Payments regulation lawyer advising on uk fca authorisation and open banking

Authorisation and Licensing

FCA authorisation, registration and permissions for payment service providers and e-money issuers

Authorisation and licensing is the gateway to providing regulated payment services in the United Kingdom. Any firm wishing to provide payment services or issue electronic money must obtain the appropriate regulatory permissions from the Financial Conduct Authority (FCA) under the Payment Services Regulations 2017 (PSRs 2017) or the Electronic Money Regulations 2011 (EMRs 2011). bratby.law advises applicants and existing payment institutions on the full authorisation lifecycle, from initial structuring through to ongoing compliance. For the wider context of our payments practice, see Payments Regulation.

The UK authorisation framework for payment services

The PSRs 2017, which transposed the second Payment Services Directive (PSD2) into UK law, establish the regulatory perimeter for payment services. Part 2 of the PSRs 2017 sets out the requirement for authorisation or registration. A firm must be authorised as a payment institution (PI) under regulation 5 to provide any of the payment services listed in Schedule 1, unless it qualifies for the small payment institution exemption under regulation 14 (average monthly payment transactions not exceeding 3 million euros).

The distinction between authorisation and registration is material. Authorised payment institutions are subject to the full suite of regulatory obligations including initial capital requirements under regulation 7, ongoing own funds requirements under regulation 21, safeguarding obligations under Part 7, and conduct of business requirements. Small payment institutions are exempt from capital and safeguarding requirements but remain subject to conduct requirements and must not passport services into other jurisdictions.

Firms providing account information services (AIS) or payment initiation services (PIS) under the open banking framework must be authorised or registered as account information service providers or payment initiation service providers respectively. These services were introduced by PSD2 and retained in UK law. For our advice on open banking, see Open Banking and Variable Recurring Payments.

Electronic money institutions (EMIs) require separate authorisation under the EMRs 2011. Small electronic money institutions may register under regulation 12 of the EMRs 2011 where average outstanding electronic money does not exceed 5 million euros. The regulatory obligations for EMIs include safeguarding under Part 4 of the EMRs 2011, distribution arrangements, and redemption rights for e-money holders.

The FCA authorisation process

FCA authorisation applications for payment institutions and electronic money institutions are submitted through the FCA Connect portal. The FCA assesses applications against the conditions for authorisation set out in regulation 6 of the PSRs 2017, which include: the applicant’s programme of operations; business plan and structural organisation; internal control mechanisms; risk assessment procedures; the identity and suitability of qualifying shareholders and persons responsible for management; and initial capital.

The statutory determination period is three months from receipt of a complete application, though in practice the FCA frequently issues information requests that extend the timeline. Common areas of FCA scrutiny include: the adequacy of the compliance monitoring programme; the competence and experience of individuals performing senior management functions; anti-money laundering systems and controls; safeguarding arrangements; and wind-down planning. Applications involving novel business models or complex group structures typically require more extensive engagement with the FCA’s authorisations team.

Post-authorisation, firms must comply with ongoing regulatory requirements including the submission of regulatory returns, notification of material changes to the information provided in the application, and compliance with the FCA’s Principles for Businesses and the Payment Services and Electronic Money sourcebook (PERG and FEES). Firms performing significant payment volume or providing cross-border services face additional supervisory attention.

What we advise on in payments authorisation

Our payments authorisation and licensing services include:

Regulatory perimeter analysis: determining whether a business model constitutes a regulated payment service, e-money issuance, or falls within an exclusion under Schedule 2 of the PSRs 2017 or regulation 3 of the EMRs 2011
FCA authorisation applications: preparing and submitting applications for authorisation or registration as a payment institution, electronic money institution, or account information/payment initiation service provider
Programme of operations and business plan drafting: preparing the regulatory business plan, governance framework, risk assessment and compliance monitoring programme required by the FCA
Corporate structuring for regulatory purposes: advising on group structure, agent and distributor arrangements under regulation 36 of the PSRs 2017, and the regulatory implications of different corporate models
Senior management arrangements: advising on the allocation of prescribed responsibilities and the fitness and propriety requirements for individuals performing senior management functions
Variations of permission: applying to add or remove regulated activities, extend permissions, or change the scope of authorisation
Post-authorisation compliance: ongoing regulatory obligations including regulatory returns, change notifications, and maintaining conditions of authorisation

book a call with Rob Bratby.

Frequently asked questions about payments authorisation

Do I need FCA authorisation to provide payment services?

Any firm providing payment services as listed in Schedule 1 of the PSRs 2017 must be authorised or registered with the FCA, unless an exclusion applies. The exclusions in Schedule 2 cover limited network services, electronic communications exclusions, and certain commercial agent arrangements. Whether an exclusion applies depends on the specific facts of the business model. Getting this assessment wrong carries significant legal and financial risk, as providing payment services without authorisation is a criminal offence under regulation 138 of the PSRs 2017.

What is the difference between a payment institution and an electronic money institution?

A payment institution is authorised under the PSRs 2017 to provide payment services such as money remittance, payment execution, and account information services. An electronic money institution is authorised under the EMRs 2011 to issue electronic money (a stored monetary value represented by a claim on the issuer). An EMI may also provide payment services. The regulatory requirements differ: EMIs face additional obligations around safeguarding of e-money funds and redemption rights. The choice of authorisation depends on the firm’s business model and the services it intends to provide.

How long does the FCA authorisation process take?

The statutory determination period is three months from receipt of a complete application. In practice, the FCA issues information requests and follow-up questions that pause the determination clock, and the overall process typically takes six to twelve months from first submission. Complex applications involving novel payment models, multi-jurisdictional structures, or significant volumes may take longer. Early pre-application engagement with the FCA can help identify potential issues before the formal application is submitted.

Can I operate as a small payment institution to avoid full authorisation?

A firm may register as a small payment institution under regulation 14 of the PSRs 2017 if its average monthly payment transactions over the preceding 12 months do not exceed 3 million euros. Small PIs are exempt from initial capital and safeguarding requirements but cannot passport services to other jurisdictions and must notify the FCA if they exceed the threshold. Registration does not exempt the firm from AML obligations, conduct requirements, or the FCA’s supervisory oversight. Many firms find that the reduced requirements of registration are offset by the inability to scale or operate cross-border.

Related payments regulation pages

See also our other payments regulation pages: