Menu
Member's Hub
Login
Join us

FCA consistency check blueprint: Aligning business plans, permissions, and roles

by Complyport Ltd

Share this post

Firms seeking FCA Authorisation must ensure consistent business plans, permissions, and SMF roles to avoid delays, rejection, and regulatory concerns.

For firms undergoing the Financial Conduct Authority (“FCA”) Authorisation process, consistency is not a matter of presentation; it is a regulatory requirement. The FCA assesses each application in scrupulous detail, examining whether the Regulatory Business Plan, permissions sought and Senior Management Function (“SMF”) appointments align to form a coherent and credible framework demonstrating that the firm is ‘ready, willing and organised’ to meet regulatory requirements and operate their business effectively and compliantly.

Where the regulator identifies inconsistencies after submission, the progress of FCA Authorisation Applications may be stalled for months. In severe cases, they may be outright rejected. The Regulator may read misalignment as a proxy for governance weaknesses and may raise the question of “If the firm cannot present its model consistently on paper, how can it operate with integrity in practice?”.

This thought leadership outlines a consistency check blueprint—a practical framework to help firms applying for FCA Authorisation avoid the pitfalls of fragmented submissions and streamline their path to a successful and complete application submission.

The business plan: More than a pitch document

One of the core documents supporting every FCA Authorisation Application is the Regulatory Business Plan (the “Business Plan”). The Business Plan is not simply an investor pitch repurposed for regulatory purposes. It is the anchor document against which every other part of the Application will be considered.

Key considerations:

  • Substance over ambition: Overly optimistic growth projections or vague market assumptions undermine credibility. The FCA expects forecasts to be evidence-based and proportional to the firm’s available resources.
  • Operational depth: The Business Plan should go beyond commercial strategy to explain operational readiness, including staffing, compliance systems, outsourcing, IT infrastructure and risk management controls.

Professional insight

The FCA places significant emphasis on the Business Plan, not only as a statement of expected growth but as evidence of how the firm will operate responsibly in practice. Applications are frequently challenged where expenditure on compliance, governance, risk management and systems is out of step with projected activity. For example, a firm projecting £100m in revenue but allocating only minimal resources to compliance would raise immediate concerns. Firms must demonstrate that their modelling of headcount, infrastructure, governance arrangements and compliance costs is proportionate and sustainable, to demonstrate to the FCA that they can deliver growth without compromising regulatory standards or consumer outcomes.

Regulatory permissions: Matching scope to reality

The permissions sought should flow naturally from the Applicant’ proposed business model. Applications that overshoot reality, requesting permissions for services not yet developed or supported, signal poor regulatory judgment to the FCA.

Considerations for firms

  • Granularity: Apply only for permissions necessary for your immediate and near-term business activities. Planning for the future is prudent, but unjustified breadth will invite FCA scrutiny.
  • Evidence of readiness: Where new services are contemplated, Applicants should show phased rollouts and supporting controls.
  • Consistency with financial projections: Permissions should align with transaction volumes, revenue forecasts, client numbers and governance structures.

Too often, firms approach permissions as a regulatory “wish list”, applying for a broad range of activities rather than those genuinely supported by their current strategy and infrastructure. The FCA interprets this as a sign of strategic immaturity and questions whether the firm fully understands the scope and obligations of its requested permissions.

When considering changes to their regulatory footprint, firms should be mindful that permissions are not static. If a business line is no longer relevant, firms are expected to apply to cancel unnecessary permissions to avoid heightened regulatory fees and scrutiny. Conversely, when a firm seeks to expand its activities, a variation of permission (VoP) application is required, supported by an updated Regulatory Business Plan, financial forecasts, and evidence of systems and controls suitable for the new activities.

At the same time, firms must ensure they remain within the regulatory perimeter. The FCA’s perimeter guidance outlines how various activities are classified as either regulated or unregulated. A careful review of this guidance at the planning stage can prevent firms from either conducting regulated business without authorisation or over-applying for permissions they do not actually need.

SMF roles: Proving competence and accountability

Senior Managers are the FCA’s agents and the eyes into a firm’s culture and governance. Their credibility can make or break an application.

The FCA assesses whether:

  • Experience matches responsibility: SMFs must have a demonstrable track record relevant to their role. For example, an individual proposed for the position of the SMF16 (Compliance Officer) may not qualify without specific compliance expertise.
  • Capacity is realistic: The FCA increasingly challenges part-time SMF appointments, or appointments where individuals undertake a number of roles in different firms. Evidence of capacity, including time commitments, delegations and availability of support teams, is critical.

The FCA will examine SMFs’ experience, qualifications and role descriptions. Even minor inconsistencies, such as mismatched job titles across documents, unclear reporting lines or overlapping responsibilities, may trigger queries for clarification that can stall an application’s progress for months.

Further information on SMF roles and responsibilities can be found in the FCA Handbook, specifically within SYSC 4 (General Organisational Requirements) and SUP 10C (FCA Senior Managers Regime).

The consistency check blueprint in practice

To mitigate unnecessary risks, firms should implement a structured consistency audit before submitting an application to identify gaps, overlaps or inconsistencies and resolve them in advance of the FCA’s scrutiny.

Here are a few steps Applicants can take to reduce the risk of inconsistencies before submitting their application:

Step 1: Cross-document review

Compare the Business Plan with the permissions sought and SMF roles:

  • Are they a clear fit?
  • Do SMF job descriptions match business model activities and the firm’s compliance framework?
  • Does the business model in the Business Plan accurately reflect the permissions being applied for?
  • Do the details shared in other documentation (e.g., policies, financials, governance structures) correctly align with and support the information set out in the Business Plan?

Step 2: Stress-testing

Apply “FCA-style” scrutiny to each application document internally:

  • Does the Business Plan provide a clear rationale for each permission requested?
  • Do the financial forecasts demonstrate that sufficient resources are in place to support the firm’s operations?
  • Are the compliance systems proportionate to the risks identified in the business model?

Step 3: Governance mapping

Create a matrix that maps the relationship between business model activities, permissions and SMF accountability. This not only provides the FCA with clear evidence of a well-structured governance framework but also demonstrates that the firm has carefully considered how operations, compliance and leadership integrate in practice. The matrix should also demonstrate how responsibilities are allocated across individuals and departments, ensuring there is clarity on ownership of key functions and no gaps or overlaps in accountability.

Strategic value of consistency: Building regulatory trust

Consistency is not merely a requirement for FCA Authorisation; it is a strategic advantage. Consistency serves as:

  • A foundation for long-term regulatory relationships, establishing trust and credibility with the FCA;
  • A signal of organisational efficiency, reducing unnecessary queries and helping to accelerate time to market; and
  • Evidence of governance maturity, reassuring the FCA, investors and partners while creating a strong platform for future expansion or growth strategies.

Pro tip

The FCA’s Authorisation process tests organisational discipline as much as regulatory expertise. Inconsistent documents signal to the Regulator that a firm is not “ready, willing and organised”, a key FCA threshold. Such perceptions can have lasting regulatory and reputational consequences. Submissions must demonstrate that the firm is fit and proper today. They must also evidence the foresight, systems and governance required to sustain compliance and growth over the long-term.

Untitled-design-5
Article by Complyport
Visit website

Follow us

Conferences

Networking events

Payments Intelligence

Insights Podcast

Insights Video

Back to main menu

Membership

Our members

Member benefits

Become a member

Merchant Community Membership

Our merchants

Join the merchant community

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.
Sign in
Become a member
Contact us
Careers
Marketing services
Cart
Youtube Spotify X-twitter Linkedin