The UK is one of the world’s largest consumer credit markets. Every day, millions of people use credit cards, personal loans, car finance, buy now, pay later products, and other forms of borrowing to manage expenses and make purchases.
For lenders, that creates a market full of opportunity. It also creates a market where regulators pay very close attention to how credit is offered, marketed, and managed.
Any company that wants to lend to consumers in the UK quickly encounters the same requirement: approval from the Financial Conduct Authority (FCA).
Whether you’re building a digital lending platform, launching a BNPL product, operating as a credit broker, or expanding an existing lending business into the UK, FCA authorization sits at the center of the process.
Many founders think of authorization as paperwork that comes near the end of a launch plan. In reality, it influences how a lending business is structured from the beginning. It affects product design, affordability assessments, customer communications, complaint handling, governance, and risk management.
This guide explains who needs FCA consumer credit authorization, what the regulator looks for, and the practical steps involved in getting approved.
Why FCA authorisation matters
Credit is a big part of everyday life in the UK. People use credit cards, personal loans, car finance, installment plans, and buy now to pay later to manage their spending and to buy things they can’t pay for all at once. Because borrowing money affects people’s finances so directly, the UK keeps a close eye on this market.
The FCA expects any firm offering credit to consumers to act responsibly, treat customers fairly, manage its risks, and run itself properly. Offering credit without the right approval isn’t just a paperwork problem. It can lead to fines, enforcement action, and in serious cases, legal trouble for the people running the business.
Authorisation also matters beyond the legal side. Banks, payment providers, and investors usually won’t work with a lending business until it has the right FCA permissions. Being authorised shows that an outside party has checked the business model, the people behind it, and its finances, and is satisfied with what it found.
Working out whether you need authorisation
Before doing anything else, a firm needs to work out whether its activities actually fall within the FCA’s consumer credit regime. This sounds obvious, but a surprising number of businesses discover late that their model touches regulated activity without anyone realizing it.
Consumer credit activities cover a wide range of business models. Lending money directly to consumers is the most obvious one, but the regime also covers credit broking (helping people find credit providers), debt collection, debt administration, debt counselling, and consumer hire arrangements, among others.
A company that builds a marketplace connecting borrowers with lenders may need authorisation as a credit broker even if it never lends a penny itself. A platform offering installment payments for goods or services may find that what looked like a simple payment feature is actually a regulated lending activity.
The starting point for any firm is mapping its planned activities against the FCA’s list of regulated activities and figuring out exactly which permissions apply.
Getting this wrong at the outset, either by under-scoping (applying for permissions that don’t cover everything the business plans to do) or over-scoping (applying for more than necessary and taking on obligations the business doesn’t need), creates problems that surface later, often at the worst possible time.
Why regulation keeps getting stricter
Consumer credit rules in the UK have tightened a lot in recent years, and there’s a reason for that. Digital lending has grown fast. Buy now pay later went from a niche option to something you see at almost every online checkout.
Embedded finance now puts credit offers directly inside apps and shopping platforms in ways that didn’t exist ten years ago. Open banking has also given lenders a new way to check a customer’s income and spending, using real transaction history instead of relying only on a traditional credit file.
Alongside all this growth, the FCA brought in its consumer duty, which raises the standard for how firms must treat customers. It requires firms to act in good faith, avoid causing harm that could have been foreseen, and help customers reach their financial goals, and it applies throughout the life of a product, not just when it’s first sold.
For lenders, this means affordability checks, how products are designed and priced, how firms communicate with customers, and how complaints are handled all need to genuinely work in the customer’s favour, not just the firm’s.
This isn’t just a UK trend. Regulators in other major markets are moving in a similar direction, paying closer attention to digital lending, demanding clearer affordability checks, and asking for more transparency about how lending decisions get made.
The details differ from country to country, but the message is the same: regulators want proof that a lender can act responsibly before it’s allowed to lend to anyone.
Read more: How to obtain a Tier 3 or Tier 4 Microfinance License in Uganda
Step 1: Determine whether you need limited or full permission
The FCA splits consumer credit authorisation into two broad categories: Limited Permission and Full Permission. Limited Permission generally applies to firms for whom consumer credit activity is secondary to their main business, and where the FCA considers the risk to consumers comparatively lower.
