+44 (0) 207 096 2100
info@acumengcompliance.com
37th Floor, 1 Canada Square, London E14 5DY
If you are running a payment institution or an e-money firm in the UK, you already know that regulatory compliance is not a background function; it is the foundation on which your entire business stands.
The FCA’s expectations have never been more demanding. Consumer Duty obligations are being enforced with real consequences. AML scrutiny on payment firms has intensified significantly. And for EMI firms, the regulatory bar continues to rise, particularly around safeguarding, governance, and financial crime controls.
In this environment, the difference between a firm that thrives and a firm that faces regulatory action often comes down to one thing: the quality of its compliance infrastructure. And the quality of that infrastructure often comes down to who built it.
This guide explains what payment institutions and EMI firms in the UK need from a Best FCA compliance consultant UK and why the right partner makes a measurable difference to your regulatory standing, operational confidence, and your long-term growth.
| Quick Answer: The best FCA compliance consultant for UK payment institutions and EMI firms provides specialist regulatory support, including FCA authorisation, AML framework development, safeguarding compliance, SMCR implementation, Consumer Duty advisory, and ongoing compliance monitoring. Acumen Global Compliance Ltd, based in London, offers over 15 years of direct FCA regulatory experience and has supported more than 250 successful applications across the payment and e-money sector. |
Why Payment Institutions and EMI Firms Face Unique Compliance Challenges
Not all regulated firms face the same regulatory pressures. Payment institutions and electronic money institutions (EMIs) operate in one of the most intensively supervised segments of the UK financial services market and the compliance demands they face reflect that.
Here is why specialist expertise matters specifically for these firm types:
The Complexity of Safeguarding Obligations
Both authorised payment institutions (APIs) and full EMIs are required to safeguard customer funds. This means client money must be held separately from the firm’s own funds, either in a segregated bank account or covered by an insurance policy or guarantee. The FCA has made clear that failures in safeguarding arrangements are among its most serious supervisory concerns in the payment sector.
Getting safeguarding right requires more than a policy document. It requires the right banking arrangements, reconciliation processes, daily monitoring procedures, and clear evidence that the firm’s operations genuinely reflect its safeguarding framework.
The Evolving AML Threat Landscape for Payment Firms
Payment institutions process money at scale and at speed. This makes them a prime target and a key vulnerability in the financial crime landscape. The FCA and the National Crime Agency (NCA) have both signalled increased scrutiny on AML controls at payment firms, particularly around transaction monitoring, suspicious activity reporting, and high-risk corridor management.
For firms processing cross-border payments, operating in higher-risk corridors, or serving customer segments with elevated financial crime risk, a generic AML framework is simply not sufficient. The FCA expects risk-based controls that genuinely reflect the firm’s risk profile not a template lifted from another business.
Consumer Duty: A New Layer of Compliance Complexity
Since the FCA’s Consumer Duty came into full effect, payment institutions and EMIs serving retail customers carry a significantly expanded obligation set. They must demonstrate that their products and services deliver good outcomes across four outcomes: products and services, price and value, consumer understanding, and consumer support.
This is not a compliance exercise you can complete once and file away. It requires ongoing monitoring, annual assessments, board-level reporting, and, in the event of FCA scrutiny, clear evidence that good outcomes are genuinely being delivered.
| Regulatory Alert — 2026The FCA published its supervisory priorities for 2025–2026 with specific reference to payment firms and EMIs. Key areas of focus include: safeguarding arrangements, operational resilience, AML controls in high-risk corridors, Consumer Duty implementation, and financial crime governance. Firms that cannot demonstrate robust controls in these areas face an increasing risk of supervisory intervention. |
What Does an FCA Compliance Consultant Actually Do for Payment Institutions and EMI Firms?
There is a meaningful difference between a compliance consultant who understands payment regulation in theory and one who has built compliance frameworks inside payment institutions and EMI firms in practice. The former gives you documentation. The latter gives you a working compliance infrastructure.
Here is what genuine specialist support looks like for payment institutions and EMI firms:
FCA Authorisation and Licence Applications
Whether you are applying for an API licence, SPI registration, or full EMI authorisation, the FCA application process for payment firms is extensive. A specialist consultant builds your Regulatory Business Plan, structures your governance framework, develops your AML and compliance documentation, and manages your application through the FCA Connect portal ensuring completeness and accuracy from day one.
