Understanding FCA Authorization
The Financial Conduct Authority (FCA) is the UK's primary financial services regulator, and obtaining FCA authorization is essential for any trading platform wishing to operate lawfully in the United Kingdom. In my practice advising trading platforms on UK market entry, I consistently emphasize that FCA authorization is not merely a formality. It represents a comprehensive regulatory framework that touches every aspect of how you operate your business.
The FCA's authorization regime stems from the Financial Services and Markets Act 2000 (FSMA), which establishes the "general prohibition" against carrying on regulated activities in the UK without authorization or an applicable exemption. For trading platforms, this typically means you cannot deal in investments, arrange deals in investments, or manage investments without proper FCA permissions.
Criminal Liability Warning
Operating a trading platform in the UK without proper FCA authorization is a criminal offense. Under Section 23 of FSMA, individuals can face up to 2 years imprisonment and unlimited fines. Directors and senior managers can be personally liable. I have seen enforcement actions result in platform shutdowns, disgorgement of profits, and criminal prosecutions.
FCA Authorization Requirements
The permissions you need depend on the specific activities your trading platform conducts. In my experience, most trading platforms require multiple permissions, and understanding the scope of each is critical to both your application and ongoing compliance.
Core Regulated Activities for Trading Platforms
| Permission | RAO Article | When Required |
|---|---|---|
| Dealing in investments as principal | Article 14 | Trading on your own account, market making, proprietary trading |
| Dealing in investments as agent | Article 21 | Executing client orders, acting as broker |
| Arranging deals in investments | Article 25(1) | Bringing together parties to transactions |
| Making arrangements with a view to transactions | Article 25(2) | Operating a trading venue or matching engine |
| Managing investments | Article 37 | Discretionary portfolio management, robo-advisory |
| Advising on investments | Article 53 | Providing personalized investment recommendations |
| Operating a multilateral trading facility | Article 25DA | Operating an MTF under MiFID II framework |
| Operating an organised trading facility | Article 25DB | Operating an OTF for non-equity instruments |
Investment Types Covered
Your permissions must also specify the types of investments you deal with. Common categories for trading platforms include:
- Shares - Equities, depositary receipts
- Debentures - Bonds, loan stock, fixed income securities
- Warrants - Rights to subscribe for investments
- Contracts for differences (CFDs) - Derivatives referencing underlying assets
- Options - Exchange-traded and OTC options
- Futures - Exchange-traded and OTC futures
- Units in collective investment schemes - Fund units, ETFs
- Rights to or interests in investments - Synthetic exposure
Cryptoassets and the FCA
The FCA's approach to cryptoassets continues to evolve. Currently, most cryptoassets are not regulated investments under the RAO. However, security tokens (tokens representing traditional securities) are regulated, and the FCA has registration requirements for cryptoasset businesses under Money Laundering Regulations. I advise clients to obtain specific legal advice on cryptoasset classification before proceeding.
Do You Need FCA Authorization?
The question of whether FCA authorization is required depends on multiple factors. I use the following decision framework with clients:
FCA Authorization Decision Tree
This includes having a UK office, UK clients, or directing activities toward UK persons
But consider overseas persons exclusion limits and financial promotions rules
But verify with legal counsel - boundaries can be complex
Appointed representative, professional exemption, or other exclusion
Some activities exempt, others require authorization
Apply for FCA authorization with appropriate permissions
Key Exemptions and Exclusions
- Overseas Persons Exclusion - Non-UK firms can deal with UK counterparties without authorization in limited circumstances, but cannot solicit UK clients
- Appointed Representative - Act under the authorization of an FCA-authorized principal firm
- Professional or Necessary Activities - Certain activities by lawyers, accountants in the course of their profession
- Intra-Group Transactions - Transactions between group companies may be excluded
Capital Requirements
The FCA imposes significant capital requirements on authorized firms. These requirements are designed to ensure firms have sufficient financial resources to meet their obligations and absorb losses. For trading platforms, the capital requirements can be substantial.
