Banking regulation and compliance

Banking regulation and PRA authorisation

Dual PRA and FCA authorisation requirements for UK banks, including capital requirements, mobilisation routes, and ongoing regulatory obligations under SM&CR and Consumer Duty.

UK-wide
Guide summary

You must get authorisation from both the PRA and FCA before starting a bank in the UK. Choose between two routes: full authorisation or mobilisation with lower capital. You must meet capital requirements and follow ongoing rules like SM&CR.

  • Get dual authorisation fromTthe PRA and FCA before operating
  • Choose Option A (full authorisation) if you have all capital ready
  • Choose Option B (mobilisation) if you need lower initial capital
  • Meet minimum capital ratios: 4.5% CET1, 8% total capital
  • Follow Senior Managers and Certification Regime (SM&CR) rules
  • Option B lasts up to 12 months with business restrictions
  • Full authorisation takes 12-24 months to complete
  • Basel 3.1 rules start 1 January 2027
  • FPC system-wide benchmark is 11% CET1 capital
  • Keep capital buffers: 2.5% conservation, 0-2.5% countercyclical
On this page
UK-wide

Related guides in Tax & Finance

Operating a bank in the UK requires dual authorisation from the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA). This is not optional - accepting deposits without authorisation is a criminal offence under the Financial Services and Markets Act 2000 (FSMA).

The PRA supervises prudential matters including capital adequacy, liquidity, and risk management. The FCA supervises conduct matters including customer treatment, market integrity, and Consumer Duty compliance. You must obtain both authorisations to operate as a bank.

Choosing your authorisation route

The PRA offers two routes for new bank applications. Your choice depends on your capital position, business model, and how quickly you need to start operating.

Which route is right for you?

  • Choose Option A if you have full capital available from day one, are an overseas bank establishing a UK subsidiary, or need unrestricted operations immediately after authorisation.
  • Choose Option B if you're a new bank with limited initial capital, need time to develop systems under live regulatory supervision, or want to test your business model before scaling up.

Most new UK challenger banks use Option B mobilisation to reduce initial capital requirements and develop their infrastructure during the 12-month restricted period. Once ready, they transition to full authorisation with unrestricted deposit-taking.

Capital requirements

Regardless of which authorisation route you choose, all UK banks must ultimately meet minimum capital ratios to absorb potential losses and protect depositors.

What this means in practice: Your bank must hold capital (shareholder equity and retained earnings) equal to at least 8% of your Risk-Weighted Assets (RWA). Higher-risk lending (unsecured personal loans, for example) carries higher RWA weighting than lower-risk lending (mortgages with substantial deposits).

The Capital Conservation Buffer adds another 2.5% requirement, bringing the practical minimum to 10.5% for CET1 capital. The FPC's system-wide benchmark of approximately 13% Tier 1 capital (11% CET1) reflects supervisory expectations for adequately capitalised banks.

Basel 3.1 implementation: From 1 January 2027, updated capital calculation methods take effect. Banks should begin preparations in 2025-2026 to ensure compliance with the new framework.

Senior Managers and Certification Regime

All UK banks must comply with the Senior Managers and Certification Regime (SM&CR), which creates individual accountability for senior decision-makers and ensures key staff are fit and proper for their roles.

Practical implications for new banks:

  • Before launch: Identify which roles are Senior Management Functions (SMFs). Typical SMFs include CEO, CFO, CRO (Chief Risk Officer), MLRO (Money Laundering Reporting Officer), and Compliance Oversight Function holder. Each SMF holder needs FCA/PRA pre-approval before starting their role.
  • Statements of Responsibilities: Document exactly what each SMF holder is personally accountable for. These must be clear, comprehensive, and updated when responsibilities change.
  • Certification roles: Identify staff in Certification Functions (typically customer-facing roles with significant influence). You must assess and certify annually that these individuals remain fit and proper.
  • Conduct Rules training: Almost all staff must understand and comply with the Individual Conduct Rules. Build training programmes and monitoring processes to demonstrate compliance.

The 2025 reforms (expected mid-2026) will simplify certification requirements by removing duplicative role definitions, reducing the compliance burden for smaller banks.

