Hire an FD/CFO contactus
HIRE AN FD/CFO CONTACT US

Regulatory Business Plan for FCA Authorisation: A Guide

  • Home
  • Regulatory Business Plan for FCA Authorisation: A Guide

The regulatory business plan is the single most important document in an FCA authorisation application — it is the primary means by which the FCA assesses whether a firm’s proposed activities meet the threshold conditions and whether the firm has a viable, well-governed model for delivering regulated services.

The FCA does not prescribe a specific format for the regulatory business plan, but its authorisation guidance and the questions embedded in the Connect application system make clear what it expects to see. Firms that approach the regulatory business plan as an extended marketing document — focused on opportunity and growth potential rather than regulatory viability — consistently generate more queries, more information requests and longer authorisation timelines than those that address the FCA’s actual assessment criteria directly.

Why the FCA Requires a Business Plan

The regulatory business plan is used by the FCA to assess compliance with the threshold conditions — specifically the appropriate resources condition (TC4) and the suitability condition (TC5). Through the business plan, the FCA tests whether the firm has the financial resources to carry on its proposed activities, whether its non-financial resources — people, systems and controls — are adequate, and whether its business model is viable and unlikely to create undue risk to customers or market integrity.

The FCA is not looking for a business plan that shows the firm will succeed commercially. It is looking for a plan that demonstrates the firm understands the regulatory environment it is entering, has designed its activities with customer outcomes in mind, and has the governance and compliance infrastructure to meet its regulatory obligations from the first day of authorisation. A plan that is credible on risk management and compliance but conservative on commercial projections is more likely to obtain authorisation quickly than one that projects rapid growth while glossing over regulatory obligations.

Structure of the Regulatory Business Plan

The FCA does not mandate a specific structure, but the following elements are consistently required for a complete and credible regulatory business plan across most firm types. The weight given to each section will vary depending on the regulated activities being applied for and the firm’s sector.

Executive summary. A concise overview of the firm, its proposed regulated activities, its target market and its regulatory structure. The executive summary should allow the FCA reviewer to understand the nature of the application without reading the full document — and should be written after the rest of the plan is complete.

Corporate structure and ownership. A clear description of the legal entity, its shareholders, its group structure and its constitutional documents. Where the firm is part of a wider group, the plan should explain the relationship between the regulated entity and other group companies, including any activities or functions that are outsourced to group entities.

Regulated activities and permissions sought. A specific identification of the FCA permissions being applied for, with a clear explanation of why each permission is required and how each maps to the firm’s proposed activities. The FCA expects precision here — applications that seek broad permissions beyond those actually needed are scrutinised more carefully than those with a well-defined and proportionate permissions set.

Business model. A detailed description of how the firm will carry on its regulated activities: how customers are acquired, what products or services they receive, how transactions are processed, how the firm generates revenue, and how the firm manages the risks inherent in its activities. The FCA’s assessment of the business model focuses on whether it is designed to deliver good customer outcomes and whether the risks it creates can be adequately managed with the resources the firm proposes.

Target market and customer profile. A clear description of the customers the firm intends to serve — their characteristics, their financial sophistication, their vulnerability profile, and how the firm’s products and services are designed to meet their needs. Under the Consumer Duty, firms proposing to serve retail customers must demonstrate from the outset that their business model is designed to deliver good consumer outcomes — not just comply with minimum conduct standards.

Financial Projections

The financial projections section must demonstrate that the firm will have adequate capital throughout the application period and the initial operating period. The FCA expects to see: a balance sheet projection showing the firm’s capital position at authorisation and over the following 12 to 24 months; a profit and loss projection showing expected revenues, costs and the pathway to profitability; and a cash flow projection showing that the firm will have sufficient liquidity to meet its obligations.

For firms with regulatory capital requirements — investment firms under MIFIDPRU, payment institutions under the PSRs, consumer credit firms where capital requirements apply — the projections must be prepared against the applicable capital framework. The FCA will assess whether the projected capital position meets the regulatory minimum throughout the projection period, including under a stress scenario.

The stress scenario is a component many firms handle inadequately. The FCA expects to see a projection showing how the firm would perform under adverse conditions — lower revenues than projected, higher costs, or a period of operational disruption — and confirmation that the firm would retain adequate capital throughout. A stress scenario that differs only marginally from the base case does not satisfy this requirement.