MIFIDPRU Categories
Since January 2022, UK investment firms are subject to the Investment Firms Prudential Regime (IFPR), implemented through MIFIDPRU. The capital requirements depend on your firm's classification:
| Category | Criteria | Minimum Capital |
|---|---|---|
| Small and Non-Interconnected (SNI) | AUM < GBP 1.2bn, client orders < GBP 100m/day, balance sheet < GBP 100m | GBP 75,000 - GBP 750,000 |
| Non-SNI Firm | Exceeds any SNI threshold | Higher of PMR, FOR, or K-factor requirement |
| Dealing on Own Account | Proprietary trading, market making | GBP 750,000 minimum |
Permanent Minimum Requirement (PMR)
The PMR is a fixed minimum based on your permissions:
- GBP 75,000 - Firms that do not deal on own account or hold client money/assets
- GBP 150,000 - Firms that hold client money/assets but do not deal on own account
- GBP 750,000 - Firms that deal on own account or operate an MTF/OTF
K-Factor Requirements
Non-SNI firms must calculate K-factor requirements based on specific risk metrics:
- Risk-to-Client (RtC) - K-AUM, K-CMH, K-ASA, K-COH
- Risk-to-Market (RtM) - K-NPR (net position risk), K-CMG (clearing margin given)
- Risk-to-Firm (RtF) - K-TCD (trading counterparty default), K-DTF (daily trading flow), K-CON (concentration)
ICAAP Requirements
All authorized firms must maintain an Internal Capital Adequacy Assessment Process (ICAAP), which assesses the risks your firm faces and the capital needed to mitigate them. I advise clients that the ICAAP should cover:
- Credit and counterparty risk
- Market risk (for dealing firms)
- Operational risk including cyber risk
- Business and strategic risk
- Liquidity risk
- Group risk (if part of a group)
- Concentration risk
Capital Buffers
In practice, firms should hold capital well above the regulatory minimum. The FCA expects firms to have a capital buffer, and firms operating close to minimum requirements often face enhanced supervision. I typically advise clients to plan for capital of at least 120-150% of the calculated requirement.
Senior Managers & Certification Regime (SM&CR)
The SM&CR is the FCA's accountability framework for individuals at authorized firms. It replaced the previous Approved Persons Regime and imposes personal responsibility on senior managers for their areas of responsibility.
SM&CR Framework
The regime has three main components:
- Senior Managers Regime - Pre-approval by FCA for key individuals
- Certification Regime - Firm certifies fitness of other significant staff annually
- Conduct Rules - Basic standards of conduct for most employees
Senior Management Functions (SMFs)
Trading platforms typically require the following SMFs to be approved:
| SMF | Title | Description |
|---|---|---|
| SMF1 | Chief Executive | Overall responsibility for firm's operations |
| SMF3 | Executive Director | Directors with executive responsibility |
| SMF9 | Chair | Chair of the governing body |
| SMF10 | Compliance Oversight | Responsible for compliance function |
| SMF11 | Money Laundering Reporting Officer | AML/CTF compliance responsibility |
| SMF16 | Compliance Oversight | Alternative compliance oversight function |
| SMF17 | Money Laundering Reporting Officer | Alternative MLRO function |
| SMF24 | Chief Operations Function | Responsible for internal operations (if applicable) |
| SMF27 | Partner | For partnership structures |
Statements of Responsibilities
Each Senior Manager must have a Statement of Responsibilities (SoR) that clearly delineates their areas of responsibility. The firm must also maintain a Responsibilities Map showing how responsibilities are allocated across the senior management team. Key requirements:
- No gaps in coverage of Prescribed Responsibilities
- Clear accountability for each function and area
- Senior Managers can delegate tasks but not responsibility
- Updates required when responsibilities change
Duty of Responsibility
Under Section 66B of FSMA, a Senior Manager can be held personally liable for regulatory breaches in their area of responsibility if they did not take "reasonable steps" to prevent the breach. This creates significant personal exposure for individuals holding SMFs.
Fitness and Propriety
All Senior Managers must satisfy the FCA's fitness and propriety requirements: honesty, integrity and reputation; competence and capability; and financial soundness. The FCA conducts background checks including criminal records, regulatory history, and financial status. I advise clients to conduct thorough due diligence on proposed Senior Managers before submitting applications.
Client Money Rules (CASS)
If your trading platform holds or controls client money or custody assets, you must comply with the Client Assets Sourcebook (CASS). These rules are designed to protect clients in the event of firm insolvency, ensuring their assets can be identified and returned.