Consumer Duty obligations

The FCA's Consumer Duty represents a higher standard of care for retail banking customers. You must design products and services that deliver good outcomes, not just avoid causing harm.

What this means for new banks:

  • Product design: Before launching current accounts, savings accounts, or lending products, demonstrate they meet identified customer needs. Conduct needs assessments and target market identification.
  • Price and value: Regularly review whether customers are getting fair value. This isn't just about low prices - it's about reasonable price relative to the benefits provided and the costs of production.
  • Clear communications: Test customer communications to ensure they're understandable. Avoid jargon and complex terms and conditions that obscure important information.
  • Accessible support: Design support channels (phone, online chat, branch access) that meet customer needs. Monitor response times and resolution rates.

The FCA's 2025 focus areas (small business current accounts, credit card T&Cs, savings account disclosure) indicate where the regulator expects improvements. Build these considerations into your product development from the start rather than retrospectively fixing issues.

Deposit protection

All UK-authorised banks must participate in the Financial Services Compensation Scheme (FSCS), which protects customer deposits if your bank fails.

Your obligations:

  • FSCS membership: Mandatory for all deposit-taking institutions. You'll pay annual levies based on your deposit base.
  • Customer disclosure: You must inform customers about FSCS protection - the £120,000 limit, the per-person-per-firm basis, and that the limit applies across all accounts they hold with your bank.
  • Excluded deposits: Certain deposits aren't protected (large corporations, financial institutions, public authorities). Make this clear to affected customers.

FSCS protection is a key competitive advantage for authorised banks versus unregulated payment institutions and e-money firms, which don't offer the same level of depositor protection.

Professional & Financial Services Requirement

Ring-fencing requirements for large banks

If your bank grows to hold core deposits over £25 billion, you'll become subject to ring-fencing requirements under the Banking Act 2009.

Ring-fencing requires:

  • Separation of retail banking into a ring-fenced body (RFB) legally and operationally separate from investment banking
  • Excluded activities (investment banking, trading, commodities) must be conducted outside the RFB
  • Protected services (retail deposits, overdrafts, credit cards, SME lending) must remain in the RFB

Purpose: Protects retail customers and small businesses by isolating them from riskier investment banking activities. If the investment banking part fails, the retail bank can continue independently.

Who this applies to: Only banks with core deposits exceeding £25 billion. Most new challenger banks won't reach this threshold for many years, if ever.
Enforcement: PRA supervision and enforcement. Structural separation must be complete before reaching the threshold.
PRA ring-fencing overview (opens in a new tab)

Application timeline and costs

Expect the authorisation process to take 12-24 months from initial application to approval. During this time, you'll incur significant costs:

  • Application fees: Higher than standard FCA authorisation due to dual regulation
  • External advisers: Budget £100,000-£500,000+ for legal, compliance, and consulting support
  • Management time: Senior team will spend substantial time on authorisation process
  • System development: Building compliant banking systems, risk management frameworks, and governance structures

Option B mobilisation reduces initial capital requirements but doesn't reduce these other costs. You still need robust systems and governance before the PRA will grant even a restricted licence.

  1. 1

    Determine which authorisation route suits your business

    Assess your capital position and business model. Contact the PRA's New Bank Unit for pre-application discussions to understand which route (Option A or Option B) is appropriate.

  2. 2

    Engage specialist legal and regulatory advisers

    Bank authorisation is complex. Hire advisers with proven PRA/FCA authorisation experience to guide your application and avoid costly mistakes or delays.

  3. 3

    Identify Senior Management Functions and start approval process

    Map out your governance structure and identify which roles are SMFs. Begin preparing Statements of Responsibilities and fit and proper assessments for each SMF holder.

  4. 4

    Design products with Consumer Duty compliance built in

    Don't retrofit Consumer Duty after product launch. Build needs assessments, value reviews, and customer outcome monitoring into your product development process from the start.

  5. 5

    Build capital and governance frameworks

    Develop capital planning, risk management, and internal governance frameworks that meet PRA supervisory expectations. These take months to build and must be operational before authorisation.