UK FCA authorisation for investment firms: practical overview

Permission design is the foundation

The UK application is built around permissions, investment types, clients, and the legal entity that will carry out regulated activities. A business plan that says investment platform or asset manager is not enough. The FCA needs to see the regulated activities and the operating evidence behind them.

For investment managers, the FCA points applicants to firm-type pages as well as the general authorisation process. That is important because an investment manager, financial adviser, stockbroker, platform, and wholesale market participant may need different forms, controls, and prudential analysis.

Ready, willing, and organised is practical evidence

A credible application looks operational. It includes a regulatory business plan, forecasts, governance, compliance monitoring, financial crime controls, outsourcing, complaints, wind-down analysis, and, where relevant, CASS and client money arrangements.

The FCA's financial information guidance is a useful reminder that forecasts must align to the applicant entity. A spreadsheet that does not balance, or that reflects only part of the legal entity, can delay an otherwise promising application.

SM&CR belongs in the application pack

Senior Managers and Certification Regime work is not only a post-authorisation compliance project. The application should show who owns the important functions, what senior manager approvals are needed, and how certification and conduct obligations will be embedded.

The FCA SM&CR page was source-checked on 2026-06-05 and showed a 24 April 2026 update marker. That matters for UK firms because accountability reform and process updates should be treated as current context, not legacy commentary.

Public register checks protect users

The FCA Financial Services Register is central for checking firm status, permissions, individuals, and warnings. LicenseCompare opens register links in a new tab so users can compare our summary with the official record before making decisions.

For applicants, the register is also a benchmark tool. It can help you understand how comparable firms are described, but it should not be used to copy permissions. Your facts and controls drive your application.

The permission table should drive the application

A UK applicant should create a permission table before drafting the narrative. Each proposed activity should list the service, investment type, client type, revenue line, delivery channel, senior owner, operational control, and whether client assets or client money are involved. This turns authorisation into an evidence exercise.

The table also helps avoid accidental contradictions. For example, a firm may say it will not hold client money but describe a fee deduction or settlement process that suggests control over client assets. It may say it serves professional clients but include retail-style journeys in its website plan. Those contradictions are easier to fix before submission.

What strong financial information looks like

The FCA's financial information guidance is practical: forecasts should be aligned to the applicant legal entity, internally consistent, and connected to the business model. A forecast that looks like investor fundraising material may not be enough for authorisation.

For an investment firm, financial information should support prudential classification, own funds, liquidity, revenue assumptions, headcount, outsourcing, wind-down, and systems costs. The question is not whether the spreadsheet is optimistic. The question is whether it is coherent enough for the regulator to assess resilience.

SM&CR as operating design

SM&CR should shape how the firm operates. Senior manager responsibilities, certification, conduct rules, regulatory references, and fitness assessments all connect to day-to-day accountability. If the application treats SM&CR as a separate appendix, it may miss the point.

For a startup firm, this does not require excessive bureaucracy. It requires clarity. Who owns compliance? Who owns financial crime? Who owns operations? Who challenges portfolio decisions, client asset assumptions, complaints, outsourcing, and technology risk? The answer should be visible in governance documents and the business plan.

Evidence of being ready, willing, and organised

For a UK investment firm, readiness is shown through consistency. The website plan, permissions table, business plan, financial forecast, SM&CR map, compliance monitoring plan, CASS analysis, outsourcing register, and wind-down plan should all describe the same firm. If each document appears to describe a slightly different business, the applicant is not yet organised.

The firm should also be ready for case officer questions. A useful preparation exercise is to answer ten likely questions in writing: why these permissions, why these clients, why this capital, why these senior managers, why this custody model, why this outsourcing, why this revenue forecast, why this compliance budget, why this wind-down plan, and why now.

Those written answers are not a script. They are a test of whether management owns the application rather than delegating regulatory understanding to outside advisers.