Use it or Lose it: The FCA’s tougher new line on unused permissions

The rugby ball is at the back of the ruck, with the attacking team no longer making any forward progress. “Use it or lose it” shouts the referee, forcing the attacking team to play the ball or risk it being turned over to the other team.

The referee on this occasion is the FCA and the rugby ball is your permissions.

Kick Off

Following the Gloster Report the FCA has committed to conducting its’ own “use it or lose it” exercise. The purpose of the exercise to identify firms that have not earned any regulatory income from their regulatory permissions in the previous 12 months.

The regulatory reporting and returns received by FCA will enable it to carry out a desk based thematic review to identify firms not earning any regulatory income from their permissions.


FCA would investigate whether those firms really need those permitted activities. The primary purpose is uncovering any firms using their permissions to add credibility to unregulated activities as happened in London Capital and Finance.

The scenario that concerns the regulators is that firms are obtaining permissions they do not intend to use in order to create a veneer of respectability for their unregulated activities. The firm will highlight that it is FCA authorised and regulated but it will not be as clear to consumers that the products being sold are not covered by this protection.

Another area of concern for the FCA in relation to unused permissions might be whether the firms still meet the Threshold Conditions to be able to compliantly use these permissions. For example, does the firms still have the financial and human resources to properly deliver the products and services covered by a permission.

Action You Can Take

Consider carrying out a permissions audit. Using it to identify any permissions that you are not using. Also, double check that you have all the permissions that you should have. For example, if you are relying on the matched principal exemption and don’t have permission for dealing as principal or, if you are dealing in binary bets, known as digital options in investment banking, then following MiFID II you need a binary bets permission.

We know the more that you pick up these things yourself and tell them, the happier regulator is, rather than than they or your auditor, finds the problem.

If you know you have unused permissions, it would be sensible under Principle 11 to proactively contact the FCA to explain what you plan to do with these permissions.

For example, you might have decided these are no longer required and you will be seeking a variation to remove these permissions, or you might want to explain how your business plans will use these permissions in the near future and offer to talk FCA through those plans. Do this even if you do not have a dedicated supervisor at FCA, send an email with an offer to discuss.