Navigating Regulatory Authorisations

There are many reasons why firms seek regulatory authorisation, or choose to change the existing scope of their regulatory permission if already authorised to offer financial services in the UK. The most common reasons include launching a start-up business that needs approval to carry on regulated activities (such as banking; payments or investment services); strategic changes and product/service diversification (requiring a Variation of Permission); or a transaction such as acquiring or being acquired/absorbed by another business (requiring a Change in Control). 

The UK benefits greatly from a mature regulatory regime. Whilst this means that the regulators’ approach to these applications is relatively well defined; it does not necessarily follow that the process is straightforward or indeed that that more nuanced regulatory expectations are always clear. 

This is especially true when it comes to preparing drafting key materials in support of these applications. Over recent years, overall expectations of the quality of documents to be provided in support of an application has become more exacting. As the UK continues to face challenging macro-economic headwinds, this will make designing profitable and sustainable business models (that will stand up to regulatory scrutiny) inherently more difficult further still. With further incoming and changing regulation scheduled over the next couple of years, careful preparation and attention is needed for any type of regulatory application.

Increasing expectations, increasing work

Gone are the days where the regulators assessed an application for authorisation by “box ticking” against a list of requirements. Case officers are now actively challenging the motivations of applicants, demanding realistic financial planning (e.g. path to profitability and fundraising plans), as well as looking for proportionate and implementable internal governance and risk management arrangements. 

Case officers are also quick to identify materials from applicants that have not sufficiently adapted baseline templates or examples provided by consultants for their specific business. Recent comments from the FCA have made it clear that this is a contributing factor in slowing down the assessment of applications and have encouraged potential applicants to ensure they are involved in the drafting and challenge of these documents from the start.

Eyes on the horizon...

Recently introduced regulation is also resulting in applicants having to do more work to demonstrate that they can meet the threshold conditions for authorisation. For example, the Investment Firms Prudential Regime (“IFPR”) requires firms applying to carry on MIFID business to undertake rigorous and documented prudential planning where previously this would not have been the case for some firms. IFPR also requires in-scope applicants to demonstrate how they can comply with an enhanced remuneration regime and specific expectations around governance, such as at least 50-50 spit on between executives and non-executives at Board level.

The introduction of FCA Consumer Duty in July 2023 has already had a measurable impact on authorisation applications. In-scope firms now preparing documents are having to think harder at an earlier stage about how they will be able to meet the outcomes of the Duty and document their approach through their application materials. This includes setting out their specific approaches to aspects such as financial promotions, new product approval governance and mapping of proposed customer journeys as well as how these  will interact with sales and service process. Whilst most relevant to those wanting to undertake activities involving retail customers, most prospective applicants will be expected to demonstrate how they can meet the principles of Consumer Duty to some extent.

It should be noted that the above observations relating to new authorisations applications apply also to applications for Variations of Permission especially where these are tied to significant changes in business. Equally these also apply significant changes in control; i.e. where regulated activities are being acquired or absorbed into another entity for the first time.

Pick your players (carefully)…

Much like a sports team, even with a sound strategy and ample capital in place; the crucial factor in success or failure are the individuals representing it. The Senior Managers and Certification Regime (“SM&CR”) requires individuals performing a Senior Manager Function role (“SMF") to apply for individual approval at the same time as the overall application for the entity. SM&CR impacts how firms think about which individuals carry out which specific roles and their underlying responsibilities now there is recourse to individuals (rather than just the firm) for sanction in the event of a serious regulatory breach.

While standards applicable to individuals have remained relatively constant in recent years; one area that regulators are becoming more exacting in, is their approach to evaluating individuals who have a financial interest in regulated firms. Specifically case officers have become more mindful of potential conflicts of interest of owners participating in day-to-day decision making, or even overall strategic discussions at the regulated entity level. We are aware of several cases of regulators applying push back on the approval of individuals who are unable to articulate whether they are just a shareholder or an active participant in the proposed business. Therefore we suggest:

• Applicants should think carefully before making shareholder appointments to their boards and other potentially influential individuals representing such investors, and holding/parent companies; and
• Consider how such appointments are expected to function in the long term once the business is authorised. This is especially pertinent where subsequent funding rounds are planned, and/or potential investors may have technical expertise to share to support either set-up activities or subsequent ongoing ‘business as usual’. 

Are you prepared?

When approaching a new regulatory application we suggest:

• Plan: Preparing any application requires an honest assessment of preparedness before starting the process. More specifically, a gap analysis assessing the current state of the business and/or plans relative to regulatory requirements that will need to be complied with once authorised. This is crucial in shaping the specific programme of work needed before an application is submitted. The principle also applies to making an honest appraisal of skills gaps of senior managers and/or Board members;
• Get expert input: Regardless of the type of application, most firms will be required to prepare extensive supporting documentation including a Regulatory Business Plan, Risk Management Frameworks and numerous policies that must be adapted to the specific circumstances of the proposed business. At a minimum, targeted external input by seasoned practitioner is almost always useful in identifying and navigating common pitfalls and anticipating likely questions from the regulators before a single document has been submitted;
• Leave time: Applications for authorisation almost always take more time than desired and often planned for. This counts for both the time taken to prepare the application itself (often no less than 3-6 months in most cases, considerably more for complex or larger business) and the time regulators will take to reach a decision on top of that (up to a year); and 
• Lean in: All too often, firms view regulation as burdensome and the process of applying for authorisation as a necessary hurdle to be endured. However seen differently, the process provides a useful framework to plan for staff, IT, outsourcing arrangements and product/service delivery and therefore financial planning for the years ahead. This is not only beneficial for potential shareholders, customers, and other stakeholders but also is more likely to cement a more constructive relationship with the regulators in the years ahead.