A retailer offering installment payments alongside its main product range, for example, might fall into this category.
Full Permission applies to firms whose core business is lending or credit-related activity, and it comes with a wider set of ongoing obligations, higher application costs, and closer supervision.
Most standalone lenders offering personal loans, consumer finance products, or other regulated consumer credit activities will typically require Full Permission.
Working out which category applies isn’t always straightforward, and the FCA’s own guidance flags several scenarios where firms commonly apply for Limited Permission by mistake when their actual activities require Full Permission.
Getting independent compliance or legal advice at this stage is money well spent, because choosing the wrong category means restarting parts of the process later.
Step 2: Build a regulatory business plan that actually explains the business
One of the most heavily scrutinised parts of any application is the regulatory business plan, often shortened to RBP. The FCA wants a clear picture of exactly what the business does, who it serves, how it makes money, and how it manages risk.
A strong business plan explains the products on offer, the target customer base, the revenue model, where lending capital comes from, how the business assesses affordability, how it markets itself, and how it’s structured operationally.
For a lending business specifically, this means describing underwriting criteria in real terms: what loan sizes and terms are on offer, how decisions get made, what data goes into those decisions, and what happens when a borrower falls behind on repayments.
Generic or templated business plans tend to generate exactly the kind of follow-up questions that slow an application down. If a firm plans to use alternative data sources in its credit decisions, the plan should explain what those sources are and how they influence the outcome.
If decisions are automated, the plan should explain how the decision engine works and what oversight exists over it. The FCA isn’t looking for a marketing language here. It’s looking for evidence that the people running the business understand it in detail.
Step 3: Put a real compliance plan in writing
Compliance is at the heart of the whole authorisation process. The FCA wants to see that a firm understands its rules and has actually built systems to follow them, not just plans to “sort it out” once the business is up and running.
In practice, this means writing down clear policies for how the firm will handle things like protecting customers, preventing fraud and money laundering, dealing with complaints, protecting personal data, managing day-to-day risks, onboarding new customers, and checking whether someone can afford the credit they’re asking for.
The FCA’s Financial Crime Guide gives a useful sense of the kind of detail expected when it comes to spotting and stopping financial crime, and it’s worth a read even at the early planning stage.
A lot of early-stage firms don’t realise how much this matters until they’re deep into the application. Good, detailed compliance policies tell the FCA that the people running the business have thought seriously about what could go wrong, and have a plan for catching problems early rather than after they’ve already affected customers.
This is a big part of how the FCA decides whether a firm is, as it puts it, ready, willing, and organised to operate within the rules.
Step 4: Show that the numbers add up
The FCA needs to believe that a firm can keep running properly, not just launch and hope things work out. That means submitting financial forecasts that cover expected revenue, running costs, where the money to fund the business comes from, cash flow, and how much capital the firm needs to hold.
For lenders, the funding side gets extra attention. The FCA wants to know exactly where the money being lent out comes from, whether that’s the founders’ own funds, money from investors, a credit line from a bank, or another kind of borrowing, and what would happen to customers if that funding suddenly dried up halfway through their loan.
It also helps to think about what happens if things don’t go to plan, for example if more customers than expected miss repayments, and whether the business could absorb that without putting customers at risk.
Forecasts that look overly optimistic, or that don’t match up with the rest of the application, are one of the most common reasons applications get stuck, because they make the FCA doubt whether the firm can keep operating safely once real customers and real money are involved.
Read more: Frequently Asked Questions about MFB license
Step 5: Make sure the right people are in charge
The FCA pays close attention to the people who will actually run the business. Directors, senior managers, and anyone with real influence over how the firm operates need to show they’re suitable for that role. This covers things like relevant experience, honesty, financial soundness, and a clean record when it comes to past conduct.
For founders coming from a tech or product background, this often means spotting gaps before the FCA does.
A founder who’s brilliant at building the app might still need someone on the team with real experience in compliance, risk, or lending before the application can convincingly show that the leadership team can run a regulated credit business.
This isn’t just a formality. The FCA looks at this closely because, in the end, it’s the people at the top who decide how the business actually behaves once no one from the regulator is watching.
