Strategic Planning for Launching a Regulated Business

Written By Jonathan Marriott

Written by Nic Martin, FinTech Innovation Partner, Finnovation UK

When contemplating the pursuit of a regulatory licence, people often ask a) how long it will take; b) how challenging it will be; and c) how much it will cost to secure a successful licence. While the answers depend on the complexity of the firm’s proposed business model, the reality is often a) longer; b) harder; and c) more expensive than initially anticipated.

However, there are ways to reduce the time, effort, and cost associated with regulatory applications and, more importantly, to improve the chances of success. Notably, less than 1 in 8 Virtual Asset Service Provider (VASP) – or what the FCA terms 5MLD – registrations –  and Payment Service Provider (PSP) or Electronic Money Institution (EMI) applications succeed. Success hinges on submitting a well-prepared application that is clear, comprehensive, and truthful.

This article outlines a pragmatic approach to building a successful regulated business—from the initial idea to, ideally, profitability. While the approach is broadly applicable to most regulatory applications, it broadly uses the UK payments model (PSP or EMI) as a reference framework.

Building a new business and preparing the necessary regulatory applications is a complex and non-linear process. However, breaking this journey into eight clear stages, each with defined milestones, can make it more manageable. This approach not only aids in planning the entire process but also serves as a foundation for allocating the required resources - both time and money- to achieve the goal of establishing a successful new venture.

Following these steps may seem: 1) labour-intensive (and it is); and 2) demanding in terms of upfront work and investment (which is also true). Nevertheless, no firm can secure a license without convincing the FCA that it is “Ready, Willing, and Organised,” capable of meeting the five threshold conditions, and consistently adhering to the FCA’s principles of business.

One of the FCA’s statutory duties is to “promote effective competition,” with a secondary objective of fostering the international competitiveness and long-term growth of the UK economy. With this in mind, the primary focus when completing a regulatory application should be to provide the FCA with all the information necessary to authorise the new firm, thereby extending the range of firms clients can choose from.

1st Stage – Define your Value Proposition 

  • Clarify Your Value Proposition (VP): What makes your business model different? What unfulfilled need does it address? If the need can already be solved, how does your solution significantly improve the customer experience? Why will customers choose your offering, whether as a switch from another provider or as new adopters?

  • Conduct Market Research: Just because you haven’t encountered a similar solution doesn’t mean it doesn’t exist elsewhere (e.g., in another jurisdiction).

  • Evaluate Financial Viability: Identify the sources of revenue. What will customers pay for, and how much? Estimate costs as accurately as possible. Will there be enough margin to sustain the business, especially when costs may not yet be fully known, and pricing might need adjustment?

  • Plan the Full Customer Journey: Consider how you will deliver the offering across every touchpoint. Your business model needs to go beyond a “good idea scribbled on the back of an envelope.”

  • Map the End-to-End Customer Journey: Create a detailed visual of the customer experience. Then step back and ask yourself: is it still compelling? This step is crucial as it forms the foundation not only for your regulatory application but also for your marketing narrative. Why will customers choose to open an account with you for this product or service?

  • Key Outcomes of This Stage:

    • Is the customer value proposition attractive enough to encourage customers to “buy in”?

    • What will it take to deliver this value proposition effectively, and can you execute it as well as (or better than) your competitors? Remember, you can’t patent an idea!

  • Iterate Until You’re Confident: Revisit and refine your business model until you have a clear “yes” to both questions above.

  • Document Key Differentiators: Clearly highlight and document the unique features of your business model. These differentiators will need to be detailed in your regulatory application and specifically addressed in your risk register, AML policies, and other compliance documentation.

  • Demonstrate to the Regulator the Viability of Your Business Model: whilst all regulators know and accept that some newly licenced firms will fail, regulators will only approve a regulatory application if they believe the firm’s business model is viable in order to protect potential future clients.

2nd Step – Flesh Out Your Business Model

  • Refine Your Value Proposition: Building on the first stage, you now have a clear idea of the value proposition (VP) you aim to take to market. In this step, evaluate all operational, support, and HR aspects. Consider what the VP implies in terms of service levels, such as client onboarding times, non-automated customer support (if applicable), and other resource requirements.

  • Create a Business Model Framework: Develop a table outlining the core pillars of your business model (e.g., Operations, Customer Experience, Technology, Compliance, and HR). Under each pillar, list the implications honestly. For example, how much time and effort will specific processes require, and what resources will be necessary?

  • Optimise for Efficiency: Review your framework critically. Identify areas where processes can be streamlined or optimised to save time, reduce costs, or enhance the customer experience. Efficiency not only benefits your business but also makes it more appealing to customers.

