.png)
Fitness and Propriety in FinTech and Payments: Compliance Essentials
What are the odds that you might not secure or could even lose your payment authorisation because your people fail the fit and proper test?
You have just invested months into securing your payment authorisation—only to face rejection because a key executive failed the test. Or worse, you risk losing your existing authorisation due to oversights in assessing ongoing fitness and propriety. Changes in individual circumstances are very common and must be factored in.
We recently worked with a consumer credit firm that had its authorisation denied after months of preparation. The issue? Its Chief Risk Officer had managed risk at a previous employer that went bankrupt. To secure authorisation, they had to replace that individual.
Such failures are more common than you might think. This article unpacks the FCA’s fit and proper requirements, explains how to prepare, and introduces tools like Aevitium’s fit and proper checklist to keep your firm compliant and competitive.
Understanding 'Fit and Proper' Requirements
The FCA defines 'fitness and propriety' as the minimum standard individuals must meet to hold regulated positions under the Senior Managers and Certification Regime (SMCR). This test ensures that individuals in control functions demonstrate honesty, integrity, competence, and financial soundness over the course of carrying out regulated activity.
Key FCA Requirements:
Integrity: Honest conduct in personal and professional dealings, free from misconduct or mismanagement, whether unlawful or not.
Competence and Capability: Relevant knowledge, skills, and experience for the role, ensuring all appointments meet the required criteria.
Financial Soundness: Sound financial management without conflicts of interest.
For FinTech firms, compliance with these standards builds trust, ensures transparency, and minimises regulatory risk. Existing directors must also demonstrate that they are proper for their roles through documented assessments and evaluations.
Role-Based Profiles to Pass the Test
To meet the FCA's fit and proper requirements, key roles in FinTech firms must demonstrate high standards of integrity, competence, and financial soundness. The table below outlines the specific expectations for each role, along with examples of red flags that could indicate mismanagement or misconduct leading to non-compliance.
Role | Integrity | Competence | Financial Soundness | Red Flags |
Chief Executive Officer (CEO) | Proven track record in leadership roles with no history of misconduct. | Extensive experience in financial services, strategic planning, and regulatory compliance. | History of sound financial decisions and no bankruptcies. | Prior regulatory breaches, mismanagement of past organisations, or personal bankruptcies. |
Chief Financial Officer (CFO) | Transparent financial reporting and adherence to accounting standards. | Strong financial qualifications (e.g., CPA, ACCA) and experience managing budgets, audits, and compliance. | Clean financial history and evidence of fiscal responsibility. | Unexplained discrepancies in financial reporting, previous accounting fraud, or fines for non-compliance or unlawful behavior. |
Chief Risk Officer (CRO) | Demonstrated commitment to ethical risk practices and no regulatory violations. | Expertise in risk management frameworks, governance, and compliance processes. | Proven ability to manage operational and strategic risks without conflicts of interest. | Previous involvement in organisations with significant operational failures or regulatory sanctions. |
Compliance Officer | Strong ethical background with no regulatory breaches. | In-depth knowledge of regulatory frameworks (FCA, SMCR) and prior experience managing compliance programs. | History of compliance with personal financial obligations. | Lack of AML expertise, prior disciplinary actions, or gaps in compliance framework knowledge. |
MLRO (Money Laundering Reporting Officer) | Unblemished professional history with no association to money laundering activities. | Deep understanding of anti-money laundering (AML) frameworks and experience in investigations. | Transparent financial records and no previous financial penalties. | Failure to detect/report suspicious activity, or lack of AML certifications or relevant investigative experience. |
Technology Lead/CTO | Ethical handling of sensitive data and compliance with cybersecurity regulations. | Expertise in IT systems, cybersecurity frameworks, and data protection laws. | Demonstrated ability to deliver cost-effective and secure technology solutions. | Data breaches, poor cybersecurity practices, or lack of expertise in data protection laws and controls. |
Importance of the Fit and Proper Test in FinTech and Payment Firms
The rapid growth of FinTech has attracted regulatory scrutiny, necessitating robust governance to mitigate risks such as fraud, cyber threats, and financial misconduct. The fit and proper test plays a crucial role in:
Regulatory Approvals: Meeting authorisation requirements for payment services and e-money licenses.
Risk Mitigation: Ensuring leaders can identify and addressing operational risks.
Investor Confidence: Promoting accountability and transparency to attract investors.
FinTech firms often operate in complex ecosystems, dealing with Application Programming Interfaces (APIs), third-party vendors, and cross-border regulations, making the implementation of a fit and proper framework indispensable.
