In this guide, we’ll talk you through the ‘what’ and ‘how’ of investment platform permissions…
If you’re reading this guide, it means you’re thinking of launching a new investment or advice fintech, or are an existing financial advice business or DFM looking to run an adviser platform of their own…
But before you can take your first step, you’ll need to get your regulatory house in order and make sure you have the right permissions in place to operate.
The exact permissions you’ll need will depend on many different things – such as the size and scope of your firm, and what services you’re looking to offer – but there are some universal points of reference that it will be useful to know before you make that first step in your journey.
That’s where this guide aims to help. We’ll cover off the permissions you’ll likely need, and explore the pros and cons of acquiring them yourself versus becoming an Appointed Representative of a firm that already holds them.
And, if you choose to apply directly for permissions, we’ll even give some guidance that might stand you in good stead when the FCA come to assess your application. Let’s get started!
What permissions will you need?
It goes without saying that every firm will be a little different, and your particular regulatory position will depend on the nature of your operating model. That said, we think there are several permissions you’ll most probably need.
It might be that you already have these permissions by virtue of your usual course of business (for example if you’re already a discretionary investment manager).
Or it might be that you need to apply to the FCA to have them added (more on that to follow). The exact permissions required will be dependent on your business model and the extent to which you choose to outsource services, as opposed to appointing a third-party provider.
If in doubt, seek expert advice!
- Arranging (bringing about) deals in investments:
i.e. making arrangements to buy, sell subscribe or underwrite investments
- Arranging safeguarding and administration of assets:
i.e. arranging for one or more other firm to safeguard and administer client money and assets on behalf of your clients
- Dealing in investments as an agent:
i.e. instructing the buying and selling of investments on behalf of your clients
- Making arrangements with a view to transactions in investments:
i.e. allowing your clients to enter into transactions
- Permission to control client money:
i.e. holding bank account, credit card and/or debit card details, including the ability to take Direct Debit
What about client money and assets?
You’ll notice that the permissions to hold client money (as opposed to control it) and look after client assets (the ‘Safeguarding and Administering Client Assets’ permission) are absent from our suggestive list. So does that mean you won’t have to?
The FCA defines a platform service provider as “a firm which provides a platform service” (perhaps that much was obvious!).
This is further defined as one which “involves ‘arranging’ and ‘safeguarding and administering’ investments.”
Our opinion is that ‘involves’ does not necessarily mean you need to have the permission to do this activity yourself, but you do need to have control over the appointment and selection of the custodian – and the ability to change this appointment.
In our view, once you’re all set up and you’ve gained the relevant permissions, you can either choose to hold client money and assets yourself (as well as managing the trading activity) or you can appoint a third party such as Seccl to provide the custody (as well as the underlying investment technology).
That said, while we don’t think you’re under any obligation to hold client money and assets yourself, we think it’s important that you understand the role of a custodian, so that you are able to effectively oversee their activities and hold them to account.
After all, if you don’t understand the service being provided, you don’t know what you should expect to see or what questions to ask…
At the risk of teaching granny to suck eggs, then, let’s go back to basics and explore the role, function and responsibilities of a custodian.
What is custody?
In simple terms it comprises…
Safeguarding: providing the safekeeping for client money and assets.
Administration: making sure that clients’ cash and asset balances on their custody account match those at relevant counterparties (e.g, individual fund managers).
In other words, it’s the custodian’s job to keep an accurate and up-to-date record of a client’s holdings.
Custodians will also likely carry out other related services, for example the settlement of orders, the management of income arising from investment holdings (such as dividends) and the carrying out of corporate actions.
What are the risks of providing custody?
As you might imagine, the primary risks relate to these core activities outlined above. In other words, there’s a risk that…
- Investor money and assets are not protected.
- The amount held by the custodian is incorrect.
- The custodian records do not adequately show which money and assets belong to which investor.
How are these risks mitigated
Understandably, the FCA imposes detailed and lengthy rules to mitigate these risks within the CASS sourcebook.
