, risk, technology and operational leadership.
What’s missing from most online explanations is the sector-integrated picture. Each individual fintech sub-sector has its specific regulatory framework; what’s harder to find is the common compliance themes and senior team requirements across the diverse fintech population. That’s the gap this guide fills.
The UK Fintech Regulatory Landscape
UK fintech firms operate across multiple regulatory frameworks depending on their specific activity:
| Fintech sub-sector | Principal regulatory framework |
|---|---|
| Payment institutions | Payment Services Regulations (PSR) |
| E-money institutions | Electronic Money Regulations (EMR) |
| Robo-advisers and digital wealth | FSMA + COBS suitability framework |
| Lending platforms / consumer credit | FSMA + CONC framework |
| Mortgage technology | FSMA + MCOB framework |
| Cryptoasset firms (current) | MLR 2017 registration; broader regulation developing |
| Insurance technology | FSMA + IDD/insurance framework |
| Investment platforms | FSMA + MIFIDPRU + COBS |
| BNPL / specific consumer credit models | Phased regulation as the framework develops |
Most UK fintech firms also operate under common framework elements:
- SMCR — see our SMCR Guide
- Consumer Duty for retail customers — see our Four Outcomes Guide
- SYSC — see our SYSC Guide
- Financial Crime framework — see our MLR 2017 Guide
- Operational Resilience framework
- FCA Principles — see our FCA Principles Guide
Fintech Authorisation Pathways
UK fintech firms typically engage one of several authorisation pathways depending on their activity:
Direct FCA authorisation
The standard pathway for firms carrying on regulated activities — see our How to Become FCA Authorised Guide and FCA Application Process Guide. Most established fintech firms operate under direct authorisation.
Payment services authorisation
Payment institutions and e-money institutions go through specific PSR/EMR authorisation processes — substantively similar to FSMA authorisation but with sector-specific requirements including safeguarding arrangements. The FCA has been particularly active in scrutinising payments firm authorisations since 2022.
Cryptoasset MLR 2017 registration
Currently the principal pathway for cryptoasset firms — registration under the Money Laundering Regulations rather than full FSMA authorisation. The framework is expected to expand substantially as the broader cryptoasset regulatory framework develops. The MLR 2017 registration process has historically been substantively rigorous, with extended timelines and high decline rates.
Appointed Representative arrangements
Some fintech firms operate under principal firm authorisation through AR arrangements rather than direct authorisation. Following the 2022 PS22/11 reforms, the AR pathway has tightened substantially. See our Appointed Representative Guide.
FCA Innovation Pathway and Sandbox
The FCA operates Innovation Pathway and Sandbox programmes specifically supporting fintech firms developing novel propositions. The Sandbox provides a controlled environment for testing innovative business models with regulatory engagement. Innovation Pathway provides ongoing FCA dialogue support during authorisation.
Sector-Specific Compliance — Payments and E-Money
Payments and e-money firms face the most active FCA supervisory attention in UK fintech:
Safeguarding
The defining compliance discipline for payments and e-money firms — protecting customer funds through segregation, safeguarding accounts, or insurance arrangements. Failures result in substantial FCA enforcement.
Authorisation rigour
Payments authorisations have been substantially scrutinised since 2022. Application timelines have extended, information requests have intensified, and authorisation grants are increasingly conditional.
Sanctions exposure
Cross-border payment flows create substantial sanctions exposure. The post-2022 Russia sanctions programme has been particularly impactful. See our Sanctions Screening Guide.
Authorised push payment fraud
The mandatory APP fraud reimbursement scheme (effective October 2024) has materially changed payments firm operational and prudential dimensions.
Operational resilience
Payments operational resilience is heavily scrutinised — including third-party risk, cyber security, and business continuity. See our Third-Party Risk Management Guide.
Wind-down credibility
Following several payments firm failures, wind-down credibility has been a substantial FCA focus. See our Wind-Down Planning Guide.
Sector-Specific Compliance — Cryptoassets
UK cryptoasset firms operate under particular regulatory complexity:
MLR 2017 registration
Currently the principal regulatory requirement for crypto firms. Registration is administered by the FCA with substantively rigorous due diligence — historical approval rates have been low.
Source of funds verification
Cryptoasset source of funds verification combines blockchain analytics with traditional CDD — substantially more operationally complex than traditional finance.
Sanctions screening
Sanctioned wallet address screening alongside traditional name-based sanctions screening. See our Sanctions Screening Guide.
Financial promotions perimeter
The financial promotions framework was extended to cryptoassets in 2023, creating substantive marketing restrictions. See our PERG Guide.
Future regulatory framework
The broader cryptoasset regulatory framework is in development. Firms operating in the sector face ongoing regulatory evolution with substantive future authorisation requirements expected.
FCA scrutiny
Cryptoasset firms face the most active FCA supervisory scrutiny in UK financial services — reflecting concerns about consumer harm, market integrity, and financial crime risk in the sector.
Sector-Specific Compliance — Robo-Advice and Digital Wealth
Robo-advisers and digital wealth platforms face investment-sector frameworks adapted to digital delivery:
- COBS suitability — algorithmic suitability assessment with substantive human oversight
- Consumer Duty for retail clients — see our Four Outcomes Guide
- MIFIDPRU/IFPR for the firm — see our MIFIDPRU & IFPR Guide
- Vulnerable customer adaptation — particularly important given digital channel limitations
- CASS for firms holding client money or custody assets
- Algorithmic governance — substantive oversight of investment algorithms with model risk management
Sector-Specific Compliance — Lending and BNPL
Fintech lending platforms operate under CONC and consumer credit framework:
- Affordability assessment — substantively analysed by the FCA
- Vulnerable customer support during arrears — see our Vulnerable Customers Guide
- Fair value assessment under Consumer Duty
- Complaints handling — see our DISP Guide
- Operational governance — particularly for high-volume rapid-decision lending models
BNPL specifically is operating under phased regulation as the framework develops — firms in the sector face particular regulatory uncertainty.
The recurring challenge across UK fintech is the tension between growth pace and compliance substance. Fast-growing fintech firms frequently outscale their compliance infrastructure — onboarding more customers than CDD capacity supports, processing more transactions than monitoring frameworks calibrate for, expanding into new markets faster than the compliance framework adapts. The FCA has been increasingly explicit that growth doesn’t justify compliance compromise. Strong fintech firms invest in compliance ahead of growth; firms that fall behind typically face supervisory pressure that ultimately constrains growth more than the original investment would have.
Operational Resilience for Fintech
Operational resilience is particularly relevant for technology-led financial services firms:
- Identification of important business services
- Mapping of resources supporting each service
- Setting impact tolerances for disruption
- Substantive testing under disruption scenarios
- Self-assessment and improvement plans
For fintech firms specifically, key operational resilience considerations include cyber security, third-party technology dependencies, cloud infrastructure resilience, and rapid scaling capacity. The framework reached full force in March 2025.
Consumer Duty for Fintech
Consumer Duty applies to UK fintech firms with retail customers — substantively the majority of the sector. Specific considerations include:
- Digital customer journey design — particularly the absence of sludge practices and substantive support
- Consumer Understanding for digitally-native customers
- Vulnerable customer adaptation for digital channels
- Fair value assessment for fintech business models, including freemium structures and subscription models
- Foreseeable harm avoidance in product design and customer journey
For Consumer Duty detail, see our Cross-Cutting Rules Guide, Vulnerable Customers Guide, and TCF and Consumer Duty Guide.
Senior Management and SMCR for Fintech
Fintech firms typically operate as Core firms under SMCR (occasionally Enhanced for larger firms). Key SMF roles:
- SMF1 (CEO)
- SMF3 (Executive Director)
- SMF16 (Compliance Oversight) — see our SMF16 Guide
- SMF17 (MLRO) — see our SMF17 Guide
- SMF24 (Chief Operations) for Enhanced firms — particularly important for technology-dependent fintech. See our SMF24 Guide
For larger fintech firms, additional SMFs apply including SMF2 (CFO) and SMF4 (CRO). See our SMF2 Guide and SMF4 Guide.
FCA Supervisory Focus on Fintech
The FCA’s supervisory engagement with UK fintech has intensified materially since 2022 across several themes:
Payments firm scrutiny. Substantive supervisory pressure including thematic reviews on safeguarding, wind-down credibility, and customer outcomes.
Cryptoasset oversight. Active financial promotion enforcement, MLR 2017 registration scrutiny, and broader regulatory framework development.
Operational resilience implementation. Particularly for technology-dependent firms.
Consumer Duty implementation. Substantive supervisory engagement across retail-facing fintech.
Growth governance. Whether fintech compliance scales with business growth.
Third-party risk. Particularly cloud infrastructure, payment service providers, and technology vendors.
BNPL phased regulation. Active engagement with sector firms during the regulatory transition.
Common Fintech Compliance Pitfalls
Compliance scaling lag. Where compliance infrastructure doesn’t grow with the business.
Authorisation expectation mismatch. Where firms expect lighter-touch authorisation than the FCA actually applies, particularly for payments and cryptoassets.
Senior team gaps. Where SMF roles are filled with technologists or generalists lacking substantive regulatory experience.
Documentary compliance. Policies and procedures meeting documentary requirements without substantive operational embedding.
