How to Get an FCA Payment Institution Licence: The Complete Guide

An FCA payment institution licence is the regulatory authorisation required to provide payment services in the United Kingdom under the Payment Services Regulations 2017 (PSRs 2017). The Financial Conduct Authority (FCA) is the competent authority responsible for authorising and supervising payment institutions, and any firm wishing to provide regulated payment services — including money remittance, merchant acquiring, payment execution and payment initiation — must obtain either Authorised Payment Institution (API) status or Small Payment Institution (SPI) registration before commencing business. This guide explains the full application process, regulatory requirements and practical steps for firms seeking FCA payment institution authorisation.

What Is an FCA Payment Institution Licence?

An FCA payment institution licence is the formal authorisation granted under the Payment Services Regulations 2017 to firms providing one or more of the regulated payment services listed in Schedule 1 of the PSRs 2017. These regulated activities include: the execution of payment transactions (including direct debits and credit transfers), the issuing of payment instruments, merchant acquiring, money remittance, payment initiation services (PIS) and account information services (AIS). The licence is issued by the FCA and permits the holder to provide these services lawfully within the United Kingdom. Payment institutions are distinct from electronic money institutions (EMIs), which are authorised under the Electronic Money Regulations 2011 (EMRs 2011) to issue electronic money. A payment institution cannot issue e-money — if a firm's business model involves stored value, wallets or prepaid cards, it will require EMI authorisation rather than a PI licence. The PSRs 2017 transposed the EU's Payment Services Directive 2 (PSD2) into UK law, and the regulatory framework remains substantively aligned with PSD2 despite the UK's departure from the European Union.

Who Needs an FCA Payment Institution Licence?

This requirement typically applies to:

• Money remittance businesses sending funds domestically or internationally on behalf of customers
• Merchant acquirers processing card-present or card-not-present payment transactions for retailers and online businesses
• Payment initiation service providers (PISPs) initiating payments from customer bank accounts via open banking APIs
• Account information service providers (AISPs) aggregating financial account data from multiple institutions
• Corporate payment platforms facilitating business-to-business payment execution
• Firms operating payment accounts for customers where the activity constitutes payment execution
• Currency exchange businesses where the exchange is combined with a payment transfer

Firms must determine whether they require API authorisation or SPI registration. The SPI route is available to firms that execute payment transactions averaging no more than €3 million per month over the preceding 12 months. SPIs face lighter prudential requirements but cannot passport into other jurisdictions and are subject to the €3 million volume cap. Firms exceeding or expecting to exceed this threshold must apply for full API authorisation.

Key Regulatory Requirements

Capital requirements. The PSRs 2017 prescribe minimum initial capital based on the payment services provided. Money remittance services require £20,000 initial capital. Payment initiation services require £50,000. Payment execution, merchant acquiring, and the operation of payment accounts require £125,000. These are minimum thresholds — the FCA may require additional own funds based on the firm's risk profile and projected volumes. Ongoing capital requirements are calculated using one of three methods prescribed in Regulation 20 of the PSRs 2017, based on the firm's payment transaction volumes, fixed overheads, or a combination. SPIs must hold a minimum of £0 in initial capital but must demonstrate adequate financial resources to sustain operations.

Governance and management. The FCA requires firms to demonstrate that directors and senior managers are fit and proper to hold their positions. Key individuals must complete the FCA's Individual Questionnaire (IQ), disclosing employment history, regulatory history, criminal convictions (including spent convictions), CCJs, insolvencies and any civil or regulatory proceedings worldwide. The firm must have a clear governance structure with appropriate segregation of duties, independent compliance oversight and documented decision-making processes.

Safeguarding. Authorised Payment Institutions (APIs) that hold client funds must implement safeguarding arrangements compliant with Regulation 23 of the PSRs 2017. This requires either segregation of client funds in a designated safeguarding account at an FCA-approved credit institution, or protection via an insurance policy or comparable guarantee from an authorised insurer. The FCA expects firms to have confirmed safeguarding arrangements — including written acknowledgement from the credit institution — before the application is submitted. Note: Small Payment Institutions (SPIs) are not legally required to safeguard under Regulation 23, although they may opt in voluntarily.

AML controls. The FCA assesses the firm's anti-money laundering framework under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017). The AML programme must include a business-wide risk assessment, customer due diligence (CDD) procedures tailored to the firm's customer types and transaction patterns, ongoing monitoring, suspicious activity reporting (SAR) processes, sanctions screening, and staff training. A qualified Money Laundering Reporting Officer (MLRO) must be appointed. Generic AML policies copied from templates are the single most common reason for FCA information requests and application delays.

Business plan and financial projections. The FCA requires a detailed regulatory business plan covering the firm's target market, customer acquisition strategy, revenue model, operational infrastructure and risk management framework. Financial projections must cover three years with monthly granularity for year one. Revenue assumptions must be traceable to specific, credible customer acquisition activities. The FCA will challenge aspirational projections that are disconnected from the firm's actual commercial pipeline.