The CASS rules exist primarily to…
Protect client money and assets in the event of firm insolvency.
This requires detailed, up-to-date records documenting all internal processes and information, so that an insolvency practitioner can ensure prompt return of client money and assets in the event that the custodian fails, known as a CASS Resolution Pack.
Prevent firm misuse of clients’ money and assets (e.g. to finance their own business or inflate balance sheet).
This requires money and assets belonging to investors to always be held in trust in ringfenced accounts, so that it never forms part of the firm’s assets and it cannot be claimed by creditors. At Seccl, we have trust letters in place and regularly review the content of these, and that all client money accounts are referenced within them.
Ensure records of client money and assets are accurate and up-to-date.
There are requirements for ongoing cash and stock reconciliations to ensure that the money and assets held for each investor matches what should be held for them, as well as what’s actually in the client money bank account.
Ensure compliance by establishing organisational governance, oversight and culture which considers clients’ best interests.
For example, Seccl has a monthly CASS Committee which maintains oversight of relevant policies and management information. We also undertake ongoing due diligence on the banks selected by the firm to hold client money.
“Holding client money involves a considerable amount of regulatory legwork, which is precisely why many new and established advice and investment firms opt to partner with a third-party.”
Holding your custodian accountable
If you decide to appoint a third-party to hold client money and assets on your behalf, it’s important you demand regular and rigorous reporting on the steps they’re taking to mitigate the risks we’ve outlined.
For example, to demonstrate how Seccl is meeting these requirements, we have regular meetings with our customer firms, where we provide the following information:
- Details of delayed or failed investor orders and any redress payments made as a result.
- Our performance against monthly regulatory requirements to reconcile fund and exchange traded instrument transactions and holdings.
- Our performance against daily regulatory requirements to reconcile client money against both internal and external records, and correct any surplus or shortfall.
- Corporate actions and our performance processing them.
- Our performance against identification and allocation of cash receipts and income dividends within regulatory timeframes.
- An aggregated summary of our monthly regulatory client money reporting, and details of any errors or resubmissions.
- Any breaches of the FCA rules relating to their clients, whether immediately reportable to the FCA or not.
As you can see, holding client money and assets involves a considerable amount of regulatory legwork, and it’s not without risks. Which is precisely why many new and established advice and investment firms opt to partner with a third-party.
Directly Authorised or Appointed Representative: which is right for you?
When it comes to getting regulated, you have two choices: you can either obtain permissions directly from the FCA (becoming ‘Directly Authorised’), or you can become an Appointed Representative of a firm that already holds them.
There are some key differences to the two approaches…
- Direct Authorisation (DA): Your firm is Directly Authorised by the FCA with the permissions relevant to the activity you intend to undertake.
- Appointed Representative (AR): Your firm has no authorisations or permissions, but instead operates under the authorisation and as the agent of another Directly Authorised and regulated firm – known as the Principal Firm. The Principal Firm holds the regulatory accountability for the actions of their Appointed Representative firms.
One of the most distinct differences between the DA and AR model is the application process. Becoming Directly Authorised (DA) can take up to six months, or even longer if the application form is incomplete, which is why many firms opt to use a Principal Firm, at least in the beginning – so they can get to market quickly.
Becoming Directly Authorised by the FCA also requires more admin. You’ll need to supply extensive information including details about your business model, organisational structure, location and resources – both people and financial.
You’ll also need to prove financial resilience in the event of ‘reasonably foreseeable stress events.’ Researching FCA requirements and gathering the information required and applying for permissions can be a lengthy process, whereas becoming an AR could potentially be quicker.
Once you are an AR, there is nothing to stop you moving to a new Principal Firm or becoming Directly Authorised at a later date.
“Becoming an AR is in many ways easier and less time consuming and can certainly help firms get to market quickly.