  • Develop Detailed Process Flows: Use process flow diagrams (e.g., swim lane diagrams) to clearly define responsibilities and workflows. Specify who does what at each stage. This precision is essential for building a functional business and understanding what regulatory permissions will be required. These process flows will serve as key components of your regulatory application and act as crucial reference documents.

  • Align Systems with Business Needs: Based on the process flows, revisit your framework to ensure all steps and capabilities are accounted for. Assess the implications for systems and technology. Can an off-the-shelf solution meet your functional requirements, or will customisation be necessary? If customisation is required, determine who will handle it and how.

3rd Step – Determine Regulatory Permissions, Contracts, and KYC Policies

  • Define Regulatory Requirements:
    With a clear description of your value proposition (VP), processes, and systems in place, and using the swim lane diagrams to define responsibilities (you, the customer, or a third party), analyse all actions you will perform. Any activity within regulatory perimeters (e.g., FSMA, EMRs) will require appropriate regulatory permissions or registrations.

  • Clarify Your Role:
    Clearly identify when dealing with a client order whether you will act as:

    • Agent 

    • Principal  

Starting out as an agent / appointed representative might be a first step to consider, if only to shorten Time-To-Market.

Professional advice is essential to ensure that your assessment of regulatory permissions is accurate and exhaustive.

  • Draft Heads of Terms for Key Contracts:
    Begin outlining the key terms for all critical contracts needed to operate under the assumed regulatory permissions. Consider:

    • What will customers need to do?

    • What will their recourse be?

Investing in drafting an initial customer contract at this stage is worthwhile, as it will be required before launch and serves as a foundation for the customer relationship.

  • Develop AML/KYC Policies:
    Start preparing Anti-Money Laundering (AML) and Know Your Customer (KYC) policies to support the entire customer journey. Address:

    • The onboarding process (e.g., what customers must provide).

    • Ongoing monitoring, oversight and reporting arrangements (e.g. daily sanction checks)

    • Customer actions throughout their journey.

    • Support provided to customers (general terms and conditions).

    • Procedures for resolving issues, including customer complaints.

  • Options for AML Policies:

    • Hire an MLRO (Money Laundering Reporting Officer): They can draft policies tailored to your business.

    • Purchase Pre-Made Policies: A comprehensive set from a consultant which will then need to be adapted by a Compliance / AML professional to fit your specific business model and VP.

  • Reevaluate Customer Journey and Contract:
    Reassess the attractiveness of your onboarding process and customer contract. Is it still as compelling as envisioned in Stage 1? If not, refine it further or reconsider the business model. If it doesn’t work on paper, it’s unlikely to work in reality, and without customers, the business won’t succeed.

Stage 4 – Road Mapping How the Business Will Be Built

  • Define the Road Map:
    Now that you’ve clarified the value proposition (VP), identified key deliverables across all pillars, and understood the regulatory permissions and contracts required, it’s time to create a detailed road map. Focus on key dependencies and critical paths to ensure efficient delivery.

  • Use Gantt Charts:
    Tools like Gantt charts (e.g., MS Project) are highly effective for visualising timelines, resource constraints, and dependencies. They help sharpen planning and identify potential bottlenecks early.

  • Anticipate Challenges:
    Some steps that seem straightforward, such as opening a bank account, can be surprisingly complex and time-consuming for a financial institution group (FIG) start-up. Projects have failed due to delays at this stage. Often, only in-principle agreements can be secured until regulatory approval is granted.

  • Systems: Build or Buy?
    Key considerations when deciding whether to build or buy systems:

    • Cost: What are the financial implications of each option?

    • Time-to-Market: How quickly can each option be implemented?

    • Customisation: Will the system need to be tailored to fit your VP and differentiate your business?

    • Execution: Can a third party effectively deliver on your USP?

  • Sharpen Financial Projections:
    Refine cost and resource estimates, focusing on:

    • What it will take to build systems or processes.

    • Costs associated with purchasing solutions.

    • Who will handle the work—consultants (faster but more expensive) or internal hires (slower but potentially more cost-effective)?

    • Timelines for delivery, including hiring, onboarding, and project execution.

  • Prepare Back-Up Plans:
    Address contingency plans such as disaster recovery (DR) sites and operational redundancies to ensure business continuity.

  • Regulatory Reporting:
    Outline how you will meet regulatory reporting requirements. Consider the systems and processes needed to automatically collect and report all required information, such as statistical data on performance, transaction and fraud, to satisfy FCA standards.

  • Demonstrate Readiness:
    Your regulatory application must prove to the FCA that you will be "Ready, Willing, and Organised" by the time you are authorised or registered.

  • Finalise Financial Projections:
    Include:

    • Detailed costs for building, buying, and operational ramp-up (e.g., staffing).