Step 6: Register, apply, and pay
Applications go through the FCA’s online application system, called Connect. Before submitting anything, a firm needs to register on this system and gather all the documents the FCA will ask for. For most consumer credit applications, that includes the business plan, financial forecasts, compliance policies, and information about the senior people involved.
How much it costs to apply depends on whether a firm is going for Limited or Full Permission, and which specific activities it’s applying to carry out.
The FCA publishes its full fee details online, so it’s worth checking the current figures for your situation. These fees don’t get refunded, even if an application is later withdrawn or turned down, which is one more reason to get everything right before hitting submit rather than treating the first version as a draft.
Many firms spend several months getting their documents ready before they formally apply, and that time is rarely wasted. An application that’s complete and well put together from the start tends to move through review much faster than one that’s submitted early but full of gaps.
Step 7: Stay engaged While the FCA Reviews Your Application
Once submitted, the FCA reviews the application and will almost always come back with follow-up questions, covering anything from the business model and governance structure to financial assumptions, compliance procedures, and the technology underpinning the lending decisions.
For complete applications, the FCA’s statutory assessment period typically runs up to six months, extending to as long as twelve months if the application isn’t complete when submitted. How a firm handles this stage matters.
Clear, prompt, accurate responses tend to keep a review moving, while inconsistent information or slow replies can extend the timeline significantly and, in some cases, lead a firm to withdraw and reapply once it has addressed the FCA’s concerns.
What technology-driven lenders should expect
Modern lending businesses lean heavily on technology: digital onboarding, identity verification, automated underwriting, open banking connections, and payment automation are now standard rather than novel.
The FCA doesn’t mandate specific technology choices, but it does expect firms to demonstrate control over the systems they use.
For firms using automated decisioning, this usually means being able to explain how decisions get made, what data feeds into them, how affordability gets assessed, what happens if a customer wants to challenge a decision, and how the firm monitors its models for unexpected outcomes over time.
Technology can make a lending operation more efficient, but it doesn’t reduce a firm’s accountability for the decisions that technology produces.
Read more: Frequently asked questions about Money lender license
Where applications most often run into trouble
A few patterns show up repeatedly in applications that stall or get refused. The most common is treating authorisation as a final administrative step rather than something that shapes the business from day one.
Product design, onboarding flows, underwriting policy, and collections processes all need to reflect regulatory expectations from the start, not get retrofitted once an application is already in front of a case officer.
Financial planning is another recurring weak point, particularly when funding assumptions look optimistic or revenue projections don’t hold up against the cost structure described elsewhere in the application. Governance gaps cause similar problems: a lending operation needs genuine expertise across compliance, risk, operations, and customer service, and building that team takes time that founders sometimes don’t budget for.
A quick reality check before you hit submit
Before starting the formal application, it’s worth being honest with yourself about where things actually stand. Is the compliance plan something the team has actually tested, or is it just a folder of documents nobody has looked at since they were written?
Do the financial forecasts match what the business can realistically do given how it’s funded right now? Does the leadership team genuinely have the experience needed to run a regulated lending business, and if not, what needs to change before applying?
It also helps to picture what would happen if a regulator looked closely, today, at how customer support, complaints, and collections actually work in practice. If there are gaps, it’s almost always faster and cheaper to fix them now than to fix them later in response to a case officer’s questions.
Read more: How to get a lending license in India
The real finish line isn’t the approval letter
Getting an FCA consumer credit licence takes a lot more than filling in forms and paying a fee. The whole process is really a test of whether a business has the right people, the right finances, the right compliance systems, and the right level of operational maturity to lend to people responsibly. The decisions it forces a firm to make go well beyond the application itself.
Lenders who treat authorisation as part of building the business, rather than as a hurdle sitting between product development and launch, tend to come out the other side stronger.
A business plan that actually reflects how the company works, financial projections built on real numbers, a compliance setup that’s been properly thought through, and leaders who can answer hard questions without reading from a script: these are the things that separate an application that moves smoothly from one that gets stuck.
This is part of a bigger pattern playing out across credit markets everywhere. Regulators want to see that a lender is ready before it starts taking on customers, not after.
Firms that build with that in mind from day one usually end up with stronger risk controls, clearer accountability inside the business, and a much better starting position once they’re finally authorised and ready to grow.