Safeguarding Compliance and Implementation
Safeguarding is one of the most technically demanding aspects of payment institution compliance. A specialist consultant designs your safeguarding model whether segregated account, insurance-backed, or hybrid and builds the operational processes, reconciliation procedures, and board reporting needed to demonstrate genuine compliance.
AML Framework Development
For payment firms, AML is not a one-time deliverable. A specialist consultant builds a full AML framework tailored to your business model: firm-wide risk assessment, Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures, transaction monitoring parameters, sanctions screening integration, SAR procedures, and an MLRO appointment and training programme.
Ongoing Compliance Monitoring
FCA authorisation is not the end of the compliance journey; it is the beginning. Payment institutions and EMI firms are expected to operate continuous compliance monitoring programmes, carry out annual AML risk assessments, and demonstrate to the FCA (on request) that their compliance function is genuinely active and effective. A retained compliance consultant serves as your compliance function or supports your in-house team in maintaining this standard.
Regulatory Reporting and Supervision
FCA-regulated payment firms must submit regular regulatory reports, including GABRIEL returns, transaction volume data, and safeguarding reports. Missing or inaccurate regulatory returns are a common trigger for supervisory attention. A specialist consultant ensures your reporting obligations are met accurately and on time.
| Operating a Payment Institution or EMI Firm? Acumen Global Compliance provides end-to-end FCA compliance support from authorisation through to ongoing regulatory management. Talk to our experts today. Contact With →FCA authorisation consultant |
FCA Authorisation for Payment Institutions: The Process in Practice
Payment institutions require FCA authorisation before they can legally provide payment services in the UK. The process is rigorous, and the FCA’s standards for payment firms reflect the sector’s systemic importance and financial crime risk.
Step-by-Step: Applying for an API Licence in the UK
1. Regulatory scoping: Map your regulated activities against the Payment Services Regulations 2017 to confirm the correct authorisation type
2. Compliance infrastructure build: Develop your AML framework, governance structure, safeguarding model, and operational policies before submission
3. Regulatory Business Plan: Prepare a detailed, FCA-standard narrative covering your business model, customer base, risk management approach, and regulatory compliance strategy
4. SMCR documentation: Map Senior Manager Functions, prepare Statements of Responsibilities, complete Fit and Proper assessments for all Approved Persons
5. FCA Connect submission: Submit your application with all supporting documentation through the FCA’s online portal
6. FCA review and Information Requests: Respond accurately and promptly to any FCA queries delays in responding extend your timeline
7. Decision and post-authorisation: On authorisation, activate your compliance monitoring programme and begin regulatory reporting obligations immediately
How Long Does an API Licence Take?
| Authorisation Type | Typical Timeline from Complete Submission |
| Small Payment Institution (SPI) | 2–3 months |
| Authorised Payment Institution (API) | 6–12 months |
| API with a complex business model | Up to 18 months |
| SPI to API upgrade | 4–8 months |
These timelines assume a complete, well-prepared application. Applications with gaps in documentation, generic AML policies, or inadequate governance frameworks consistently trigger multiple rounds of Information Requests, each round adding months to the process.
Capital Requirements for Payment Institutions
| Licence Type | Minimum Capital Requirement |
| Small Payment Institution (SPI) | No minimum (but proportionate resources required) |
| Authorised Payment Institution (API) money remittance only | €20,000 |
| Authorised Payment Institution (API) other payment services | €125,000 |
| Full EMI Licence | €350,000 |
| Small EMI Licence | €350,000 (own funds calculation applies) |
EMI Licence Compliance in the UK: What the FCA Expects
The Electronic Money Institution (EMI) licence is one of the most versatile and most demanding authorisations in UK financial services. EMI firms can issue electronic money, operate digital wallets, offer prepaid cards, and provide a wide range of payment services. This commercial breadth comes with a proportionately extensive compliance obligation set.
What Is an EMI Licence?
