FCA Annual Returns for Payment Firms — A Complete Guide

Annual regulatory returns are one of the FCA's primary supervisory tools for monitoring the financial health and regulatory compliance of payment institutions and EMIs. Despite this, returns are frequently submitted late, contain material errors or rely on hurried year-end data compilation. This guide explains the key return obligations, data requirements and practical steps to ensure accurate, timely filings.

Which Returns Must Payment Firms Submit?

The specific returns a firm must file depend on its authorisation type and the activities it conducts. The principal returns are:

• REP018 — Annual return for authorised payment institutions (APIs). Captures revenue, own funds, safeguarding data, transaction volumes, complaints, agents and fraud statistics.
• REP019 — Annual return for authorised electronic money institutions (EMIs). Similar in structure to REP018 but includes e-money issuance data and average outstanding e-money calculations.
• REP017 — Return for small payment institutions (SPIs) and small EMIs. A simplified version with fewer data fields, but still covering financial position and complaints.
• Annual financial statements — APIs and EMIs must also submit audited annual accounts (or unaudited for SPIs/small EMIs below thresholds).
• Complaints return — Firms handling more than 500 complaints per half-year must file separate complaints data returns.

Each return has specific submission deadlines tied to the firm's accounting reference date. The standard deadline is 80 business days after the accounting reference date for REP018/019 and 30 business days for certain ad hoc returns.

Key Data Requirements

The returns require detailed quantitative data across several categories. Understanding these requirements in advance is essential for maintaining accurate records throughout the year.

Financial data includes total revenue from payment services, own funds calculations (initial capital plus retained earnings less intangible assets), and — for EMIs — average outstanding electronic money calculated as a daily average over the preceding six months. Safeguarding data captures the total amount of relevant funds held at the accounting reference date, the method of safeguarding used (segregation, insurance or guarantee) and the identity of safeguarding credit institutions or insurers. Operational data covers the number and value of payment transactions processed, the number of registered agents and distributors, and any material changes to the firm's business model or risk profile during the year.

Complaints data requires total complaints received, resolved, outstanding, and a breakdown by product category. The FCA uses this data to benchmark firms against peers and identify outliers that may warrant supervisory attention.

Common Errors and How to Avoid Them

The FCA has highlighted several recurring issues in annual return submissions:

• Own funds miscalculations — Firms frequently overstate own funds by including intangible assets, goodwill or loans that do not qualify as regulatory capital. The own funds calculation must follow the specific methodology set out in the Payment Services Regulations 2017 (for PIs) or the Electronic Money Regulations 2011 (for EMIs).
• Safeguarding discrepancies — The safeguarding figure reported in the return should reconcile to the firm's internal safeguarding records and to bank confirmations. Discrepancies suggest weaknesses in the firm's safeguarding controls.
• Transaction volume errors — Firms sometimes report gross transaction values rather than the net figures required, or double-count transactions that pass through multiple internal systems.
• Late submissions — Even short delays are flagged in the FCA's supervisory systems and can trigger follow-up action. Repeated late filing is treated as a conduct risk indicator.

Building a Year-Round Data Collection Process

The most effective way to ensure accurate and timely returns is to treat data collection as a continuous process rather than an annual exercise. Practical steps include: designating a named individual (ideally a senior manager under SMCR) as responsible for regulatory returns; establishing monthly data extraction routines for transaction volumes, complaints and safeguarding positions; conducting quarterly reconciliations between internal data and the formats required by the return; and scheduling an internal 'dry run' return at least eight weeks before the filing deadline.

Firms that outsource accounting or compliance functions should ensure their outsourcing agreements include specific obligations for the provider to supply return-ready data within agreed timescales. The firm remains fully responsible for the accuracy and timeliness of the submission regardless of any outsourcing arrangement.

Consequences of Non-Compliance

The FCA treats annual return obligations seriously. Failure to submit returns on time, or submission of materially inaccurate data, can result in: supervisory attention including requests for additional information or meetings with the firm's senior management; requirements to appoint a skilled person under section 166 FSMA to review the firm's financial position and reporting processes; public censure; and, in serious cases, variation or cancellation of the firm's authorisation. The FCA has also used late or inaccurate return data as evidence of broader governance failures in enforcement proceedings.

Regulatory Counsel advises payment institutions and EMIs on annual return preparation, data governance and FCA reporting compliance. Contact us for a free initial consultation. See our compliance monitoring page for more.