Skip to main content
Custom SaaS Development

How to Get FCA Regulated as a Fintech Startup in the UK (2026 Guide)

How to get FCA regulated as a UK fintech startup in 2026 — which licence you need, what it costs (£100K+), and how to operate legally while waiting.

Jahja Nur Zulbeari | | 11 min read

Building a fintech product in the UK without understanding the FCA regulatory framework is one of the most common and most expensive mistakes early-stage founders make. You can build the product — but you cannot launch it legally without the right authorisation. The technical side of this is covered in our fintech SaaS development guide.

This guide covers which FCA licence you need, how to get it, how long it takes, and how to operate legally in the meantime.

The Short Answer

The FCA licence you need depends on what your product does. For most fintech SaaS products: reading bank account data requires AISP registration, initiating payments requires PISP authorisation, issuing accounts or e-money requires EMI authorisation. The process takes 3–18 months depending on the regime. While you wait, operating under a BaaS provider’s licence is the standard approach.

The FCA Regulatory Map for Fintech

What Your Product DoesRegulatory CategoryTimelineMin. Capital
Reads bank account data (Open Banking)AISP Registration3–6 monthsNone
Initiates payments from bank accountsPISP Authorisation6–12 months€20,000
Issues payment accounts / IBANsEMI Authorisation12–18 months€350,000
Issues prepaid cardsEMI Authorisation12–18 months€350,000
Holds e-money / user fundsEMI Authorisation12–18 months€350,000
Transfers money (remittance)Payment Institution9–15 months€125,000
Investment advice / executionFCA Authorisation (FSMA)12–24 monthsVaries
Consumer credit / BNPLFCA Authorisation (CCA)12–24 monthsVaries

AISP vs PISP vs EMI — Which Do You Need?

AISP (Account Information Service Provider)

What it covers: Reading and displaying bank account data with user consent. Your product can show a user their balances, transactions, and account details from multiple banks in one interface.

Typical products: Personal finance management apps, expense trackers, credit scoring tools, open banking data aggregators.

Authorisation type: Registration (lighter-touch than full authorisation).

Timeline: 3–6 months.

Capital requirement: None.

PISP (Payment Initiation Service Provider)

What it covers: Initiating payments directly from a user’s bank account, bypassing card networks.

Typical products: Pay-by-bank checkout flows, B2B payment platforms, rent payment tools, payroll initiation.

Authorisation type: Authorisation (more extensive than AISP registration).

Timeline: 6–12 months.

Capital requirement: €20,000 initial capital, ongoing capital requirements based on transaction volume.

EMI (Electronic Money Institution)

What it covers: Issuing e-money (balances stored in your platform), payment accounts with IBANs, prepaid cards, and holding user funds.

Typical products: Neobanks, expense management platforms with company cards, payroll wallets, marketplace escrow accounts.

Authorisation type: Full EMI authorisation (most complex).

Timeline: 12–18 months.

Capital requirement: €350,000 initial capital (or €125,000 for small EMI with restrictions).

The FCA Application Process

Step 1: Prepare the Application Pack (2–4 months)

The FCA application requires:

  • Regulatory Business Plan — detailed description of your business model, products, target market, and how you intend to manage regulatory obligations
  • Financial Projections — 3-year financial forecasts including capital adequacy calculations
  • Compliance Framework — AML/CTF policies, sanctions screening procedures, fraud prevention framework, complaints handling policy
  • Governance Structure — organisational chart, board composition, senior management function (SMF) applications for key individuals
  • Wind-Down Plan — how you would wind down the business in an orderly manner if needed
  • IT Security Assessment — description of your technology architecture, data security measures, and business continuity plans
  • Safeguarding Arrangements — how you will protect client funds (EMI only)

This documentation typically requires a compliance consultant or specialist lawyer. Budget £20,000–£80,000 for preparation — a cost that sits on top of the fintech SaaS development costs for building the product itself.

Step 2: Submit via Connect (Week 1 of formal process)

The FCA’s online portal (Connect) is where applications are submitted. Ensure every section is complete before submission — incomplete applications are returned and restart the clock.

Step 3: FCA Assessment (3–18 months)

The FCA has a statutory 3-month period to assess complete applications. In practice, most applications receive requests for additional information (RFIs) that pause the clock. Complex applications (EMI, payment institutions) regularly take 12–18 months.