But there are limitations on the regulated activities an Appointed Representative can do. For example, an Appointed Representative cannot do their own discretionary fund management, even if the Principal Firm holds these permissions.
It’s important to spend time researching your options and doing your due diligence, so you make the right choice for your firm.”
Seccl’s Head of Compliance
Summing up: pros and cons
There are pros and cons to each option, and what’s right for you will depend on the size and scope of your business, as well as how quickly you want to get to market.
Some Principal Firms you might want to consider…
If you decide that your best option is to use a Principal Firm, you’ll want to choose a trusted partner that can not only help you get to market quickly, but keep you on the straight and narrow once you are. To save you some initial legwork, here are some Principal Firms that you might want to investigate…
Guidance on applying to the FCA for new or varied permissions
We asked Seccl’s Head of Compliance, Thomasina McGuigan, to give her view on how to put your best foot forward when applying to the FCA for new or varied permissions. Here’s what she had to say…
As you would hope from a robust regulator, obtaining new permissions isn’t as easy as simply filling in a form and paying a fee.
Data from the FCA shows that 20% of applications for permissions – whether for the first time or as a variation – are being rejected.
To make sure you’re part of the 80%, it pays to give the application process the thorough attention it deserves, right from the outset.
For example, just because the application hasn’t specifically asked for a particular document doesn’t mean that you shouldn’t send it.
Getting on the front foot with your application can materially reduce ongoing queries and data requests from the FCA.
It’s common for the FCA to issue initial additional queries focusing on business model and financials, followed by a second round of queries focusing on customer journey and vulnerable customers.
You can reduce the potential for this back and forth – which will cause considerable delay and require yet more time and energy on your part – by submitting a thorough and detailed application in the first instance.
Where firms fail to respond to ongoing queries, the FCA publishes enforcement notices, which include details of the information that was requested.
These can be very useful – and we’ve consolidated some of our key observations from these in some high-level guidance around the key themes that the FCA will be looking to assess in your application.
“You can reduce the potential for back and forth – which will cause considerable delay and require yet more time and energy on your part – by submitting a thorough and detailed application in the first instance.”
Seccl’s Head of Compliance
Make it easy for the FCA to supervise you…
The FCA wants to be comfortable that it can effectively supervise your business and take action if it identifies risks of harm.
So, as a starting point, you will need to have a registered business in the UK and individuals accountable for activities in the UK will need to be authorised by the FCA – even if they are not based in the UK.
The FCA will also consider the complexity of your business or group structure and the products you intend to manufacture and/or distribute.
- Have a UK office address.
- Provide a list of the individuals who will hold senior management accountabilities – a People Org chart would be useful to demonstrate the seniority and reporting lines of these individuals. Show them that you understand SMCR and what your succession plan is in the event a senior manager leaves or is absent long term.
- If you are applying for new permissions, evidence that the accountable managers have training and competence expertise in the area that they will be responsible for – or details of the training programme they will undergo.
- Provide a Company Org chart to show any parent, subsidiary or other closely connected businesses – whether regulated or not – and the ownership structure.
- Clearly articulate the products and services you intend to provide. If any of these are complex, you should accompany this with additional information to evidence that the distribution method and your internal governance and oversight is set an appropriate level – but more on that later.
- It’s common for the FCA to request copies of compliance monitoring plans to show that key risks will be subject to review. Don’t wait to be asked – include this with your submission and make sure it includes the nature and frequency of compliance checks.
Clarify your business model
This is an area where it’s quite easy to trip yourself up. The FCA may use the information provided to challenge other responses on the application and it is common for the FCA to raise additional queries about the business model once an application has been submitted.
- Material strategic changes – if the permissions being applied for indicate a material strategic change, the business model needs to reflect this, so it may need updating in the event it isn’t already hot off the press.
- Risks to business – include commentary to demonstrate that you have identified any risks to your business arising from the permissions being applied for. This could be market risks, third party risks, customer risks or risks to your capital and liquidity (this is not an exhaustive list).
