Keep up to date with the trending topics
from our industry experts

Technology considerations when seeking FCA authorisation

Written by Bryn Morgan

Monday, 4 December, 2023

Webinar: This is your Microsoft Copilot speaking, we’re ready for financial services take off

On demand

Learn how this powerful AI tool can help you create, analyse and communicate better with your data.

Microsoft Copilot Webinar

At Lanware we are often asked by new financial services firms who are setting up their business and seeking FCA authorisation “When do I need to engage with a specialist IT managed service provider?”

Although the answer can often vary depending on specific variables of your business, having an established, specialist managed service provider (MSP) will assist in your regulatory dealings from application through to full operation. This article aims to summarise the application process and its direct correlation to having a quality set of technology providers.

Applying for FCA (Financial Conduct Authority) authorisation is not something to be taken lightly. The process has a number of stages and facets and can be easily misjudged and lead to an elongation of the process. Using consultants is often the norm, businesses who know the intricacies of the process can be invaluable to guide you through the process and help with a timely and efficient submission process.

When looking at technology, the type of firm you want to set up will dictate the questions asked. The FCA set different expectations for distinct types of firms (e.g., retail investors, countries operated in, and complexity of LLP).

The section below discusses how the core principles of accreditation need careful consideration regarding your technology, infrastructure and cyber security:

Integrity:

Core principles

Firms and their management must be honest, straightforward, and transparent in their business operations.

Technology infrastructure and cyber security considerations

A carefully planned application and infrastructure strategy is key to being transparent. Speaking to a trusted financial services MSP makes a lot of sense at this point, even if the physical contract signing is held back until the most appropriate time in the process. Also ensure technology is as simple as possible. Can automation also help with regulatory reporting and requirements?

 

Skill, care, and diligence:

Core principles

Firms are expected to conduct their business with due skill, care, and diligence, ensuring that they have the necessary expertise to fulfil their regulatory obligations.

Technology infrastructure and cyber security considerations

Ensure you are working with respectable firms who understand the regulatory requirements. You need a firm who have expertise aligned to your own.

 

Financial soundness:

Core principles

Firms should maintain financial soundness and have adequate financial resources to meet their obligations.

Technology infrastructure and cyber security considerations

A lot of modern IT is delivered “as a Service,” so be sure to manage Capex and Opex spend effectively when building your business cost models. Ensure you deal with a firm that is able to clearly define a cost model and how this scales with you. Also, be clear on what your commercial terms are contractually in case of the need to terminate. The FCA has clear rules on what money you need to put aside for the event where the business needs to close.

 

Market conduct:

Core principles

Firms must conduct their business with integrity and treat their customers fairly. This includes providing clear information and ensuring that products and services are suitable for customers.

Technology infrastructure and cyber security considerations

The right IT and application estate will allow you to meet the obligations to your customers. It is important to understand the requirements to design your IT processes and controls accordingly. Ensure your provider can augment your processes with their own standard implementations.

 

Customer protection:

Core principles

The FCA places a strong emphasis on protecting consumers. Firms are expected to take steps to safeguard customer assets and provide appropriate redress in case of any wrongdoing.

Technology infrastructure and cyber security considerations

Cyber security in place to protect your firm is also protecting your customers’ assets. Ensure your cyber security services can meet your needs as you progress through company setup, accreditation, and growth. Cyber policies ready to be inspected during the application process are needed.

 

Compliance with regulations:

Core principles

Firms must comply with the relevant laws and regulations applicable to their business activities.

Technology infrastructure and cyber security considerations

Although technology is implicit in the need to operate in a regulated environment, the systems put into evidence compliance are critical. Do you have the right outputs from your line of business applications in place along with message and document archiving?

 

Operational Resilience:

Core principles

Firms should have effective systems and controls in place to ensure the continuity and resilience of their operations.

Technology infrastructure and cyber security considerations

Ensure your IT services are resilient and can recover from a disaster or failure. Ensure any third party you work with operates with the right controls in place.

 

Communication with regulators:

Core principles

Firms are required to communicate openly and effectively with the FCA, providing necessary information and updates on their activities.

Technology infrastructure and cyber security considerations

For necessary communication, firms need to ensure they can gather the information needed easily and effectively from their systems and suppliers. Be clear from the outset of the requirements when considering suppliers.

 

Risk Management:

Core principles

Firms should have robust risk management processes in place to identify, assess, and manage the risks associated with their business.

Technology infrastructure and cyber security considerations

You should aim to partner with firms that manage risk effectively and can explain to you clearly the relevant levels of risk associated with your technology or choices.

The Process

The process itself has been around for a long time and it is fair to say that although it is run digitally, it still has a lot of manual processing involved. Documents will often be issued for completion in PDF or Word format and unfortunately, changes that could affect multiple areas of the documentation are not done dynamically. Try to be as clear as possible on your projections, plans and goals prior to the application process, significant changes are not going to be easy to manage and could also delay your application with the regulator.

The basic stages are as follows:

  • Case officer assigned:
    • At this point, you will need to have the right infrastructure lined up or in place and have the right financials with accurate predictions
    • You will be asked several questions and attend a number of meetings
  • The next stage is to be tentatively approved where the case is passed to a senior case manager for QA (Quality Assurance) and peer review
  • You then get a date, and you must get regulatory capital ready
  • Once regulated you are then under obligation to start submitting the required day-to-day return

In conclusion

We highly advise you to take the provision of your IT and cyber security services as seriously as any other part of your business. Finding the right IT Infrastructure partner early in the process can tick a lot of boxes when it comes to accreditation, and having the right cyber controls in place is critical along with the ability to evidence this to the regulator(s).

Next Steps

It doesn’t matter when in the process you get an IT supplier onboard, at the start, in the middle or at the end, but you will need one at some point. Lanware is a specialist managed services partner for financial services and has experience in helping businesses get their FCA accreditation, ensuring the right technology is in place. Engaging with us early in the process means you get technical guidance from day one and then, only when you’re ready, can you then decide on a longer commitment.

Examples of forms relating directly to your technology provision that need to be completed as part of the FCA application process are linked below.

https://www.fca.org.uk/publication/forms/detailed-it-controls-form.xlsm
https://www.fca.org.uk/publication/forms/self-certification-form.docx

Talk to Lanware for advice on how we can help with FCA accreditation

Our services

Our 4 pillars for a complete choice of managed IT services - all tailored to the needs of financial services firms in London and the UK.

Finance Forward 365 - Microsoft 365 cloud services supported by experts

Finance Forward 365

Microsoft modern workplace & cloud technology for digital transformation.

Compliant Teams -  Microsoft Teams phone system with call recording and archiving

Compliant Teams

Increased productivity & collaboration with call recording whilst reducing costs.
Cyber security solutions for financial services

Cyber Security

Keep your data secured against rapidly changing threats within Financial Services.

Responsive IT managed services for financial services

Power BI

Business Intelligence transformation and support tailored for Financial Services.

The LanWIRE

Join the community for financial services businesses

  • Stay updated with industry trends and peers
  • Get invites to webinars and exclusive events
  • Gain access to useful tools and templates