    • A realistic revenue model, accounting for customer acquisition costs, onboarding time, and key revenue drivers (e.g., client numbers or business volume).

    • Sensitivity analysis: Assess scenarios such as:

      • 20% fewer customers.

      • 20% lower volumes.

      • 20% longer onboarding times.

      • 20% higher costs—or all four combined.

  • Recovery and Resolution Plan:
    In addition to mapping out how the business will be built, prepare a plan for winding it down if necessary. Regulatory requirements include a "recovery and resolution plan" to ensure an orderly exit, and protect other market participants where relevant. 

Stage 5 – Drafting the Regulatory Application

  • Preparation Determines Complexity:
    The difficulty and duration of this stage depend on the thoroughness of the previous steps. If all preceding steps have been completed diligently - such as drafting supporting policies and preparing documentation - then completing the regulatory application should be straightforward, taking weeks rather than months. However, if earlier steps are incomplete, the process will be significantly delayed as these gaps must be addressed first.

  • Submit a Complete Application:
    An incomplete application will not be approved. It is crucial to invest the necessary time and effort upfront to ensure all required supporting documents are ready before submission. A well-prepared application not only inspires confidence in the FCA but also streamlines the overall process. In any case, all these policies etc. will need to be completed regardless ahead of launch of business. 

  • Ensure Consistency and Coherence:
    All documentation, process flows, and policies should be “mutually exclusive and collectively exhaustive.” They must align seamlessly to present a unified and credible business model.

  • Address FCA Requirements:
    The application must demonstrate that your firm:

    • Is "Ready, Willing, and Organised" to operate¹.

    • Meets the five threshold conditions set by the FCA².

    • Consistently adheres to the FCA’s principles of business³.

Stages 6 & 7 – Responding to Regulator’s Questions and Starting the Build Phase

These stages should be addressed concurrently to ensure your firm is as prepared as possible when the regulatory license is granted.

Key Considerations:

  • FCA Review Timeline:
    The time the FCA takes to review your application depends on how complete and credible it is.

    • Successful application timelines can be found in the FCA’s quarterly operational reports: in Q2 2024/25 VASP registration took on average between 52 days (lower quartile) and 274 days (upper quartile).

    • Note: Success rates for certain categories, like payment firms or VASPs, are low (e.g., ~15%). This reinforces the importance of thorough preparation.

  • Staffing and Key Roles:
    Ensure key staff are identified or contracts signed during this phase.

    • Founders are essential, but you’ll also need:

      • An MLRO (Money Laundering Reporting Officer).

      • Senior management with relevant [regulatory] experience (this requirement could potentially be addressed by hiring a Non-Executive Director (NED)).

    • Some roles, such as a CFO, may be part-time during the application and launch phases. Consultants with expertise can often fulfil these needs effectively.

  • Demonstrate Readiness:
    The FCA expects firms to demonstrate they are “willing, ready, and capable” of operating. Your team must be able to "hit the ground running" once authorisation is granted.

Parallel Actions:

While answering the regulator’s questions, begin critical build activities, such as:

  • Systems and Contracts:

    • Build and customise required systems.

    • Negotiate and finalise contracts.

  • Office and Operational Setup:

    • Arrange basic IT infrastructure and office needs.

    • Consider part-time or flexible office space if appropriate.

  • Communication and Branding:

    • Begin building your website and communication strategy.

    • Avoid public advertising until authorisation is secured.

Stage 8 – Building a Profitable and Sustainable Business

  • Congratulations:
    You’ve assembled your core team, implemented key systems, and received FCA authorisation—this is worth celebrating!

  • Sustainability Beyond Authorisation:
    Authorisation is just the beginning. A viable business requires revenues to exceed costs—you must achieve breakeven to survive. Loss-making businesses cannot sustain themselves indefinitely.

  • Focus on Cashflow Positivity:

    • It’s critical to ensure the business becomes cashflow positive as quickly as possible.

    • As an FCA-authorised entity, you’ll need to meet minimum regulatory capital requirements at all times. This means maintaining sufficient regulatory capital (adjusted for deductibles like certain intangibles) from the day you’re licensed until you achieve breakeven.

    • Falling below the minimum regulatory capital threshold will force you to cease operations and return any customer funds.

  • Challenges of Raising Additional Capital if Needed:
    Raising additional funds when the business is not generating revenues and therefore the firm can no longer meet its regulatory capital threshold.

    • Companies have failed, even after years of operation, because they couldn’t generate sufficient revenues to maintain regulatory capital.

    • This underscores the importance of careful financial planning and maintaining a strong cash position to ensure compliance and stability.

Jonathan Marriott
Next

Why the FCA Values Non-Executive Directors: Guardians of Governance and Compliance