An Electronic Money Institution (EMI) licence, issued by the Financial Conduct Authority (FCA) under the Electronic Money Regulations 2011 (EMRs), authorises a firm to issue electronic money, a digital store of monetary value redeemable for cash, and to provide payment services. There are two tiers: Full EMI (no cap on e-money issuance) and Small EMI (issuance capped at an average of £5 million outstanding). Full EMI status requires £350,000 in initial capital. |
Core Compliance Requirements for EMI Firms
Beyond the FCA authorisation requirements applicable to all regulated firms, EMI firms face specific obligations under the Electronic Money Regulations 2011:
• Safeguarding of e-money holders’ funds, segregated accounts, or insurance/guarantee arrangements
• Ongoing capital adequacy monitoring, own funds must remain above regulatory minimums at all times
• Compliance monitoring programme documented, active, and board-reported
• AML/CFT framework tailored to e-money risks, including prepaid card fraud, anonymous loading, and cross-border transfer risks
• Consumer Duty implementation for EMIs serving retail customers
• Operational resilience framework systems and controls to ensure continuity of payment services
• SMCR compliance Senior Manager Functions designated and FCA-approved
• Regulatory reporting, regular GABRIEL submissions, and ad hoc FCA requests
• Redemption procedures clear processes for e-money redemption on request or at contract end
How Long Does an EMI Licence Take to Obtain?
The FCA’s assessment timeline for a Full EMI authorisation is typically 6–12 months from submission of a complete application. Small EMI registration can be faster, 3–5 months, but is subject to the same quality of application standards. Incomplete or poorly structured applications consistently result in extended timelines regardless of the EMI tier.
| Expert Insight: One of the most common reasons Full EMI applications are delayed is insufficient evidence of the safeguarding model in practice. The FCA wants to see not just a safeguarding policy, but evidence of the banking arrangement, the daily reconciliation process, and the board-level oversight. Building this evidence before submission, not after, is the difference between a straightforward assessment and months of back-and-forth. |
AML Compliance for Payment Institutions and EMI Firms: The FCA’s Expectations in 2026
Anti-money laundering compliance is not a peripheral obligation for payment firms it is a core pillar of FCA supervision. The payment sector’s exposure to financial crime risk is significant, and the FCA has been explicit about its expectations.
The AML Risks Specific to Payment Firms
Payment institutions and EMI firms face a distinct set of financial crime risks:
• High transaction volumes and large numbers of transactions make manual review impossible without robust automated monitoring
• Cross-border transfers and international payments carry heightened FATF-identified risks, particularly in higher-risk corridors
• Anonymity risks prepaid products and certain payment structures can be exploited for layering and integration
• Politically Exposed Persons (PEPs) payment firms serving international customers are statistically more likely to encounter PEP exposure
• Third-party payment flows, agency models and payment facilitators create complex beneficial ownership challenges
• Crypto-linked flows where payment firms handle fiat on-ramps or off-ramps for crypto transactions, financial crime risk increases significantly
What a Robust AML Framework Looks Like for a Payment Institution
A compliant, FCA-ready AML framework for a payment institution or EMI firm comprises:
• Firm-wide AML risk assessment: A documented, board-approved assessment of your specific financial crime risks updated at least annually and on material change
• Customer Due Diligence (CDD): Identity verification procedures for all customers at onboarding, with tiered approaches based on risk level
• Enhanced Due Diligence (EDD): Heightened scrutiny procedures for high-risk customers, PEPs, high-risk geographies, and complex ownership structures
• Transaction monitoring: Automated systems calibrated to your specific business model, with documented alert thresholds and review procedures
• Sanctions screening: Real-time screening against OFSI, UN, EU, and OFAC lists with clear escalation and freeze procedures
• Suspicious Activity Reporting (SAR): Clear internal reporting procedures, MLRO review process, and NCA submission protocols
• AML policies and procedures: Written, board-approved, operationally integrated and genuinely reflective of how the business actually operates
• MLRO appointment and empowerment: A designated, senior Money Laundering Reporting Officer with appropriate authority, resource, and board access
• Staff training: Regular AML training for all relevant staff, documented and evidenced
| Expert Insight: The FCA’s message to payment institutions is consistent: a generic AML policy is not a compliant AML framework. The regulator assesses whether your controls genuinely reflect your risk profile, not whether they look good on paper. For firms serving diaspora communities, operating in emerging market corridors, or processing high-volume cross-border transactions, the bar is higher, and the consequences of getting it wrong are more severe. |
SMCR, Consumer Duty, and Governance: The Compliance Foundations the FCA Expects
SMCR for Payment Institutions and EMI Firms
The Senior Managers and Certification Regime (SMCR) is an FCA framework that establishes individual accountability for senior leaders in regulated firms. All FCA-authorised payment institutions and EMI firms are subject to SMCR. Senior Manager Functions (SMFs) must be FCA-approved, hold Statements of Responsibilities, and be personally accountable for the areas under their control. All staff are subject to FCA Conduct Rules and must receive appropriate training. |
For payment institutions and EMI firms, SMCR compliance requires clear mapping of your governance structure to FCA-prescribed Senior Manager Functions, including the CEO (SMF1), the Finance function (SMF2), and the Compliance Oversight function (SMF16). Each SMF holder must be assessed as fit and proper before FCA approval.