Become a licensed payment firm with our expert help! From license applications to ongoing risk and compliance support, we're here to support you. Discover Aevitium LTD Risk Management Services for FinTech and Payment firms.
Conducting a Fit and Proper Person Test
The fit and proper person test evaluates suitability through:
Criminal Records Checks – Screening for fraud, dishonesty, or regulatory breaches.
Competence Assessment – Reviewing professional qualifications and past performance.
Financial History Review – Ensuring no history of bankruptcy or insolvency.
Reference Checks – Verifying claims about experience and ethical behaviour.
Firms are required to document and retain evidence of these assessments, aligning them with the broader compliance program.
Common Reasons for Failing the Fit and Proper Test
Candidates can fail the FCA's fit and proper test if they do not meet the required standards. Below is a list of the 10 common reasons that may lead to failure:
Criminal Convictions: Past convictions for fraud, dishonesty, financial crimes, or money laundering.
Mitigation: Conduct thorough pre-employment checks and avoid hiring candidates with relevant convictions for regulated activity roles.
Regulatory Breaches: Previous enforcement actions or penalties from regulatory authorities.
Mitigation: Assess the context of the breach, determine corrective actions taken, and evaluate whether the appointments meet compliance standards.
Bankruptcy or Insolvency: History of personal or business bankruptcy, unpaid debts, or financial mismanagement.
Mitigation: Review financial recovery actions, assess improvements in financial soundness, or consider alternative roles that do not involve financial oversight.
Misrepresentation or False Information: Providing false or misleading information during the application process.
Mitigation: Implement strict verification processes and require documented evidence of credentials and experience.
Inadequate Qualifications: Lack of required certifications, professional designations, or relevant experience.
Mitigation: Support professional development programs and provide role-specific training prior to appointments.
Poor Employment History: Termination due to misconduct, mismanagement, or conflicts of interest.
Mitigation: Obtain multiple references, assess context, and document evidence of remediation steps or skill improvements.
Conflict of Interest: Unresolved conflicts that compromise decision-making or governance.
Mitigation: Identify conflicts early, enforce disclosure requirements, and implement policies to manage conflicts effectively.
Failure to Demonstrate Competence: Inability to prove adequate knowledge, skills, or experience for the role.
Mitigation: Establish ongoing training programs, coaching, and shadowing opportunities to build competence.
Non-Compliance with AML/Financial Crime Rules: Breaches in anti-money laundering processes or failing to prevent financial crime.
Mitigation: Provide regular AML training and conduct periodic testing to ensure understanding and compliance.
Negative References or Reputation Issues: Poor references, public controversies, or damage to professional reputation.
Mitigation: Conduct thorough due diligence, clarify context with previous employers, and document steps taken to address concerns.
Challenges in Implementing Fitness and Propriety Assessments
Key Challenges | Solutions |
Data Verification | Leveraging technology for automated background checks. |
Cross-Border Complexity | Engaging compliance consultants to streamline assessments across different jurisdictions. |
Resource Constraints | Utilising Aevitium LTD's fit and proper checklist to standardise evaluations and reduce administrative burden. |
Changing Standards | Keeping pace with evolving FCA regulations through regular training and updates to compliance programs. |
Fit and Proper Checklist for FinTech Firms
Aevitium LTD has developed a robust fit and proper checklist designed to help firms navigate regulatory obligations efficiently. The checklist covers:
Pre-Employment Screening: Criminal, financial, and qualification checks.
Ongoing Monitoring: Annual assessments and continuous improvement.
Training and Development: Programs to enhance competence and capabilities.
Documentation Standards: Templates for evidence collection and audit trails.
Addressing Fit and Proper Test Failures
Failing the fit and proper test does not always mean immediate replacement. Firms should first assess whether the issues can be remediated through:
1. Training and Development Plans: Providing additional training or mentoring to address competency gaps.
2. Role Reassignment: Moving the individual to a less critical role where their skills are more suitable.
3. Corrective Actions: Resolving financial issues, conflicts of interest, or regulatory concerns with documented steps.
4. Monitoring and Support: Implementing closer supervision and periodic reassessments.
However, in cases involving serious integrity issues (e.g., criminal convictions or
regulatory breaches), replacement may be necessary to ensure compliance and protect the firm’s reputation. It is essential to document all decisions and actions taken, ensuring transparency and regulatory compliance.
Connecting Fitness and Propriety to Broader Risk Management
The fit and proper framework complements Aevitium LTD's other risk and compliance offerings, including:
Operational Risk Management (ORM): Addressing vulnerabilities through structured frameworks.
Agile Risk Management: Adapting governance practices to dynamic market conditions.
Three Lines Model Implementation: Defining accountability and strengthening oversight.
Cultural Risk Assessments: Mitigating risks related to non-financial misconduct and diversity gaps.
Best Practices for Building a Fit and Proper Culture
Building a fit and proper culture requires deliberate effort and consistent reinforcement of ethical standards. Below are key practices that firms should adopt to foster compliance and accountability:
Leadership Commitment:
o Ensure executives and senior managers lead by example, demonstrating ethical behaviour and accountability.
o Develop a 'tone from the top' approach where leadership prioritises compliance and integrity.
o Integrate compliance responsibilities into performance reviews and incentive structures.
Clear Policies:
o Establish well-documented hiring, monitoring, and reporting processes that are transparent and easily accessible.
o Implement policies for pre-employment screening, ongoing assessments, and incident reporting.
o Communicate these policies regularly and make updates in response to regulatory changes.
Regular Training:
o Provide mandatory onboarding sessions and periodic training programs to educate employees about compliance expectations and regulatory requirements.
o Tailor training modules for different roles, focusing on specific responsibilities and risks.
o Use case studies and scenarios to enhance understanding and application.
Audit Readiness:
o Maintain comprehensive documentation, including records of fit and proper assessments, training attendance, and policy updates.
o Conduct regular internal audits to identify gaps and areas for improvement.
o Prepare for regulatory inspections by developing standardised reporting templates and compliance checklists.
Whistleblower Protection:
o Establish a secure and anonymous reporting system to encourage employees to report concerns without fear of retaliation.
o Promote awareness of whistleblower protections through training and communications.
o Investigate reports promptly and take appropriate corrective actions, maintaining confidentiality throughout the process.
Continuous Improvement:
o Review and refine compliance programs based on feedback, audit findings, and regulatory updates.
o Foster a culture of learning and adaptability by encouraging employees to share insights and improvements.
o Engage external experts periodically to benchmark practices against industry standards.
Conclusion
The FCA's fit and proper standards form the backbone of effective governance in payment and FinTech firms. By adopting a proactive approach and leveraging Aevitium's fit and proper checklist, businesses can streamline compliance, enhance trust, and mitigate risks. Integrating these principles with broader frameworks such as ORM, agile risk management, and cultural assessments strengthens organisational resilience in a competitive landscape.
For more insights and tools on compliance and risk management, visit Aevitium LTD's resource hub or contact us for tailored advisory services.
Frequently Asked Questions (FAQs)
1. What is the FCA’s fit and proper test?
The fit and proper test is an assessment conducted by the Financial Conduct Authority (FCA) to determine whether individuals in senior management or key roles meet the required standards of integrity, competence, and financial soundness.
2. Who needs to take the fit and proper test?
Individuals performing Senior Management Functions (SMFs) under the Senior Managers and Certification Regime (SMCR) or those in Certified Roles, such as Chief Executive Officers, Chief Risk Officers, and Compliance Officers, must pass the test.
3. What happens if someone fails the fit and proper test?
Failing the test can lead to rejection of regulatory authorisation applications or removal from a role. However, firms may address gaps through training, role reassignment, or corrective actions, except in cases of serious breaches.
4. How often should firms assess fitness and propriety?
Assessments should be conducted:
Before hiring or appointing an individual to a regulated role.
Annually as part of ongoing compliance.
Whenever there is a significant change in the individual’s role or responsibilities.
5. Can someone with a past bankruptcy pass the fit and proper test?
Yes, but only if the individual can demonstrate financial recovery, responsible management, and corrective actions taken to address past issues.
6. Are there different requirements based on the type of payment license?
Yes, specific requirements may vary depending on whether the firm operates as an e-money institution (EMI) or a payment service provider (PSP). Both must comply with FCA regulations, but EMIs may face additional scrutiny related to safeguarding customer funds.
7. How can firms prepare for the fit and proper test?
Firms should:
Conduct pre-employment screenings and background checks.
Use Aevitium’s fit and proper checklist for compliance evaluations.
Provide ongoing training to maintain competence and regulatory standards.
8. What are the most common reasons for failure?
Common reasons include:
Criminal convictions or regulatory breaches.
Lack of qualifications, experience, or competence.
Financial instability or unresolved conflicts of interest.
Misrepresentation of credentials or poor references.
9. Can firms appeal a decision if an individual fails the test?
Yes, firms can challenge decisions if they believe errors occurred during the assessment. Legal and compliance teams should prepare evidence to support appeals.
10. How does the fit and proper test relate to broader risk management?
The fit and proper test complements broader risk management practices by ensuring leadership integrity and competence, which align with frameworks like Operational Risk Management (ORM) and the Three Lines Model.
Comments