Step 4: Authorisation and Ongoing Compliance

Once authorised, ongoing obligations include:

  • Annual regulatory reporting (financial returns, transaction data)
  • Notification of material changes to the business
  • CASS (Client Asset Sourcebook) compliance for safeguarding (EMI)
  • Annual compliance monitoring programme
  • Staff training records
  • Regular AML/CTF risk assessments

How to Operate Legally While Your Application Is Pending

This is the practical problem most founders face: you cannot launch a regulated fintech product without FCA authorisation, but getting authorised takes up to 18 months.

Option 1: Appointed Representative (AR) arrangement. An Appointed Representative operates under the regulatory umbrella of an FCA-authorised firm (the Principal). The Principal takes regulatory responsibility for your activities. AR arrangements are available for specific regulated activities and require finding a willing Principal firm and agreeing commercial terms.

Option 2: BaaS provider model. Partner with a BaaS provider (Modulr, Swan, Railsr) that holds the relevant EMI or payment institution licence. Your product operates under their regulatory umbrella. This is the most common approach for early-stage fintech startups and allows you to launch and validate before committing to the full authorisation process. For a detailed breakdown of BaaS costs and providers, see what is Banking as a Service.

Option 3: Technology-only model. Build the product components that do not require authorisation (the UI, data analytics, dashboard), and integrate with an FCA-authorised partner for the regulated activities. Structure the product so you are providing technology services, not regulated financial services directly.

The FCA Sandbox

The FCA operates an Innovation Hub and Regulatory Sandbox that allows fintech startups to test regulated products in a controlled environment before full authorisation.

The sandbox is suitable for: testing novel products where the regulatory treatment is unclear, products that genuinely cannot be tested without limited live market access, and startups that need to demonstrate viability before committing to a full authorisation application.

Apply at fca.org.uk/innovation. Applications are assessed in cohort rounds.

Common Application Mistakes

Underestimating the documentation requirement. The FCA business plan for an EMI authorisation is a 50–100 page document covering every aspect of the business model, risk management, and compliance framework. Founders who treat it as a startup pitch deck produce applications that are rejected or return extensive RFIs.

Naming key individuals who are not ready. FCA applications require Senior Managers and Certification Regime (SMCR) applications for key individuals. These individuals are assessed by the FCA for fitness and propriety. Naming a technical co-founder who has never been through regulatory scrutiny without preparing them is a common delay.

Insufficient capital. Applications submitted without the required minimum capital in place are rejected. For EMI, €350,000 must be in the business’s accounts.

No compliance officer. A credible compliance framework requires a named, qualified compliance officer. The FCA will ask about their experience and qualifications. Naming a founder as their own compliance officer with no regulatory background is a red flag. Choosing the right enterprise web application development partner who understands the technical compliance requirements is equally important.

Zulbera builds the technical infrastructure for FCA-regulated fintech products — compliant data architecture, PSD2 flows, KYC integrations, and safeguarding system design. If you are building a UK fintech product and need a technical partner who understands the regulatory context, request a private consultation.

Jahja Nur Zulbeari

Jahja Nur Zulbeari

Founder & Technical Architect

Zulbera — Digital Infrastructure Studio

Related Insights

Continue Reading

Custom SaaS Development

The Real Cost of a Failed Software Project (And How to Avoid Becoming a Statistic)

Most founders count the wasted development budget when a software project fails. They miss the real cost: delayed revenue, damaged fundraising narratives, and the compounding effect of 12 months of wrong decisions. Here's what failure actually costs — and how to structure a project to catch failure signals early.

| 13 min read
Custom SaaS Development

B2B SaaS MVP: What's Different and What to Build First

B2B SaaS MVP development is different from B2C. Multi-tenancy, team accounts, role-based access, and enterprise billing are not optional — they're the product.

| 12 min read
Custom SaaS Development

SaaS MVP Checklist: 47 Things to Verify Before You Launch

A SaaS MVP checklist covering architecture, auth, billing, security, and launch readiness — so you don't discover critical gaps after your first paying customer.

| 10 min read
Let's talk

Ready to build
something great?

Whether it's a new product, a redesign, or a complete rebrand — we're here to make it happen.

View Our Work
Avg. 2h response 120+ projects shipped Based in EU

Trusted by Novem Digital, Revide, Toyz AutoArt, Univerzal, Red & White, Livo, FitCommit & more