Systems and controls. The firm must demonstrate operational resilience, IT security, outsourcing governance, business continuity planning and complaint handling procedures. The FCA expects these to be proportionate to the firm's size and the complexity of its payment services.

The FCA Application Process: Step by Step

Step 1 — Regulatory assessment and planning. Determine whether API authorisation or SPI registration is the appropriate route based on projected payment volumes. Identify all regulated activities to be included in the application. Appoint key individuals (directors, MLRO, compliance officer). Timeline: 2–4 weeks.

Step 2 — Documentation preparation. Prepare the programme of operations, regulatory business plan, AML framework, compliance monitoring programme, safeguarding arrangements, financial projections, governance documents and Individual Questionnaires for all key persons. This is the most time-intensive phase and determines application quality. Timeline: 8–14 weeks.

Step 3 — Submission via FCA Connect. Submit the completed application through the FCA's Connect system, including all supporting documentation and the application fee (currently £1,500 for API, £500 for SPI). The FCA will acknowledge receipt and assign the application to an assessment team. Timeline: 1–2 weeks.

Step 4 — FCA review and information requests. The FCA assessment typically involves 2–4 rounds of detailed information requests. Each round allows 20 working days for response. The quality and completeness of responses directly determines the timeline. Common information requests focus on AML framework specifics, financial projection assumptions, safeguarding arrangements and governance structure. Timeline: 3–8 months.

Step 5 — Determination. The FCA will either grant authorisation, grant with conditions or restrictions, or refuse the application. The statutory deadline is 3 months for complete applications, but in practice API applications take 6–12 months and SPI registrations take 3–6 months.

Common Mistakes and Why FCA Applications Fail

The single most common failure is an AML framework that is generic rather than tailored to the firm's specific business model. A money remittance firm serving diaspora corridors to West Africa has a fundamentally different risk profile than a PISP serving UK e-commerce merchants. The FCA expects the risk assessment, CDD procedures and monitoring rules to reflect the firm's actual customer types, geographies, transaction patterns and delivery channels. Template AML policies downloaded from the internet are identified immediately.

The second most frequent failure is unrealistic financial projections. Firms that project £5 million in revenue within 12 months without demonstrating a credible sales pipeline, existing client relationships or proven distribution channels will face repeated FCA challenges. Revenue assumptions must be conservative and traceable.

Third, inadequate safeguarding arrangements cause significant delays. Firms that have not secured a safeguarding account at an FCA-approved credit institution before application — or that present vague safeguarding proposals without confirmed banking relationships — will be asked to remediate before the FCA progresses the assessment.

Fourth, undisclosed personal history of key individuals. The FCA conducts thorough background checks through the Register, Companies House, credit reference agencies and criminal records databases. Any material omission in the Individual Questionnaire — previous regulatory sanctions, directorships of failed companies, CCJs, or non-UK regulatory history — will result in significant delays or refusal.

What Firms Should Do Now

1. Determine whether API authorisation or SPI registration is the appropriate route for your business model and projected transaction volumes over the next 12–24 months.
2. Appoint a qualified MLRO and compliance officer — these are mandatory roles that must be filled before application submission.
3. Commission a business-wide AML risk assessment tailored to your specific customer types, geographies and payment flows — not a generic template.
4. For API applicants, open a safeguarding account at an FCA-approved credit institution and obtain written acknowledgement confirming its safeguarded status. (SPIs are not legally required to safeguard but voluntary safeguarding is strongly recommended.)
5. Prepare 3-year financial projections with conservative, realistic revenue assumptions linked to identifiable customer acquisition channels.
6. Conduct thorough due diligence on all proposed directors and key individuals before submission — identify and address any fitness and propriety issues proactively with supporting narrative.

Regulatory Context and Outlook

The FCA's approach to payment institution authorisation has tightened significantly since 2023. The regulator's Dear CEO letter to payment firms in March 2024 highlighted concerns about firms' financial resilience, safeguarding arrangements and AML controls. The FCA's 2024/25 Business Plan lists "ensuring adequate safeguarding arrangements" and "more assertive gateway standards" as priority outcomes. Application refusal rates have increased from approximately 1 in 14 in 2021 to approximately 1 in 5 in 2023, and the FCA is more willing to impose conditions, restrictions and requirements on new authorisations. Firms should expect the authorisation process to be thorough and should invest appropriately in application quality. The PS25/12 safeguarding regime (published August 2025, effective 7 May 2026) strengthens safeguarding requirements for authorised payment institutions and EMIs, adding a further layer of complexity for newly authorised firms.

Regulatory Counsel manages FCA authorisation applications for payment institutions from initial strategy through to approval. Our team has direct experience of the FCA's current assessment approach and has secured authorisations across all payment service categories. Firms seeking specialist support with FCA payment institution authorisation can contact Regulatory Counsel for a free initial consultation. See our licensing and authorisation service for details.