The Compliance and Risk Framework

The compliance and risk framework section is one of the most closely scrutinised parts of the regulatory business plan. The FCA expects a clear description of: how the firm will meet its compliance obligations under the applicable rules; the structure of the compliance function and who leads it; the risk management framework and how risks are identified, assessed and controlled; the internal audit arrangements; and the governance framework through which compliance and risk issues are escalated to the board.

The FCA pays particular attention to the independence and resourcing of the compliance function. A compliance function that reports into the business rather than directly to the board, that is staffed by a single part-time resource, or that has no separate budget or authority to raise concerns, is unlikely to satisfy the FCA’s expectations for the non-financial resources threshold condition. Many authorisation applications are queried on this point — which is why getting the right compliance leadership in place before submitting is consistently the most effective way to accelerate authorisation.

For firms required to appoint an MLRO under the Money Laundering Regulations — which covers most FCA-regulated firms — the business plan must describe the AML compliance framework, the identity of the proposed MLRO, and the systems and controls that will be in place for customer due diligence, transaction monitoring and suspicious activity reporting.

Senior Management Team and SMF Appointments

The business plan must identify all proposed senior manager function (SMF) holders — typically including the CEO or equivalent (SMF1), the compliance oversight function holder (SMF16), the MLRO (SMF17), and any other prescribed functions applicable to the firm type. For each SMF holder, the business plan should describe their experience and qualifications, their proposed Statement of Responsibilities, and the basis on which the firm concludes they meet the fit and proper requirements.

The FCA will request a Regulatory Business Plan extract, a detailed CV and disclosure documents for each SMF candidate as part of the individual approval process under the SMCR. The completeness and quality of these submissions significantly affects the speed of individual approvals — and where SMF approvals are held up by the FCA’s queries, the firm’s authorisation application cannot be determined.

Common FCA Queries on Regulatory Business Plans

Based on experience across authorisation applications, the most common FCA queries relate to: the adequacy of the compliance function’s resourcing and independence; the detail and credibility of the financial stress scenarios; the mapping between the permissions sought and the actual activities proposed; the customer due diligence and transaction monitoring arrangements for firms subject to the MLRs; the arrangements for managing operational risk and ensuring business continuity; and, for consumer-facing firms, the design of the customer journey with reference to the Consumer Duty outcomes.

Firms that receive queries from the FCA on their regulatory business plan should treat the query as an opportunity to demonstrate the depth of their regulatory understanding — not as an administrative hurdle. Detailed, considered responses that address the FCA’s concern directly, and that offer to supplement the plan with additional documentation where helpful, typically resolve queries more quickly than brief responses that address only the literal question asked.

Practical Preparation

The firms that navigate the authorisation process most efficiently tend to share certain characteristics: they engage a compliance officer or consultant with authorisation experience early in the process; they submit complete applications rather than relying on the FCA to identify gaps; they appoint their SMF candidates before submitting and ensure those candidates have reviewed and understood their proposed Statements of Responsibilities; and they treat the regulatory business plan as a live document that accurately reflects their intended activities at the point of submission, rather than a document written months earlier that has since been superseded by developments in the business.

Adrian Lawrence FCA — Founder, FD Capital Recruitment Ltd

ICAEW Registered Practice  |  Companies House No. 13329383

“We support firms at the pre-authorisation stage with compliance and senior management appointments — placing compliance officers, MLROs and CFOs who can contribute to the regulatory business plan, hold SMF appointments from day one, and build the compliance framework that the FCA expects to see. Getting the right people in place before submitting is consistently the most effective way to reduce authorisation timelines and avoid the queries that delay determination.”

Building Your Team for FCA Authorisation?

FD Capital places compliance officers, MLROs and finance directors for firms preparing FCA authorisation applications — on interim, fractional and permanent mandates, available within weeks.

Key References

FD Capital
FD Capital
FD Capital

FD Capital Recruitment Ltd is registered at Companies House (no. 13329383) and has been providing CFOs and Finance Directors since 2018 and is operated by an ICAEW-registered practice. Our founder Adrian Lawrence FCA holds an ICAEW practising certificate.