CASS Overview
The CASS rules create a regulatory framework that:
- Requires segregation of client money from firm money
- Mandates specific trust arrangements for client assets
- Imposes detailed record-keeping and reconciliation requirements
- Requires external auditor CASS reports
CASS Categories
Firms are categorized based on the amount of client money/assets they hold:
| Category | Client Money/Assets | Requirements |
|---|---|---|
| Large | > GBP 1 billion or complex arrangements | Full CASS, enhanced oversight, CF10a required |
| Medium | GBP 1 million - GBP 1 billion | Full CASS, CASS operational oversight function |
| Small | < GBP 1 million | Standard CASS, simplified requirements available |
Key CASS Requirements
- Segregation - Client money must be held in designated client money accounts, separate from firm money
- Trust Status - Client money is held on statutory trust for clients
- Acknowledgement Letters - Banks must acknowledge the trust status of client money accounts
- Daily Reconciliations - Internal client money reconciliations must be performed daily
- External Reconciliations - Reconciliation with third parties (banks, custodians) at least monthly
- CASS Resolution Pack - Documentation to enable rapid return of client assets in insolvency
- Annual CASS Audit - External auditor must report on CASS compliance
CASS Operational Oversight
Medium and large CASS firms must appoint a CF10a (CASS Operational Oversight Function). This individual is responsible for:
- Oversight of the firm's operational CASS arrangements
- Reporting to the governing body on CASS compliance
- Ensuring adequate systems and controls
- Escalating CASS issues appropriately
CASS Breaches Are Serious
CASS breaches are among the most serious regulatory failures in the FCA's view. I have seen firms fined millions of pounds for CASS failures, including inadequate reconciliations, failure to segregate client money properly, and delayed resolution pack preparation. In insolvency situations, CASS failures can result in clients losing money.
MiFID Passporting Post-Brexit
Before Brexit, UK-authorized firms could passport their services across the EU under MiFID II. Since January 1, 2021, this passporting right no longer exists. The implications for trading platforms are significant.
Current Situation
- No automatic EU access - UK authorization does not provide rights to operate in EU member states
- No equivalence decision - The EU has not granted the UK equivalence under MiFID II
- National regime access - Access to individual EU countries depends on their national rules
- Third-country firm rules - UK firms are treated as third-country firms in the EU
Options for EU Market Access
| Option | Description | Considerations |
|---|---|---|
| EU Subsidiary | Establish and authorize a new entity in an EU member state | Full regulatory authorization required, substance requirements, significant cost |
| Third-Country Branch | Register a branch in EU member states that permit this | Limited availability, national discretion, no passporting |
| Reverse Solicitation | Serve EU clients only on their exclusive initiative | Very narrow exception, strict documentation required |
| Delegation Arrangements | Delegate functions to UK entity from EU-authorized firm | Requires EU firm as principal, ESMA scrutiny of delegation |
Gibraltar Considerations
Gibraltar-authorized firms previously had access to the UK under passporting. Post-Brexit, the Temporary Permissions Regime (TPR) allowed Gibraltar firms to continue operating in the UK while seeking UK authorization. This has now transitioned to a permanent market access regime for Gibraltar firms.
ESMA Reverse Solicitation Guidance
ESMA has issued statements expressing concern about the use of reverse solicitation by third-country firms. The regulator has indicated that it will scrutinize reverse solicitation claims, and firms relying on this exception should expect enhanced regulatory attention. I advise clients that reverse solicitation should be a genuine, documented exception rather than a business strategy.
UK FCA vs. US SEC/FINRA Comparison
For trading platforms considering both UK and US markets, understanding the differences between FCA and SEC/FINRA regulation is valuable. While both are comprehensive regulatory regimes, there are significant differences in approach, structure, and requirements.
| Aspect | UK FCA | US SEC/FINRA |
|---|---|---|
| Regulatory Structure | Single conduct regulator (FCA) plus prudential regulator (PRA for banks) | Multiple regulators: SEC, FINRA, CFTC, state regulators |
| Authorization Model | Permission-based: apply for specific regulated activities | Registration categories: Broker-Dealer, RIA, etc. |
| Minimum Capital | GBP 75,000 - GBP 750,000 depending on activities | USD 250,000 (broker-dealer), lower for RIAs |
| Individual Accountability | SM&CR with Duty of Responsibility | Chief Compliance Officer, FINRA registrations |
| Client Money | CASS rules, statutory trust | SEC Rule 15c3-3, Reserve Formula |
| Conduct Rules | COBS (Conduct of Business Sourcebook) | Regulation Best Interest, fiduciary duty (RIA) |
| Authorization Timeline | 6-12 months typically | 3-6 months for broker-dealer, varies for RIA |
| Ongoing Fees | Annual fees based on income/permissions | FINRA fees, SEC filing fees, state fees |
| Enforcement Approach | Principles-based, outcomes-focused | Rules-based, prescriptive requirements |
| Financial Promotions | Section 21 FSMA, criminal offense for breach | SEC advertising rules, FINRA communications rules |
Key Differences in Approach
- Principles vs. Rules - The FCA is more principles-based, expecting firms to interpret high-level principles. US regulation tends to be more prescriptive with detailed rules.
- Individual Accountability - The UK SM&CR creates stronger personal liability for senior managers than the US approach.
- Consumer Duty - The FCA's new Consumer Duty (2023) imposes higher standards for retail customer outcomes than US requirements.
- Authorization Scope - FCA authorization covers the full range of activities; in the US, you may need multiple registrations (broker-dealer AND RIA, for example).
Dual Registration Considerations
Platforms seeking both UK and US authorization should plan for approximately 12-18 months to complete both processes. Consider which market to prioritize based on your business model and investor base. Some firms establish a UK entity first (accessing both UK and historical EU markets), then add US registration.
Application Process & Timeline
The FCA authorization process is thorough and typically takes 6-12 months. Preparation is key, and I advise clients to allocate 3-6 months for pre-application preparation before submitting to the FCA.
Application Timeline
Pre-Application Preparation (3-6 months)
Develop business plan, regulatory business plan, compliance framework, ICAAP, governance structure, and identify Senior Managers. Engage with FCA pre-application services if needed.
Application Submission
Submit application via Connect portal with all required forms, documents, and application fee. Ensure completeness to avoid delays.
Initial Review (2-4 weeks)
FCA reviews for completeness. If incomplete, application may be returned. Complete applications are acknowledged and assigned a case officer.
Detailed Assessment (3-6 months)
FCA reviews business model, governance, systems and controls, and financial resources. Expect multiple rounds of questions and information requests.
SMF Approvals (concurrent)
Senior Manager applications are assessed in parallel. May include interviews for key individuals. Background checks conducted.
Decision
FCA issues decision to authorize (with or without requirements/limitations) or refuse. Statutory deadline is 6 months for complete applications (12 months if incomplete).
Mobilization (if applicable)
Some firms are authorized with restrictions while they complete operational setup. Restrictions are lifted upon demonstrating readiness.
Key Application Documents
- Application Forms - Core details form, Supplement for relevant permissions
- Regulatory Business Plan - Detailed description of proposed activities, clients, products
- Financial Projections - 3-year projections, capital adequacy calculations
- ICAAP - Internal Capital Adequacy Assessment Process document
- Compliance Monitoring Program - How you will monitor regulatory compliance
- Risk Management Framework - Identification and management of risks
- Governance Map - Organization structure, committees, reporting lines
- Responsibilities Map - SM&CR responsibilities allocation
- Senior Manager Applications - Form A for each proposed SMF holder
- Statements of Responsibilities - For each Senior Manager
- Policies and Procedures - Key compliance policies
- Systems and Controls Documentation - IT systems, operational procedures
Cost Estimates for FCA Registration
FCA authorization involves significant costs, both one-time and ongoing. Based on my experience advising trading platforms, here are realistic cost estimates:
Application Fees
- Straightforward application: GBP 1,500
- Moderately complex: GBP 5,000
- Complex permissions: GBP 25,000
- MTF/OTF operators: Higher fees apply
Legal & Advisory Fees
- Simple applications: GBP 50,000 - GBP 75,000
- Standard trading platform: GBP 100,000 - GBP 150,000
- Complex/novel business: GBP 200,000+
- Includes legal, compliance consulting, document drafting
Capital Requirements
- PMR minimum (no dealing): GBP 75,000
- Client money/assets: GBP 150,000
- Dealing on own account: GBP 750,000
- K-factor may require more
Annual Ongoing Costs
- FCA periodic fees: GBP 2,000 - GBP 50,000+
- FSCS levy: Variable
- Compliance personnel: GBP 50,000 - GBP 100,000
- External compliance support: GBP 20,000+
- CASS audit (if applicable): GBP 15,000+
Professional Indemnity Insurance
Most FCA-authorized firms require professional indemnity insurance. Premiums vary significantly based on business activities, but budget GBP 10,000 - GBP 50,000 annually for a trading platform. Coverage requirements depend on your specific permissions.
