Welcome to our UK site – choose your Jurisdiction

Get a Quote

Ready, Willing and Organised: Proving Day-One Operational Readiness 

Author: Joel Bailey, Consultant 

Why This Matters 

Obtaining authorisation from the FCA isn’t permission to start building, it’s permission to operate. For payment and e-money firms, gaps in day-one readiness can translate quickly into consumer harm: outages, fraud spikes, weak onboarding and monitoring, or safeguarding failures. The FCA therefore expects firms to show how requirements under the Payments Services Regulations 2017 (PSRs)/Electronic Money Regulations 2011 (EMRs) come together in practice, with controls that are implemented, owned and testable. So, ahead of the firm even submitting its application to the FCA, it must ensure that it has sufficient substance to be able to do so; not necessarily that it is able to commence business on the date of application, but it can demonstrate that it has sufficient building blocks already in place to be able to do so relatively quickly, and safely, thereafter. This is generally what the FCA means when it says it expects firms to be ‘ready, willing and organised’ at the point of application. One of the simplest ways to evidence that readiness is to demonstrate that you’ve actively used FCA applicant guidance to shape your submission and day-one operating model 

Regulator expectations are increasingly explicit – use them 

The FCA has now published a short set of video guides designed to improve the quality of authorisation and registration applications for payments firms and (where relevant) digital asset firms. Delivered by members of the FCA authorisation department, the guides set out what the FCA expects, the common gaps they see in weaker submissions, and practical steps applicants can take to support swifter determinations, including how to use the Pre-Application Support Service (PASS) to clarify important aspects of the application before submitting.  

For applicants, reading/watching and evidencing how you’ve responded to guidance like this is itself part of being “ready, willing and organised”. It shows you are not guessing at regulatory expectations or planning to “fill in the gaps later”; you are building an operating model and evidence pack that aligns with what the regulator is explicitly telling firms to do ahead of submission.  

What “Ready, Willing and Organised” Looks Like 

Operational readiness is demonstrated through alignment across people, processes, systems, governance and third-party oversight. 

People 

  • Accountable senior managers in place (or credible, evidenced interim cover) 
  • Individuals with demonstrable knowledge, skills and experience appropriate to their roles 
  • Clearly documented responsibilities, reporting lines and escalation routes 

Processes 

  • Fully documented and board-approved procedures covering: 
  • Customer onboarding and KYC 
  • Transaction monitoring and suspicious activity escalation 
  • Fraud management and disputes 
  • Complaints handling (DISP compliance) 
  • Incident management 
  • Safeguarding and reconciliations 
  • Processes capable of being operationalised immediately upon authorisation 

Systems and Controls 

  • Technology configured and understood (not merely identified vendors) 
  • Evidence of system logic, workflows or configuration (e.g. screenshots or testing outputs) 
  • Clearly defined control owners and review cadence 
  • MI production capability from day one 

Third-Party Oversight 

  • Documented selection and due diligence criteria 
  • Executed contracts and Service Level Agreements 
  • Clear oversight framework, including monitoring, challenge and escalation 
  • Audit rights and exit planning 
  • Alignment with Outsourcing Requirements under EMRs/PSRs. 

Governance and Management Information 

  • Defined reporting packs tailored to the firm’s risk profile 
  • Established risk thresholds and management triggers 
  • Board-level visibility of safeguarding, financial crime, operational resilience and complaints data 
  • Evidence that MI informs decision-making 

Common Poor Practices Observed 

  • Placeholder policies (“we will finalise after authorisation”), or templated documents that are entirely ‘off the shelf’ and not personalised to or representative of the firm. 
  • Critical systems still “in development” with no compensating controls or indicative timelines for readiness. 
  • Missing operational runbooks (incidents, complaints, safeguarding, resilience). 
  • Over-reliance on third parties without rationale, evidence of discussion and consideration, monitoring, challenge and escalation. 

Such gaps raise concerns regarding a firm’s ability to meet the conditions for authorisation. 

Good Practice Building Blocks 

  • Day-one operating pack: runbooks for onboarding/KYC, alert triage, fraud escalation, safeguarding reconciliation, complaints and incident response. 
  • Evidence, not intent: sample MI packs, example case workflows, reconciliation outputs, and tabletop exercise records. 
  • Operational Resilience embedded: important business services mapped to people/tech/vendors/customers, impact tolerances set, scenarios tested, and communications drafted. 
What Firms Should Be Doing Now 

Firms preparing an application should: 

  • Test runbooks via tabletop exercises and capture outcomes. 
  • Map services and dependencies (SYSC 15A / PS21/3) and show how disruption stays within tolerances. 
  • Turn policies into controls (owners, cadence, sign-off, thresholds, escalation, reporting). 
  • Ensure the operating model matches the financial plan (headcount, tooling, vendor oversight). 

The key for firms is that they recognise that they must be near the end of their build before submitting an application to the FCA. Historically, the FCA would take a very strict line with firms in its interpretation of ‘ready, willing and organised’, essentially expecting the firm to have everything in place and all key roles appointed before the application was submitted. Recognising the significant investment/funding challenges faced by start-ups, the FCA has adopted a more pragmatic approach today. Indeed, the availability of the FCA’s Pre-Application Support Service (PASS) provides prospective applicants the opportunity to share their plans and progress with the FCA, and receive direct feedback from the FCA as to their state of ‘readiness’ to make an application. 

How Complyport Can Help 

Complyport supports payment institutions and e-money firms in assessing and evidencing operational readiness for PSRs and EMRs authorisation applications. 

Our support includes: 

  • Gap analysis against FCA expectations and conditions for authorisation; 
  • Operational resilience mapping and scenario testing; 
  • Safeguarding framework design and reconciliation oversight; 
  • Governance and MI framework development; 
  • Conversion of policies into practical, evidence-backed operating models; and 
  • Pre-application readiness reviews prior to FCA submission. 

If you are preparing for authorisation or would like an independent readiness assessment, contact Complyport today to arrange a meeting with one of our Subject Matter Experts. 

Ask ViCA, your Virtual Compliance Assistant. Claim your complimentary 20 queries today! Register here: https://vica.chat 

 

Why Choose Complyport?

Extensive Regulatory Expertise

With over 25 years of experience in the financial services industry, Complyport offers unparalleled expertise in regulatory compliance, ensuring your firm stays ahead of evolving regulations.

Comprehensive Service Offering

From AML audits to risk management and regulatory reporting, Complyport provides a full spectrum of compliance services, allowing you to streamline your compliance processes and focus on your core business activities.

Tailored Compliance Solutions

We provide bespoke compliance solutions that are specifically designed to meet the unique needs of your business, ensuring that all regulatory requirements are met efficiently and effectively.

Client-Centric Approach

We provide bespoke compliance solutions that are specifically designed to meet the unique needs of your business, ensuring that all regulatory requirements are met efficiently and effectively.

Senior-Level Guidance

Our team of seasoned professionals, including former regulators and industry experts, leads all engagements, offering deep insights and practical advice to help you manage compliance risks effectively.

Innovative Fintech, Regtech and AI Solutions

Leveraging cutting-edge fintech, regtech and AI tools, Complyport enhances your compliance processes with advanced technology, ensuring accuracy, efficiency, and real-time regulatory updates. Our innovative solutions empower your firm to stay compliant while maximising operational efficiency.

Key Figures

Over 25 Years

Providing Compliance Excellence

Over 1,500

Successful FCA and EU Authorisations

Over 1,000

Active Firms Receiving Regulatory Support

Go UP

Get In Touch