Operational resilience under-investment. Particularly for firms growing faster than their resilience infrastructure.
Third-party risk gaps. Where technology vendor and infrastructure dependencies aren’t substantively managed.
Cross-border perimeter issues. Where firms operate across jurisdictions without substantive perimeter analysis. See our PERG Guide.
Innovation Pathway expectations mismatch. Where firms in the FCA Sandbox or Innovation Pathway expect lighter ongoing supervision than actually applies.
Wind-down credibility weakness. Particularly for payments firms where wind-down has been an active FCA focus.
Fintech Recruitment
UK fintech firms face specific senior recruitment challenges:
The talent transition challenge
Many fintech firms grow from technology-focused founding teams that need to transition to substantive regulated firm leadership. The transition typically requires bringing in experienced regulated firm SMFs alongside the founding team — a transition that can be culturally and operationally substantive.
Specialist senior roles
- Senior compliance leadership — typically SMF16, with substantive sector experience needed
- Head of Regulatory Affairs — managing FCA dialogue and regulatory development
- Head of Financial Crime — particularly for payments and crypto firms
- Head of Sanctions — increasingly common for cross-border payments firms
- Head of Operational Resilience — emerging dedicated role
- Head of Customer Outcomes / Consumer Duty — for retail-facing fintech
- Head of Authorisation — for firms in authorisation phases
Fractional and interim arrangements
Fintech firms in growth phases frequently use fractional CFO, fractional MLRO, and fractional Compliance Officer arrangements during the build-out and authorisation phases. The fractional model provides senior expertise without full-time commitment before revenue scales. See our FCA Authorisation CFO Recruitment page.
Compensation dynamics
Senior fintech compliance and risk leadership compensation reflects the regulatory intensity of the sector and the tight candidate pool with substantive sector experience. The combination of equity participation, fixed compensation, and variable elements typically requires substantive negotiation.
For senior recruitment, see our FCA Regulated Firm Recruitment, CCO Recruitment, MLRO Recruitment, and Financial Crime Recruitment pages.
A Note from Our Founder — Adrian Lawrence FCA
UK fintech compliance is one of the most operationally challenging sectors in financial services — combining the regulatory intensity of traditional finance with the growth pace of technology businesses, often with senior teams that haven’t worked together long enough to build the culture required for substantive compliance. Firms that invest substantially in senior compliance, finance and risk leadership early — alongside their technology and commercial leadership — typically navigate the regulatory journey successfully. Firms that under-invest typically encounter difficulty as the FCA tests their substantive capability.
The recruitment angle that comes up most often in our placements is the senior team transition challenge. Founder-led fintech firms reach a point where they need substantive regulated firm leadership alongside the founding team — typically when the firm is approaching authorisation, scaling rapidly post-authorisation, or facing material FCA supervisory engagement. The transition is operationally and culturally substantive, requiring careful candidate selection and integration.
For fintech firms recruiting senior leadership, the practical advice is to engage the recruitment process well ahead of need — typically 6-9 months before the senior team gap becomes commercially urgent. Strong candidates with fintech experience and substantive regulated firm capability are in tight supply, and the recruitment timeline including FCA approval can extend 4-7 months. Compressed timelines typically result in compromised appointments.
At FD Capital we work on senior fintech mandates regularly across UK firms — payments, cryptoassets, robo-advice, lending, and other sectors. If you are recruiting senior leadership and want to discuss the sector dimensions, I’m happy to have a direct conversation.
Speak to Adrian about a fintech appointment →
Adrian Lawrence FCA | Founder, FD Capital | ICAEW Verified Fellow | ICAEW-Registered Practice | Companies House no. 13329383
Hire Fintech Senior Leaders
Fintech firms require senior leadership across compliance, finance, risk and operational disciplines. FD Capital places senior leaders across UK fintech firms on permanent and fractional engagements — from authorisation phase through scale-up.
020 3287 9501
FCA Regulated Firm Recruitment › | Authorisation CFO Recruitment | Contact Us
Further Reading and Authoritative Sources
For the FCA’s fintech and innovation pages, see the FCA’s Innovation pages. For the Sandbox programme, see the Regulatory Sandbox. For payments and e-money, see PERG 15.
Related Guides: Vertical Compliance and Senior Leadership
Part of FD Capital’s series of practical guides for FCA-regulated firms: Wealth Management Compliance | Asset Management Compliance | How to Become FCA Authorised | FCA Application Process | Appointed Representative Regime | Wind-Down Planning | Sanctions Screening | The Four Consumer Duty Outcomes | SMF16 — Compliance Oversight | SMF17 — MLRO Function
Accredited Member of GBC 
Accredited Member of LWF 
Carbon Offset via TreeNation