Have you ever wondered what it takes to start a bank or an e-money institution? Perhaps you think it’s out of the realms of possibility for anyone other than those that know the ins and outs of complex banking regulation. Or you might think that, with the influx of new financial services providers entering the market, it’s not as difficult as some would have you believe.

Over the past two years I have been an exec at two UK financial institutions, both of which have been through the regulatory journey to become fully regulated, the first with a full UK banking license. At Centtrip, we’ve recently become regulated in our own right with an e-money license.

The good news is that in 2014 the PRA introduced a new streamlined process designed to facilitate innovation and support competition in the UK financial services market, lowering barriers to entry – and it’s working.

Though streamlined, the process is, nevertheless, still rigorous and time consuming – and so it should be.

I come across quite a few smart and focused start-up founders in my line of work and the question I’m asked most frequently is – how do I best navigate the process in order to get the license I need?

Here I’ve described the more complex full banking application process which involves the following four main steps:

1. Pre-application
2. Apply (the process to obtain Authorisation with Restriction (AWR)
3. Mobilisation to obtain Lifting Restriction (LR)
4. After LR

For the first real phase, pre-application, the founding team must adequately demonstrate to the regulators that they have what it takes to establish and successfully operate a regulated business.

Pre-Application: How do you prove you can build a bank?

Some of the most pressing and difficult challenges in the entire process come during pre-application.

At this stage, it’s important to consider whether setting up a bank is the right route or whether an e-money license will be adequate. For many fintech businesses, an e-money license is more appropriate as they’ll simply be moving money around rather than holding it, offering loans or credit.

On an aside, it’s also worth considering the nature in which banks are valued compared to fintechs. These factors depend on the founders, investors and shareholders’ exit expectations; there are also the different governance and compliance obligations – one for another article though.

Organisations need to document their business plan and the products and services they want to offer as this will directly impact the level of authorisation required from the PRA and FCA. It is also important to consider the senior management team, financial resources, investment, IT strategy and outsourcing requirements. Prospective bank founders need to provide evidence of their intimate knowledge of banking. Critics say this means lots of bankers are needed in the exec team or on the board, cutting out a large section of the fintech community. Be aware and note the cultural challenges in successfully integrating people with different backgrounds and experience in a successful new (would be) bank.

At this stage, firms enter into what can only be described as a courtship with the regulators. Over a series of meetings, the organisation must outline its intentions and demonstrate that it has what it takes to follow through.

The important thing here is that to demonstrate, not only the required expertise, but also that the prospective business offers a clear benefit to its customers. How will the organisation positively impact the consumer and the wider industry? The regulator is looking for a differentiated offering.

Application: Getting to second base

It is better if the organisation is (in effect) invited to apply; that means the regulators believe the prospective bank is in good shape with no obvious issues. They can of course just apply, but it’s better to do the work upfront rather than after application, in my opinion.

The application phase requires organisations to submit:

• A standard application form set;
• A fully developed regulatory business plan;
• A fully developed recovery and resolution plan;
• Fully developed financial resource documents (ICAAP and ILAP);
• An outline of the proposed governance/structure/board/senior management regime, including a high-level structure with the ‘key guiding minds’ in place; senior management roles critical to mobilisation identified and ready for recruitment;
• A high level outline of IT systems;
• A fully considered outsourcing plan;
• A document outlining how the bank will fund itself including capital adequacy (the capital the bank must hold to cover risks that are dependent on the type of products it will offer).

When it comes to IT, organisations need to prove that they’re able to successfully deploy the required IT, monitor it and keep all data secure.

They must demonstrate what they’ll do if systems are unavailable for minutes, hours and days – particularly problematic if it’s an app-only bank of course! They’ll have to think about the steps they’ll have to take to ensure customers don’t suffer and what they’ll do to find a solution when things go wrong. And, most importantly, how customer funds will be safeguarded in event of failure. 

In this period, would-be banks will need to respond to requests for further information and provide the regulators with any required detail. Everyone in the exec team knowing every scenario, word, number, and ratio is vital.

Six to eight months following application an ‘interim’ banking license will be provided if the  regulators are convinced the organisation has what it takes to build a bank and run it successfully.

Mobilisation: Following authorisation with restriction

At this point the company will officially be a bank and will have reached Authorisation with Restriction (AWR). It will be expected that the organisation will become fully operational within 12 months, so a plan is needed with timescales for mobilisation.

There has been a recent instance where a challenger bank has not mobilised in this timeframe,  requiring a re-application. This is obviously not a great place to be, so it pays to have everything in place (including funding).

Now the bank can start to accept deposits up to the value of £50,000 with this restriction being lifted after 12 months if it has mobilised (has funding and has built its systems, processes and recruited the right people) as it planned.

Beyond lifting restriction

Now is the tough part. Doing what you said you would do.

The organisation’s regulatory business plan (RBP) will have been very specific about what customer demographic the bank aims to serve, how customers will use  the offered services, how much the bank will make from each one and how many net customers the bank will attract each month. The organisation now needs to start delivering on these promises to shareholders, staff, customers and regulators.

E-money versus a Banking licence

Although higher standards are generally expected for banks, as they’re holding customers’ money, the level of IT systems’ design, build, operation, security and control are the same for both banks and e-money providers.

Whichever path an organisation moves down, it will need to maintain compliance with the relevant regulations – proving that it has the right processes and systems in place – on an ongoing basis after it has secured its license. A key difference is that banks must put internal and external compliance auditors in place to check the senior exec and board processes to ensure they remain compliant.

Start-up challenger banks and e-money providers with their roots in the technology industry, can sometimes find this level of compliance and regulation difficult to comprehend. That’s why even the most forward thinking new bank will benefit from the inclusion of board members with traditional banking experience.

Banks and financial services providers need to be able to justify every action using processes, controls, checks, and logs to keep an audit trail as evidence. This level of ‘bureaucracy’ can seem like overkill to the un-initiated but it’s important to maintain these processes to not only mitigate risk but ensure customers get the secure, reliable service they expect from UK financial services businesses, complemented, I hope, with increasing innovation and challenge.

As we’ve found at Centtrip, it’s not an easy process but it’s great to see so many other fintech businesses coming into the industry. Securing a banking or e-money license will and should never be straightforward, but with every new development and with a regulatory and business  environment set up to support new founders, no one should feel that the doors are impossible to open.

The Prudential Regulatory Authority (PRA) and the Financial Conduct Authority (FCA) have been positive, supportive and helpful throughout both my journeys. Their facilitation of innovation and competition in the UK financial service market place should be commended.