Consumer Duty for Payment and E-Money Firms
Consumer Duty applies to all FCA-regulated firms that serve retail customers — which includes most payment institutions and EMI firms operating in the UK. The Duty requires firms to demonstrate that they are actively delivering good outcomes across four areas:
• Products and services are your payment and e-money products genuinely meeting customer needs?
• Price and value are your fees fair relative to the benefits provided?
• Consumer understanding: Are customers adequately informed about your products, fees, and how to use your services?
• Consumer support: Can customers access effective support when they need it?
The FCA does not expect perfection, but it does expect evidence. Board-level Consumer Duty reports, annual outcome assessments, and documented monitoring programmes are the minimum standard for 2026.
Governance Framework for Payment Firms
Effective governance is the scaffolding that holds every other compliance obligation together. The FCA expects payment institutions and EMI firms to have clear governance structures, defined decision-making authority, active board oversight of compliance risks, and documented escalation procedures for regulatory issues.
For firms where the governance structure is informal or undocumented common among rapidly growing startups, this is often one of the most urgent areas to address before FCA scrutiny arrives.
Supporting International Payment Businesses and Remittance Operators
London’s payment sector is genuinely international. Thousands of FCA-regulated payment institutions and EMI firms operate cross-border payment services, serve diaspora communities, and move money across corridors that carry specific financial crime and regulatory risks.
Compliance support for these businesses requires more than regulatory knowledge. It requires cultural understanding, corridor-specific AML expertise, and experience of working with businesses whose operational reality is genuinely international.
Compliance for Remittance Businesses in the UK
Remittance operators face a particularly demanding compliance environment. They process high volumes of cross-border transactions, often to higher-risk FATF jurisdictions. They serve customer segments that may be underbanked or use cash. And they frequently operate on thin margins, making the cost of compliance a real commercial pressure.
Acumen Global Compliance Ltd has built genuine specialist expertise across more than 15 international remittance corridors, including businesses serving Bangladeshi, Pakistani, Nigerian, Ghanaian, and South Asian communities from the UK. Our compliance frameworks are built around the operational reality of these businesses not adapted from generic templates designed for mainstream retail banking.
| Real-World Scenario A London-based remittance operator serving the Bangladesh corridor was referred to Acumen following FCA supervisory concerns about its AML framework and transaction monitoring. Acumen carried out a full compliance gap analysis, rebuilt the firm’s AML risk assessment and CDD procedures to reflect the specific risks of the Bangladesh corridor, calibrated its transaction monitoring parameters, and delivered MLRO training. The firm subsequently received a satisfactory FCA supervisory assessment. |
Note: This scenario is illustrative. All client work is subject to strict confidentiality.
Why Acumen Global Compliance Ltd Is the Right Choice for Payment Institutions and EMI Firms
There is no shortage of compliance consultants in the UK. But specialist expertise in payment institutions and EMI regulation, combined with practical commercial understanding and a track record of successful FCA applications is considerably rarer.
15+ Years of Direct FCA and HMRC Regulatory Experience
Acumen Global Compliance Ltd was founded and is led by Md M A Khan, an FCA compliance expert with more than 15 years of direct regulatory experience. He has personally supported over 250 successful regulatory applications across payment institutions, EMI firms, FinTech companies, MSBs, and cross-border payment operators.
His qualifications include APCC Membership, AICA, ACPA, and ACSI reflecting a commitment to the highest professional standards in UK compliance practice. Acumen holds active memberships with the International Compliance Association (ICA), the Association of Professional Compliance Consultants (APCC), and the Chartered Institute for Securities & Investment (CISI).