- They will also want to feel that you are aware of regulatory concerns and focus areas – so do your homework. Look at the FCA website, particularly publications (including Final Notices and Dear CEO letters) over recent months that directly impact your business type. A further risk to reference in the business model could be that you are applying for an activity which is in the FCA cross hairs.
- Source of clients – articulate where your clients will come from. If there will be active marketing campaigns, it would be sensible to provide details of your financial promotions process and amendments (or new pages) being added to your website.
- Business viability and longer term profitability – the FCA recognises that when businesses fail this can be detrimental to customers. So your business model will need to show how income to your business will be generated, such as revenue splits per product and fee charging models.
Stress events – your business model should consider impacts on your business from external stress events, such as COVID 19.
Demonstrate your financial resources
The FCA wants a coherent picture of your financial situation so there are some key basics here to reduce the potential for the FCA to ask for additional information after submission:
- Cash flow statement for the first 12 months of trading with the new permissions, including income and outgoings
- Forecast balance sheet for the first 12 months of trading with the new permissions
- Monthly profit and loss forecast
- Most recent annual accounts
- Opening balance sheet to evidence that you will meet financial resources requirements
- Details of your financial and prudential resources (the FCA will want to understand how you will fund your regulatory capital requirements)
- For variation of permissions, updated financial forecasts that reflect the amended activity
- If your financial forecasts indicate a material business change, make sure your business model reflect this.
- Demonstrate awareness of the recent changes to prudential rules and the impact this will have on your capital and liquidity requirements.
- The FCA may request a breakdown of your prudential resource calculations so it might be sensible to include this with your application
- Include details of any assumptions underpinning forecasts made.
- Ensure that the financial forecasts makes sense in context of the business model details about how the firm would general profit.
And your non-financial resources, too
You need to evidence that you have the necessary people, technology and third parties to provide the proposed activities.
- Your business model should identify any risks arising from the permissions. Make sure you have appropriately skilled people to manage and oversee any areas carrying a business risk.
- The application process includes an IT controls self assessment. This covers a series of questions around governance, risk management, service continuity, incident management, change management, third party oversight, access management, threat and vulnerability management and physical environment management.
- If you third parties will support critical business service, either as a provider or on an outsourced basis, be able to demonstrate your oversight of these third parties and your contingency plans to enable business continuity in the event that a critical provider fails or is unable to provide the services for an extended period of time.
The FCA will want to understand the customer experience. This should be appropriate for the target market and distribution method you will use.
For example, if your product offering is a bit complex, you’ll need to make sure you provide simple, easily digestible information so your customers can make an informed decision.
We would suggest you provide them with:
- The Terms of Business or Customer Agreement you will use.
- A description of the start to finish customer journey. This could be accompanied by screen shots or process videos to demonstrate how an online experience would look and how they can get help or find information.
- A copy of your vulnerable customer policy
- A policy showing how you will manage complaints.
- The process for customers to exit the relationship.
Business activity specific
Depending on the permissions you are applying for, there may be other information that it is worth including in your application, for example:
- If you will hold client money, provide your CASS policy and procedures.
- If you will be arranging dealing and settlement, describe your dealing and settlement process and call recording facilities.
Want to know more?
See how Seccl can help
At Seccl, we’re on a mission to rebuild the infrastructure of investments and advice. We provide firms of all sizes with affordable custody, trading and settlement services, feature-rich investment management technology, and a suite of paperless adviser and client portals.
Financial advisers and investment managers can combine these modules to operate their own platform – helping them to take control of their client relationships, improve their customer experience and own more of the value chain.
Elsewhere, technology-first businesses from all sectors can use our publicly documented APIs to get plug-and-play access to the financial markets – helping them to launch new investment propositions more quickly and affordably than ever before.
If you’re looking to develop a new investment proposition, we’d love to hear from you. Check out our demos, browse our API documentation or just book a call with one of the team – we’d be more than happy to help.