Compliance Monitoring Requirements
Once authorized, maintaining compliance is an ongoing obligation. The FCA expects firms to have robust compliance monitoring arrangements that are proportionate to their size and complexity.
Compliance Function Requirements
- Independent Compliance Function - Must be independent from business activities
- Compliance Officer - SMF16 or SMF17 responsible for compliance oversight
- Compliance Monitoring Program - Risk-based program covering all regulatory obligations
- Board Reporting - Regular compliance reports to governing body
- Breach Management - Process for identifying, escalating, and remediating breaches
Key Monitoring Areas
Ongoing Compliance Monitoring Checklist
- [ ] Financial Resources: Monitor capital adequacy daily, report breaches immediately
- [ ] Client Money: Daily reconciliations, external reconciliations monthly
- [ ] Best Execution: Monitor execution quality, annual review of policy
- [ ] Order Handling: Review of order routing, conflicts management
- [ ] Market Abuse: Transaction monitoring, suspicious transaction reports
- [ ] Financial Promotions: Pre-approval process, fair clear and not misleading
- [ ] Complaints Handling: Log complaints, respond within timeframes, root cause analysis
- [ ] AML/CTF: Customer due diligence, transaction monitoring, SAR filing
- [ ] Conduct Risk: Monitor for poor customer outcomes
- [ ] SM&CR: Maintain statements of responsibilities, certification renewals
- [ ] Regulatory Reporting: Submit returns on time (Gabriel/RegData)
- [ ] Training: Ensure all staff have appropriate training
FCA Regulatory Returns
Authorized firms must submit regular returns to the FCA:
- Annual Controllers Report - Changes to controllers
- Retail Mediation Activities Return (RMAR) - If applicable
- MIF001-007 - MIFIDPRU capital and reporting
- Transaction Reporting - Daily reporting of reportable transactions
- Annual Financial Statement - Audited accounts
- Annual CASS Return - Client assets reporting
- Complaints Return - Semi-annual complaints data
Key FCA Handbook References
The FCA Handbook is the authoritative source for regulatory requirements. Here are the key sourcebooks relevant to trading platforms:
Essential FCA Handbook Sourcebooks
SYSC- Senior Management Arrangements, Systems and Controls. Core governance requirements including SM&CR.COBS- Conduct of Business Sourcebook. Client classification, disclosures, suitability, best execution.CASS- Client Assets Sourcebook. Client money and custody asset rules.MIFIDPRU- Investment Firms Prudential Regime. Capital requirements, liquidity, remuneration.MAR- Market Conduct Sourcebook. Market abuse, suspicious transaction reporting.SUP- Supervision Manual. Regulatory reporting, variation of permission, approved persons.GEN- General Provisions. Principles for Businesses, interpreting the Handbook.COCON- Code of Conduct. Individual conduct rules under SM&CR.DISP- Dispute Resolution: Complaints. Complaints handling, FOS jurisdiction.FEES- Fees Manual. Application fees, periodic fees, levies.
The 11 Principles for Businesses
All FCA-authorized firms must adhere to the Principles for Businesses (PRIN). These high-level principles underpin all FCA regulation:
- Integrity - A firm must conduct its business with integrity
- Skill, Care and Diligence - A firm must conduct its business with due skill, care and diligence
- Management and Control - A firm must take reasonable care to organize and control its affairs responsibly and effectively
- Financial Prudence - A firm must maintain adequate financial resources
- Market Conduct - A firm must observe proper standards of market conduct
- Customers' Interests - A firm must pay due regard to the interests of its customers and treat them fairly
- Communications with Clients - A firm must pay due regard to the information needs of its clients
- Conflicts of Interest - A firm must manage conflicts of interest fairly
- Customers: Relationships of Trust - A firm must take reasonable care to ensure the suitability of its advice
- Clients' Assets - A firm must arrange adequate protection for clients' assets
- Relations with Regulators - A firm must deal with its regulators in an open and cooperative way
Consumer Duty (Principle 12)
From July 2023, the FCA introduced the Consumer Duty (Principle 12): "A firm must act to deliver good outcomes for retail customers." This is the highest standard of consumer protection in the FCA's rules and requires firms to put retail customer outcomes at the center of their business. Trading platforms serving retail clients must ensure their products, communications, and customer service meet this standard.