Permission Buster: A guide to the FCA authorization process for investment firms

Financial service providers that seek to operate as investment firms in the UK must be authorized by the country’s financial regulator, the Financial Conduct Authority (FCA). The authorization process is a significant administrative challenge and requires investment firms to apply for specific operational permissions consistent with their stated business model. 

Investment firms must apply for the correct permissions during the application process. When firms apply for FCA authorization, the regulator will scrutinize their business plans and investigate whether the proposed permissions are appropriate. The permissions that investment firms hold will determine the prudential category they fall into, which in turn affects the amount of capital they are required to hold and whether they will be subject to the Investment Firms Prudential Regime (IFPR).

As of April 1, 2026, the FCA has simplified this by moving all capital definitions directly into a self-contained MIFIDPRU 3 chapter, removing the previous reliance on complex cross-references to banking regulations (UK CRR). This has reduced administrative red tape by roughly 70% for firms managing their own funds.

With that in mind, the FCA has increased its focus on ensuring that firms apply only for the permissions required for their business, with incorrect applications resulting in delayed or, worse, rejected authorization. In this installment of our FCA approval series for early-stage FinTechs, we’re going to deconstruct the application process to help firms identify the key permissions they need before they start trading.  

Key FCA application considerations

The more an investment firm understands the application process, the easier it will be to become and remain compliant in the eyes of the FCA. Accordingly, the following represent key compliance considerations during the application process: 

1) Selecting required permissions

A firm’s business model determines the permissions that it must apply for. Here are some of the common permissions that UK investment firms need: 

• Advising on investments: This permission is required when a firm needs to advise an investor to buy or sell financial instruments (i.e., shares in a listed company) based on a consideration of their personal circumstances. Notably, a new “Targeted Support” gateway opened in March 2026, allowing firms to apply for a specialized permission to offer narrowed, outcome-based support to retail investors without the full burden of a holistic advice permission.
• Arranging (bringing about deals in investments): This covers arrangements that have the direct effect of concluding a transaction. 
• Making arrangements with a view to transactions in investments: This permission has a broad scope – a firm may be carrying out this designated activity even if it is providing only part of the facilities for bringing about a transaction.
• Dealing in investments as an agent: This permission covers instructing the buying and selling of investments on behalf of investors. 
• Dealing in investments as principal: This permission is required either when the firm trades using its own capital or when it stands between the buyer and seller on a matched-principal basis, i.e., the firm matches buy and sell orders to be carried out simultaneously. 
• Managing investments: This permission covers the management of portfolios on a discretionary basis i.e., buying and selling of investments without the client approving each transaction.
• Safeguarding and administering assets (without arranging): This permission is for acting as custodian of the property – most firms would apply for the arranging permission instead (below) due to the increased regulatory obligations and scrutiny that come with holding client assets.
• Arranging the safeguarding and administration of assets: This permission is necessary for firms arranging for another firm to act as the custodian of the property. 

2) Determining client type

While the substance of investment firm permissions should be a focus of every application, the type of clients each firm intends to deal with is also relevant. Accordingly, for each permission stipulated, firms must specify the client types for which they seek permission to engage. 

There are three distinct categories of clients:

• Retail: The default category for any client, retail clients are afforded the highest level of protection. Under the fully embedded Consumer Duty, firms must now proactively prove they are delivering “good outcomes” and preventing “foreseeable harm” for these clients at the point of application.
• Professional: There are two subcategories of ‘professional’ client. The first is ‘per se professional,’ which refers to, for example, another regulated investment firm or a large corporation. The second is ‘elective professional’, a status that retail clients can opt up to if they satisfy certain criteria relating to their knowledge, experience, and prior investment activities.
• Eligible counterparty: Ordinarily, this client category applies to financial institutions, insurers, pension funds, or governments. These clients are excluded from the majority of investor protection requirements.

3) Applying for FCA authorization

While the FCA continues to evolve its regulatory approach in line with its published strategy, this guide should help investment firms navigate the intensive assessment process.

With that in mind, it is important that firms are prepared for the high level of scrutiny their financial and business models will face when applying to the FCA. A single well-intentioned but misguided statement in a business plan, or an error in any accounting forecasts, can quickly put an application on the back foot and lead to delays or even rejection.

For early-stage FinTechs, the government has introduced a “Provisional License” regime in 2026. This allows eligible firms to perform limited regulated activities for up to 18 months in a controlled environment while they work toward full authorization.

Consistency is key when providing all the required documents. Before submitting the application, ensure all information provided across the business plan, the FCA forms, and the senior manager application packs is consistent with the permissions. Applications must now explicitly address “Non-Financial Misconduct” (NFM) policies, as the FCA’s 2026 rules now treat workplace bullying and harassment as high-priority fitness and propriety issues.

4) Answering FCA questions

After submitting the FCA authorization application, the FCA will almost certainly have additional queries and will usually ask them across several rounds of questioning. Thanks to the 2026 SM&CR reforms, the “12-week rule” has been modernized. If a firm needs to replace a senior manager during or after the application process, they now have 12 weeks to submit the application while the individual begins acting in the role, rather than waiting for full pre-approval.

The questions could span multiple areas, including:

• The business model and financials
• The customer journey
• Systems and controls to combat financial crime
• The suitability of individuals applying to be senior managers
• Any other aspect of the firm’s application

At this stage, firms will also need to be prepared to answer questions about their regulated activities. In particular, they will need to explain how the regulated activities they will be carrying out when operational will reconcile with the permissions they propose to hold. 

After questioning, the FCA will review the permission profile selected during the application.

FCA compliance for investment firms

Achieving FCA compliance is more than applying for and obtaining the correct permissions. Investment firms will also have to demonstrate that they can comply with the UK’s AML/CFT regulations on an ongoing basis. In practice, this means implementing a robust AML/CFT solution with a range of compliance measures and controls, including transaction monitoring, sanctions screening, PEP screening, and adverse media monitoring. Those data-intensive compliance considerations require investment firms to think carefully about their AML/CFT solution – and integrate software tools capable of facilitating effective collection and analysis processes. 

ComplyAdvantage’s Mesh platform is designed to help investment firms strengthen their UK compliance performance while enhancing the customer experience for those using their products and services.