Practical Compliance Not Theoretical Consultancy
Every compliance framework Acumen builds is designed to work operationally not just to satisfy an FCA checklist. We build AML frameworks that real compliance teams can implement. We design governance structures that actual businesses can operate. We write policies that reflect how a firm genuinely functions.
The result is a compliance infrastructure that withstands regulatory scrutiny because it was built to function in practice, not just to look good on paper.
Full-Service Support From Authorisation to Ongoing Compliance
• FCA authorisation support: API, SPI, EMI, consumer credit, crypto registration
• AML framework development: Risk assessments, CDD/EDD procedures, transaction monitoring, SAR processes, MLRO support
• Safeguarding compliance: Model design, operational processes, daily reconciliation, board reporting
• Governance and SMCR: SMF mapping, Statements of Responsibilities, Fit and Proper assessments, Conduct Rules training
• Consumer Duty: Implementation plans, outcome monitoring, annual assessments, board reporting templates
• Compliance monitoring: Annual programmes, ongoing review, regulatory reporting support
• Regulatory remediation: FCA Information Request responses, supervisory support, compliance gap remediation
• Training: AML, Consumer Duty, SMCR, and compliance awareness training for boards and staff
| Ready to Work With the UK’s Specialist Payment and EMI Compliance Consultants? Whether you are applying for your first FCA licence or strengthening an existing compliance framework, our team is ready to help. [ Speak With Our Experts → acumengcompliance.com/contact ] |
Frequently Asked Questions
1. What is the difference between a payment institution and an EMI firm?
| Answer: A payment institution (API or SPI) is authorised to provide payment services processing, transmitting, and facilitating payments. An e-money institution (EMI) can do all of this and also issue electronic money a digital store of value that can be loaded, held, and redeemed. EMIs can therefore operate digital wallets and prepaid products in ways that payment institutions cannot. EMI licences carry higher capital requirements (€350,000 vs €125,000 for APIs). |
2. Do payment institutions need an AML framework to get FCA authorised?
| Answer: Yes. AML compliance is a core FCA authorisation requirement for all payment institutions and EMI firms. The FCA will not authorise a firm without a documented, risk-based AML framework that includes: a firm-wide risk assessment, CDD and EDD procedures, transaction monitoring, sanctions screening, SAR procedures, a designated MLRO, and staff training. The framework must reflect the firm’s specific business model not a generic template. |
3. What is safeguarding, and why does it matter for payment firms?
| Answer: Safeguarding is the legal requirement for authorised payment institutions and EMI firms to protect customer funds. Client money must be kept separate from the firm’s own funds either in a dedicated segregated bank account or covered by an insurance policy or bank guarantee. The FCA has identified safeguarding as a priority supervisory concern in the payment sector. Firms that cannot demonstrate robust, operational safeguarding arrangements face significant regulatory risk. |
4. How much does it cost to get an EMI licence in the UK?
| Answer: FCA fees for a Full EMI authorisation vary based on the firm’s projected income but are typically in the range of £5,000–£25,000+. Additionally, Full EMI firms must demonstrate £350,000 in initial own funds capital. Professional consultancy costs vary by project scope. However, the total investment in a well-prepared application is significantly lower than the commercial cost of delays, rejections, or resubmissions caused by inadequate preparation. |
5. Can a startup apply for an EMI licence in the UK?
| Answer: Yes. The FCA does not require an applicant to have an existing operating history. However, startup EMI applicants must demonstrate a credible business model, adequate capital (£350,000 for Full EMI), a governance framework, an AML compliance infrastructure, and a realistic programme of operations, all before trading begins. Many startups begin with Small EMI registration and upgrade to Full EMI authorisation as their business scales. |
6. What is the difference between FCA authorisation and HMRC MLR registration?
| Answer: FCA authorisation is required for firms providing regulated payment or e-money services under the Payment Services Regulations 2017 or the Electronic Money Regulations 2011. HMRC MLR registration is required for money service businesses (MSBs), including currency exchange and certain payment activities that fall outside the FCA’s regulatory perimeter. Some businesses require both. A specialist compliance consultant can advise on which regulatory pathway applies to your specific business model. |
