FCA EMI Authorisation: A Complete Guide to Becoming an Authorised Electronic Money Institution

Obtaining authorisation as an Electronic Money Institution (EMI) from the Financial Conduct Authority is the gateway to issuing electronic money, holding client funds in e-money accounts, and providing the full suite of payment services under the Electronic Money Regulations 2011 (EMR 2011) and the Payment Services Regulations 2017 (PSR 2017). It is also a substantial undertaking: the FCA's authorisation process is rigorous, the documentation burden is significant, and the timeline from application submission to authorisation is typically 12–18 months. Understanding the process in detail before beginning is essential to avoiding the costly delays that poorly prepared applications routinely experience. This guide covers the end-to-end EMI authorisation process from a practitioner's perspective.

EMI vs Small EMI: Which Authorisation Do You Need?

Before beginning the application process, the threshold question is whether full EMI authorisation is required or whether Small EMI (SEMI) registration suffices. The SEMI regime applies to entities whose average outstanding electronic money does not exceed €5 million and whose average monthly payment transactions do not exceed €3 million. SEMIs are registered rather than authorised — the registration process is lighter-touch — but SEMIs cannot passport their services into EEA member states (no longer material post-Brexit), cannot rely on the full EMR 2011 safeguarding framework, and face ongoing volume limits that constrain growth.

For any business expecting to grow beyond these thresholds, or seeking to offer payment services alongside e-money issuance at meaningful scale, full EMI authorisation is the appropriate route from the outset. Applying for SEMI registration and then re-applying for full authorisation later doubles the regulatory cost and delays the full service launch. CCYFX holds full EMI authorisation (FRN 987654), which allows issuance of e-money and provision of payment services without volume restrictions across all permitted payment service categories under the PSR 2017 Schedule 1.

Initial Capital Requirements

A fundamental prerequisite for EMI authorisation is the minimum initial capital requirement. Under EMR 2011 Regulation 5, an authorised EMI must have initial capital of at least €350,000 at the time of authorisation. This capital must be Tier 1 quality — paid-up share capital or similar qualifying instruments. It must be freely available (not tied up in fixed assets or intercompany receivables), must be verifiable through audited accounts or accountant certification, and must be maintained on an ongoing basis adjusted upward as the business grows (the ongoing capital requirement is the higher of: €350,000, 2% of average outstanding e-money, or the method-based calculation under the EMR 2011 Annex method).

The capital requirement is a threshold, not a maximum or a measure of adequacy for the actual business. An EMI writing a business plan that projects processing €50 million per month in year 2 will be expected to demonstrate capital adequacy relative to that projected scale, not merely to the €350,000 minimum. The FCA reviews applicant capital plans against projected business volumes and operational risk estimates; insufficiently capitalised applicants are either refused or required to provide additional capital commitments before authorisation.

Safeguarding Requirements

Client fund safeguarding is the central operational requirement for authorised EMIs. Under EMR 2011 Regulation 21, relevant funds (client electronic money balances) must be safeguarded by one of two methods: (a) segregation in a dedicated safeguarding account at a credit institution, or (b) coverage by an insurance policy or guarantee from an authorised insurer or credit institution. Most EMIs use Method A (segregation). The safeguarding bank account must be: held in the EMI's name but designated as a client account, separate from the EMI's own operational accounts, and subject to a trust or similar arrangement protecting the funds in insolvency.

The practical challenge of the safeguarding requirement is obtaining a safeguarding bank account from a credit institution. Following widespread de-risking by UK banks of fintech and payment institution clients, many of the traditional safeguarding bank providers (Barclays, NatWest, HSBC) have significantly restricted their willingness to open and maintain safeguarding accounts for newly authorised EMIs. Applications to the FCA that do not include confirmation of a safeguarding bank account being available — or a credible plan to obtain one — are at high risk of rejection. Applicants should approach potential safeguarding bank providers before or during the application process, not after authorisation is received.

The Regulatory Business Plan

The FCA application for EMI authorisation requires submission of a comprehensive Regulatory Business Plan (RBP) covering all aspects of the proposed business. The RBP typically runs to 80–150 pages and addresses: business model and target market, revenue model and financial projections (3-year P&L, balance sheet, and cash flow projections), governance structure (Board composition, management team CVs, responsibilities), risk management framework (operational risk, AML risk, credit risk, liquidity risk), compliance programme (AML policy, sanctions policy, transaction monitoring, complaint handling), safeguarding arrangements, IT and security controls (including cybersecurity assessment against FCA expectations), and business continuity and disaster recovery planning.

The quality of the RBP is the primary determinant of application quality. Weak or generic risk frameworks — cut-and-pasted from template documents without customisation to the specific business — are identified immediately by FCA reviewers and generate extensive information requests (RFIs) that delay the process by months. The most common causes of application delays are: insufficiently detailed AML and transaction monitoring frameworks for the proposed client sectors, governance structures that do not demonstrate adequate non-executive oversight, financial projections with insufficient working capital analysis, and safeguarding arrangements that are not fully confirmed.

Approved Persons and Senior Manager Requirements

Under the Senior Managers and Certification Regime (SM&CR), EMIs are subject to requirements relating to the individuals performing Senior Management Functions (SMFs). The minimum required SMF appointments for a new EMI include: SMF1 (Chief Executive Function), SMF3 (Executive Director), SMF16 (Compliance Oversight), SMF17 (Money Laundering Reporting Officer — the MLRO), and for larger EMIs, additional SMFs for specific functions. Each individual proposed for an SMF must submit a Form A to the FCA, undergo fitness and propriety assessment, and demonstrate appropriate skills, experience, and qualification for their role.

The MLRO role (SMF17) requires particular attention. The FCA expects MLROs to have demonstrable relevant experience in financial crime compliance, specifically at a PSP or equivalent regulated entity. An MLRO proposed for an EMI handling high-risk client sectors (crypto, iGaming, offshore structures) without demonstrable experience in those specific sector AML risks is likely to generate detailed questioning from the FCA case officer. At CCYFX, GP holds the MLRO function with specific experience in complex corporate structures, crypto AML, and high-risk business sectors.

Timeline and Process Management

The FCA has a statutory 3-month determination period for EMI authorisation applications, running from the date the application is deemed complete. In practice, the timeline from submission to completeness determination to final authorisation decision is typically 12–18 months for most applicants, due to: the pre-submission phase (application preparation: 3–6 months), the period during which the FCA reviews the application and issues RFIs (6–12 months), and the period from completed responses to final decision (1–3 months). The RFI phase is where most delays occur.

Applicants can reduce delay risk through: (a) engaging specialist regulatory counsel experienced in FCA EMI applications to draft the RBP; (b) booking a pre-application meeting with the FCA to discuss the business model before formal submission; (c) confirming safeguarding bank arrangements and key supplier agreements before submission; and (d) ensuring all proposed SMFs are identified and their Form A documentation prepared in advance. A well-prepared application that minimises RFIs can achieve authorisation in 12 months; a poorly prepared application can take 2–3 years.

CCYFX's compliance team can provide informal guidance to businesses considering FCA EMI authorisation, drawing on our own authorisation experience. For specific legal advice on the application process, we recommend engaging specialist fintech regulatory counsel. Contact our team at info@ccyfx.com for a preliminary discussion.