PSD2: 5 key steps to regulatory success

Struggling to understand the new FCA authorisation process? We’ve got you covered.


One of the most exciting developments (yes, we get excited by new regulation…) over the last few years is the number of new, innovative firms entering the marketplace in anticipation of the introduction of PSD2 and the Open Banking rules.

Now in force, we’re lucky enough at #TeamEIC to be working with a number of these firms at the moment.

Research has shown that these changes could provide a £1bn boost to the UK economy[1]. With such encouraging statistics, along with a requirement for existing firms in the space to ‘renew’ their current permissions, the FCA applications have started rolling in.

Here is our take on the top five things you should consider when putting your FCA application together:

1.      Think through, and map out, your data security safeguards

Careful consideration should be given to your policies and procedures for any FCA application. However, where PSD2 is concerned, having effective data security measures in place is absolutely essential to successfully completing the application process.

As well as policies and procedures, applicant firms must also provide a comprehensive data security risk assessment, business continuity plan and explain how they will deal with failures to key systems.

2.     Know what services you want to provide

It is important for applicant firms to lay out their business model clearly, in order to correctly identify the payment services you intend to provide.

As has been well documented, PSD2 introduces new payment services to the existing regime and businesses in this space, young and old, should consider what these services are and what impact they may have.

3.      Authorised Payment Institution (API), Small Payment Institution (SPI) or Registered Account Information Service Provider. Which is appropriate?

All 3 categories have different application processes and if the wrong one is selected, this could result in an avoidable loss of both time and money.

Not only is the process different, the conditions that need to be met differ. For example, going down the SPI route isn’t necessarily as costly and there are no fixed capital requirements, but isn’t available to everyone. As an example, you can only offer Payment Initiation Services (a new regulated service introduced by PSD2) as an API.

You will also need to consider whether you are providing e-money services alongside payment services, and the impact on your authorisation from both a process and capital point of view if you are.

4.      Don’t be late for re-authorisation and re-registration

Firms that were already providing payment or e-money services prior to the introduction of PSD2 must supply the FCA with additional information on how they will comply with the new rules and must ensure that they submit their applications before 13 April 2018.

If firms miss the boat then come 13 July 2018, they cannot continue carrying out payment services.

5.     Professional Indemnity Insurance (PII) and getting the maths right

Firms are required to calculate their PII cover in line with the criteria and EBA guidelines. For the purposes of the FCA application, the firm must provide realistic forecast figures to calculate the appropriate amount of PII cover.


T: 020 7843 0470 E: